[edk2] [PATCH 2/5] SecurityPkg: Enable Customized Secure Boot feature

Mon, 02 Nov 2015 23:35:21 -0800 

Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add 
AuditMode/DeployedMode value definition.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <[email protected]>
---
 MdePkg/Include/Guid/GlobalVariable.h      | 14 ++++++++++++++
 MdePkg/Include/Guid/ImageAuthentication.h |  9 ++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/MdePkg/Include/Guid/GlobalVariable.h 
b/MdePkg/Include/Guid/GlobalVariable.h
index 1e4fbc8..e58f7a1 100644
--- a/MdePkg/Include/Guid/GlobalVariable.h
+++ b/MdePkg/Include/Guid/GlobalVariable.h
@@ -126,6 +126,20 @@ extern EFI_GUID gEfiGlobalVariableGuid;
 ///
 #define EFI_SETUP_MODE_NAME                         L"SetupMode"
 ///
+/// Whether the system is operating in audit mode (1) or not (0).
+/// All other values are reserved. Should be treated as read-only except when 
DeployedMode is 0.
+/// Always becomes read-only after ExitBootServices() is called.
+/// Its attribute is BS+RT.
+///
+#define EFI_AUDIT_MODE_NAME                         L"AuditMode"
+///
+/// Whether the system is operating in deployed mode (1) or not (0).
+/// All other values are reserved. Should be treated as read-only when its 
value is 1.
+/// Always becomes read-only after ExitBootServices() is called.
+/// Its attribute is BS+RT.
+///
+#define EFI_DEPLOYED_MODE_NAME                      L"DeployedMode"
+///
 /// The Key Exchange Key Signature Database.
 /// Its attribute is NV+BS+RT+AT.
 ///
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h 
b/MdePkg/Include/Guid/ImageAuthentication.h
index 4f42960..2f51935 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -43,9 +43,12 @@
 
 #define SECURE_BOOT_MODE_ENABLE           1
 #define SECURE_BOOT_MODE_DISABLE          0
-#define SETUP_MODE                        1
-#define USER_MODE                         0
-
+#define SETUP_MODE_ENABLE                 1
+#define SETUP_MODE_DISABLE                0
+#define DEPLOYED_MODE_ENABLE              1
+#define DEPLOYED_MODE_DISABLE             0
+#define AUDIT_MODE_ENABLE                 1
+#define AUDIT_MODE_DISABLE                0
 
 //***********************************************************************
 // Signature Database
-- 
1.9.5.msysgit.1

_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to