SecurityPkg/SecurityPkg.dec

   1 ## @file  SecurityPkg.dec
   2 #  This package includes the security drivers, defintions(including PPIs/PROTOCOLs/GUIDs
   3 #  and library classes) and libraries instances.
   4 #
   5 # Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
   6 # This program and the accompanying materials are licensed and made available under
   7 # the terms and conditions of the BSD License which accompanies this distribution.
   8 # The full text of the license may be found at
   9 # http://opensource.org/licenses/bsd-license.php
  10 #
  11 # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  13 #
  14 ##
  15
  16 [Defines]
  17   DEC_SPECIFICATION              = 0x00010005
  18   PACKAGE_NAME                   = SecurityPkg
  19   PACKAGE_GUID                   = 24369CAC-6AA6-4fb8-88DB-90BF061668AD
  20   PACKAGE_VERSION                = 0.92
  21
  22 [Includes]
  23   Include
  24
  25 [LibraryClasses]
  26   ##  @libraryclass  Definitions for common TPM commands as library API for TPM
  27   #                  module use.
  28   TpmCommLib|Include/Library/TpmCommLib.h
  29
  30 [Guids]
  31   ## Security package token space guid
  32   # Include/Guid/SecurityPkgTokenSpace.h
  33   gEfiSecurityPkgTokenSpaceGuid  = { 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }}
  34   ## Guid acted as the authenticated variable store header's signature, and to specify the variable list entries put in the EFI system table.
  35   #  Include/Guid/AuthenticatedVariableFormat.h
  36   gEfiAuthenticatedVariableGuid  = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
  37
  38   #  Include/Guid/AuthenticatedVariableFormat.h
  39   gEfiSecureBootEnableDisableGuid = { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } }
  40
  41   #  Include/Guid/AuthenticatedVariableFormat.h
  42   gEfiCustomModeEnableGuid           = { 0xc076ec0c, 0x7028, 0x4399, { 0xa0, 0x72, 0x71, 0xee, 0x5c, 0x44, 0x8b, 0x9f } }
  43
  44   ## Include/Guid/TcgEventHob.h
  45   gTcgEventEntryHobGuid              = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}
  46
  47   ## Include/Guid/PhysicalPresenceData.h
  48   gEfiPhysicalPresenceGuid           = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }}
  49
  50   ## Include/Guid/PwdCredentialProviderHii.h
  51   gPwdCredentialProviderGuid         = { 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce }}
  52
  53   ## Include/Guid/UsbCredentialProviderHii.h
  54   gUsbCredentialProviderGuid         = { 0xd0849ed1, 0xa88c, 0x4ba6, { 0xb1, 0xd6, 0xab, 0x50, 0xe2, 0x80, 0xb7, 0xa9 }}
  55
  56   ## Include/Guid/UserIdentifyManagerHii.h
  57   gUserIdentifyManagerGuid           = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }}
  58
  59   ## Include/Guid/UserProfileManagerHii.h
  60   gUserProfileManagerGuid            = { 0xc35f272c, 0x97c2, 0x465a, { 0xa2, 0x16, 0x69, 0x6b, 0x66, 0x8a, 0x8c, 0xfe }}
  61
  62   ## Include/Guid/TcgConfigHii.h
  63   gTcgConfigFormSetGuid              = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }}
  64
  65   ## Include/Guid/SecureBootConfigHii.h
  66   gSecureBootConfigFormSetGuid       = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}}
  67
  68 [Ppis]
  69   ## Include/Ppi/LockPhysicalPresence.h
  70   gPeiLockPhysicalPresencePpiGuid    = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }
  71
  72   ## Include/Ppi/TpmInitialized.h
  73   gPeiTpmInitializedPpiGuid      = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}
  74
  75 [PcdsFixedAtBuild]
  76   ## Pcd for OptionRom.
  77   #  Image verification policy settings:
  78   #  ALWAYS_EXECUTE                         0x00000000
  79   #  NEVER_EXECUTE                          0x00000001
  80   #  ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002
  81   #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003
  82   #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004
  83   #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005
  84   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001
  85
  86   ## Pcd for removable media.
  87   #  Removable media include CD-ROM, Floppy, USB and network.
  88   #  Image verification policy settings:
  89   #  ALWAYS_EXECUTE                         0x00000000
  90   #  NEVER_EXECUTE                          0x00000001
  91   #  ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002
  92   #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003
  93   #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004
  94   #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005
  95   gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05|UINT32|0x00000002
  96
  97   ## Pcd for fixed media.
  98   #  Fixed media include hard disk.
  99   #  Image verification policy settings:
 100   #  ALWAYS_EXECUTE                         0x00000000
 101   #  NEVER_EXECUTE                          0x00000001
 102   #  ALLOW_EXECUTE_ON_SECURITY_VIOLATION    0x00000002
 103   #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003
 104   #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004
 105   #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005
 106   gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003
 107
 108   ## Defer Image Load policy settings.
 109   #  The policy is bitwise.
 110   #  If bit is set, the image from corresponding device will be trust when loading.
 111   #
 112   # IMAGE_UNKNOWN                         0x00000001
 113   # IMAGE_FROM_FV                         0x00000002
 114   # IMAGE_FROM_OPTION_ROM                 0x00000004
 115   # IMAGE_FROM_REMOVABLE_MEDIA            0x00000008
 116   # IMAGE_FROM_FIXED_MEDIA                0x00000010
 117   gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004
 118
 119   ## The token file name used to save credential in USB credential provider driver.
 120   #  The specified file should be saved at the root directory of USB storage disk.
 121   gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005
 122
 123   ## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable.
 124   gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005
 125
 126   ## This PCD specifies the type of TCG platform that contains TPM chip.
 127   #  This PCD is only avaiable when PcdTpmPhysicalPresence is TRUE.
 128   #  If 0, TCG platform type is PC client.
 129   #  If 1, TCG platform type is server.
 130   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006
 131
 132   ## The PCD is used to control whether to support hiding the TPM.
 133   #  If TRUE, PcdHideTpm controls whether to hide the TPM.
 134   gEfiSecurityPkgTokenSpaceGuid.PcdHideTpmSupport|FALSE|BOOLEAN|0x00000007
 135
 136 [PcdsDynamic, PcdsDynamicEx]
 137   ## The PCD is used to control whether to hide the TPM.
 138   gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm|FALSE|BOOLEAN|0x00010002
 139
 140   ## The PCD is used to specify whether or not MOR (MemoryOverwriteControl) feature is enabled.
 141   gEfiSecurityPkgTokenSpaceGuid.PcdMorEnable|FALSE|BOOLEAN|0x00010000
 142
 143 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
 144   ## This PCD indicates the presence or absence of the platform operator.
 145   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001
 146