On 2015/11/3 15:34, Zhang, Chao B wrote:
Enable Secure Boot feature defined in UEFI2.5 ECR1263. Add
AuditMode/DeployedMode value definition.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <[email protected]>
---
MdePkg/Include/Guid/GlobalVariable.h | 14 ++++++++++++++
MdePkg/Include/Guid/ImageAuthentication.h | 9 ++++++---
2 files changed, 20 insertions(+), 3 deletions(-)
The code change is good to me.
And please follow Laszlo's suggestion in [PATCH 0/5] to update the patch
title.
Another, please put this patch to be before[PATCH 1/5] since this patch
is to add the definitions, and other patches are to consume the definitions.
If you follow the suggestions above, you can have my
Reviewed-by: Star Zeng <[email protected]>
Thanks,
Star
diff --git a/MdePkg/Include/Guid/GlobalVariable.h
b/MdePkg/Include/Guid/GlobalVariable.h
index 1e4fbc8..e58f7a1 100644
--- a/MdePkg/Include/Guid/GlobalVariable.h
+++ b/MdePkg/Include/Guid/GlobalVariable.h
@@ -126,6 +126,20 @@ extern EFI_GUID gEfiGlobalVariableGuid;
///
#define EFI_SETUP_MODE_NAME L"SetupMode"
///
+/// Whether the system is operating in audit mode (1) or not (0).
+/// All other values are reserved. Should be treated as read-only except when
DeployedMode is 0.
+/// Always becomes read-only after ExitBootServices() is called.
+/// Its attribute is BS+RT.
+///
+#define EFI_AUDIT_MODE_NAME L"AuditMode"
+///
+/// Whether the system is operating in deployed mode (1) or not (0).
+/// All other values are reserved. Should be treated as read-only when its
value is 1.
+/// Always becomes read-only after ExitBootServices() is called.
+/// Its attribute is BS+RT.
+///
+#define EFI_DEPLOYED_MODE_NAME L"DeployedMode"
+///
/// The Key Exchange Key Signature Database.
/// Its attribute is NV+BS+RT+AT.
///
diff --git a/MdePkg/Include/Guid/ImageAuthentication.h
b/MdePkg/Include/Guid/ImageAuthentication.h
index 4f42960..2f51935 100644
--- a/MdePkg/Include/Guid/ImageAuthentication.h
+++ b/MdePkg/Include/Guid/ImageAuthentication.h
@@ -43,9 +43,12 @@
#define SECURE_BOOT_MODE_ENABLE 1
#define SECURE_BOOT_MODE_DISABLE 0
-#define SETUP_MODE 1
-#define USER_MODE 0
-
+#define SETUP_MODE_ENABLE 1
+#define SETUP_MODE_DISABLE 0
+#define DEPLOYED_MODE_ENABLE 1
+#define DEPLOYED_MODE_DISABLE 0
+#define AUDIT_MODE_ENABLE 1
+#define AUDIT_MODE_DISABLE 0
//***********************************************************************
// Signature Database
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
