From nobody Fri May 10 08:37:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+66865+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+66865+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1604335253; cv=none; d=zohomail.com; s=zohoarc; b=QEt9+sEtPKRrZ27mg/lkHCq4rzHGikoG159lIyjWimeVAPy4tqobs/v3y1hprrV2PAJzK5N8u+ydls6kB1GeW/Fm7pkRjDpu6wZmw5rBcK5gdv37hqOohcZsJ3HvF7ym1XvtNfA7lPc8GYWGvFolq19dg/xg3jNExX1dgBkP/rE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1604335253; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=Uk/1+Wb3QoBCxJ/4YEbZnI4li6/NRJB6VSWhsC7EtRE=; b=WOb5cYyS2g+BSas+4fkGL3ai5WxWFp+RLe3z1eXUw2wwdezM93Uk04CW2iaV+Cwu5bfuHmG0wPlwQhTm4emUn9LGrkQzvb/zO6iXrNEtGlXYSuKrS/kLg6y+NLX7iAWJFR4OKWLky6RAV48v+l2RoDz4NHZAdoRj0uO2HxV0YD4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+66865+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 16043352529731.2738572333843194; Mon, 2 Nov 2020 08:40:52 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id I6fcYY1788612xZ2afgE1qKL; Mon, 02 Nov 2020 08:40:52 -0800 X-Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web09.1076.1604335252070403174 for ; Mon, 02 Nov 2020 08:40:52 -0800 IronPort-SDR: poKk3dvbD+aMnAmqY6ZTye5/nRtljzbysCxi1lJ1oAOnhiFr97oTa3lCAoLxuoLy0Co/rs7MuM suuGwSnt5Rvw== X-IronPort-AV: E=McAfee;i="6000,8403,9793"; a="166321409" X-IronPort-AV: E=Sophos;i="5.77,445,1596524400"; d="scan'208";a="166321409" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2020 08:40:51 -0800 IronPort-SDR: y9lkWTt5Y294fREcjjxxOZ4lOXf4hQtRrxgVNLNTq1T0IyrIO9wYIKGVc06uz85gm6tI37rkOk ICpK6PsmAuNg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,445,1596524400"; d="scan'208";a="538085143" X-Received: from shwdeopensfp777.ccr.corp.intel.com ([10.239.158.78]) by orsmga005.jf.intel.com with ESMTP; 02 Nov 2020 08:40:49 -0800 From: "Wang, Jian J" To: devel@edk2.groups.io Cc: Xiaoyu Lu , Jiewen Yao , Guomin Jiang , Nishant C Mistry Subject: [edk2-devel] [PATCH] SecurityPkg/SecurityPkg.dec: add PCD for status of variable integrity Date: Tue, 3 Nov 2020 00:40:49 +0800 Message-Id: <20201102164049.189-1-jian.j.wang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jian.j.wang@intel.com X-Gm-Message-State: J3FQSz14hJfjRlAa70fmZ9pXx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1604335252; bh=FzY5xSEd6Mt7w7TsBg1lnCwXxTkIkTOgWn3X3OBgf/Q=; h=Cc:Date:From:Reply-To:Subject:To; b=ba0lh3q8ZSBOqQUAERDq+IKMXEUg9mqhXHBCwNcyINXyV4a19PLerLLD/o0oCX3PPvJ o2b3LrSd8GcF787oT8A3f6iReexnIm4kZIhlYJEiDKwOQs7RIcaw6Eq9Eb1wSENkscQWW hZjHaQW4WHneUY+e0BZe0gAcnnQ+lt6+vMo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 This patch adds PCD PcdStatusCodeVariableIntegrity used to report the result of variable integrity check to platform, which should choose appropriate methods to handle the situation of the compromised variable or other error conditions. This patch is part of bz2594 and supposed to be check in the tree in advance in order to coordinate the development works for bz2594 between edk2 and platform. Cc: Xiaoyu Lu Cc: Jiewen Yao Cc: Guomin Jiang Cc: Nishant C Mistry Signed-off-by: Jian J Wang --- SecurityPkg/SecurityPkg.dec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 1b7d62e802..2e87cb3c31 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -290,6 +290,11 @@ gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A= |UINT32|0x00010030 gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B= |UINT32|0x00010031 =20 + ## Progress Code for variable integrity check result.

+ # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | 0) + # @Prompt Status Code for variable integiry check result + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|= UINT32|0x00010032 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Image verification policy for OptionRom. Only following values are va= lid:

# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification= and has been removed.
--=20 2.27.0.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66865): https://edk2.groups.io/g/devel/message/66865 Mute This Topic: https://groups.io/mt/77985476/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-