From nobody Tue Feb 10 15:29:43 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+95990+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+95990+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1667720146; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kiDXFhDyadYS2ObP8tk96yQwAU0x3RhRGYIY5oFlkdIFNSHH+m3e+VoJrBP0+bDnhSLS+fz6upvVXvgbP8/hJFpo/pUBQiayFRvDZ44xrnji8kw859dlOh70AM/zTU4TA4c6jOI4qNAaPendpyGXwk/+oXz8dmldqmP46WGwHX0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1667720146;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=ECEgqUkAbdBZDSsaZj9vaqnCfD9CdTEBkhn/BtERKXk=;
	b=BtMIC52LgzODKyP+a4LSKeHT2H/6sX12lOKvDVFA8P3wB0Myci+5CkHcVSWI2pD85AFuVH40105pR8KcKAFnAyyD1z3huH4BGjgYlljzpAUkuTd/nG5ssm0FmkCkVTey74kX/ozXpR6klkROJIu33Qzk95yA2r8m7Q+b55gyBnk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+95990+1787277+3901457@groups.io;
	dmarc=fail header.from=<judah.vang@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1667720146238337.07803605133574;
 Sun, 6 Nov 2022 00:35:46 -0700 (PDT)
Return-Path: <bounce+27952+95990+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id EMQzYY1788612xXxwtEnHWIb;
 Sun, 06 Nov 2022 00:35:45 -0700
X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126
 for <devel@edk2.groups.io>;
 Sun, 06 Nov 2022 00:35:43 -0700
X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534273"
X-IronPort-AV: E=Sophos;i="5.96,142,1665471600";
   d="scan'208";a="396534273"
X-Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Nov 2022 00:35:30 -0700
X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513461"
X-IronPort-AV: E=Sophos;i="5.96,142,1665471600";
   d="scan'208";a="810513461"
X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244])
  by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 06 Nov 2022 00:35:29 -0700
From: "Judah Vang" <judah.vang@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Nishant C Mistry <nishant.c.mistry@intel.com>
Subject: [edk2-devel] [PATCH v5 10/19] SecurityPkg: Add new GUIDs for
Date: Sun,  6 Nov 2022 00:35:00 -0700
Message-Id: <20221106073509.3071-11-judah.vang@intel.com>
In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com>
References: <20221106073509.3071-1-judah.vang@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,judah.vang@intel.com
X-Gm-Message-State: G1Zh5Q8rBSopiQaeEMt6zVxwx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1667720145;
 bh=6HhRwb1wQXn9gTK8u/yHaKiJ8j4nlNzB+Jq4s66iEoc=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=D6+uUz6mb0We7B6TTUGii2/IPDTG30uc+b6r3SeD63TmL5NCQCUJi+rIKy2qtmwj3zA
 N7woSb+HfXFCtyUdd8adBpaBE5yJpKnAJbdLP62PKDmYUJg+3DBxH8e/koaKsCFfskPLq
 c2p/qs9/HnJy7Cy2/xyMBhp+5uzuCJ2+8wY=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1667720146876100025
Content-Type: text/plain; charset="utf-8"

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594

The gEdkiiProtectedVariableGlobalGuid HOB contains the global
configuration data structure which is verified in PEI Phase.
The gEdkiiMetaDataHmacVariableGuid is used for saving the
meta data HMAC variable.
The gEdkiiProtectedVariableContextGuid contains the Protected
Variable context saved in PEI phase to be used later.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Nishant C Mistry <nishant.c.mistry@intel.com>
Signed-off-by: Judah Vang <judah.vang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
---
 SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 7ecf9565d98c..5e20111cceb7 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -5,7 +5,7 @@
 #  It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and lib=
rary classes)
 #  and libraries instances, which are used for those features.
 #
-# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
 # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
 # Copyright (c) Microsoft Corporation.<BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -226,6 +226,18 @@ [Guids]
   ## GUID used to specify section with default dbt content
   gDefaultdbtFileGuid                =3D { 0x36c513ee, 0xa338, 0x4976, { 0=
xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } }
=20
+  ## Include/Guid/ProtectedVariable.h
+  # {8EBF379A-F18E-4728-A410-00CF9A65BE91}
+  gEdkiiProtectedVariableGlobalGuid =3D { 0x8ebf379a, 0xf18e, 0x4728, { 0x=
a4, 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } }
+
+  ## Include/Guid/ProtectedVariable.h
+  # {e3e890ad-5b67-466e-904f-94ca7e9376bb}
+  gEdkiiMetaDataHmacVariableGuid =3D {0xe3e890ad, 0x5b67, 0x466e, {0x90, 0=
x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}}
+
+  ## Include/Guid/ProtectedVariable.h
+  # {a11a3652-875b-495a-b097-200917580b98}
+  gEdkiiProtectedVariableContextGuid =3D {0xa11a3652, 0x875b, 0x495a, {0xb=
0, 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} }
+
 [Ppis]
   ## The PPI GUID for that TPM physical presence should be locked.
   # Include/Ppi/LockPhysicalPresence.h
@@ -251,6 +263,10 @@ [Ppis]
   ## Include/Ppi/Tcg.h
   gEdkiiTcgPpiGuid =3D {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0x=
ca, 0xc7, 0x17, 0x6c, 0xf1 } }
=20
+  ## Key Service Ppi
+  # Include/Ppi/KeyServicePpi.h
+  gKeyServicePpiGuid =3D {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0=
xD1, 0x36, 0x93, 0x04, 0x27}}
+
 #
 # [Error.gEfiSecurityPkgTokenSpaceGuid]
 #   0x80000001 | Invalid value provided.
@@ -334,6 +350,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
=20
   gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0=
0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0=
x00010032
=20
+  ## Progress Code for variable integrity check result.<BR><BR>
+  #  DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF])
+  # @Prompt Status Code for variable integiry check result
+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|=
UINT32|0x00010033
+
+  ## Null-terminated Unicode string of the Platform Variable Name
+  # @Prompt known unprotected variable name
+  gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x000100=
34
+
+  ## Guid name to identify Platform Variable Guid
+  # @Prompt known unprotected variable guid
+  gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00=
, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0=
x00 }|VOID*|0x00010035
+
+  ## Defines Protected Variable Integrity support.
+  #   TRUE  - Enable Protected Variable Integrity.<BR>
+  #   FALSE - Disable Protected Variable Integrity.<BR>
+  # @Prompt Protected Variable Integrity support.
+  gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA=
N|0x00010036
+
+  ## Defines Protected Variable Confidentiality support.
+  #   TRUE  - Enable Protected Variable Confidentiality.<BR>
+  #   FALSE - Disable Protected Variable Confidentiality.<BR>
+  # @Prompt Protected Variable Integrity support.
+  gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|=
BOOLEAN|0x00010037
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## Image verification policy for OptionRom. Only following values are va=
lid:<BR><BR>
   #  NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification=
 and has been removed.<BR>
--=20
2.35.1.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#95990): https://edk2.groups.io/g/devel/message/95990
Mute This Topic: https://groups.io/mt/94840826/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-