tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/SecurityPkg/SecurityPkg.uni

289 lines
29 KiB
Plaintext
Raw Normal View History

SecurityPkg: Convert all .uni files to utf-8 To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py SecurityPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19262 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 05:58:32 +01:00
// /** @file
// Provides security features that conform to TCG/UEFI industry standards
//
// The security features include secure boot, measured boot and user identification.
// It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
// and libraries instances, which are used for those features.
//
SecurityPkg: Add UNI string for 2 PCDs Add prompt & help string for PcdTpm2CurrentIrqNum, PcdTpm2PossibleIrqNumBuf Cc: Dandan Bi <dandan.bi@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2018-02-03 04:08:54 +01:00
// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
SecurityPkg: Convert all .uni files to utf-8 To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py SecurityPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19262 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 05:58:32 +01:00
//
SecurityPkg: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-04-04 01:06:56 +02:00
// SPDX-License-Identifier: BSD-2-Clause-Patent
SecurityPkg: Convert all .uni files to utf-8 To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py SecurityPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19262 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 05:58:32 +01:00
//
// **/
#string STR_PACKAGE_ABSTRACT #language en-US "Provides security features that conform to TCG/UEFI industry standards"
#string STR_PACKAGE_DESCRIPTION #language en-US "The security features include secure boot, measured boot and user identification. It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) and libraries instances, which are used for those features."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdOptionRomImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from OptionRom."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdOptionRomImageVerificationPolicy_HELP #language en-US "Image verification policy for OptionRom. Only following values are valid:<BR><BR>\n"
"NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
"0x00000000 Always trust the image.<BR>\n"
"0x00000001 Never trust the image.<BR>\n"
"0x00000002 Allow execution when there is security violation.<BR>\n"
"0x00000003 Defer execution when there is security violation.<BR>\n"
"0x00000004 Deny execution when there is security violation.<BR>\n"
"0x00000005 Query user when there is security violation.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_ERR_80000001 #language en-US "Invalid value provided."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRemovableMediaImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from removable media."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRemovableMediaImageVerificationPolicy_HELP #language en-US "Image verification policy for removable media which includes CD-ROM, Floppy, USB and network. Only following values are valid:<BR><BR>\n"
"NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
"0x00000000 Always trust the image.<BR>\n"
"0x00000001 Never trust the image.<BR>\n"
"0x00000002 Allow execution when there is security violation.<BR>\n"
"0x00000003 Defer execution when there is security violation.<BR>\n"
"0x00000004 Deny execution when there is security violation.<BR>\n"
"0x00000005 Query user when there is security violation.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedMediaImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from fixed media."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedMediaImageVerificationPolicy_HELP #language en-US "Image verification policy for fixed media which includes hard disk. Only following values are valid:<BR><BR>\n"
"NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
"0x00000000 Always trust the image.<BR>\n"
"0x00000001 Never trust the image.<BR>\n"
"0x00000002 Allow execution when there is security violation.<BR>\n"
"0x00000003 Defer execution when there is security violation.<BR>\n"
"0x00000004 Deny execution when there is security violation.<BR>\n"
"0x00000005 Query user when there is security violation.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdDeferImageLoadPolicy_PROMPT #language en-US "Set policy whether trust image before user identification."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdDeferImageLoadPolicy_HELP #language en-US "Defer Image Load policy settings. The policy is bitwise. If a bit is set, the image from corresponding device will be trusted when loading. Or the image will be deferred. The deferred image will be checked after user is identified.<BR><BR>\n"
"BIT0 - Image from unknown device. <BR>\n"
"BIT1 - Image from firmware volume.<BR>\n"
"BIT2 - Image from OptionRom.<BR>\n"
"BIT3 - Image from removable media which includes CD-ROM, Floppy, USB and network.<BR>\n"
"BIT4 - Image from fixed media device which includes hard disk.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_ERR_80000002 #language en-US "Reserved bits must be set to zero."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedUsbCredentialProviderTokenFileName_PROMPT #language en-US "File name to save credential."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedUsbCredentialProviderTokenFileName_HELP #language en-US "Null-terminated Unicode string of the file name that is the default name to save USB credential. The specified file should be saved at the root directory of USB storage disk."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdMaxAppendVariableSize_PROMPT #language en-US "Max variable size for append operation."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdMaxAppendVariableSize_HELP #language en-US "The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable. Note: This PCD is not been used."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPlatformClass_PROMPT #language en-US "Select platform type."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPlatformClass_HELP #language en-US "Specifies the type of TCG platform that contains TPM chip.<BR><BR>\n"
"If 0, TCG platform type is PC client.<BR>\n"
"If 1, TCG platform type is PC server.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPhysicalPresence_PROMPT #language en-US "Physical presence of the platform operator."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPhysicalPresence_HELP #language en-US "Indicates the presence or absence of the platform operator during firmware booting. If platform operator is not physical presnece during boot. TPM will be locked and the TPM commands that required operator physical presence can not run.<BR><BR>\n"
"TRUE - The platform operator is physically present.<BR>\n"
"FALSE - The platform operator is not physically present.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceLifetimeLock_PROMPT #language en-US "Lock TPM physical presence asserting method."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceLifetimeLock_HELP #language en-US "Indicates whether TPM physical presence is locked during platform initialization. Once it is locked, it can not be unlocked for TPM life time.<BR><BR>\n"
"TRUE - Lock TPM physical presence asserting method.<BR>\n"
"FALSE - Not lock TPM physical presence asserting method.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceCmdEnable_PROMPT #language en-US "Enable software method of asserting physical presence."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceCmdEnable_HELP #language en-US "Indicates whether the platform supports the software method of asserting physical presence.<BR><BR>\n"
"TRUE - Supports the software method of asserting physical presence.<BR>\n"
"FALSE - Does not support the software method of asserting physical presence.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceHwEnable_PROMPT #language en-US "Enable hardware method of asserting physical presence."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceHwEnable_HELP #language en-US "Indicates whether the platform supports the hardware method of asserting physical presence.<BR><BR>\n"
"TRUE - Supports the hardware method of asserting physical presence.<BR>\n"
"FALSE - Does not support the hardware method of asserting physical presence.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFirmwareDebuggerInitialized_PROMPT #language en-US "Firmware debugger status."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFirmwareDebuggerInitialized_HELP #language en-US "This PCD indicates if debugger exists. <BR><BR>\n"
"TRUE - Firmware debugger exists.<BR>\n"
"FALSE - Firmware debugger doesn't exist.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2InitializationPolicy_PROMPT #language en-US "TPM 2.0 device initialization policy.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2InitializationPolicy_HELP #language en-US "This PCD indicates the initialization policy for TPM 2.0.<BR><BR>\n"
"If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR>\n"
"If 1, initialization needed.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInitializationPolicy_PROMPT #language en-US "TPM 1.2 device initialization policy."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInitializationPolicy_HELP #language en-US "This PCD indicates the initialization policy for TPM 1.2.<BR><BR>\n"
"If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR>\n"
"If 1, initialization needed.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2SelfTestPolicy_PROMPT #language en-US "TPM 2.0 device selftest."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2SelfTestPolicy_HELP #language en-US "This PCD indicates the TPM 2.0 SelfTest policy.<BR><BR>\n"
"if 0, no SelfTest needed - most likely used for fTPM, because it might already be tested.<BR>\n"
"if 1, SelfTest needed.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2ScrtmPolicy_PROMPT #language en-US "SCRTM policy setting for TPM 2.0 device."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2ScrtmPolicy_HELP #language en-US "This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 2.0.<BR><BR>\n"
"if 0, no SCRTM measurement needed - In this case, it is already done.<BR>\n"
"if 1, SCRTM measurement done by BIOS.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmScrtmPolicy_PROMPT #language en-US "SCRTM policy setting for TPM 1.2 device"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmScrtmPolicy_HELP #language en-US "This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 1.2.<BR><BR>\n"
"if 0, no SCRTM measurement needed - In this case, it is already done.<BR>\n"
"if 1, SCRTM measurement done by BIOS.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInstanceGuid_PROMPT #language en-US "TPM device type identifier"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInstanceGuid_HELP #language en-US "Guid name to identify TPM instance.<BR><BR>\n"
"TPM_DEVICE_INTERFACE_NONE means disable.<BR>\n"
"TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.<BR>\n"
"TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.<BR>\n"
"Other GUID value means other TPM 2.0 device.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2HashMask_PROMPT #language en-US "Hash mask for TPM 2.0"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2HashMask_HELP #language en-US "This PCD indicates Hash mask for TPM 2.0.<BR><BR>\n"
"If this bit is set, that means this algorithm is needed to extend to PCR.<BR>\n"
"If this bit is clear, that means this algorithm is NOT needed to extend to PCR.<BR>\n"
"BIT0 - SHA1.<BR>\n"
"BIT1 - SHA256.<BR>\n"
"BIT2 - SHA384.<BR>\n"
"BIT3 - SHA512.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmAutoDetection_PROMPT #language en-US "TPM type detection."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmAutoDetection_HELP #language en-US "This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.<BR><BR>\n"
"FALSE - No auto detection.<BR>\n"
"TRUE - Auto detection.<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmBaseAddress_PROMPT #language en-US "TPM device address."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmBaseAddress_HELP #language en-US "This PCD indicates TPM base address.<BR><BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_PROMPT #language en-US "Status Code for TPM device definitions"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_HELP #language en-US "Progress Code for TPM device subclass definitions.<BR><BR>\n"
"EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D0000) = 0x010D0000<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_PROMPT #language en-US "One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_HELP #language en-US "Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images\n"
Security:Add info string to UNI file for PcdPkcs7CertBuffer Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2016-12-12 06:25:52 +01:00
"WARNING: The default value is treated as test key. Please do not use default value in the production."
SecurityPkg: Convert all .uni files to utf-8 To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py SecurityPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19262 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 05:58:32 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2NumberOfPCRBanks_PROMPT #language en-US "OEM configurated number of PCR banks."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2NumberOfPCRBanks_HELP #language en-US "This PCR means the OEM configurated number of PCR banks.\n"
"0 means dynamic get from supported HASH algorithm"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_PROMPT #language en-US "Hash Algorithm bitmap."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_HELP #language en-US "This PCD indicated final BIOS supported Hash mask.\n"
"Bios may choose to register a subset of PcdTpm2HashMask.\n"
SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap REF: https://bugzilla.tianocore.org/show_bug.cgi?id=244 Currently, when software HashLib (HashLibBaseCryptoRouter) and related HashInstanceLib instances are used, PcdTcg2HashAlgorithmBitmap is expected to be configured to 0 in platform dsc. But PcdTcg2HashAlgorithmBitmap has default value 0xFFFFFFFF in SecurityPkg.dec, and some platforms forget to configure it to 0 or still configure it to 0xFFFFFFFF in platform dsc, that will make final PcdTcg2HashAlgorithmBitmap value incorrect. This patch is to add CONSTRUCTOR in HashLib (HashLibBaseCryptoRouter) and PcdTcg2HashAlgorithmBitmap will be set to 0 in the CONSTRUCTOR. Current HASH_LIB_PEI_ROUTER_GUID HOB created in HashLibBaseCryptoRouterPei is shared between modules that link HashLibBaseCryptoRouterPei. To avoid mutual interference, separated HASH_LIB_PEI_ROUTER_GUID HOBs with gEfiCallerIdGuid Identifier will be created for those modules. This patch is also to add check in HashLib (HashLibBaseCryptoRouter) for the mismatch of supported HashMask between modules that may link different HashInstanceLib instances, warning will be reported if mismatch is found. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-01-17 10:58:26 +01:00
"So this PCD is final value of how many hash algo is extended to PCR.\n"
"If software HashLib(HashLibBaseCryptoRouter) solution is chosen, this PCD\n"
"has no need to be configured in platform dsc and will be set to correct\n"
"value by the HashLib instance according to the HashInstanceLib instances\n"
"linked, and the value of this PCD should be got in module entrypoint."
SecurityPkg: Convert all .uni files to utf-8 To convert these files I ran: $ python3 BaseTools/Scripts/ConvertUni.py SecurityPkg Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jordan Justen <jordan.l.justen@intel.com> Reviewed-by: Michael Kinney <michael.d.kinney@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19262 6f19259b-4bc3-4df7-8a09-765794883524
2015-12-15 05:58:32 +01:00
SecurityPkg: TcgDxe,Tcg2Dxe,TrEEDxe: New PCD for TCG event log and TCG2 final event log area TCG event log and TCG2 final event log area length can be configurable to meet platform event log requirement. PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG ACPI Spec 00.37 PcdTcg2FinalLogAreaLen : 0x8000 based on experience value Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com> Reviewed-by: Qin Long <qin.long@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19639 6f19259b-4bc3-4df7-8a09-765794883524
2016-01-12 01:37:02 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT #language en-US "Minimum length(in bytes) of the system preboot TCG event log area(LAML)."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP #language en-US "This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).\n"
"For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT #language en-US "Length(in bytes) of the TCG2 Final event log area."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP #language en-US "This PCD defines length(in bytes) of the TCG2 Final event log area."
SecurityPkg: SecurityPkg.uni: Update info string for PcdTcgPhysicalPresenceInterfaceVer Update Pcd info string for new added PcdTcgPhysicalPresenceInterfaceVer Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-06-16 08:24:06 +02:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_PROMPT #language en-US "Version of Physical Presence interface supported by platform."
SecurityPkg Tcg2ConfigDxe: Add setup option to configure PPI version REF: https://bugzilla.tianocore.org/show_bug.cgi?id=288 gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer was introduced to configure physical presence interface version. but test or user needs to build different images to support different versions separately as the PCD does not support Dynamic types. This patch is to extend the PCD to support Dynamic types and add a setup option in Tcg2ConfigDxe driver to configure the physical presence interface version, the PCD needs to be DynamicHii type and maps to the setup option. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2016-12-09 08:53:22 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP #language en-US "Null-terminated string of the Version of Physical Presence interface supported by platform.<BR><BR>\n"
"To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
"For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR>\n"
"gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS<BR>"
SecurityPkg: SecurityPkg.uni: Update info string for PcdTcgPhysicalPresenceInterfaceVer Update Pcd info string for new added PcdTcgPhysicalPresenceInterfaceVer Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2016-06-16 08:24:06 +02:00
SecurityPkg: Add PcdUserPhysicalPresence to indicate use physical presence. This PCD supports all configuration type. Its default value is FALSE. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
2016-06-23 11:50:27 +02:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT
#language en-US
"A physical presence user status"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_HELP
#language en-US
"Indicate whether a physical presence user exist. "
"When it is configured to Dynamic or DynamicEx, it can be set through detection using "
"a platform-specific method (e.g. Button pressed) in a actual platform in early boot phase.<BR><BR>"
Security:Add info string to UNI file for PcdPkcs7CertBuffer Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Dandan Bi <dandan.bi@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2016-12-12 06:25:52 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_PROMPT #language en-US "One PKCS7 cert used to verify Recovery and Capsule Update images"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_HELP #language en-US "Provides one PKCS7 cert used to verify Recovery and Capsule Update images\n"
"WARNING: The default value is treated as test key. Please do not use default value in the production."
SecurityPkg: Add Pcd PROMPT/HELP & Chang default setting Update PCD PcdTcg2PhysicalPresenceFlags default setting. Also add PROMPT, HELP string. Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com>
2017-01-05 03:16:16 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n"
SecurityPkg: Tcg2Config: TPM2 ACPI Table Rev Option Add TPM2 ACPI Table Rev Option in Tcg2Config UI. Rev 4 is defined in TCG ACPI Specification 00.37 Cc: Star Zeng <star.zeng@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
2016-12-23 09:55:32 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_PROMPT #language en-US "The revision of TPM2 ACPI table"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_HELP #language en-US "This PCD defines initial revision of TPM2 ACPI table\n"
"To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
"For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>\n"
SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap REF: https://bugzilla.tianocore.org/show_bug.cgi?id=244 Currently, when software HashLib (HashLibBaseCryptoRouter) and related HashInstanceLib instances are used, PcdTcg2HashAlgorithmBitmap is expected to be configured to 0 in platform dsc. But PcdTcg2HashAlgorithmBitmap has default value 0xFFFFFFFF in SecurityPkg.dec, and some platforms forget to configure it to 0 or still configure it to 0xFFFFFFFF in platform dsc, that will make final PcdTcg2HashAlgorithmBitmap value incorrect. This patch is to add CONSTRUCTOR in HashLib (HashLibBaseCryptoRouter) and PcdTcg2HashAlgorithmBitmap will be set to 0 in the CONSTRUCTOR. Current HASH_LIB_PEI_ROUTER_GUID HOB created in HashLibBaseCryptoRouterPei is shared between modules that link HashLibBaseCryptoRouterPei. To avoid mutual interference, separated HASH_LIB_PEI_ROUTER_GUID HOBs with gEfiCallerIdGuid Identifier will be created for those modules. This patch is also to add check in HashLib (HashLibBaseCryptoRouter) for the mismatch of supported HashMask between modules that may link different HashInstanceLib instances, warning will be reported if mismatch is found. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2017-01-17 10:58:26 +01:00
"gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>"
SecurityPkg: Add UNI string for 2 PCDs Add prompt & help string for PcdTpm2CurrentIrqNum, PcdTpm2PossibleIrqNumBuf Cc: Dandan Bi <dandan.bi@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Dandan Bi <dandan.bi@intel.com>
2018-02-03 04:08:54 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2CurrentIrqNum_PROMPT #language en-US "Current TPM2 device interrupt number"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2CurrentIrqNum_HELP #language en-US "This PCD defines current TPM2 device interrupt number reported by _CRS. If set to 0, interrupt is disabled."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2PossibleIrqNumBuf_PROMPT #language en-US "Possible TPM2 device interrupt number buffer"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2PossibleIrqNumBuf_HELP #language en-US "This PCD defines possible TPM2 interrupt number in a platform reported by _PRS control method.\n"
SecurityPkg: Cache TPM interface type info Cache TPM interface type info to avoid excessive interface ID register read Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2018-05-08 08:51:57 +02:00
"If PcdTpm2CurrentIrqNum set to 0, _PRS will not report any possible TPM2 interrupt numbers."
SecurityPkg/SecurityPkg.uni: Add the prompt and help information The prompt and help information are missing in SecurityPkg.uni. https://bugzilla.tianocore.org/show_bug.cgi?id=1600 Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
2019-03-07 09:29:19 +01:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalDxeUnlock_PROMPT #language en-US "Skip Opal DXE driver unlock device flow."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalDxeUnlock_HELP #language en-US "Indicates if Opal DXE driver skip unlock device flow.<BR><BR>\n"
"TRUE - Skip unlock device flow.<BR>\n"
"FALSE - Does not skip unlock device flow.<BR>"
SecurityPkg: Cache TPM interface type info Cache TPM interface type info to avoid excessive interface ID register read Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2018-05-08 08:51:57 +02:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_PROMPT #language en-US "Current active TPM interface type"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_HELP #language en-US "This PCD indicates current active TPM interface type.\n"
"0x00 - FIFO interface as defined in TIS 1.3 is active.<BR>\n"
"0x01 - FIFO interface as defined in PTP for TPM 2.0 is active.<BR>\n"
"0x02 - CRB interface is active.<BR>\n"
SecurityPkg: Tpm2DeviceLib: Enable CapCRBIdleBypass support Directly transition from CMD completion to CMD Ready state if device supports IdleByPass Cc: Long Qin <qin.long@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
2018-03-23 07:04:01 +01:00
"0xFF - Contains no current active TPM interface type<BR>"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_PROMPT #language en-US "IdleByass status supported by current active TPM interface."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_HELP #language en-US "This PCD records IdleByass status supported by current active TPM interface.\n"
"Accodingt to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and diretcly move to CmdReady state. <BR>"
"0x01 - Do not support IdleByPass.<BR>\n"
"0x02 - Support IdleByPass.<BR>\n"
SecurityPkg: Clean up source files 1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>
2018-06-27 15:13:09 +02:00
"0xFF - IdleByPass State is not synced with TPM hardware.<BR>"
SecurityPkg/SecurityPkg.uni: Add missing strings for new PCDs REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2026 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Shenglei Zhang <shenglei.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-08-14 10:58:58 +02:00
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationPass_PROMPT #language en-US "Status Code for FV verification pass."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationPass_HELP #language en-US "Progress Code for FV verification result.\n"
" (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | 00A).\n"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationFail_PROMPT #language en-US "Status Code for FV verification failure."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationFail_HELP #language en-US "Progress Code for FV verification result.\n"
" (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | 00B).\n"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalPasswordPrompt_PROMPT #language en-US "Skip Opal DXE driver password prompt."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalPasswordPrompt_HELP #language en-US "Indicates if Opal DXE driver skip password prompt.\n\n"
" TRUE - Skip password prompt.\n"
" FALSE - Does not skip password prompt.\n"
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipHddPasswordPrompt_PROMPT #language en-US "Skip Hdd Password prompt."
#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipHddPasswordPrompt_HELP #language en-US "Indicates if Hdd Password driver skip password prompt.\n\n"
" TRUE - Skip password prompt.\n"
" FALSE - Does not skip password prompt.\n"