Add security package to repository.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12261 6f19259b-4bc3-4df7-8a09-765794883524
author: gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524> 2011-09-02 07:49:32 +0000
committer: gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524> 2011-09-02 07:49:32 +0000
commit: 0c18794ea4289f03fefc7117b56740414cc0536c (patch)
tree: 4e51c5cc23c69a67cead8c58464da870daa4c029 /SecurityPkg/Include/Guid
parent: 986d1dfb0813d6a7623531e85c2e2a7e1f956cf8 (diff)
download: edk2-0c18794ea4289f03fefc7117b56740414cc0536c.tar.gz
edk2-0c18794ea4289f03fefc7117b56740414cc0536c.tar.bz2
edk2-0c18794ea4289f03fefc7117b56740414cc0536c.zip
4 files changed, 305 insertions, 0 deletions
diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
new file mode 100644
index 0000000000..245339c3df
--- /dev/null
+++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
@@ -0,0 +1,174 @@
+/** @file
+  The variable data structures are related to EDKII-specific 
+  implementation of UEFI authenticated variables.
+  AuthenticatedVariableFormat.h defines variable data headers 
+  and variable storage region headers.
+
+Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__
+#define __AUTHENTICATED_VARIABLE_FORMAT_H__
+
+#define EFI_AUTHENTICATED_VARIABLE_GUID \
+  { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+
+extern EFI_GUID gEfiAuthenticatedVariableGuid;
+
+///
+/// Alignment of variable name and data, according to the architecture:
+/// * For IA-32 and Intel(R) 64 architectures: 1.
+/// * For IA-64 architecture: 8.
+///
+#if defined (MDE_CPU_IPF)
+#define ALIGNMENT         8
+#else
+#define ALIGNMENT         1
+#endif
+
+//
+// GET_PAD_SIZE calculates the miminal pad bytes needed to make the current pad size satisfy the alignment requirement.
+//
+#if (ALIGNMENT == 1)
+#define GET_PAD_SIZE(a) (0)
+#else
+#define GET_PAD_SIZE(a) (((~a) + 1) & (ALIGNMENT - 1))
+#endif
+
+///
+/// Alignment of Variable Data Header in Variable Store region.
+///
+#define HEADER_ALIGNMENT  4
+#define HEADER_ALIGN(Header)  (((UINTN) (Header) + HEADER_ALIGNMENT - 1) & (~(HEADER_ALIGNMENT - 1)))
+
+///
+/// Status of Variable Store Region.
+///
+typedef enum {
+  EfiRaw,
+  EfiValid,
+  EfiInvalid,
+  EfiUnknown
+} VARIABLE_STORE_STATUS;
+
+#pragma pack(1)
+
+#define VARIABLE_STORE_SIGNATURE  EFI_AUTHENTICATED_VARIABLE_GUID
+
+///
+/// Variable Store Header Format and State.
+///
+#define VARIABLE_STORE_FORMATTED          0x5a
+#define VARIABLE_STORE_HEALTHY            0xfe
+
+///
+/// Variable Store region header.
+///
+typedef struct {
+  ///
+  /// Variable store region signature.
+  ///
+  EFI_GUID  Signature;
+  ///
+  /// Size of entire variable store, 
+  /// including size of variable store header but not including the size of FvHeader.
+  ///
+  UINT32  Size;
+  ///
+  /// Variable region format state.
+  ///
+  UINT8   Format;
+  ///
+  /// Variable region healthy state.
+  ///
+  UINT8   State;
+  UINT16  Reserved;
+  UINT32  Reserved1;
+} VARIABLE_STORE_HEADER;
+
+///
+/// Variable data start flag.
+///
+#define VARIABLE_DATA                     0x55AA
+
+///
+/// Variable State flags.
+///
+#define VAR_IN_DELETED_TRANSITION     0xfe  ///< Variable is in obsolete transition.
+#define VAR_DELETED                   0xfd  ///< Variable is obsolete.
+#define VAR_HEADER_VALID_ONLY         0x7f  ///< Variable header has been valid.
+#define VAR_ADDED                     0x3f  ///< Variable has been completely added.
+
+///
+/// Single Variable Data Header Structure.
+///
+typedef struct {
+  ///
+  /// Variable Data Start Flag.
+  ///
+  UINT16      StartId;
+  ///
+  /// Variable State defined above.
+  ///
+  UINT8       State;
+  UINT8       Reserved;
+  ///
+  /// Attributes of variable defined in UEFI specification.
+  ///
+  UINT32      Attributes;
+  ///
+  /// Associated monotonic count value against replay attack.
+  ///
+  UINT64      MonotonicCount;
+  ///
+  /// Associated TimeStamp value against replay attack. 
+  ///
+  EFI_TIME    TimeStamp;
+  ///
+  /// Index of associated public key in database.
+  ///
+  UINT32      PubKeyIndex;
+  ///
+  /// Size of variable null-terminated Unicode string name.
+  ///
+  UINT32      NameSize;
+  ///
+  /// Size of the variable data without this header.
+  ///
+  UINT32      DataSize;
+  ///
+  /// A unique identifier for the vendor that produces and consumes this varaible.
+  ///
+  EFI_GUID    VendorGuid;
+} VARIABLE_HEADER;
+
+#pragma pack()
+
+typedef struct _VARIABLE_INFO_ENTRY  VARIABLE_INFO_ENTRY;
+
+///
+/// This structure contains the variable list that is put in EFI system table.
+/// The variable driver collects all variables that were used at boot service time and produces this list.
+/// This is an optional feature to dump all used variables in shell environment. 
+///
+struct _VARIABLE_INFO_ENTRY {
+  VARIABLE_INFO_ENTRY *Next;       ///< Pointer to next entry.
+  EFI_GUID            VendorGuid;  ///< Guid of Variable.
+  CHAR16              *Name;       ///< Name of Variable. 
+  UINT32              Attributes;  ///< Attributes of variable defined in UEFI spec.
+  UINT32              ReadCount;   ///< Number of times to read this variable.
+  UINT32              WriteCount;  ///< Number of times to write this variable.
+  UINT32              DeleteCount; ///< Number of times to delete this variable.
+  UINT32              CacheCount;  ///< Number of times that cache hits this variable.
+  BOOLEAN             Volatile;    ///< TRUE if volatile, FALSE if non-volatile.
+};
+
+#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__
diff --git a/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
new file mode 100644
index 0000000000..1ae8095e54
--- /dev/null
+++ b/SecurityPkg/Include/Guid/PhysicalPresenceData.h
@@ -0,0 +1,76 @@
+/** @file
+  Define the variable data structures used for TCG physical presence.
+  The TPM request from firmware or OS is saved to variable. And it is
+  cleared after it is processed in the next boot cycle. The TPM response 
+  is saved to variable.
+
+Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __PHYSICAL_PRESENCE_DATA_GUID_H__
+#define __PHYSICAL_PRESENCE_DATA_GUID_H__
+
+#define EFI_PHYSICAL_PRESENCE_DATA_GUID \
+  { \
+    0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }\
+  }
+
+#define PHYSICAL_PRESENCE_VARIABLE  L"PhysicalPresence"
+
+typedef struct {
+  UINT8   PPRequest;      ///< Physical Presence request command.
+  UINT8   LastPPRequest;
+  UINT32  PPResponse;
+  UINT8   Flags;
+} EFI_PHYSICAL_PRESENCE;
+
+//
+// The definition bit of the flags
+//
+#define FLAG_NO_PPI_PROVISION                    BIT0
+#define FLAG_NO_PPI_CLEAR                        BIT1
+#define FLAG_NO_PPI_MAINTENANCE                  BIT2
+#define FLAG_RESET_TRACK                         BIT3
+
+#define H2NS(x)        ((((x) << 8) | ((x) >> 8)) & 0xffff)
+#define H2NL(x)        (H2NS ((x) >> 16) | (H2NS ((x) & 0xffff) << 16))
+
+//
+// The definition of physical presence operation actions
+//
+#define NO_ACTION                               0
+#define ENABLE                                  1
+#define DISABLE                                 2
+#define ACTIVATE                                3
+#define DEACTIVATE                              4 
+#define CLEAR                                   5
+#define ENABLE_ACTIVATE                         6
+#define DEACTIVATE_DISABLE                      7
+#define SET_OWNER_INSTALL_TRUE                  8
+#define SET_OWNER_INSTALL_FALSE                 9
+#define ENABLE_ACTIVATE_OWNER_TRUE              10
+#define DEACTIVATE_DISABLE_OWNER_FALSE          11
+#define DEFERRED_PP_UNOWNERED_FIELD_UPGRADE     12
+#define SET_OPERATOR_AUTH                       13
+#define CLEAR_ENABLE_ACTIVATE                   14
+#define SET_NO_PPI_PROVISION_FALSE              15
+#define SET_NO_PPI_PROVISION_TRUE               16
+#define SET_NO_PPI_CLEAR_FALSE                  17
+#define SET_NO_PPI_CLEAR_TRUE                   18
+#define SET_NO_PPI_MAINTENANCE_FALSE            19
+#define SET_NO_PPI_MAINTENANCE_TRUE             20
+#define ENABLE_ACTIVATE_CLEAR                   21
+#define ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE   22
+
+extern EFI_GUID  gEfiPhysicalPresenceGuid;
+
+#endif
+
diff --git a/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h
new file mode 100644
index 0000000000..b1b7666f18
--- /dev/null
+++ b/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h
@@ -0,0 +1,25 @@
+/** @file
+  GUID for SecurityPkg PCD Token Space.
+
+Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _SECURITYPKG_TOKEN_SPACE_GUID_H_
+#define _SECURITYPKG_TOKEN_SPACE_GUID_H_
+
+#define SECURITYPKG_TOKEN_SPACE_GUID \
+  { \
+    0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba } \
+  }
+
+extern EFI_GUID gEfiSecurityPkgTokenSpaceGuid;
+
+#endif
diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h b/SecurityPkg/Include/Guid/TcgEventHob.h
new file mode 100644
index 0000000000..e88bd3a5f4
--- /dev/null
+++ b/SecurityPkg/Include/Guid/TcgEventHob.h
@@ -0,0 +1,30 @@
+/** @file
+  Defines the HOB GUID used to pass a TCG_PCR_EVENT from a TPM PEIM to 
+  a TPM DXE Driver. A GUIDed HOB is generated for each measurement 
+  made in the PEI Phase.
+    
+Copyright (c) 2007 - 2010, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials 
+are licensed and made available under the terms and conditions of the BSD License 
+which accompanies this distribution.  The full text of the license may be found at 
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_EVENT_HOB_H_
+#define _TCG_EVENT_HOB_H_
+
+///
+/// The Global ID of a GUIDed HOB used to pass a TCG_PCR_EVENT from a TPM PEIM to a TPM DXE Driver.
+///
+#define EFI_TCG_EVENT_HOB_GUID \
+  { \
+    0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 } \
+  }
+
+extern EFI_GUID gTcgEventEntryHobGuid;
+
+#endif
author	gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>	2011-09-02 07:49:32 +0000
committer	gdong1 <gdong1@6f19259b-4bc3-4df7-8a09-765794883524>	2011-09-02 07:49:32 +0000
commit	0c18794ea4289f03fefc7117b56740414cc0536c (patch)
tree	4e51c5cc23c69a67cead8c58464da870daa4c029 /SecurityPkg/Include/Guid
parent	986d1dfb0813d6a7623531e85c2e2a7e1f956cf8 (diff)
download	edk2-0c18794ea4289f03fefc7117b56740414cc0536c.tar.gz edk2-0c18794ea4289f03fefc7117b56740414cc0536c.tar.bz2 edk2-0c18794ea4289f03fefc7117b56740414cc0536c.zip