From 861cc65656dfd5c8b340e890114651b7d3506471 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Mon, 6 Feb 2017 07:32:54 -0800 Subject: [PATCH] MdeModulePkg/dec: add PcdImageProtectionPolicy. Add PCD for image protection policy. Cc: Star Zeng Cc: Feng Tian Cc: Michael Kinney Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Reviewed-by: Jeff Fan Tested-by: Ard Biesheuvel --- MdeModulePkg/MdeModulePkg.dec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index c95633c117..9b7fb6356d 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -1088,6 +1088,16 @@ # @Prompt Memory profile driver path. gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043 + ## Set image protection policy. The policy is bitwise. + # If a bit is set, the image will be protected by DxeCore if it is aligned. + # The code section becomes read-only, and the data section becomes non-executable. + # If a bit is clear, the image will not be protected.

+ # BIT0 - Image from unknown device.
+ # BIT1 - Image from firmware volume.
+ # @Prompt Set image protection policy. + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F + gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047 + ## PCI Serial Device Info. It is an array of Device, Function, and Power Management # information that describes the path that contains zero or more PCI to PCI briges # followed by a PCI serial device. Each array entry is 4-bytes in length. The