SecurityPkg: Clean up source files
[mirror_edk2.git] / SecurityPkg / SecurityPkg.uni
1 // /** @file
2 // Provides security features that conform to TCG/UEFI industry standards
3 //
4 // The security features include secure boot, measured boot and user identification.
5 // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
6 // and libraries instances, which are used for those features.
7 //
8 // Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
9 //
10 // This program and the accompanying materials are licensed and made available under
11 // the terms and conditions of the BSD License which accompanies this distribution.
12 // The full text of the license may be found at
13 // http://opensource.org/licenses/bsd-license.php
14 //
15 // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
16 // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17 //
18 // **/
19
20
21 #string STR_PACKAGE_ABSTRACT #language en-US "Provides security features that conform to TCG/UEFI industry standards"
22
23 #string STR_PACKAGE_DESCRIPTION #language en-US "The security features include secure boot, measured boot and user identification. It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) and libraries instances, which are used for those features."
24
25
26
27 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdOptionRomImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from OptionRom."
28
29 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdOptionRomImageVerificationPolicy_HELP #language en-US "Image verification policy for OptionRom. Only following values are valid:<BR><BR>\n"
30 "NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
31 "0x00000000 Always trust the image.<BR>\n"
32 "0x00000001 Never trust the image.<BR>\n"
33 "0x00000002 Allow execution when there is security violation.<BR>\n"
34 "0x00000003 Defer execution when there is security violation.<BR>\n"
35 "0x00000004 Deny execution when there is security violation.<BR>\n"
36 "0x00000005 Query user when there is security violation.<BR>"
37
38 #string STR_gEfiSecurityPkgTokenSpaceGuid_ERR_80000001 #language en-US "Invalid value provided."
39
40 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRemovableMediaImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from removable media."
41
42 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRemovableMediaImageVerificationPolicy_HELP #language en-US "Image verification policy for removable media which includes CD-ROM, Floppy, USB and network. Only following values are valid:<BR><BR>\n"
43 "NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
44 "0x00000000 Always trust the image.<BR>\n"
45 "0x00000001 Never trust the image.<BR>\n"
46 "0x00000002 Allow execution when there is security violation.<BR>\n"
47 "0x00000003 Defer execution when there is security violation.<BR>\n"
48 "0x00000004 Deny execution when there is security violation.<BR>\n"
49 "0x00000005 Query user when there is security violation.<BR>"
50
51 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedMediaImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from fixed media."
52
53 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedMediaImageVerificationPolicy_HELP #language en-US "Image verification policy for fixed media which includes hard disk. Only following values are valid:<BR><BR>\n"
54 "NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
55 "0x00000000 Always trust the image.<BR>\n"
56 "0x00000001 Never trust the image.<BR>\n"
57 "0x00000002 Allow execution when there is security violation.<BR>\n"
58 "0x00000003 Defer execution when there is security violation.<BR>\n"
59 "0x00000004 Deny execution when there is security violation.<BR>\n"
60 "0x00000005 Query user when there is security violation.<BR>"
61
62 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdDeferImageLoadPolicy_PROMPT #language en-US "Set policy whether trust image before user identification."
63
64 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdDeferImageLoadPolicy_HELP #language en-US "Defer Image Load policy settings. The policy is bitwise. If a bit is set, the image from corresponding device will be trusted when loading. Or the image will be deferred. The deferred image will be checked after user is identified.<BR><BR>\n"
65 "BIT0 - Image from unknown device. <BR>\n"
66 "BIT1 - Image from firmware volume.<BR>\n"
67 "BIT2 - Image from OptionRom.<BR>\n"
68 "BIT3 - Image from removable media which includes CD-ROM, Floppy, USB and network.<BR>\n"
69 "BIT4 - Image from fixed media device which includes hard disk.<BR>"
70
71 #string STR_gEfiSecurityPkgTokenSpaceGuid_ERR_80000002 #language en-US "Reserved bits must be set to zero."
72
73 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedUsbCredentialProviderTokenFileName_PROMPT #language en-US "File name to save credential."
74
75 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedUsbCredentialProviderTokenFileName_HELP #language en-US "Null-terminated Unicode string of the file name that is the default name to save USB credential. The specified file should be saved at the root directory of USB storage disk."
76
77 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdMaxAppendVariableSize_PROMPT #language en-US "Max variable size for append operation."
78
79 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdMaxAppendVariableSize_HELP #language en-US "The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable. Note: This PCD is not been used."
80
81 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPlatformClass_PROMPT #language en-US "Select platform type."
82
83 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPlatformClass_HELP #language en-US "Specifies the type of TCG platform that contains TPM chip.<BR><BR>\n"
84 "If 0, TCG platform type is PC client.<BR>\n"
85 "If 1, TCG platform type is PC server.<BR>"
86
87 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPhysicalPresence_PROMPT #language en-US "Physical presence of the platform operator."
88
89 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPhysicalPresence_HELP #language en-US "Indicates the presence or absence of the platform operator during firmware booting. If platform operator is not physical presnece during boot. TPM will be locked and the TPM commands that required operator physical presence can not run.<BR><BR>\n"
90 "TRUE - The platform operator is physically present.<BR>\n"
91 "FALSE - The platform operator is not physically present.<BR>"
92
93 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceLifetimeLock_PROMPT #language en-US "Lock TPM physical presence asserting method."
94
95 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceLifetimeLock_HELP #language en-US "Indicates whether TPM physical presence is locked during platform initialization. Once it is locked, it can not be unlocked for TPM life time.<BR><BR>\n"
96 "TRUE - Lock TPM physical presence asserting method.<BR>\n"
97 "FALSE - Not lock TPM physical presence asserting method.<BR>"
98
99 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceCmdEnable_PROMPT #language en-US "Enable software method of asserting physical presence."
100
101 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceCmdEnable_HELP #language en-US "Indicates whether the platform supports the software method of asserting physical presence.<BR><BR>\n"
102 "TRUE - Supports the software method of asserting physical presence.<BR>\n"
103 "FALSE - Does not support the software method of asserting physical presence.<BR>"
104
105 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceHwEnable_PROMPT #language en-US "Enable hardware method of asserting physical presence."
106
107 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceHwEnable_HELP #language en-US "Indicates whether the platform supports the hardware method of asserting physical presence.<BR><BR>\n"
108 "TRUE - Supports the hardware method of asserting physical presence.<BR>\n"
109 "FALSE - Does not support the hardware method of asserting physical presence.<BR>"
110
111 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFirmwareDebuggerInitialized_PROMPT #language en-US "Firmware debugger status."
112
113 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFirmwareDebuggerInitialized_HELP #language en-US "This PCD indicates if debugger exists. <BR><BR>\n"
114 "TRUE - Firmware debugger exists.<BR>\n"
115 "FALSE - Firmware debugger doesn't exist.<BR>"
116
117 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2InitializationPolicy_PROMPT #language en-US "TPM 2.0 device initialization policy.<BR>"
118
119 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2InitializationPolicy_HELP #language en-US "This PCD indicates the initialization policy for TPM 2.0.<BR><BR>\n"
120 "If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR>\n"
121 "If 1, initialization needed.<BR>"
122
123 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInitializationPolicy_PROMPT #language en-US "TPM 1.2 device initialization policy."
124
125 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInitializationPolicy_HELP #language en-US "This PCD indicates the initialization policy for TPM 1.2.<BR><BR>\n"
126 "If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR>\n"
127 "If 1, initialization needed.<BR>"
128
129 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2SelfTestPolicy_PROMPT #language en-US "TPM 2.0 device selftest."
130
131 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2SelfTestPolicy_HELP #language en-US "This PCD indicates the TPM 2.0 SelfTest policy.<BR><BR>\n"
132 "if 0, no SelfTest needed - most likely used for fTPM, because it might already be tested.<BR>\n"
133 "if 1, SelfTest needed.<BR>"
134
135 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2ScrtmPolicy_PROMPT #language en-US "SCRTM policy setting for TPM 2.0 device."
136
137 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2ScrtmPolicy_HELP #language en-US "This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 2.0.<BR><BR>\n"
138 "if 0, no SCRTM measurement needed - In this case, it is already done.<BR>\n"
139 "if 1, SCRTM measurement done by BIOS.<BR>"
140
141 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmScrtmPolicy_PROMPT #language en-US "SCRTM policy setting for TPM 1.2 device"
142
143 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmScrtmPolicy_HELP #language en-US "This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 1.2.<BR><BR>\n"
144 "if 0, no SCRTM measurement needed - In this case, it is already done.<BR>\n"
145 "if 1, SCRTM measurement done by BIOS.<BR>"
146
147 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInstanceGuid_PROMPT #language en-US "TPM device type identifier"
148
149 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInstanceGuid_HELP #language en-US "Guid name to identify TPM instance.<BR><BR>\n"
150 "TPM_DEVICE_INTERFACE_NONE means disable.<BR>\n"
151 "TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.<BR>\n"
152 "TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.<BR>\n"
153 "Other GUID value means other TPM 2.0 device.<BR>"
154
155 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2HashMask_PROMPT #language en-US "Hash mask for TPM 2.0"
156
157 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2HashMask_HELP #language en-US "This PCD indicates Hash mask for TPM 2.0.<BR><BR>\n"
158 "If this bit is set, that means this algorithm is needed to extend to PCR.<BR>\n"
159 "If this bit is clear, that means this algorithm is NOT needed to extend to PCR.<BR>\n"
160 "BIT0 - SHA1.<BR>\n"
161 "BIT1 - SHA256.<BR>\n"
162 "BIT2 - SHA384.<BR>\n"
163 "BIT3 - SHA512.<BR>"
164
165 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmAutoDetection_PROMPT #language en-US "TPM type detection."
166
167 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmAutoDetection_HELP #language en-US "This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.<BR><BR>\n"
168 "FALSE - No auto detection.<BR>\n"
169 "TRUE - Auto detection.<BR>"
170
171 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmBaseAddress_PROMPT #language en-US "TPM device address."
172
173 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmBaseAddress_HELP #language en-US "This PCD indicates TPM base address.<BR><BR>"
174
175 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_PROMPT #language en-US "Status Code for TPM device definitions"
176
177 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_HELP #language en-US "Progress Code for TPM device subclass definitions.<BR><BR>\n"
178 "EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D0000) = 0x010D0000<BR>"
179
180 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_PROMPT #language en-US "One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images"
181
182 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_HELP #language en-US "Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images\n"
183 "WARNING: The default value is treated as test key. Please do not use default value in the production."
184
185 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2NumberOfPCRBanks_PROMPT #language en-US "OEM configurated number of PCR banks."
186
187 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2NumberOfPCRBanks_HELP #language en-US "This PCR means the OEM configurated number of PCR banks.\n"
188 "0 means dynamic get from supported HASH algorithm"
189
190 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_PROMPT #language en-US "Hash Algorithm bitmap."
191
192 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_HELP #language en-US "This PCD indicated final BIOS supported Hash mask.\n"
193 "Bios may choose to register a subset of PcdTpm2HashMask.\n"
194 "So this PCD is final value of how many hash algo is extended to PCR.\n"
195 "If software HashLib(HashLibBaseCryptoRouter) solution is chosen, this PCD\n"
196 "has no need to be configured in platform dsc and will be set to correct\n"
197 "value by the HashLib instance according to the HashInstanceLib instances\n"
198 "linked, and the value of this PCD should be got in module entrypoint."
199
200 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT #language en-US "Minimum length(in bytes) of the system preboot TCG event log area(LAML)."
201
202 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP #language en-US "This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).\n"
203 "For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB."
204
205 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT #language en-US "Length(in bytes) of the TCG2 Final event log area."
206
207 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP #language en-US "This PCD defines length(in bytes) of the TCG2 Final event log area."
208
209 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_PROMPT #language en-US "Version of Physical Presence interface supported by platform."
210
211 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP #language en-US "Null-terminated string of the Version of Physical Presence interface supported by platform.<BR><BR>\n"
212 "To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
213 "For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR>\n"
214 "gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS<BR>"
215
216 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT
217 #language en-US
218 "A physical presence user status"
219
220 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_HELP
221 #language en-US
222 "Indicate whether a physical presence user exist. "
223 "When it is configured to Dynamic or DynamicEx, it can be set through detection using "
224 "a platform-specific method (e.g. Button pressed) in a actual platform in early boot phase.<BR><BR>"
225
226 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_PROMPT #language en-US "One PKCS7 cert used to verify Recovery and Capsule Update images"
227
228 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_HELP #language en-US "Provides one PKCS7 cert used to verify Recovery and Capsule Update images\n"
229 "WARNING: The default value is treated as test key. Please do not use default value in the production."
230
231 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags"
232
233 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n"
234
235 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_PROMPT #language en-US "The revision of TPM2 ACPI table"
236
237 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_HELP #language en-US "This PCD defines initial revision of TPM2 ACPI table\n"
238 "To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
239 "For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>\n"
240 "gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>"
241
242 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2CurrentIrqNum_PROMPT #language en-US "Current TPM2 device interrupt number"
243
244 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2CurrentIrqNum_HELP #language en-US "This PCD defines current TPM2 device interrupt number reported by _CRS. If set to 0, interrupt is disabled."
245
246 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2PossibleIrqNumBuf_PROMPT #language en-US "Possible TPM2 device interrupt number buffer"
247
248 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2PossibleIrqNumBuf_HELP #language en-US "This PCD defines possible TPM2 interrupt number in a platform reported by _PRS control method.\n"
249 "If PcdTpm2CurrentIrqNum set to 0, _PRS will not report any possible TPM2 interrupt numbers."
250
251 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_PROMPT #language en-US "Current active TPM interface type"
252
253 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_HELP #language en-US "This PCD indicates current active TPM interface type.\n"
254 "0x00 - FIFO interface as defined in TIS 1.3 is active.<BR>\n"
255 "0x01 - FIFO interface as defined in PTP for TPM 2.0 is active.<BR>\n"
256 "0x02 - CRB interface is active.<BR>\n"
257 "0xFF - Contains no current active TPM interface type<BR>"
258
259 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_PROMPT #language en-US "IdleByass status supported by current active TPM interface."
260
261 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_HELP #language en-US "This PCD records IdleByass status supported by current active TPM interface.\n"
262 "Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and diretcly move to CmdReady state. <BR>"
263 "0x01 - Do not support IdleByPass.<BR>\n"
264 "0x02 - Support IdleByPass.<BR>\n"
265 "0xFF - IdleByPass State is not synced with TPM hardware.<BR>"