From 60c944c7d63978eee337f52af360ca5d807c11b6 Mon Sep 17 00:00:00 2001 From: "Dong, Guo" Date: Thu, 28 Aug 2014 05:31:09 +0000 Subject: [PATCH] SecurityPkg: INF/DEC file updates to EDK II packages 1. Usage information in INF file comment blocks are either incomplete or incorrect. This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes. The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dong, Guo Reviewed-by: Gao, Liming git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15950 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/Application/RngTest/RngTest.inf | 23 ++-- .../Application/VariableInfo/VariableInfo.inf | 29 +++-- .../DxeDeferImageLoadLib.inf | 27 +++-- .../DxeImageAuthenticationStatusLib.inf | 9 +- .../DxeImageVerificationLib.inf | 46 +++++--- .../DxeTcgPhysicalPresenceLib.inf | 21 +++- .../DxeTpm2MeasureBootLib.inf | 22 ++-- .../DxeTpmMeasureBootLib.inf | 22 ++-- .../DxeTpmMeasurementLib.inf | 12 +- .../DxeTrEEPhysicalPresenceLib.inf | 19 ++- .../HashInstanceLibSha1.inf | 8 +- .../HashInstanceLibSha256.inf | 8 +- .../HashLibBaseCryptoRouterDxe.inf | 11 +- .../HashLibBaseCryptoRouterPei.inf | 9 +- .../Library/HashLibTpm2/HashLibTpm2.inf | 10 +- .../PlatformSecureLibNull.inf | 7 +- .../Tpm12CommandLib/Tpm12CommandLib.inf | 7 +- .../Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf | 12 +- .../Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf | 8 +- .../Library/Tpm2CommandLib/Tpm2CommandLib.inf | 7 +- .../Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf | 12 +- .../Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf | 12 +- .../Tpm2DeviceLibRouterDxe.inf | 13 ++- .../Tpm2DeviceLibRouterPei.inf | 13 ++- .../Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf | 8 +- SecurityPkg/Library/TpmCommLib/TpmCommLib.inf | 8 +- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 18 +-- .../Tcg/MemoryOverwriteControl/TcgMor.inf | 16 ++- .../PhysicalPresencePei.inf | 21 +++- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf | 26 +++-- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 47 ++++---- SecurityPkg/Tcg/TcgPei/TcgPei.inf | 45 +++++--- SecurityPkg/Tcg/TcgSmm/TcgSmm.inf | 36 ++++-- SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf | 25 +++- SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf | 28 +++-- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 60 ++++++---- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 41 ++++--- SecurityPkg/Tcg/TrEESmm/TrEESmm.inf | 37 ++++-- .../PwdCredentialProviderDxe.inf | 29 +++-- .../UsbCredentialProviderDxe.inf | 34 ++++-- .../UserIdentifyManagerDxe.inf | 37 ++++-- .../UserProfileManagerDxe.inf | 34 +++--- .../EsalVariableDxeSal/EsalVariableDxeSal.inf | 53 ++++++--- .../VariableAuthenticated/Pei/VariablePei.inf | 24 ++-- .../RuntimeDxe/VariableRuntimeDxe.inf | 109 ++++++++++++------ .../RuntimeDxe/VariableSmm.inf | 105 ++++++++++++----- .../RuntimeDxe/VariableSmmRuntimeDxe.inf | 50 +++++--- .../SecureBootConfigDxe.inf | 71 +++++++++--- 48 files changed, 880 insertions(+), 449 deletions(-) diff --git a/SecurityPkg/Application/RngTest/RngTest.inf b/SecurityPkg/Application/RngTest/RngTest.inf index bec78a4c99..334cff45b0 100644 --- a/SecurityPkg/Application/RngTest/RngTest.inf +++ b/SecurityPkg/Application/RngTest/RngTest.inf @@ -1,7 +1,10 @@ ## @file # UEFI RNG (Random Number Generator) Protocol test application. +# +# This application can print out the supported RNG algorithm in UEFI RNG Protocol. +# And then it will do a generation test on the supported RNG algorithm. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -19,6 +22,7 @@ MODULE_TYPE = UEFI_APPLICATION VERSION_STRING = 1.0 ENTRY_POINT = UefiMain + MODULE_UNI_FILE = RngTest.uni # # The following information is for reference only and not required by the build tools. @@ -39,12 +43,15 @@ UefiLib [Protocols] - gEfiRngProtocolGuid + gEfiRngProtocolGuid ## CONSUMES [Guids] - gEfiRngAlgorithmSp80090Hash256Guid - gEfiRngAlgorithmSp80090Hmac256Guid - gEfiRngAlgorithmSp80090Ctr256Guid - gEfiRngAlgorithmX9313DesGuid - gEfiRngAlgorithmX931AesGuid - gEfiRngAlgorithmRaw \ No newline at end of file + gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmSp80090Ctr256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_CONSUMES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmX931AesGuid ## SOMETIMES_CONSUMES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmRaw ## SOMETIMES_CONSUMES ## GUID # Unique ID of the algorithm for RNG + + [UserExtensions.TianoCore."ExtraFiles"] + RngTestExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Application/VariableInfo/VariableInfo.inf b/SecurityPkg/Application/VariableInfo/VariableInfo.inf index 902ed7f1c5..d4a771a908 100644 --- a/SecurityPkg/Application/VariableInfo/VariableInfo.inf +++ b/SecurityPkg/Application/VariableInfo/VariableInfo.inf @@ -1,11 +1,12 @@ ## @file -# This is a shell application that will display statistical information -# about variable usage. -# Note that if Variable Dxe driver doesn't enable the feature by setting -# PcdVariableCollectStatistics as TRUE, The application will not display -# variable statistical information. +# A shell application that displays statistical information about variable usage # -# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# This application can display statistical information about variable usage for SMM variable +# driver and non-SMM variable driver. +# Note that if Variable Dxe driver doesn't enable the feature by setting PcdVariableCollectStatistics +# as TRUE, the application will not display variable statistical information. +# +# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -18,6 +19,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = VariableInfo + MODULE_UNI_FILE = VariableInfo.uni FILE_GUID = B9EF901F-A2A2-4fc8-8D2B-3A2E07B301CC MODULE_TYPE = UEFI_APPLICATION VERSION_STRING = 1.0 @@ -46,9 +48,16 @@ MemoryAllocationLib [Protocols] - gEfiSmmCommunicationProtocolGuid - gEfiSmmVariableProtocolGuid + gEfiSmmCommunicationProtocolGuid ## SOMETIMES_CONSUMES + + ## UNDEFINED # Used to do smm communication + ## SOMETIMES_CONSUMES + gEfiSmmVariableProtocolGuid [Guids] - gEfiAuthenticatedVariableGuid ## CONSUMES ## Configuration Table Guid - gEfiVariableGuid ## CONSUMES ## Configuration Table Guid + gEfiAuthenticatedVariableGuid ## SOMETIMES_CONSUMES ## SystemTable + gEfiVariableGuid ## CONSUMES ## SystemTable + +[UserExtensions.TianoCore."ExtraFiles"] + VariableInfoExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf index dcd5c6128e..8297230bed 100644 --- a/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf +++ b/SecurityPkg/Library/DxeDeferImageLoadLib/DxeDeferImageLoadLib.inf @@ -1,7 +1,11 @@ ## @file -# The library instance provides security service of deferring image load. +# Provides security service of deferred image load # -# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+# The platform may need to defer the execution of an image because of security +# considerations. These deferred images will be recorded and then reported by +# installing an instance of the EFI_DEFERRED_IMAGE_LOAD_PROTOCOL. +# +# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -13,7 +17,8 @@ [Defines] INF_VERSION = 0x00010005 - BASE_NAME = DxeDeferImageLoadLib + BASE_NAME = DxeDeferImageLoadLib + MODULE_UNI_FILE = DxeDeferImageLoadLib.uni FILE_GUID = 5E2FAE1F-41DA-4fbd-BC81-603CE5CD8497 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -48,14 +53,16 @@ PcdLib [Protocols] - gEfiFirmwareVolume2ProtocolGuid - gEfiBlockIoProtocolGuid - gEfiSimpleFileSystemProtocolGuid + gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES + gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_PRODUCES + ## SOMETIMES_CONSUMES + ## NOTIFY gEfiUserManagerProtocolGuid - gEfiDeferredImageLoadProtocolGuid - + [Guids] - gEfiGlobalVariableGuid + gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootOrder" [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy + gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf index 43608007e9..62fcdaacc6 100644 --- a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf +++ b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf @@ -1,9 +1,9 @@ ## @file -# The library instance provides security service of image authentication -# status check in UEFI2.3.1. +# Provides security service of image authentication status check +# # Authentication Status Library module supports UEFI2.3.1 # -# Copyright (c) 2012, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,7 +15,8 @@ [Defines] INF_VERSION = 0x00010005 - BASE_NAME = DxeImageAuthenticationStatusLib + BASE_NAME = DxeImageAuthenticationStatusLib + MODULE_UNI_FILE = DxeImageAuthenticationStatusLib.uni FILE_GUID = EB92D1DE-7C36-4680-BB88-A67E96049F72 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf index 0e6a5d1ce6..ab580aaf57 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -1,13 +1,14 @@ ## @file -# The library instance provides security service of image verification. -# Image verification Library module supports UEFI2.3.1 +# Provides security service of image verification +# +# This library hooks LoadImage() API to verify every image by the verification policy. # # Caution: This module requires additional review when modified. # This library will have external input - PE/COFF image. -# This external input must be validated carefully to avoid security issue like -# buffer overflow, integer overflow. +# This external input must be validated carefully to avoid security issues such as +# buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -19,7 +20,8 @@ [Defines] INF_VERSION = 0x00010005 - BASE_NAME = DxeImageVerificationLib + BASE_NAME = DxeImageVerificationLib + MODULE_UNI_FILE = DxeImageVerificationLib.uni FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -58,20 +60,30 @@ TpmMeasurementLib [Protocols] - gEfiFirmwareVolume2ProtocolGuid - gEfiBlockIoProtocolGuid - gEfiSimpleFileSystemProtocolGuid - + gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES + [Guids] - gEfiCertTypeRsa2048Sha256Guid + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" + ## PRODUCES ## SystemTable + ## CONSUMES ## SystemTable gEfiImageSecurityDatabaseGuid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. gEfiCertSha1Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. gEfiCertSha256Guid - gEfiCertX509Guid - gEfiCertRsa2048Guid - gEfiCertPkcs7Guid + + gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy - gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy - gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES + \ No newline at end of file diff --git a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf index d700ed2e83..ed6b03f958 100644 --- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf @@ -1,12 +1,15 @@ ## @file -# TCG physical presence library instance. This library will lock -# TPM after executing TPM request. +# Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM +# +# This library will check and execute TPM 1.2 request from OS or BIOS. The request may +# ask for user confirmation before execution. This Library will also lock TPM physical +# presence at last. # # Caution: This module requires additional review when modified. # This driver will have external input - variable. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -18,7 +21,8 @@ [Defines] INF_VERSION = 0x00010005 - BASE_NAME = DxeTcgPhysicalPresenceLib + BASE_NAME = DxeTcgPhysicalPresenceLib + MODULE_UNI_FILE = DxeTcgPhysicalPresenceLib.uni FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -52,8 +56,13 @@ HiiLib [Protocols] - gEfiTcgProtocolGuid - gEdkiiVariableLockProtocolGuid + gEfiTcgProtocolGuid ## CONSUMES + gEdkiiVariableLockProtocolGuid ## CONSUMES [Guids] + ## CONSUMES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiPhysicalPresenceGuid diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf index 4dfd62bd77..c007d7cf5d 100644 --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf @@ -1,12 +1,15 @@ ## @file -# The library instance provides security service of TPM2 measure boot. +# Provides security service for TPM 2.0 measured boot +# +# This library instance hooks LoadImage() API to measure every image that +# is not measured in PEI phase. And, it will also measure GPT partition. # # Caution: This module requires additional review when modified. # This library will have external input - PE/COFF image and GPT partition. -# This external input must be validated carefully to avoid security issue like -# buffer overflow, integer overflow. +# This external input must be validated carefully to avoid security issues such +# as buffer overflow or integer overflow. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -19,6 +22,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = DxeTpm2MeasureBootLib + MODULE_UNI_FILE = DxeTpm2MeasureBootLib.uni FILE_GUID = 778CE4F4-36BD-4ae7-B8F0-10B420B0D174 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -53,11 +57,11 @@ HobLib [Guids] - gMeasuredFvHobGuid + gMeasuredFvHobGuid ## SOMETIMES_CONSUMES ## HOB [Protocols] - gEfiTrEEProtocolGuid ## CONSUMES - gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES - gEfiBlockIoProtocolGuid ## CONSUMES - gEfiDiskIoProtocolGuid ## CONSUMES + gEfiTrEEProtocolGuid ## SOMETIMES_CONSUMES + gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf index 8552c12996..57a0108e1d 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf @@ -1,12 +1,15 @@ ## @file -# The library instance provides security service of TPM measure boot. +# Provides security service for TPM 1.2 measured boot +# +# This library instance hooks LoadImage() API to measure every image that +# is not measured in PEI phase. And, it will also measure GPT partition. # # Caution: This module requires additional review when modified. # This library will have external input - PE/COFF image and GPT partition. -# This external input must be validated carefully to avoid security issue like -# buffer overflow, integer overflow. +# This external input must be validated carefully to avoid security issues such +# as buffer overflow or integer overflow. # -# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -19,6 +22,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = DxeTpmMeasureBootLib + MODULE_UNI_FILE = DxeTpmMeasureBootLib.uni FILE_GUID = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -53,11 +57,11 @@ HobLib [Guids] - gMeasuredFvHobGuid + gMeasuredFvHobGuid ## SOMETIMES_CONSUMES ## HOB [Protocols] - gEfiTcgProtocolGuid ## CONSUMES - gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES - gEfiBlockIoProtocolGuid ## CONSUMES - gEfiDiskIoProtocolGuid ## CONSUMES + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf index 75cc773070..d99e48cea8 100644 --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf @@ -1,7 +1,10 @@ ## @file -# This library is used by other modules to measure data to TPM 1.2 or TPM 2.0. +# Provides TPM measurement functions for TPM1.2 and TPM 2.0 +# +# This library provides TpmMeasureAndLogData() to to measure and log data, and +# extend the measurement result into a specific PCR. # -# Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -18,6 +21,7 @@ MODULE_TYPE = UEFI_DRIVER VERSION_STRING = 1.0 LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + MODULE_UNI_FILE = DxeTpmMeasurementLib.uni # # The following information is for reference only and not required by the build tools. @@ -40,5 +44,5 @@ UefiBootServicesTableLib [Protocols] - gEfiTcgProtocolGuid - gEfiTrEEProtocolGuid + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiTrEEProtocolGuid ## SOMETIMES_CONSUMES diff --git a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf index 3ef9a82a4f..5d062ae72b 100644 --- a/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf +++ b/SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf @@ -1,11 +1,14 @@ ## @file -# TrEE physical presence library instance. This library will execute TPM2 request. +# Executes TPM 2.0 requests from OS or BIOS +# +# This library will check and execute TPM 2.0 request from OS or BIOS. The request may +# ask for user confirmation before execution. # # Caution: This module requires additional review when modified. # This driver will have external input - variable. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -17,7 +20,8 @@ [Defines] INF_VERSION = 0x00010005 - BASE_NAME = DxeTrEEPhysicalPresenceLib + BASE_NAME = DxeTrEEPhysicalPresenceLib + MODULE_UNI_FILE = DxeTrEEPhysicalPresenceLib.uni FILE_GUID = 601ECB06-7874-489e-A280-805780F6C861 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -52,8 +56,13 @@ Tpm2CommandLib [Protocols] - gEfiTrEEProtocolGuid - gEdkiiVariableLockProtocolGuid + gEfiTrEEProtocolGuid ## CONSUMES + gEdkiiVariableLockProtocolGuid ## CONSUMES [Guids] + ## CONSUMES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiTrEEPhysicalPresenceGuid diff --git a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf index d5fe6fe2b7..588c5f1ac4 100644 --- a/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf +++ b/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf @@ -1,8 +1,9 @@ ## @file -# Ihis library is BaseCrypto SHA1 hash instance. -# It can be registered to BaseCrypto router, to serve as hash engine. +# Provides BaseCrypto SHA1 hash service # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +16,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = HashInstanceLibSha1 + MODULE_UNI_FILE = HashInstanceLibSha1.uni FILE_GUID = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9 MODULE_TYPE = BASE VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf index a1fb891242..a4b2ccf9e2 100644 --- a/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf +++ b/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf @@ -1,8 +1,9 @@ ## @file -# Ihis library is BaseCrypto SHA256 hash instance. -# It can be registered to BaseCrypto router, to serve as hash engine. +# Provides BaseCrypto SHA256 hash service # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +16,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = HashInstanceLibSha256 + MODULE_UNI_FILE = HashInstanceLibSha256.uni FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02 MODULE_TYPE = BASE VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf index a797c05635..133ef09ba5 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf @@ -1,9 +1,11 @@ ## @file +# Provides hash service by registered hash handler +# # Ihis library is BaseCrypto router. It will redirect hash request to each individual -# hash handler registerd, such as SHA1, SHA256. -# Platform can use PcdTpm2HashMask to mask some hash engines. +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# mask some hash engines. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -16,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = HashLibBaseCryptoRouterDxe + MODULE_UNI_FILE = HashLibBaseCryptoRouterDxe.uni FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -45,5 +48,5 @@ PcdLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf index 0926a5964e..13067ee36c 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf @@ -1,7 +1,9 @@ ## @file +# Provides hash service by registered hash handler +# # Ihis library is BaseCrypto router. It will redirect hash request to each individual -# hash handler registerd, such as SHA1, SHA256. -# Platform can use PcdTpm2HashMask to mask some hash engines. +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# mask some hash engines. # # Copyright (c) 2013, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -16,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = HashLibBaseCryptoRouterPei + MODULE_UNI_FILE = HashLibBaseCryptoRouterPei.uni FILE_GUID = DDCBCFBA-8EEB-488a-96D6-097831A6E50B MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -46,5 +49,5 @@ HobLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES diff --git a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf index ffcc8b9e2c..f807cc7f3d 100644 --- a/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf +++ b/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf @@ -1,7 +1,10 @@ ## @file -# Ihis library uses TPM2 device to calculation hash. +# Provides hash service using TPM2 device # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to +# mask some hash calculation. +# +# Copyright (c) 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = HashLibTpm2 + MODULE_UNI_FILE = HashLibTpm2.uni FILE_GUID = 1317F0D5-7842-475c-B1CA-6EDC20DCBE7D MODULE_TYPE = BASE VERSION_STRING = 1.0 @@ -42,4 +46,4 @@ PcdLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf index 4380fdeb8f..7a5229d039 100644 --- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf +++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf @@ -1,10 +1,12 @@ ## @file +# NULL platform secure library instance that alway returns TRUE for a user physical present +# # NULL PlatformSecureLib instance does NOT really detect whether a physical present -# user exists but return TRUE directly. This instance can be used to verify security +# user exists but returns TRUE directly. This instance can be used to verify security # related features during platform enabling and development. It should be replaced # by a platform-specific method(e.g. Button pressed) in a real platform for product. # -# Copyright (c) 2011, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -17,6 +19,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = PlatformSecureLibNull + MODULE_UNI_FILE = PlatformSecureLibNull.uni FILE_GUID = 7FA68D82-10A4-4e71-9524-D3D9500D3CDF MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf b/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf index 622eb2b415..91ffbb62f5 100644 --- a/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf +++ b/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf @@ -1,7 +1,9 @@ ## @file -# This library is used by other modules to send TPM12 command. +# Provides some TPM 1.2 commands # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library is used by other modules to send TPM 1.2 command. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +16,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm12CommandLib + MODULE_UNI_FILE = Tpm12CommandLib.uni FILE_GUID = C595047C-70B3-4731-99CC-A014E956D7A7 MODULE_TYPE = BASE VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf index 0eb91eee4e..30b399499e 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf @@ -1,8 +1,11 @@ ## @file -# Ihis library is TPM2 DTPM device lib. -# Choosing this library means platform uses and only uses DTPM device as TPM2 engine. +# Provides TPM 1.2 TIS functions +# +# This library implements TIS (TPM Interface Specification) functions which is +# used for every TPM 1.2 command. Choosing this library means platform uses and +# only uses TPM 1.2 device. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm12DeviceLibDTpm + MODULE_UNI_FILE = Tpm12DeviceLibDTpm.uni FILE_GUID = BC2B7672-A48B-4d58-B39E-AEE3707B5A23 MODULE_TYPE = BASE VERSION_STRING = 1.0 @@ -41,4 +45,4 @@ DebugLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress \ No newline at end of file + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES \ No newline at end of file diff --git a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf index 7ab5217bcf..76ea4924a4 100644 --- a/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf +++ b/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf @@ -1,7 +1,10 @@ ## @file -# Ihis library is TPM12 TCG protocol lib. +# Provides function interfaces to communicate with TPM 1.2 device # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library helps to use TPM 1.2 device in library function API +# based on TCG protocol. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm12DeviceLibTcg + MODULE_UNI_FILE = Tpm12DeviceLibTcg.uni FILE_GUID = 4D8B77D9-E923-48f8-B070-4053D78B7E56 MODULE_TYPE = BASE VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf b/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf index 804f063429..bc95ce7fa6 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf @@ -1,7 +1,9 @@ ## @file -# This library is used by other modules to send TPM2 command. +# Provides some TPM 2.0 commands # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library is used by other modules to send TPM 2.0 command. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +16,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm2CommandLib + MODULE_UNI_FILE = Tpm2CommandLib.uni FILE_GUID = 2F572F32-8BE5-4868-BD1D-7438AD97DC27 MODULE_TYPE = BASE VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf index 78df432b60..2d41e7ccd2 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf @@ -1,8 +1,11 @@ ## @file -# Ihis library is TPM2 DTPM device lib. -# Choosing this library means platform uses and only uses DTPM device as TPM2 engine. +# Provides TPM 2.0 TIS functions for DTPM +# +# This library implements TIS (TPM Interface Specification) functions which is +# used for every TPM 2.0 command. Choosing this library means platform uses and +# only uses TPM 2.0 DTPM device. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm2DeviceLibDTpm + MODULE_UNI_FILE = Tpm2DeviceLibDTpm.uni FILE_GUID = E54A3327-A345-4068-8842-70AC0D519855 MODULE_TYPE = BASE VERSION_STRING = 1.0 @@ -42,4 +46,4 @@ DebugLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES diff --git a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf index a4d8068dff..2a8f78beeb 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf @@ -1,9 +1,10 @@ ## @file -# Ihis library is TPM2 DTPM instance. -# It can be registered to Tpm2 Device router, to be active TPM2 engine, -# based on platform setting. +# Provides a DTPM instance for TPM 2.0 # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library can be registered to Tpm 2.0 device router, to be active TPM 2.0 +# engine, based on platform setting. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -16,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm2InstanceLibDTpm + MODULE_UNI_FILE = Tpm2InstanceLibDTpm.uni FILE_GUID = 286BF25A-C2C3-408c-B3B4-25E6758B7317 MODULE_TYPE = BASE VERSION_STRING = 1.0 @@ -44,4 +46,4 @@ DebugLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf index 2e699887e3..b69e2a768d 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf @@ -1,9 +1,11 @@ ## @file -# Ihis library is TPM2 device router. Platform can register multi TPM2 instance to it -# via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. -# At most one TPM2 instance can be finally registered, and other will return unsupported. +# Provides TPM 2.0 TIS functions # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Ihis library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to +# it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. +# At most one TPM 2.0 instance can be finally registered, and other will return unsupported. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -16,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm2DeviceLibRouterDxe + MODULE_UNI_FILE = Tpm2DeviceLibRouterDxe.uni FILE_GUID = C3D69D87-5200-4aab-A6DB-2569BA1A92FC MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -41,4 +44,4 @@ PcdLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES diff --git a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf index dbdfc3dec8..b1a850f6ca 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf @@ -1,9 +1,11 @@ ## @file -# Ihis library is TPM2 device router. Platform can register multi TPM2 instance to it -# via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. -# At most one TPM2 instance can be finally registered, and other will return unsupported. +# Provides TPM 2.0 TIS functions # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Ihis library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to +# it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. +# At most one TPM 2.0 instance can be finally registered, and other will return unsupported. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -16,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm2DeviceLibRouterPei + MODULE_UNI_FILE = Tpm2DeviceLibRouterPei.uni FILE_GUID = 97CDCF04-4C8E-42fe-8015-11CC8A6E9D81 MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -42,5 +45,5 @@ PcdLib [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES \ No newline at end of file diff --git a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf b/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf index 684b1f136d..81195e6704 100644 --- a/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf +++ b/SecurityPkg/Library/Tpm2DeviceLibTrEE/Tpm2DeviceLibTrEE.inf @@ -1,7 +1,10 @@ ## @file -# Ihis library is TPM2 TREE protocol lib. +# Provides function interfaces to communicate with TPM 2.0 device # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# This library helps to use TPM 2.0 device in library function API +# based on TrEE protocol. +# +# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = Tpm2DeviceLibTrEE + MODULE_UNI_FILE = Tpm2DeviceLibTrEE.uni FILE_GUID = BBCB6F85-303C-4eb9-8182-AF98D4B3020C MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 diff --git a/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf b/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf index 7188a3b165..7f05f59711 100644 --- a/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf +++ b/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf @@ -1,7 +1,10 @@ ## @file -# TpmCommLib instance implements basis TPM Interface Specification (TIS) and TPM command functions. +# Provides some common functions for the TCG feature # -# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.
+# This instance provides basic TPM Interface Specification (TIS) functions +# and TPM hashall function. +# +# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TpmCommLib + MODULE_UNI_FILE = TpmCommLib.uni FILE_GUID = 7d9fe32e-a6a9-4cdf-abff-10cc7f22e1c9 MODULE_TYPE = PEIM VERSION_STRING = 1.0 diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 553dbf5cce..d57c2d8c6f 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -1,5 +1,5 @@ ## @file -# Module that produces the UEFI Random Number Generator protocol. +# Produces the UEFI Random Number Generator protocol # # This module will leverage Intel Secure Key technology to produce the Random # Number Generator protocol, which is used to provide high-quality random numbers @@ -8,7 +8,7 @@ # -generator-drng-software-implementation-guide/ for more information about Intel # Secure Key technology. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -26,6 +26,7 @@ MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 ENTRY_POINT = RngDriverEntry + MODULE_UNI_FILE = RngDxe.uni # # The following information is for reference only and not required by the build tools. @@ -63,18 +64,17 @@ TimerLib [Guids] - gEfiRngAlgorithmSp80090Hash256Guid - gEfiRngAlgorithmSp80090Hmac256Guid - gEfiRngAlgorithmSp80090Ctr256Guid - gEfiRngAlgorithmX9313DesGuid - gEfiRngAlgorithmX931AesGuid - gEfiRngAlgorithmRaw + gEfiRngAlgorithmSp80090Ctr256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG [Protocols] - gEfiRngProtocolGuid ## PRODUCES + gEfiRngProtocolGuid ## PRODUCES [Depex] TRUE [BuildOptions] XCODE:*_*_*_CC_FLAGS = -mmmx -msse + +[UserExtensions.TianoCore."ExtraFiles"] + RngDxeExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf index 1aa296b47c..78e3f9b1cd 100644 --- a/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf +++ b/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf @@ -1,7 +1,9 @@ ## @file -# Component description file for Memory Overwrite Control driver. +# Initilizes MemoryOverwriteRequestControl variable # -# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+# This module will clear MOR_CLEAR_MEMORY_BIT bit if it is set. +# +# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +16,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TcgMor + MODULE_UNI_FILE = TcgMor.uni FILE_GUID = AD416CE3-A483-45b1-94C2-4B4E4D575562 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -42,10 +45,13 @@ UefiLib [Guids] - gEfiMemoryOverwriteControlDataGuid # GUID ALWAYS_CONSUMED + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + ## PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid [Depex] gEfiVariableArchProtocolGuid AND - gEfiVariableWriteArchProtocolGuid AND - ( gEfiTcgProtocolGuid OR gEfiTrEEProtocolGuid ) + gEfiVariableWriteArchProtocolGuid +[UserExtensions.TianoCore."ExtraFiles"] + TcgMorExtra.uni diff --git a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf index da4e032299..cac1abea34 100644 --- a/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf +++ b/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf @@ -1,7 +1,11 @@ ## @file -# Component description file for physical presence PEI module. +# Produces a PPI to indicate whether to lock TPM in PEI phase # -# Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.
+# This module produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate whether +# TPM physical presence needs to be locked. It can be replaced by a +# platform specific module. +# +# Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +19,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = PhysicalPresencePei + MODULE_UNI_FILE = PhysicalPresencePei.uni FILE_GUID = 4FE772E8-FE3E-4086-B638-8C493C490488 MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -40,16 +45,20 @@ PeiServicesLib [Ppis] - gPeiLockPhysicalPresencePpiGuid - gEfiPeiReadOnlyVariable2PpiGuid + gPeiLockPhysicalPresencePpiGuid ## PRODUCES + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES [Guids] - gEfiPhysicalPresenceGuid + gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence ## SOMETIMES_CONSUMES [Depex] gEfiPeiMemoryDiscoveredPpiGuid AND gEfiPeiReadOnlyVariable2PpiGuid AND gPeiTpmInitializedPpiGuid + +[UserExtensions.TianoCore."ExtraFiles"] + PhysicalPresencePeiExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf index ba62017413..bd655c8870 100644 --- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf +++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf @@ -1,5 +1,6 @@ ## @file -# Component name for Tcg configuration module. +# Provides the capability to update TPM state setup browser +# By this module, user may enable/disable/activate/deactivate/clear TPM, etc. # # Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -14,6 +15,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TcgConfigDxe + MODULE_UNI_FILE = TcgConfigDxe.uni FILE_GUID = 1FA4DAFE-FA5D-4d75-BEA6-5863862C520A MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -53,21 +55,29 @@ TpmCommLib [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" gEfiPhysicalPresenceGuid - gEfiIfrTianoGuid + + gEfiIfrTianoGuid ## SOMETIMES_PRODUCES ## GUID # HII opcode + ## PRODUCES ## HII + ## CONSUMES ## HII gTcgConfigFormSetGuid - gEfiTpmDeviceInstanceTpm12Guid + gEfiTpmDeviceInstanceTpm12Guid ## CONSUMES ## GUID # TPM device identifier [Protocols] - gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiHiiConfigRoutingProtocolGuid ## CONSUMES - gEfiTcgProtocolGuid ## CONSUMES + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiTcgProtocolGuid ## CONSUMES [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES [Depex] gEfiHiiConfigRoutingProtocolGuid AND gEfiHiiDatabaseProtocolGuid AND gEfiVariableArchProtocolGuid AND - gEfiVariableWriteArchProtocolGuid \ No newline at end of file + gEfiVariableWriteArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TcgConfigDxeExtra.uni diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index 40984291f8..6cb49124a8 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -1,8 +1,8 @@ ## @file -# Component file for module TcgDxe. +# Produces TCG protocol and measures boot environment # This module will produce TCG protocol and measure boot environment. # -# Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +15,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TcgDxe + MODULE_UNI_FILE = TcgDxe.uni FILE_GUID = A5683620-7998-4bb2-A377-1C1E31E1E215 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -52,29 +53,33 @@ PcdLib [Guids] - gEfiSmbiosTableGuid # ALWAYS_CONSUMED - gEfiGlobalVariableGuid # ALWAYS_CONSUMED - gTcgEventEntryHobGuid - gEfiEventReadyToBootGuid - gEfiEventExitBootServicesGuid - gEventExitBootServicesFailedGuid # ALWAYS_CONSUMED - gEfiTpmDeviceInstanceTpm12Guid + ## SOMETIMES_CONSUMES ## SystemTable # Smbios Table + ## SOMETIMES_CONSUMES ## GUID # Handoff Table for measurement. + gEfiSmbiosTableGuid + + gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" + gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES ## Event + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier [Protocols] - gEfiTcgProtocolGuid ## PRODUCES - gEfiAcpiTableProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiMpServiceProtocolGuid # PROTOCOL ALWAYS_CONSUMED - + gEfiTcgProtocolGuid ## PRODUCES + gEfiAcpiTableProtocolGuid ## NOTIFY + gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES + [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES [Depex] TRUE +[UserExtensions.TianoCore."ExtraFiles"] + TcgDxeExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index d05a5b7b43..c68c9056cf 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -1,5 +1,8 @@ ## @file -# This module will initialize TPM device and measure FVs in PEI phase. +# Initializes TPM device and measures FVs in PEI phase +# +# This module will initialize TPM device, measure reported FVs and BIOS version. +# This module may also lock TPM physical presence and physicalPresenceLifetimeLock. # # Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -14,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TcgPei + MODULE_UNI_FILE = TcgPei.uni FILE_GUID = 2BE1E4A6-6505-43b3-9FFC-A3C8330E0432 MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -24,6 +28,9 @@ # # VALID_ARCHITECTURES = IA32 X64 IPF EBC # +# [BootMode] +# S3_RESUME ## SOMETIMES_CONSUMES +# [Sources] TcgPei.c @@ -51,29 +58,33 @@ MemoryAllocationLib [Guids] - gTcgEventEntryHobGuid - gMeasuredFvHobGuid - gEfiTpmDeviceInstanceTpm12Guid + gTcgEventEntryHobGuid ## PRODUCES ## HOB + gMeasuredFvHobGuid ## PRODUCES ## HOB + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier [Ppis] - gPeiLockPhysicalPresencePpiGuid - gEfiPeiFirmwareVolumeInfoPpiGuid - gEfiPeiFirmwareVolumeInfo2PpiGuid - gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid - gPeiTpmInitializedPpiGuid - gEfiEndOfPeiSignalPpiGuid + gPeiLockPhysicalPresencePpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES + gPeiTpmInitializedPpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock - gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable - gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy - gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES [Depex] gEfiPeiMasterBootModePpiGuid AND gEfiPeiReadOnlyVariable2PpiGuid AND gEfiTpmDeviceSelectedGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TcgPeiExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf index 5a862b41b2..f39e089bed 100644 --- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf +++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf @@ -1,13 +1,15 @@ ## @file -# This driver implements TPM definition block in ACPI table and -# registers SMI callback functions for physical presence and -# MemoryClear to handle the requests from ACPI method. +# Implements ACPI metholds for the TCG feature +# +# This driver implements TPM definition block in ACPI table and registers SMI +# callback functions for physical presence and MemoryClear to handle the requests +# from ACPI method. # # Caution: This module requires additional review when modified. # This driver will have external input - variable and ACPINvs data in SMM mode. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,6 +22,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TcgSmm + MODULE_UNI_FILE = TcgSmm.uni FILE_GUID = 42293093-76B9-4482-8C02-3BEFDEA9B35D MODULE_TYPE = DXE_SMM_DRIVER PI_SPECIFICATION_VERSION = 0x0001000A @@ -48,21 +51,32 @@ PcdLib [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiPhysicalPresenceGuid + + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" gEfiMemoryOverwriteControlDataGuid - gEfiTpmDeviceInstanceTpm12Guid + + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier [Protocols] - gEfiSmmSwDispatch2ProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiSmmVariableProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiAcpiTableProtocolGuid # PROTOCOL ALWAYS_CONSUMED + gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + gEfiAcpiTableProtocolGuid ## CONSUMES [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES [Depex] gEfiAcpiTableProtocolGuid AND gEfiSmmSwDispatch2ProtocolGuid AND gEfiSmmVariableProtocolGuid AND - gEfiTcgProtocolGuid \ No newline at end of file + gEfiTcgProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TcgSmmExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf index 042ad878d6..9935e40497 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigDxe.inf @@ -1,8 +1,10 @@ ## @file -# Component name for TrEE configuration module. +# TPM device configuration for TPM 2.0 +# +# By this module, user may select TPM device, clear TPM state, etc. # NOTE: This module is only for reference only, each platform should have its own setup page. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TrEEConfigDxe + MODULE_UNI_FILE = TrEEConfigDxe.uni FILE_GUID = 3141FD4D-EA02-4a70-9BCE-97EE837319AC MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -52,24 +55,34 @@ PcdLib PrintLib Tpm2DeviceLib - Tpm12DeviceLib Tpm2CommandLib [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"TrEEPhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"TrEEPhysicalPresence" gEfiTrEEPhysicalPresenceGuid + + ## PRODUCES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"TREE_CONFIGURATION" + ## SOMETIMES_CONSUMES ## Variable:L"TREE_CONFIGURATION" + ## PRODUCES ## Variable:L"TREE_DEVICE_DETECTION" + ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION" gTrEEConfigFormSetGuid [Protocols] gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiHiiConfigRoutingProtocolGuid ## CONSUMES + gEfiDevicePathProtocolGuid ## PRODUCES gEdkiiVariableLockProtocolGuid ## CONSUMES [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES [Depex] gEfiTrEEProtocolGuid AND gEfiHiiConfigRoutingProtocolGuid AND gEfiHiiDatabaseProtocolGuid AND gEfiVariableArchProtocolGuid AND - gEfiVariableWriteArchProtocolGuid \ No newline at end of file + gEfiVariableWriteArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TrEEConfigDxeExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf index c3a8435391..31807cb06e 100644 --- a/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf +++ b/SecurityPkg/Tcg/TrEEConfig/TrEEConfigPei.inf @@ -1,5 +1,7 @@ ## @file -# Component name for TrEE configuration module. +# Set TPM device type +# +# This module initializes TPM device type based on variable and detection. # NOTE: This module is only for reference only, each platform should have its own setup page. # # Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
@@ -15,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TrEEConfigPei + MODULE_UNI_FILE = TrEEConfigPei.uni FILE_GUID = A5C1EF72-9379-4370-B4C7-0F5126CAC38E MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -23,6 +26,9 @@ # # VALID_ARCHITECTURES = IA32 X64 IPF EBC # +# [BootMode] +# S3_RESUME ## SOMETIMES_CONSUMES +# [Sources] TrEEConfigPeim.c @@ -48,19 +54,23 @@ Tpm12DeviceLib [Guids] - gEfiTrEEPhysicalPresenceGuid + ## SOMETIMES_CONSUMES ## Variable:L"TREE_CONFIGURATION" + ## SOMETIMES_CONSUMES ## Variable:L"TREE_DEVICE_DETECTION" gTrEEConfigFormSetGuid - gEfiTpmDeviceSelectedGuid + gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID [Ppis] - gEfiPeiReadOnlyVariable2PpiGuid + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy - gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_CONSUMES [Depex] gEfiPeiMasterBootModePpiGuid AND - gEfiPeiReadOnlyVariable2PpiGuid \ No newline at end of file + gEfiPeiReadOnlyVariable2PpiGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TrEEConfigPeiExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf index a1f174192b..ef8505cf39 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf @@ -1,5 +1,5 @@ ## @file -# Component file for module TrEEDxe. +# Produces TrEE protocol and measure boot environment # This module will produce TrEE protocol and measure boot environment. # # Caution: This module requires additional review when modified. @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,6 +20,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TrEEDxe + MODULE_UNI_FILE = TrEEDxe.uni FILE_GUID = 2A7946E3-1AB2-49a9-ACCB-C6275139C1A5 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -58,34 +59,45 @@ PerformanceLib [Guids] - gEfiSmbiosTableGuid # ALWAYS_CONSUMED - gEfiGlobalVariableGuid # ALWAYS_CONSUMED - gTcgEventEntryHobGuid - gEfiEventReadyToBootGuid - gEfiEventExitBootServicesGuid - gEventExitBootServicesFailedGuid # ALWAYS_CONSUMED + ## SOMETIMES_CONSUMES ## SystemTable # Smbios Table + ## SOMETIMES_CONSUMES ## GUID # Handoff Table for measurement. + gEfiSmbiosTableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"db" + ## SOMETIMES_CONSUMES ## Variable:L"dbx" gEfiImageSecurityDatabaseGuid - gEfiTpmDeviceInstanceNoneGuid - gEfiTpmDeviceInstanceTpm12Guid + + gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES ## Event + gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier [Protocols] - gEfiTrEEProtocolGuid ## PRODUCES - gEfiAcpiTableProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiMpServiceProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiVariableWriteArchProtocolGuid # PROTOCOL ALWAYS_CONSUMED + gEfiTrEEProtocolGuid ## PRODUCES + gEfiAcpiTableProtocolGuid ## NOTIFY + gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES + gEfiVariableWriteArchProtocolGuid ## NOTIFY [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass - gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES [Depex] TRUE +[UserExtensions.TianoCore."ExtraFiles"] + TrEEDxeExtra.uni diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf index cf53ad124d..faa9fb33b0 100644 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf +++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf @@ -1,5 +1,7 @@ ## @file -# This module will initialize TPM2 device and measure FVs in PEI phase. +# Initializes TPM 2.0 device and measure FVs in PEI phase +# +# This module will initialize TPM device, measure reported FVs and BIOS version. # # Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -14,6 +16,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TrEEPei + MODULE_UNI_FILE = TrEEPei.uni FILE_GUID = CA5A1928-6523-409d-A9FE-5DCC87387222 MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -24,6 +27,9 @@ # # VALID_ARCHITECTURES = IA32 X64 IPF EBC # +# [BootMode] +# S3_RESUME ## SOMETIMES_CONSUMES +# [Sources] TrEEPei.c @@ -47,27 +53,30 @@ MemoryAllocationLib [Guids] - gTcgEventEntryHobGuid - gMeasuredFvHobGuid - gEfiTpmDeviceInstanceNoneGuid - gEfiTpmDeviceInstanceTpm12Guid + gTcgEventEntryHobGuid ## PRODUCES ## HOB + gMeasuredFvHobGuid ## PRODUCES ## HOB + gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier [Ppis] - gEfiPeiFirmwareVolumeInfoPpiGuid - gEfiPeiFirmwareVolumeInfo2PpiGuid - gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid - gPeiTpmInitializedPpiGuid - gEfiEndOfPeiSignalPpiGuid + gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES + gPeiTpmInitializedPpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy - gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES [Depex] gEfiPeiMasterBootModePpiGuid AND gEfiPeiReadOnlyVariable2PpiGuid AND gEfiTpmDeviceSelectedGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TrEEPeiExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf b/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf index bb251d423a..0436ba5c51 100644 --- a/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf +++ b/SecurityPkg/Tcg/TrEESmm/TrEESmm.inf @@ -1,5 +1,7 @@ ## @file -# This driver implements TPM2 definition block in ACPI table and +# Provides ACPI metholds for TPM 2.0 support +# +# This driver implements TPM 2.0 definition block in ACPI table and # registers SMI callback functions for TrEE physical presence and # MemoryClear to handle the requests from ACPI method. # @@ -7,7 +9,7 @@ # This driver will have external input - variable and ACPINvs data in SMM mode. # This external input must be validated carefully to avoid security issue. # -# Copyright (c) 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -20,6 +22,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = TrEESmm + MODULE_UNI_FILE = TrEESmm.uni FILE_GUID = 114B7105-6CC9-453c-BADC-16DF227BB4EF MODULE_TYPE = DXE_SMM_DRIVER PI_SPECIFICATION_VERSION = 0x0001000A @@ -48,24 +51,34 @@ Tpm2DeviceLib [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" gEfiTrEEPhysicalPresenceGuid + + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" gEfiMemoryOverwriteControlDataGuid - gEfiTpmDeviceInstanceTpm20DtpmGuid + + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier [Protocols] - gEfiSmmSwDispatch2ProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiSmmVariableProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiAcpiTableProtocolGuid # PROTOCOL ALWAYS_CONSUMED + gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + gEfiAcpiTableProtocolGuid ## CONSUMES [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES [Depex] gEfiAcpiTableProtocolGuid AND gEfiSmmSwDispatch2ProtocolGuid AND gEfiSmmVariableProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TrEESmmExtra.uni \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf index 541fff11fe..07e6163e8b 100644 --- a/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf +++ b/SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf @@ -1,7 +1,8 @@ ## @file -# Component description file for Password Credential Provider. +# Provides a password credential provider implementation +# This module provides a password credential provider implementation. # -# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +15,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = PwdCredentialProvider + MODULE_UNI_FILE = PwdCredentialProvider.uni FILE_GUID = D6C589EA-DD29-49ef-97F6-1A9FE19A04E0 MODULE_TYPE = UEFI_DRIVER VERSION_STRING = 1.0 @@ -44,11 +46,20 @@ BaseCryptLib [Guids] - gEfiUserCredentialClassPasswordGuid ## CONSUMES ## Guid - gPwdCredentialProviderGuid ## PRODUCES ## Guid - + gEfiUserCredentialClassPasswordGuid ## SOMETIMES_CONSUMES ## GUID + + ## PRODUCES ## Variable:L"PwdCredential" + ## CONSUMES ## Variable:L"PwdCredential" + ## CONSUMES ## HII + ## SOMETIMES_CONSUMES ## GUID # The credential provider identifier + gPwdCredentialProviderGuid + [Protocols] - gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiHiiConfigAccessProtocolGuid - gEfiUserCredential2ProtocolGuid - gEfiUserManagerProtocolGuid \ No newline at end of file + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiUserCredential2ProtocolGuid ## PRODUCES + gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES + +[UserExtensions.TianoCore."ExtraFiles"] + PwdCredentialProviderExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf index 02f8030362..87a66fbea0 100644 --- a/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf +++ b/SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf @@ -1,7 +1,11 @@ ## @file -# Component description file for USB Credential Provider. +# Provides a USB credential provider implementation # -# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# This module reads a token from a token file that is saved in the root +# folder of a USB stick. The token file name can be specified by the PCD +# PcdFixedUsbCredentialProviderTokenFileName. +# +# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +18,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = UsbCredentialProvider + MODULE_UNI_FILE = UsbCredentialProvider.uni FILE_GUID = 672A0C68-2BF0-46f9-93C3-C4E7DC0FA555 MODULE_TYPE = UEFI_DRIVER VERSION_STRING = 1.0 @@ -42,17 +47,24 @@ BaseCryptLib [Guids] - gUsbCredentialProviderGuid ## PRODUCES ## Guid - gEfiFileInfoGuid ## CONSUMES ## Guid - gEfiUserCredentialClassSecureCardGuid ## CONSUMES ## Guid + ## PRODUCES ## Variable:L"UsbCredential" + ## CONSUMES ## Variable:L"UsbCredential" + ## CONSUMES ## HII + ## SOMETIMES_CONSUMES ## GUID # The credential provider identifier + gUsbCredentialProviderGuid + + gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID + gEfiUserCredentialClassSecureCardGuid ## SOMETIMES_CONSUMES ## GUID [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName + gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName ## SOMETIMES_CONSUMES [Protocols] - gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiUserCredential2ProtocolGuid - gEfiUserManagerProtocolGuid - gEfiBlockIoProtocolGuid - gEfiSimpleFileSystemProtocolGuid + gEfiUserCredential2ProtocolGuid ## PRODUCES + gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES + +[UserExtensions.TianoCore."ExtraFiles"] + UsbCredentialProviderExtra.uni \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf index 4963c09d6f..ac23818660 100644 --- a/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf +++ b/SecurityPkg/UserIdentification/UserIdentifyManagerDxe/UserIdentifyManagerDxe.inf @@ -1,7 +1,9 @@ ## @file -# Component description file for user identify manager driver. +# Produces user manager protocol +# +# This module manages user information and produces user manager protocol. # -# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +16,7 @@ [defines] INF_VERSION = 0x00010005 BASE_NAME = UserIdentifyManager + MODULE_UNI_FILE = UserIdentifyManager.uni FILE_GUID = C5D3191B-27D5-4873-8DF2-628136991A21 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -43,22 +46,34 @@ UefiLib [Guids] - gEfiIfrTianoGuid ## CONSUMES ## Guid - gEfiEventUserProfileChangedGuid ## CONSUMES ## Guid - gUserIdentifyManagerGuid ## PRODUCES ## Guid + gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID + gEfiEventUserProfileChangedGuid ## SOMETIMES_PRODUCES ## Event + + ## SOMETIMES_PRODUCES ## Variable:L"Userxxxx" + ## SOMETIMES_CONSUMES ## Variable:L"Userxxxx" + ## CONSUMES ## HII + gUserIdentifyManagerGuid [Protocols] gEfiFormBrowser2ProtocolGuid ## CONSUMES gEfiHiiDatabaseProtocolGuid ## CONSUMES - gEfiUserCredential2ProtocolGuid ## CONSUMES - gEfiDeferredImageLoadProtocolGuid ## CONSUMES + gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiDeferredImageLoadProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleTextOutProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleTextInProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleTextInputExProtocolGuid ## SOMETIMES_CONSUMES gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiUserManagerProtocolGuid ## PRODUCES - gEfiSimpleTextOutProtocolGuid - gEfiSimpleTextInProtocolGuid - gEfiSimpleTextInputExProtocolGuid + gEfiDevicePathProtocolGuid ## PRODUCES + + ## PRODUCES + ## SOMETIMES_PRODUCES ## SystemTable + gEfiUserManagerProtocolGuid [Depex] gEfiHiiDatabaseProtocolGuid AND gEfiHiiStringProtocolGuid AND gEfiFormBrowser2ProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + UserIdentifyManagerExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf index 847aaa2156..619b2dd9f0 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileManagerDxe.inf @@ -1,7 +1,10 @@ ## @file -# Component description file for user profile manager driver. +# A UI tool to manage user profiles # -# Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
+# By this module, user can add/update/delete user profiles, and can also +# modify the user access policy and the user identification policy. +# +# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = UserProfileManager + MODULE_UNI_FILE = UserProfileManager.uni FILE_GUID = E38CB52D-A74D-45db-A8D0-290C9B21BBF2 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -47,18 +51,22 @@ UefiLib DevicePathLib - [Guids] - gEfiIfrTianoGuid ## CONSUMES ## Guid - gEfiUserInfoAccessSetupAdminGuid ## CONSUMES ## Guid - gEfiUserInfoAccessSetupNormalGuid ## CONSUMES ## Guid - gEfiUserInfoAccessSetupRestrictedGuid ## CONSUMES ## Guid - gUserProfileManagerGuid ## PRODUCES ## Guid +[Guids] + gEfiIfrTianoGuid ## SOMETIMES_CONSUMES ## GUID + gEfiUserInfoAccessSetupAdminGuid ## SOMETIMES_CONSUMES ## GUID + gEfiUserInfoAccessSetupNormalGuid ## SOMETIMES_CONSUMES ## GUID + gEfiUserInfoAccessSetupRestrictedGuid ## SOMETIMES_CONSUMES ## GUID + gUserProfileManagerGuid ## CONSUMES ## HII [Protocols] - gEfiDevicePathProtocolGuid # PROTOCOL ALWAYS_CONSUMED - gEfiHiiConfigAccessProtocolGuid - gEfiUserCredential2ProtocolGuid - gEfiUserManagerProtocolGuid + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiUserCredential2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiUserManagerProtocolGuid ## CONSUMES [Depex] - gEfiUserManagerProtocolGuid \ No newline at end of file + gEfiUserManagerProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + UserProfileManagerExtra.uni + \ No newline at end of file diff --git a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf index f6eece98d7..16caa30dad 100644 --- a/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf +++ b/SecurityPkg/VariableAuthenticated/EsalVariableDxeSal/EsalVariableDxeSal.inf @@ -1,8 +1,10 @@ ## @file -# Component description file for Extended SAL authentication variable -# service module. +# Provides authenticated variable service for IPF platform # -# Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.
+# This module installs variable arch protocol and variable write arch protocol to provide +# four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. +# +# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -15,6 +17,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = EsalVariableDxeSal + MODULE_UNI_FILE = EsalVariableDxeSal.uni FILE_GUID = 14610837-4E97-4427-96E0-21D9B2956996 MODULE_TYPE = DXE_SAL_DRIVER VERSION_STRING = 1.0 @@ -60,27 +63,43 @@ HobLib [Protocols] - gEfiFirmwareVolumeBlockProtocolGuid # PROTOCOL SOMETIMES_CONSUMED - gEfiFaultTolerantWriteProtocolGuid # PROTOCOL SOMETIMES_CONSUMED + gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES + gEfiFaultTolerantWriteProtocolGuid ## SOMETIMES_CONSUMES [Guids] + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## CONSUMES ## Variable:L"SetupMode" + ## PRODUCES ## Variable:L"SetupMode" + ## CONSUMES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"SignatureSupport" gEfiGlobalVariableGuid + + ## PRODUCES ## GUID # Variable store header + ## CONSUMES ## GUID # Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable gEfiAuthenticatedVariableGuid - gEfiEventVirtualAddressChangeGuid - gEfiCertRsa2048Sha256Guid + + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event + gEfiCertRsa2048Sha256Guid ## CONSUMES ## GUID # Unique ID for the format of the CertType. + + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" gEfiImageSecurityDatabaseGuid [Pcd.common] - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize - gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize - + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES + [FeaturePcd.common] - gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. [Depex] - gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid - + gEfiExtendedSalFvBlockServicesProtocolGuid AND gEfiFaultTolerantWriteProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + EsalVariableDxeSalExtra.uni \ No newline at end of file diff --git a/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf b/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf index 002bb04df4..fa0b5e9876 100644 --- a/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf +++ b/SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf @@ -1,5 +1,6 @@ ## @file -# The component description for PEI variable driver. +# Implements ReadOnly Variable Services required by PEIM and installs PEI ReadOnly Varaiable2 PPI +# This module implements ReadOnly Variable Services required by PEIM and installs PEI ReadOnly Varaiable2 PPI. # # Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -14,6 +15,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = PeiVariableAuth + MODULE_UNI_FILE = PeiVariableAuth.uni FILE_GUID = B1F7AF2F-2807-478c-A893-2BF4DDD1F62B MODULE_TYPE = PEIM VERSION_STRING = 1.0 @@ -44,24 +46,28 @@ PeiServicesLib [Guids] + ## CONSUMES ## GUID # Variable store header + ## SOMETIMES_CONSUMES ## HOB gEfiAuthenticatedVariableGuid + ## SOMETIMES_PRODUCES ## HOB + ## SOMETIMES_CONSUMES ## HOB gEfiVariableIndexTableGuid - gEfiSystemNvDataFvGuid - gEdkiiFaultTolerantWriteGuid + gEfiSystemNvDataFvGuid ## SOMETIMES_CONSUMES ## GUID + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB [Ppis] - gEfiPeiReadOnlyVariable2PpiGuid ## PRODUCES + gEfiPeiReadOnlyVariable2PpiGuid ## PRODUCES [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES [Depex] gEdkiiFaultTolerantWriteGuid -# -# [BootMode] -# RECOVERY ## CONSUMES -# +# [BootMode] +# RECOVERY_FULL ## SOMETIMES_CONSUMES +[UserExtensions.TianoCore."ExtraFiles"] + PeiVariableExtra.uni \ No newline at end of file diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf index 41e85c0156..593c906085 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf @@ -1,10 +1,13 @@ ## @file -# Component description file for Authenticated Variable module. +# Provides authenticated variable service +# +# This module installs variable arch protocol and variable write arch protocol to provide +# variable services: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo. # # Caution: This module requires additional review when modified. # This driver will have external input - variable data. -# This external input must be validated carefully to avoid security issue like -# buffer overflow, integer overflow. +# This external input must be validated carefully to avoid security issues such as +# buffer overflow or integer overflow. # # Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -19,6 +22,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = VariableAuthRuntimeDxe + MODULE_UNI_FILE = VariableAuthRuntimeDxe.uni FILE_GUID = 2226F30F-3D5B-402d-9936-A97184EB4516 MODULE_TYPE = DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 @@ -65,51 +69,82 @@ TpmMeasurementLib [Protocols] - gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES - gEfiVariableWriteArchProtocolGuid ## ALWAYS_PRODUCES - gEfiVariableArchProtocolGuid ## ALWAYS_PRODUCES - gEfiFaultTolerantWriteProtocolGuid ## SOMETIMES_CONSUMES - gEdkiiVariableLockProtocolGuid ## ALWAYS_PRODUCES + gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiFaultTolerantWriteProtocolGuid + gEfiVariableWriteArchProtocolGuid ## PRODUCES + gEfiVariableArchProtocolGuid ## PRODUCES + gEdkiiVariableLockProtocolGuid ## PRODUCES + [Guids] - gEfiAuthenticatedVariableGuid ## PRODUCES ## Configuration Table Guid - gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid - gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event - gEfiCertTypeRsa2048Sha256Guid + ## PRODUCES ## GUID # Variable store header + ## CONSUMES ## GUID # Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport" + ## CONSUMES ## Variable:L"SetupMode" + ## PRODUCES ## Variable:L"SetupMode" + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## CONSUMES ## Variable:L"SecureBoot" + ## PRODUCES ## Variable:L"SecureBoot" + ## CONSUMES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"VendorKeys" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" gEfiImageSecurityDatabaseGuid - gEfiCertX509Guid - gEfiCertPkcs7Guid - gEfiCertRsa2048Guid + + ## CONSUMES ## Variable:L"SecureBootEnable" + ## PRODUCES ## Variable:L"SecureBootEnable" gEfiSecureBootEnableDisableGuid + + ## CONSUMES ## Variable:L"CustomMode" + ## PRODUCES ## Variable:L"CustomMode" gEfiCustomModeEnableGuid - gEfiVendorKeysNvGuid - gEfiSystemNvDataFvGuid ## CONSUMES + + ## CONSUMES ## Variable:L"certdb" + ## PRODUCES ## Variable:L"certdb" gEfiCertDbGuid - gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES - gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event - gEdkiiFaultTolerantWriteGuid ## CONSUMES + + ## CONSUMES ## Variable:L"VendorKeysNv" + ## PRODUCES ## Variable:L"VendorKeysNv" + gEfiVendorKeysNvGuid + + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event + gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiSystemNvDataFvGuid ## CONSUMES ## GUID + gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize - gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES [FeaturePcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. - gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang [Depex] TRUE -# [Event] -# ## -# # Event will be signaled for VIRTUAL_ADDRESS_CHANGE event. -# # -# EVENT_TYPE_NOTIFY_SIGNAL ## PRODUCES -# -# - +[UserExtensions.TianoCore."ExtraFiles"] + VariableRuntimeDxeExtra.uni diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf index 0e3fc514b4..279a9248e2 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf @@ -1,18 +1,18 @@ ## @file -# Component description file for SMM Authenticated Variable module. +# Provides SMM authenticated variable service # # This module installs SMM variable protocol into SMM protocol database, # which can be used by SMM driver, and installs SMM variable protocol # into BS protocol database, which can be used to notify the SMM Runtime # Dxe driver that the SMM variable service is ready. # This module should be used with SMM Runtime DXE module together. The -# SMM Runtime DXE module would install variable arch protocol and variable +# SMM Runtime DXE module installs variable arch protocol and variable # write arch protocol based on SMM variable module. # # Caution: This module requires additional review when modified. # This driver will have external input - variable data and communicate buffer in SMM mode. -# This external input must be validated carefully to avoid security issue like -# buffer overflow, integer overflow. +# This external input must be validated carefully to avoid security issues such as +# buffer overflow or integer overflow. # # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -27,6 +27,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = VariableAuthSmm + MODULE_UNI_FILE = VariableAuthSmm.uni FILE_GUID = D34BDC5E-968A-40f5-A48C-E594F45AE211 MODULE_TYPE = DXE_SMM_DRIVER VERSION_STRING = 1.0 @@ -69,43 +70,83 @@ HobLib [Protocols] - gEfiSmmFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES - gEfiSmmVariableProtocolGuid ## ALWAYS_PRODUCES - gEfiSmmFaultTolerantWriteProtocolGuid ## SOMETIMES_CONSUMES - gEfiSmmAccess2ProtocolGuid ## ALWAYS_CONSUMES - gEfiSmmEndOfDxeProtocolGuid ## ALWAYS_CONSUMES + gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES + gEfiSmmAccess2ProtocolGuid ## CONSUMES + + ## PRODUCES + ## UNDEFINED # SmiHandlerRegister + gEfiSmmVariableProtocolGuid + + ## CONSUMES + ## NOTIFY + gEfiSmmFaultTolerantWriteProtocolGuid + gEfiSmmEndOfDxeProtocolGuid ## NOTIFY [Guids] - gEfiAuthenticatedVariableGuid ## PRODUCES ## Configuration Table Guid - gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid - gSmmVariableWriteGuid ## PRODUCES ## SMM Variable Write Guid - gEfiCertTypeRsa2048Sha256Guid + ## PRODUCES ## GUID # Variable store header + ## CONSUMES ## GUID # Variable store header + ## SOMETIMES_CONSUMES ## HOB + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport" + ## CONSUMES ## Variable:L"SetupMode" + ## PRODUCES ## Variable:L"SetupMode" + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## CONSUMES ## Variable:L"SecureBoot" + ## PRODUCES ## Variable:L"SecureBoot" + ## CONSUMES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"VendorKeys" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" gEfiImageSecurityDatabaseGuid - gEfiCertX509Guid - gEfiCertPkcs7Guid - gEfiCertRsa2048Guid + + ## CONSUMES ## Variable:L"SecureBootEnable" + ## PRODUCES ## Variable:L"SecureBootEnable" gEfiSecureBootEnableDisableGuid + + ## CONSUMES ## Variable:L"CustomMode" + ## PRODUCES ## Variable:L"CustomMode" gEfiCustomModeEnableGuid - gEfiVendorKeysNvGuid - gEfiSystemNvDataFvGuid ## CONSUMES + + ## CONSUMES ## Variable:L"certdb" + ## PRODUCES ## Variable:L"certdb" gEfiCertDbGuid - gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES - gEdkiiFaultTolerantWriteGuid ## CONSUMES + ## CONSUMES ## Variable:L"VendorKeysNv" + ## PRODUCES ## Variable:L"VendorKeysNv" + gEfiVendorKeysNvGuid + + gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol + gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData. + gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData. + gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiSystemNvDataFvGuid ## CONSUMES ## GUID + gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB + [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize - gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize - + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES + [FeaturePcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. - gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang [Depex] TRUE - - + +[UserExtensions.TianoCore."ExtraFiles"] + VariableSmmExtra.uni \ No newline at end of file diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf index 5dd932d6d3..f0dfa89810 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf @@ -1,14 +1,13 @@ ## @file -# Component description file for Authenticated Variable SmmRuntimeDxe module. +# Runtime DXE part corresponding to SMM authenticated variable module # -# This module is the Runtime DXE part correspond to SMM variable module. It -# installs variable arch protocol and variable write arch protocol and works -# with SMM variable module together. +# This module installs variable arch protocol and variable write arch protocol to provide +# variable service. This module need work together with SMM authenticated variable module. # # Caution: This module requires additional review when modified. # This driver will have external input - variable data. -# This external input must be validated carefully to avoid security issue like -# buffer overflow, integer overflow. +# This external input must be validated carefully to avoid security issues such as +# buffer overflow or integer overflow. # # Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials @@ -23,6 +22,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = VariableAuthSmmRuntimeDxe + MODULE_UNI_FILE = VariableAuthSmmRuntimeDxe.uni FILE_GUID = 067E2381-7234-4798-B49C-D5FECBFF6D07 MODULE_TYPE = DXE_RUNTIME_DRIVER VERSION_STRING = 1.0 @@ -57,21 +57,41 @@ TpmMeasurementLib [Protocols] - gEfiVariableWriteArchProtocolGuid ## ALWAYS_PRODUCES - gEfiVariableArchProtocolGuid ## ALWAYS_PRODUCES - gEfiSmmCommunicationProtocolGuid + gEfiVariableWriteArchProtocolGuid ## PRODUCES + gEfiVariableArchProtocolGuid ## PRODUCES + gEfiSmmCommunicationProtocolGuid ## CONSUMES + gEdkiiVariableLockProtocolGuid ## PRODUCES + + ## CONSUMES + ## NOTIFY + ## UNDEFINED # Used to do smm communication gEfiSmmVariableProtocolGuid - gEdkiiVariableLockProtocolGuid ## ALWAYS_PRODUCES [Guids] - gEfiEventVirtualAddressChangeGuid ## PRODUCES ## Event + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + + ## CONSUMES ## UNDEFINED # Locate protocol + ## CONSUMES ## UNDEFINED # Protocol notify gSmmVariableWriteGuid + + + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" gEfiImageSecurityDatabaseGuid [Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase - + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## CONSUMES + [Depex] gEfiSmmCommunicationProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + VariableSmmRuntimeDxeExtra.uni diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf index 071ca30338..e6d21f5e69 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -1,7 +1,8 @@ ## @file -# Component name for SecureBoot configuration module. +# Provides the capbility to configure secure boot in a setup browser +# By this module, user may change the content of DB, DBX, PK and KEK. # -# Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.
+# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -14,6 +15,7 @@ [Defines] INF_VERSION = 0x00010005 BASE_NAME = SecureBootConfigDxe + MODULE_UNI_FILE = SecureBootConfigDxe.uni FILE_GUID = F0E6A44F-7195-41c3-AC64-54F202CD0A21 MODULE_TYPE = DXE_DRIVER VERSION_STRING = 1.0 @@ -57,31 +59,64 @@ DevicePathLib [Guids] - gEfiIfrTianoGuid + ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" + ## SOMETIMES_PRODUCES ## Variable:L"CustomMode" gEfiCustomModeEnableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"SecureBootEnable" + ## SOMETIMES_PRODUCES ## Variable:L"SecureBootEnable" gEfiSecureBootEnableDisableGuid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertRsa2048Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha1Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha256Guid + + ## SOMETIMES_CONSUMES ## Variable:L"db" + ## SOMETIMES_PRODUCES ## Variable:L"db" + ## SOMETIMES_CONSUMES ## Variable:L"dbx" + ## SOMETIMES_PRODUCES ## Variable:L"dbx" + gEfiImageSecurityDatabaseGuid + + ## SOMETIMES_CONSUMES ## Variable:L"SetupMode" + ## SOMETIMES_PRODUCES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_PRODUCES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + gEfiGlobalVariableGuid + + gEfiIfrTianoGuid ## PRODUCES ## GUID # HII opcode + ## PRODUCES ## HII + ## CONSUMES ## HII gSecureBootConfigFormSetGuid - gEfiCertPkcs7Guid - gEfiCertRsa2048Guid ## CONSUMES - gEfiCertX509Guid ## CONSUMES - gEfiCertSha1Guid ## CONSUMES - gEfiCertSha256Guid ## CONSUMES - gEfiCertTypeRsa2048Sha256Guid ## CONSUMES - gEfiImageSecurityDatabaseGuid ## CONSUMES - gEfiFileSystemVolumeLabelInfoIdGuid ## CONSUMES - gEfiGlobalVariableGuid ## PRODUCES ## Variable Guid - gEfiFileInfoGuid ## CONSUMES ## GUID + gEfiCertPkcs7Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate. + gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiFileSystemVolumeLabelInfoIdGuid ## SOMETIMES_CONSUMES ## GUID # Indicate the information type + gEfiFileInfoGuid ## SOMETIMES_CONSUMES ## GUID # Indicate the information type [Protocols] gEfiHiiConfigAccessProtocolGuid ## PRODUCES - gEfiHiiConfigRoutingProtocolGuid ## CONSUMES - gEfiSimpleFileSystemProtocolGuid ## PROTOCOL CONSUMES - gEfiLoadFileProtocolGuid ## PROTOCOL CONSUMES - gEfiBlockIoProtocolGuid ## PROTOCOL CONSUMES - gEfiDevicePathProtocolGuid ## PROTOCOL CONSUMES + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES [Depex] gEfiHiiConfigRoutingProtocolGuid AND gEfiHiiDatabaseProtocolGuid AND gEfiVariableArchProtocolGuid AND gEfiVariableWriteArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + SecureBootConfigDxeExtra.uni + \ No newline at end of file -- 2.39.2