deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 5708: UEFI CSP - new configuration service provider

Browse Source
This commit is contained in:
Maricia Alforque 2018-02-05 21:14:24 +00:00
parent a7ee2856d4
commit 93bf8e46cf
7 changed files with 453 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/TOC.md
View File

@ -281,6 +281,8 @@
#### [SurfaceHub DDF file](surfacehub-ddf-file.md)
### [TPMPolicy CSP](tpmpolicy-csp.md)
#### [TPMPolicy DDF file](tpmpolicy-ddf-file.md)
### [Uefi CSP](uefi-csp.md)
#### [Uefi DDF file](uefi-ddf.md)
### [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
#### [UnifiedWriteFilter DDF file](unifiedwritefilter-ddf.md)
### [Update CSP](update-csp.md)

30
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 12/05/2017
ms.date: 02/02/2018
---
# Configuration service provider reference
@ -2079,6 +2079,34 @@ Footnotes:
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[Uefi CSP](uefi-csp.md)
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)

BIN
windows/client-management/mdm/images/provisioning-csp-uefi.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

4
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1530,6 +1530,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Uefi CSP](uefi-csp.md)</td>
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, next major update.</p>
</td></tr>
</tbody>
</table>

25
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -376,30 +376,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-bitlocker.md#bitlocker-encryptionmethod" id="bitlocker-encryptionmethod">Bitlocker/EncryptionMethod</a>
</dd>
<dd>
<a href="./bitlocker-csp.md#encryptionmethodbydrivetype" id="encryptionmethodbydrivetype">BitLocker/EncryptionMethodByDriveType</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#fixeddrivesrecoveryoptions" id="fixeddrivesrecoveryoptions">BitLocker/FixedDrivesRecoveryOptions</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#fixeddrivesrequireencryption" id="fixeddrivesrequireencryption">BitLocker/FixedDrivesRequireEncryption</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#removabledrivesrequireencryption" id="removabledrivesrequireencryption">BitLocker/RemovableDrivesRequireEncryption</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#systemdrivesminimumpinlength" id="systemdrivesminimumpinlength">BitLocker/SystemDrivesMinimumPINLength</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#systemdrivesrecoverymessage" id="systemdrivesrecoverymessage">BitLocker/SystemDrivesRecoveryMessage</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#systemdrivesrecoveryoptions" id="systemdrivesrecoveryoptions">BitLocker/SystemDrivesRecoveryOptions</a> in BitLocker CSP
</dd>
<dd>
<a href="./bitlocker-csp.md#systemdrivesrequirestartupauthentication" id="systemdrivesrequirestartupauthentication">BitLocker/SystemDrivesRequireStartupAuthentication</a> in BitLocker CSP
</dd>
</dl>
### Bluetooth policies
@ -2822,6 +2798,7 @@ The following diagram shows the Policy configuration service provider in tree fo
</dd>
<dd>
<a href="policy-csp-systemservices.md#systemservices-configurexboxlivenetworkingservicestartupmode" id="systemservices-configurexboxlivenetworkingservicestartupmode">SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode</a>
</dd>
### TaskScheduler policies

87
windows/client-management/mdm/uefi-csp.md Normal file
View File

@ -0,0 +1,87 @@
---
title: UEFI CSP
description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes.
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 02/01/2018
---
# UEFI CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, next major update.
The following diagram shows the UWF CSP in tree format.
![Uefi CSP diagram](images/provisioning-csp-uefi.png)
The following list describes the characteristics and parameters.
<a href="" id="uefi"></a>**./Vendor/MSFT/Uefi**
Root node.
<a href="" id="uefideviceidentifier"></a>**UefiDeviceIdentifier**
Retrieves XML from UEFI which describes the device identifier.
Supported operation is Get.
<a href="" id="identityinfo"></a>**IdentityInfo**
Node for provisioned signers operations.
<a href="" id="identityinfo-current"></a>**IdentityInfo/Current**
Retrieves XML from UEFI which describes the current UEFI identity information.
Supported operation is Get.
<a href="" id="identityinfo-apply"></a>**IdentityInfo/Apply**
Apply an identity information package to UEFI. Input is the signed package in base64 encoded format.
Supported operation is Replace.
<a href="" id="identityinfo-applyresult"></a>**IdentityInfo/ApplyResult**
Retrieves XML describing the results of previous ApplyIdentityInfo operation.
Supported operation is Get.
<a href="" id="authinfo"></a>**AuthInfo**
Node for permission information operations.
<a href="" id="authinfo-current"></a>**AuthInfo/Current**
Retrieves XML from UEFI which describes the current UEFI permission/authentication information.
Supported operation is Get.
<a href="" id="authinfo-apply"></a>**AuthInfo/Apply**
Apply a permission/authentication information package to UEFI. Input is the signed package in base64 encoded format.
Supported operation is Replace.
<a href="" id="authinfo-applyresult"></a>**AuthInfo/ApplyResult**
Retrieves XML describing the results of previous ApplyAuthInfo operation.
Supported operation is Get.
<a href="" id="config"></a>**Config**
Node for device configuration
<a href="" id="config-current"></a>**Config/Current**
Retrieves XML from UEFI which describes the current UEFI configuration.
Supported operation is Get.
<a href="" id="config-apply"></a>**Config/Apply**
Apply a configuration package to UEFI. Input is the signed package in base64 encoded format.
Supported operation is Replace.
<a href="" id="config-applyresult"></a>**Config/ApplyResult**
Retrieves XML describing the results of previous ApplyConfig operation.
Supported operation is Get.

330
windows/client-management/mdm/uefi-ddf.md Normal file
View File

@ -0,0 +1,330 @@
---
title: Uefi DDF file
description: Uefi DDF file
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 02/01/2018
---
# TPMPolicy DDF file
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **Uefi** configuration service provider.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
The XML below is the current version for this CSP.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>Uefi</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.0/MDM/Uefi</MIME>
</DFType>
</DFProperties>
<Node>
<NodeName>UefiDeviceIdentifier</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the device identifier.</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<CaseSense>
<CIS />
</CaseSense>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>IdentityInfo</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Provisioned signers</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Current</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the current UEFI identity information</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Apply</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<Description>Apply an identity information package to UEFI. Input is the signed package in base64 encoded format.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ApplyResult</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML describing the results of previous ApplyIdentityInfo operation.</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>AuthInfo</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Permission Information</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Current</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the current UEFI permission/authentication information.</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Apply</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<Description>Apply a permission/authentication information package to UEFI. Input is the signed package in base64 encoded format.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ApplyResult</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML describing the results of previous ApplyAuthInfo operation.</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Config</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Device Configuration</Description>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Current</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML from UEFI which describes the current UEFI configuration.</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Apply</NodeName>
<DFProperties>
<AccessType>
<Replace />
</AccessType>
<Description>Apply a configuration package to UEFI. Input is the signed package in base64 encoded format.</Description>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ApplyResult</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>Retrieves XML describing the results of previous ApplyConfig operation.</Description>
<DFFormat>
<xml />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```