10 files changed, 417 insertions, 19 deletions
diff --git a/edk2/Nt32Pkg/Contributions.txt b/edk2/Nt32Pkg/Contributions.txt
new file mode 100644
index 000000000..667ca1035
--- /dev/null
+++ b/edk2/Nt32Pkg/Contributions.txt
@@ -0,0 +1,188 @@
+
+======================
+= Code Contributions =
+======================
+
+To make a contribution to a TianoCore project, follow these steps.
+1. Create a change description in the format specified below to
+   use in the source control commit log.
+2. Your commit message must include your "Signed-off-by" signature,
+   and "Contributed-under" message.
+3. Your "Contributed-under" message explicitly states that the
+   contribution is made under the terms of the specified
+   contribution agreement.  Your "Contributed-under" message
+   must include the name of contribution agreement and version.
+   For example: Contributed-under: TianoCore Contribution Agreement 1.0
+   The "TianoCore Contribution Agreement" is included below in
+   this document.
+4. Submit your code to the TianoCore project using the process
+   that the project documents on its web page.  If the process is
+   not documented, then submit the code on development email list
+   for the project.
+
+=======================================
+= Change Description / Commit Message =
+=======================================
+
+Your change description should use the standard format for a
+commit message, and must include your "Signed-off-by" signature
+and the "Contributed-under" message.
+
+== Sample Change Description / Commit Message =
+
+=== Definitions for sample change description ===
+
+* "CodeModule" is a short idenfier for the affected code.  For
+  example MdePkg, or MdeModulePkg UsbBusDxe.
+* "Brief-single-line-summary" is a short summary of the change.
+* The entire first line should be less than ~70 characters.
+* "Full-commit-message" a verbose multiple line comment describing
+  the change.  Each line should be less than ~70 characters.
+* "Contributed-under" explicitely states that the contribution is
+  made under the terms of the contribtion agreement.  This
+  agreement is included below in this document.
+* "Signed-off-by" is the contributor's signature identifying them
+  by their real/legal name and their email address.
+
+=== Start of sample change description / commit message ===
+CodeModule: Brief-single-line-summary
+
+Full-commit-message
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Contributor Name <contributor@email.server>
+=== End of sample change description / commit message ===
+
+========================================
+= TianoCore Contribution Agreement 1.0 =
+========================================
+
+INTEL CORPORATION ("INTEL") MAKES AVAILABLE SOFTWARE, DOCUMENTATION,
+INFORMATION AND/OR OTHER MATERIALS FOR USE IN THE TIANOCORE OPEN SOURCE
+PROJECT (COLLECTIVELY "CONTENT"). USE OF THE CONTENT IS GOVERNED BY THE
+TERMS AND CONDITIONS OF THIS AGREEMENT BETWEEN YOU AND INTEL AND/OR THE
+TERMS AND CONDITIONS OF LICENSE AGREEMENTS OR NOTICES INDICATED OR
+REFERENCED BELOW. BY USING THE CONTENT, YOU AGREE THAT YOUR USE OF THE
+CONTENT IS GOVERNED BY THIS AGREEMENT AND/OR THE TERMS AND CONDITIONS
+OF ANY APPLICABLE LICENSE AGREEMENTS OR NOTICES INDICATED OR REFERENCED
+BELOW. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS
+AGREEMENT AND THE TERMS AND CONDITIONS OF ANY APPLICABLE LICENSE
+AGREEMENTS OR NOTICES INDICATED OR REFERENCED BELOW, THEN YOU MAY NOT
+USE THE CONTENT.
+
+Unless otherwise indicated, all Content made available on the TianoCore
+site is provided to you under the terms and conditions of the BSD
+License ("BSD"). A copy of the BSD License is available at
+http://opensource.org/licenses/bsd-license.php
+or when applicable, in the associated License.txt file.
+
+Certain other content may be made available under other licenses as
+indicated in or with such Content. (For example, in a License.txt file.)
+
+You accept and agree to the following terms and conditions for Your
+present and future Contributions submitted to TianoCore site. Except
+for the license granted to Intel hereunder, You reserve all right,
+title, and interest in and to Your Contributions.
+
+== SECTION 1: Definitions ==
+* "You" or "Contributor" shall mean the copyright owner or legal
+  entity authorized by the copyright owner that is making a
+  Contribution hereunder. All other entities that control, are
+  controlled by, or are under common control with that entity are
+  considered to be a single Contributor. For the purposes of this
+  definition, "control" means (i) the power, direct or indirect, to
+  cause the direction or management of such entity, whether by
+  contract or otherwise, or (ii) ownership of fifty percent (50%)
+  or more of the outstanding shares, or (iii) beneficial ownership
+  of such entity.
+* "Contribution" shall mean any original work of authorship,
+  including any modifications or additions to an existing work,
+  that is intentionally submitted by You to the TinaoCore site for
+  inclusion in, or documentation of, any of the Content. For the
+  purposes of this definition, "submitted" means any form of
+  electronic, verbal, or written communication sent to the
+  TianoCore site or its representatives, including but not limited
+  to communication on electronic mailing lists, source code
+  control systems, and issue tracking systems that are managed by,
+  or on behalf of, the TianoCore site for the purpose of
+  discussing and improving the Content, but excluding
+  communication that is conspicuously marked or otherwise
+  designated in writing by You as "Not a Contribution."
+
+== SECTION 2: License for Contributions ==
+* Contributor hereby agrees that redistribution and use of the
+  Contribution in source and binary forms, with or without
+  modification, are permitted provided that the following
+  conditions are met:
+** Redistributions of source code must retain the Contributor's
+   copyright notice, this list of conditions and the following
+   disclaimer.
+** Redistributions in binary form must reproduce the Contributor's
+   copyright notice, this list of conditions and the following
+   disclaimer in the documentation and/or other materials provided
+   with the distribution.
+* Disclaimer. None of the names of Contributor, Intel, or the names
+  of their respective contributors may be used to endorse or
+  promote products derived from this software without specific
+  prior written permission.
+* Contributor grants a license (with the right to sublicense) under
+  claims of Contributor's patents that Contributor can license that
+  are infringed by the Contribution (as delivered by Contributor) to
+  make, use, distribute, sell, offer for sale, and import the
+  Contribution and derivative works thereof solely to the minimum
+  extent necessary for licensee to exercise the granted copyright
+  license; this patent license applies solely to those portions of
+  the Contribution that are unmodified. No hardware per se is
+  licensed.
+* EXCEPT AS EXPRESSLY SET FORTH IN SECTION 3 BELOW, THE
+  CONTRIBUTION IS PROVIDED BY THE CONTRIBUTOR "AS IS" AND ANY
+  EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+  THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+  CONTRIBUTOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THE
+  CONTRIBUTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+  DAMAGE.
+
+== SECTION 3: Representations ==
+* You represent that You are legally entitled to grant the above
+  license. If your employer(s) has rights to intellectual property
+  that You create that includes Your Contributions, You represent
+  that You have received permission to make Contributions on behalf
+  of that employer, that Your employer has waived such rights for
+  Your Contributions.
+* You represent that each of Your Contributions is Your original
+  creation (see Section 4 for submissions on behalf of others).
+  You represent that Your Contribution submissions include complete
+  details of any third-party license or other restriction
+  (including, but not limited to, related patents and trademarks)
+  of which You are personally aware and which are associated with
+  any part of Your Contributions.
+
+== SECTION 4: Third Party Contributions ==
+* Should You wish to submit work that is not Your original creation,
+  You may submit it to TianoCore site separately from any
+  Contribution, identifying the complete details of its source
+  and of any license or other restriction (including, but not
+  limited to, related patents, trademarks, and license agreements)
+  of which You are personally aware, and conspicuously marking the
+  work as "Submitted on behalf of a third-party: [named here]".
+
+== SECTION 5: Miscellaneous ==
+* Applicable Laws. Any claims arising under or relating to this
+  Agreement shall be governed by the internal substantive laws of
+  the State of Delaware or federal courts located in Delaware,
+  without regard to principles of conflict of laws.
+* Language. This Agreement is in the English language only, which
+  language shall be controlling in all respects, and all versions
+  of this Agreement in any other language shall be for accommodation
+  only and shall not be binding. All communications and notices made
+  or given pursuant to this Agreement, and all documentation and
+  support to be provided, unless otherwise noted, shall be in the
+  English language.
+
diff --git a/edk2/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c b/edk2/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c
new file mode 100644
index 000000000..e7f33277f
--- /dev/null
+++ b/edk2/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c
@@ -0,0 +1,41 @@
+/** @file
+  Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+
+  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <Library/PcdLib.h>
+
+
+/**
+
+  This function provides a platform-specific method to detect whether the platform
+  is operating by a physically present user. 
+
+  Programmatic changing of platform security policy (such as disable Secure Boot,
+  or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
+  Boot Services or after exiting EFI Boot Services. Only a physically present user
+  is allowed to perform these operations.
+
+  NOTE THAT: This function cannot depend on any EFI Variable Service since they are
+  not available when this function is called in AuthenticateVariable driver.
+  
+  @retval  TRUE       The platform is operated by a physically present user.
+  @retval  FALSE      The platform is NOT operated by a physically present user.
+
+**/
+BOOLEAN
+EFIAPI
+UserPhysicalPresent (
+  VOID
+  )
+{
+  return TRUE;
+}
diff --git a/edk2/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/edk2/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
new file mode 100644
index 000000000..a6891dd5f
--- /dev/null
+++ b/edk2/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -0,0 +1,33 @@
+## @file
+#  Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+#
+#  Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.<BR>
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PlatformSecureLib
+  FILE_GUID                      = F263EC2A-F0DB-4640-8B12-4ED22A506FB1
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  PlatformSecureLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
diff --git a/edk2/Nt32Pkg/License.txt b/edk2/Nt32Pkg/License.txt
new file mode 100644
index 000000000..be68999be
--- /dev/null
+++ b/edk2/Nt32Pkg/License.txt
@@ -0,0 +1,25 @@
+Copyright (c) 2012, Intel Corporation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+* Redistributions of source code must retain the above copyright
+  notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in
+  the documentation and/or other materials provided with the
+  distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
diff --git a/edk2/Nt32Pkg/MiscSubClassPlatformDxe/MiscNumberOfInstallableLanguagesFunction.c b/edk2/Nt32Pkg/MiscSubClassPlatformDxe/MiscNumberOfInstallableLanguagesFunction.c
index 5be7444b3..87aa6758e 100644
--- a/edk2/Nt32Pkg/MiscSubClassPlatformDxe/MiscNumberOfInstallableLanguagesFunction.c
+++ b/edk2/Nt32Pkg/MiscSubClassPlatformDxe/MiscNumberOfInstallableLanguagesFunction.c
@@ -1,6 +1,6 @@
 /** @file
  
-Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -43,7 +43,7 @@ CurrentLanguageMatch (
     return;
   }
 
-  CurrentLang  = GetEfiGlobalVariable (L"PlatformLang");
+  GetEfiGlobalVariable2 (L"PlatformLang", (VOID**)&CurrentLang, NULL);
   DefaultLang  = (CHAR8 *) PcdGetPtr (PcdUefiVariableDefaultPlatformLang);
   BestLanguage = GetBestLanguage (
                    Languages,
diff --git a/edk2/Nt32Pkg/Nt32Pkg.dsc b/edk2/Nt32Pkg/Nt32Pkg.dsc
index 33a8c97a8..5429885f9 100644
--- a/edk2/Nt32Pkg/Nt32Pkg.dsc
+++ b/edk2/Nt32Pkg/Nt32Pkg.dsc
@@ -4,7 +4,7 @@
 # The Emulation Platform can be used to debug individual modules, prior to creating
 #    a real platform. This also provides an example for how an DSC is created.
 #
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 #
 #    This program and the accompanying materials
 #    are licensed and made available under the terms and conditions of the BSD License
@@ -32,6 +32,11 @@
   SKUID_IDENTIFIER               = DEFAULT
   FLASH_DEFINITION               = Nt32Pkg/Nt32Pkg.fdf
 
+  #
+  # Defines for default states.  These can be changed on the command line.
+  # -D FLAG=VALUE
+  #
+  DEFINE SECURE_BOOT_ENABLE      = FALSE
 
 ################################################################################
 #
@@ -112,6 +117,13 @@
   DebugPrintErrorLevelLib|MdeModulePkg/Library/DxeDebugPrintErrorLevelLib/DxeDebugPrintErrorLevelLib.inf
   PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
   DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
+  CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
+  
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  PlatformSecureLib|Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!endif
 
 [LibraryClasses.common.USER_DEFINED]
   DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
@@ -142,6 +154,9 @@
 [LibraryClasses.common.PEIM]
   PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
   OemHookStatusCodeLib|Nt32Pkg/Library/PeiNt32OemHookStatusCodeLib/PeiNt32OemHookStatusCodeLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE  
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
+!endif
 
 [LibraryClasses.common]
   #
@@ -156,6 +171,9 @@
   PeCoffExtraActionLib|Nt32Pkg/Library/DxeNt32PeCoffExtraActionLib/DxeNt32PeCoffExtraActionLib.inf
   ExtractGuidedSectionLib|MdePkg/Library/DxeExtractGuidedSectionLib/DxeExtractGuidedSectionLib.inf
   WinNtLib|Nt32Pkg/Library/DxeWinNtLib/DxeWinNtLib.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+!endif
 
 [LibraryClasses.common.DXE_CORE]
   HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
@@ -171,6 +189,14 @@
 [LibraryClasses.common.UEFI_APPLICATION]
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   PrintLib|MdeModulePkg/Library/DxePrintLibPrint2Protocol/DxePrintLibPrint2Protocol.inf
+  
+[LibraryClasses.common.DXE_RUNTIME_DRIVER]
+  #
+  # Runtime
+  #
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
+!endif
 
 ################################################################################
 #
@@ -193,6 +219,16 @@
   gEfiNt32PkgTokenSpaceGuid.PcdWinNtFirmwareBlockSize|0x10000
   gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x0f
   gEfiMdeModulePkgTokenSpaceGuid.PcdResetOnMemoryTypeInformationChange|FALSE
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize|0x2000
+!endif
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x05
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05
+  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05
+!endif
 
 ################################################################################
 #
@@ -257,7 +293,13 @@
   Nt32Pkg/BootModePei/BootModePei.inf
   Nt32Pkg/StallPei/StallPei.inf
   Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf
+  
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
+!else
   MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
+!endif
+
   Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
   Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
   Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
@@ -281,7 +323,12 @@
   Nt32Pkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
   MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
   Nt32Pkg/FvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf
-  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf  {
+    <LibraryClasses>
+!if $(SECURE_BOOT_ENABLE) == TRUE
+      NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
+!endif 
+  }
   MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
   MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
@@ -293,7 +340,12 @@
   MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
   MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
   Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf 
+  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+!endif
   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
   MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
   MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
@@ -369,7 +421,7 @@
 #
 ###################################################################################################
 [BuildOptions]
-  DEBUG_*_IA32_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE
+  DEBUG_*_IA32_DLINK_FLAGS = /EXPORT:InitializeDriver=$(IMAGE_ENTRY_POINT) /BASE:0x10000 /ALIGN:4096 /FILEALIGN:4096 /SUBSYSTEM:CONSOLE
   RELEASE_*_IA32_DLINK_FLAGS = /ALIGN:4096 /FILEALIGN:4096
   *_*_IA32_CC_FLAGS = /D EFI_SPECIFICATION_VERSION=0x0002000A /D TIANO_RELEASE_VERSION=0x00080006
 
diff --git a/edk2/Nt32Pkg/Nt32Pkg.fdf b/edk2/Nt32Pkg/Nt32Pkg.fdf
index fafae8f03..b00cb774d 100644
--- a/edk2/Nt32Pkg/Nt32Pkg.fdf
+++ b/edk2/Nt32Pkg/Nt32Pkg.fdf
@@ -74,10 +74,17 @@ DATA = {
   #Blockmap[1]: End
   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   ## This is the VARIABLE_STORE_HEADER
+!if $(SECURE_BOOT_ENABLE) == TRUE
+  #Signature: gEfiAuthenticatedVariableGuid =
+  #  { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
+  0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+  0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+!else
   #Signature: gEfiVariableGuid =
   #  { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
   0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
   0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+!endif
   #Size: 0xc000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) - 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0xBFB8
   # This can speed up the Variable Dispatch a bit.
   0xB8, 0xBF, 0x00, 0x00,
@@ -174,7 +181,13 @@ INF  Nt32Pkg/StallPei/StallPei.inf
 INF  Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf
 INF  Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
 INF  Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
+
+!if $(SECURE_BOOT_ENABLE) == TRUE
+INF  SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
+!else
 INF  MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
+!endif
+
 INF  Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
 INF  MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
 
@@ -202,7 +215,12 @@ INF  Nt32Pkg/TimerDxe/TimerDxe.inf
 INF  MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
 INF  MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
 INF  Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
+INF  SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
+INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+!else
 INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+!endif
 INF  MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
 INF  MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
 INF  MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
diff --git a/edk2/Nt32Pkg/WinNtAutoScanPei/WinNtAutoScan.c b/edk2/Nt32Pkg/WinNtAutoScanPei/WinNtAutoScan.c
index 90a97b976..ab5fd0f3f 100644
--- a/edk2/Nt32Pkg/WinNtAutoScanPei/WinNtAutoScan.c
+++ b/edk2/Nt32Pkg/WinNtAutoScanPei/WinNtAutoScan.c
@@ -49,6 +49,53 @@ EFI_MEMORY_TYPE_INFORMATION mDefaultMemoryTypeInformation[] = {
   { EfiMaxMemoryType,       0      }
 };
 
+/**
+   Validate variable data for the MemoryTypeInformation. 
+
+   @param MemoryData       Variable data.
+   @param MemoryDataSize   Variable data length.
+   
+   @return TRUE            The variable data is valid.
+   @return FALSE           The variable data is invalid.
+
+**/
+BOOLEAN
+ValidateMemoryTypeInfoVariable (
+  IN EFI_MEMORY_TYPE_INFORMATION      *MemoryData,
+  IN UINTN                            MemoryDataSize
+  )
+{
+  UINTN                       Count;
+  UINTN                       Index;
+
+  // Check the input parameter.
+  if (MemoryData == NULL) {
+    return FALSE;
+  }
+
+  // Get Count
+  Count = MemoryDataSize / sizeof (*MemoryData);
+
+  // Check Size
+  if (Count * sizeof(*MemoryData) != MemoryDataSize) {
+    return FALSE;
+  }
+
+  // Check last entry type filed.
+  if (MemoryData[Count - 1].Type != EfiMaxMemoryType) {
+    return FALSE;
+  }
+
+  // Check the type filed.
+  for (Index = 0; Index < Count - 1; Index++) {
+    if (MemoryData[Index].Type >= EfiMaxMemoryType) {
+      return FALSE;
+    }
+  }
+
+  return TRUE;
+}
+
 EFI_STATUS
 EFIAPI
 PeimInitializeWinNtAutoScan (
@@ -153,7 +200,7 @@ Returns:
                        &DataSize,
                        &MemoryData
                        );
-  if (EFI_ERROR (Status)) {
+  if (EFI_ERROR (Status) || !ValidateMemoryTypeInfoVariable(MemoryData, DataSize)) {
     //
     // Create Memory Type Information HOB
     //
diff --git a/edk2/Nt32Pkg/WinNtGopDxe/WinNtGop.h b/edk2/Nt32Pkg/WinNtGopDxe/WinNtGop.h
index dd5359104..dcc52759e 100644
--- a/edk2/Nt32Pkg/WinNtGopDxe/WinNtGop.h
+++ b/edk2/Nt32Pkg/WinNtGopDxe/WinNtGop.h
@@ -1,6 +1,6 @@
 /** @file
 
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -76,7 +76,6 @@ typedef struct {
 
 typedef struct _WIN_NT_GOP_SIMPLE_TEXTIN_EX_NOTIFY {
   UINTN                                 Signature;
-  EFI_HANDLE                            NotifyHandle;
   EFI_KEY_DATA                          KeyData;
   EFI_KEY_NOTIFY_FUNCTION               KeyNotificationFn;
   LIST_ENTRY                            NotifyEntry;
diff --git a/edk2/Nt32Pkg/WinNtGopDxe/WinNtGopInput.c b/edk2/Nt32Pkg/WinNtGopDxe/WinNtGopInput.c
index ee1a98cde..6a0f4b789 100644
--- a/edk2/Nt32Pkg/WinNtGopDxe/WinNtGopInput.c
+++ b/edk2/Nt32Pkg/WinNtGopDxe/WinNtGopInput.c
@@ -1,6 +1,6 @@
 /** @file
 
-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -822,7 +822,7 @@ WinNtGopSimpleTextInExRegisterKeyNotify (
   IN EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL  *This,
   IN EFI_KEY_DATA                       *KeyData,
   IN EFI_KEY_NOTIFY_FUNCTION            KeyNotificationFunction,
-  OUT EFI_HANDLE                        *NotifyHandle
+  OUT VOID                              **NotifyHandle
   )
 /*++
 
@@ -867,7 +867,7 @@ WinNtGopSimpleTextInExRegisterKeyNotify (
                       );
     if (GopPrivateIsKeyRegistered (&CurrentNotify->KeyData, KeyData)) {
       if (CurrentNotify->KeyNotificationFn == KeyNotificationFunction) {
-        *NotifyHandle = CurrentNotify->NotifyHandle;
+        *NotifyHandle = CurrentNotify;
         return EFI_SUCCESS;
       }
     }
@@ -883,11 +883,10 @@ WinNtGopSimpleTextInExRegisterKeyNotify (
 
   NewNotify->Signature         = WIN_NT_GOP_SIMPLE_TEXTIN_EX_NOTIFY_SIGNATURE;
   NewNotify->KeyNotificationFn = KeyNotificationFunction;
-  NewNotify->NotifyHandle      = (EFI_HANDLE) NewNotify;
   CopyMem (&NewNotify->KeyData, KeyData, sizeof (EFI_KEY_DATA));
   InsertTailList (&Private->NotifyList, &NewNotify->NotifyEntry);
 
-  *NotifyHandle = NewNotify->NotifyHandle;
+  *NotifyHandle = NewNotify;
 
   return EFI_SUCCESS;
 
@@ -897,7 +896,7 @@ EFI_STATUS
 EFIAPI
 WinNtGopSimpleTextInExUnregisterKeyNotify (
   IN EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL  *This,
-  IN EFI_HANDLE                         NotificationHandle
+  IN VOID                               *NotificationHandle
   )
 /*++
 
@@ -922,10 +921,6 @@ WinNtGopSimpleTextInExUnregisterKeyNotify (
     return EFI_INVALID_PARAMETER;
   }
 
-  if (((WIN_NT_GOP_SIMPLE_TEXTIN_EX_NOTIFY *) NotificationHandle)->Signature != WIN_NT_GOP_SIMPLE_TEXTIN_EX_NOTIFY_SIGNATURE) {
-    return EFI_INVALID_PARAMETER;
-  }
-
   Private = GOP_PRIVATE_DATA_FROM_TEXT_IN_EX_THIS (This);
 
   for (Link = Private->NotifyList.ForwardLink; Link != &Private->NotifyList; Link = Link->ForwardLink) {
@@ -935,7 +930,7 @@ WinNtGopSimpleTextInExUnregisterKeyNotify (
                       NotifyEntry,
                       WIN_NT_GOP_SIMPLE_TEXTIN_EX_NOTIFY_SIGNATURE
                       );
-    if (CurrentNotify->NotifyHandle == NotificationHandle) {
+    if (CurrentNotify == NotificationHandle) {
       //
       // Remove the notification function from NotifyList and free resources
       //