diff options
author | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-03-27 08:17:23 +0000 |
---|---|---|
committer | sfu5 <sfu5@6f19259b-4bc3-4df7-8a09-765794883524> | 2012-03-27 08:17:23 +0000 |
commit | ecc722ad418a926af4e383f8977444717786fe20 (patch) | |
tree | 3289cf72cd9714daea187a8f1a785b17d70e68e0 /SecurityPkg/Include/Guid | |
parent | f95f107c8e8bb8d3f35609f4555faa132e162bdd (diff) | |
download | edk2-platforms-ecc722ad418a926af4e383f8977444717786fe20.tar.xz |
1. Remove “Force clear PK” feature in AuthVarialbe driver.
2. Update API ForceClearPK() to UserPhysicalPresent() in PlatformSecureLib.
2. Update SecureBootConfigDxe driver and AuthVariable driver to support Custom Secure Boot Mode feature.
3. Fix some bugs in AuthVariable driver.
Signed-off-by: sfu5
Reviewed-by: tye
Reviewed-by: gdong1
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13144 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Include/Guid')
-rw-r--r-- | SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h index 7ff469779c..7e543ee911 100644 --- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h +++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -4,7 +4,7 @@ AuthenticatedVariableFormat.h defines variable data headers
and variable storage region headers.
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -35,6 +35,20 @@ extern EFI_GUID gEfiSecureBootEnableDisableGuid; #define SECURE_BOOT_ENABLE 1
#define SECURE_BOOT_DISABLE 0
+extern EFI_GUID gEfiCustomModeEnableGuid;
+
+///
+/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard".
+/// Standard Secure Boot mode is the default mode as UEFI Spec's description.
+/// Custom Secure Boot mode allows for more flexibility as specified in the following:
+/// Can enroll or delete PK without existing PK's private key.
+/// Can enroll or delete KEK without existing PK's private key.
+/// Can enroll or delete signature from DB/DBX without KEK's private key.
+///
+#define EFI_CUSTOM_MODE_NAME L"CustomMode"
+#define CUSTOM_SECURE_BOOT_MODE 1
+#define STANDARD_SECURE_BOOT_MODE 0
+
///
/// Alignment of variable name and data, according to the architecture:
/// * For IA-32 and Intel(R) 64 architectures: 1.
|