From nobody Mon Feb  9 15:09:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12
 as permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+55941+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+55941+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1584497588; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Jd+mkZyfL65aK5W4DuO4Cgi1GiNlp8Zh79PGcbnrU6WMho3Au2S7+akPhgIE8Purblf83ANai1t4DtOc8KHmhjnwNCIqAWfIvm6iXl/zrJhaHabfhpXnuQJ212XjxT1QZYuRnIzD0mcn9dh7fcyHtRK5PZTblywkbfdx3lZU7eA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1584497588;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=302BjJd7qK7si+AsRerEr6ZPav5lil9sDTou14kbBV4=;
	b=Riez+qAK7FcbsHSdFamcSFVqe0iEUWrEaAM+AB+r34bD1ksnB6Pyw6sik1dm0dx62dy5Wz46IkOmF2OuCfx2CCcIwZMw6zFW+QoBosHXo8Makps5j4gfXdemNPLjwWwobxacjZNl6rfSvfhCe9FRBu1ni02TW2vGFdnv5QQkD7A=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as
 permitted sender)
  smtp.mailfrom=bounce+27952+55941+1787277+3901457@groups.io;
	dmarc=fail header.from=<jian.j.wang@intel.com> (p=none dis=none)
 header.from=<jian.j.wang@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1584497588784263.7874291674683;
 Tue, 17 Mar 2020 19:13:08 -0700 (PDT)
Return-Path: <bounce+27952+55941+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id K0LnYY1788612x1qLQouJ45i;
 Tue, 17 Mar 2020 19:13:08 -0700
X-Received: from mga05.intel.com (mga05.intel.com [])
 by mx.groups.io with SMTP id smtpd.web12.7032.1584497586625273837
 for <devel@edk2.groups.io>;
 Tue, 17 Mar 2020 19:13:08 -0700
IronPort-SDR: 
 Fw2csFVAEAOpKnh6b7jna7Bzp0BCeZ3vn0CKKl+rcP7ZGLxJdhEPgm2nZwe+Fu7QsEAhyjllmi
 6T3zZ5AazNXg==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 17 Mar 2020 19:13:07 -0700
IronPort-SDR: 
 tmCbyamFeIAaN05uS42NbTLNvd5ei1w2PHTWfoervqKHSz/NNGTxPuJs7OGq/eWtqQh/r482OM
 YXOuavLI2DCg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.70,565,1574150400";
   d="scan'208";a="279593278"
X-Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78])
  by fmsmga002.fm.intel.com with ESMTP; 17 Mar 2020 19:13:06 -0700
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>,
	Nishant C Mistry <nishant.c.mistry@intel.com>
Subject: [edk2-devel] [PATCH v3 1/3] SecurityPkg: add RpmcLib and
 VariableKeyLib public headers
Date: Wed, 18 Mar 2020 10:13:02 +0800
Message-Id: <20200318021304.2014-2-jian.j.wang@intel.com>
In-Reply-To: <20200318021304.2014-1-jian.j.wang@intel.com>
References: <20200318021304.2014-1-jian.j.wang@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jian.j.wang@intel.com
X-Gm-Message-State: oHE9293qBQDNnc9g1XkjQO3Dx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1584497588;
 bh=0rEscS/7/RFROOjkHnki+WI7e/YE5O8ezRxOedRXh8k=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=CY+1qmL5LdfZMeBAzch0nrS4bb9GhBqMydow85LDY/fSWxwtEmRvh1AnbjHC+zFPU1G
 x0UIz/Qw2OHHA1yyJGJI9BmkdQ38u0gX6Q2hyq7XDfi5HEBsGBOQxedhChRcPT8zcEU76
 XTyWboRTQ563Sqn3j5SW/tVcmDhnN0TszCg=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Type: text/plain; charset="utf-8"

> v3: update retval description in RpmcLib.h

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594

RpmcLib.h and VariableKeyLib.h are header files required to access RPMC
device and Key generator from platform. They will be used to ensure the
integrity and confidentiality of NV variables.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 SecurityPkg/Include/Library/RpmcLib.h        | 46 +++++++++++++++
 SecurityPkg/Include/Library/VariableKeyLib.h | 59 ++++++++++++++++++++
 SecurityPkg/SecurityPkg.dec                  |  8 +++
 3 files changed, 113 insertions(+)
 create mode 100644 SecurityPkg/Include/Library/RpmcLib.h
 create mode 100644 SecurityPkg/Include/Library/VariableKeyLib.h

diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Li=
brary/RpmcLib.h
new file mode 100644
index 0000000000..f548ad2c9f
--- /dev/null
+++ b/SecurityPkg/Include/Library/RpmcLib.h
@@ -0,0 +1,46 @@
+/** @file
+  Public definitions for the Replay Protected Monotonic Counter (RPMC) Lib=
rary.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _RPMC_LIB_H_
+#define _RPMC_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+  Requests the current monotonic counter from the designated RPMC counter.
+
+  @param[in]    CounterId               Monotonic Counter Id.
+  @param[out]   CounterValue            A pointer to a buffer to store the=
 RPMC value.
+
+  @retval       EFI_SUCCESS             The operation completed successful=
ly.
+  @retval       EFI_DEVICE_ERROR        A device error occurred while atte=
mpting to update the counter.
+  @retval       EFI_UNSUPPORTED         The operation is un-supported.
+**/
+EFI_STATUS
+EFIAPI
+RequestMonotonicCounter (
+  IN  UINT8   CounterId,
+  OUT UINT32  *CounterValue
+  );
+
+/**
+  Increments the designated monotonic counter in the SPI flash device by 1.
+
+  @param[in]    CounterId              Monotonic Counter Id.
+
+  @retval       EFI_SUCCESS             The operation completed successful=
ly.
+  @retval       EFI_DEVICE_ERROR        A device error occurred while atte=
mpting to update the counter.
+  @retval       EFI_UNSUPPORTED         The operation is un-supported.
+**/
+EFI_STATUS
+EFIAPI
+IncrementMonotonicCounter (
+  IN  UINT8   CounterId
+  );
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Inc=
lude/Library/VariableKeyLib.h
new file mode 100644
index 0000000000..fe642b3d66
--- /dev/null
+++ b/SecurityPkg/Include/Library/VariableKeyLib.h
@@ -0,0 +1,59 @@
+/** @file
+  Public definitions for Variable Key Library.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _VARIABLE_KEY_LIB_H_
+#define _VARIABLE_KEY_LIB_H_
+
+#include <Uefi/UefiBaseType.h>
+
+/**
+  Retrieves the variable root key.
+
+  @param[out]     VariableRootKey         A pointer to pointer for the var=
iable root key buffer.
+  @param[in,out]  VariableRootKeySize     The size in bytes of the variabl=
e root key.
+
+  @retval       EFI_SUCCESS             The variable root key was returned.
+  @retval       EFI_DEVICE_ERROR        An error occurred while attempting=
 to get the variable root key.
+  @retval       EFI_ACCESS_DENIED       The function was invoked after loc=
king the key interface.
+  @retval       EFI_UNSUPPORTED         The variable root key is not suppo=
rted in the current boot configuration.
+**/
+EFI_STATUS
+EFIAPI
+GetVariableRootKey (
+      OUT VOID    **VariableRootKey,
+  IN  OUT UINTN   *VariableRootKeySize
+  );
+
+/**
+  Regenerates the variable root key.
+
+  @retval       EFI_SUCCESS             The variable root key was regenera=
ted successfully.
+  @retval       EFI_DEVICE_ERROR        An error occurred while attempting=
 to regenerate the root key.
+  @retval       EFI_ACCESS_DENIED       The function was invoked after loc=
king the key interface.
+  @retval       EFI_UNSUPPORTED         Key regeneration is not supported =
in the current boot configuration.
+**/
+EFI_STATUS
+EFIAPI
+RegenerateKey (
+  VOID
+  );
+
+/**
+  Locks the regenerate key interface.
+
+  @retval       EFI_SUCCESS             The key interface was locked succe=
ssfully.
+  @retval       EFI_UNSUPPORTED         Locking the key interface is not s=
upported in the current boot configuration.
+  @retval       Others                  An error occurred while attempting=
 to lock the key interface.
+**/
+EFI_STATUS
+EFIAPI
+LockKeyInterface (
+  VOID
+  );
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 5335cc5397..2cdfb02cc5 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -76,6 +76,14 @@
   #
   TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h
=20
+  ## @libraryclass  Provides interfaces to access RPMC device.
+  #
+  RpmcLib|Include/Library/RpmcLib.h
+
+  ## @libraryclass  Provides interfaces to access variable root key.
+  #
+  VariableKeyLib|Include/Library/VariableKeyLib.h
+
 [Guids]
   ## Security package token space guid.
   # Include/Guid/SecurityPkgTokenSpace.h
--=20
2.24.0.windows.2


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#55941): https://edk2.groups.io/g/devel/message/55941
Mute This Topic: https://groups.io/mt/72040979/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-