diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 48f714f289..63f67da5bb 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -6,6 +6,7 @@ # and libraries instances, which are used for those features. # # Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License which accompanies this distribution. # The full text of the license may be found at @@ -354,6 +355,28 @@ # @Prompt TPM device type identifier gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid |{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x0001000F + ## This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.

+ # FALSE - No auto detection.
+ # TRUE - Auto detection.
+ # @Prompt TPM type detection. + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection|TRUE|BOOLEAN|0x00010011 + + ## This PCD indicates TPM base address.

+ # @Prompt TPM device address. + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0xFED40000|UINT64|0x00010012 + + ## This PCR means the OEM configurated number of PCR banks. + # 0 means dynamic get from supported HASH algorithm + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks|0x0|UINT32|0x00010015 + + ## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images + # + # @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images + # + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 + +[PcdsDynamic, PcdsDynamicEx] + ## This PCD indicates Hash mask for TPM 2.0.

# If this bit is set, that means this algorithm is needed to extend to PCR.
# If this bit is clear, that means this algorithm is NOT needed to extend to PCR.
@@ -365,30 +388,10 @@ # @ValidRange 0x80000001 | 0x00000000 - 0x0000000F gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000000F|UINT32|0x00010010 - ## This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.

- # FALSE - No auto detection.
- # TRUE - Auto detection.
- # @Prompt TPM type detection. - gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection|TRUE|BOOLEAN|0x00010011 - - ## This PCD indicates TPM base address.

- # @Prompt TPM device address. - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0xFED40000|UINT64|0x00010012 - ## This PCD indicated final BIOS supported Hash mask. # Bios may choose to register a subset of PcdTpm2HashMask. # So this PCD is final value of how many hash algo is extended to PCR. gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010016 - - ## This PCR means the OEM configurated number of PCR banks. - # 0 means dynamic get from supported HASH algorithm - gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks|0x0|UINT32|0x00010015 - - ## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images - # - # @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images - # - gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 [UserExtensions.TianoCore."ExtraFiles"] SecurityPkgExtra.uni