BraswellPlatformPkg: Add PlatformSecureLib

Contributed-under: TianoCore Contribution Agreement 1.0

Signed-off-by: Guo Mang <mang.guo@intel.com>

2 files changed, 87 insertions, 0 deletions

diff --git a/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c
new file mode 100644
index 0000000000..bc7d83fabf
--- /dev/null
+++ b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c
@@ -0,0 +1,47 @@
+/** @file

+  Provides a secure platform-specific method to clear PK(Platform Key).

+

+  Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>

+

+  This program and the accompanying materials

+  are licensed and made available under the terms and conditions of the BSD License

+  which accompanies this distribution.  The full text of the license may be found at

+  http://opensource.org/licenses/bsd-license.php.

+

+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+

+**/

+

+#include <Library/PcdLib.h>

+#include <Guid/SetupVariable.h>

+

+/**

+  This function provides a platform-specific method to detect whether the platform

+  is operating by a physically present user.

+

+  Programmatic changing of platform security policy (such as disable Secure Boot,

+  or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during

+  Boot Services or after exiting EFI Boot Services. Only a physically present user

+  is allowed to perform these operations.

+

+  NOTE THAT: This function cannot depend on any EFI Variable Service since they are

+  not available when this function is called in AuthenticateVariable driver.

+

+  @retval  TRUE       The platform is operated by a physically present user.

+  @retval  FALSE      The platform is NOT operated by a physically present user.

+

+**/

+BOOLEAN

+EFIAPI

+UserPhysicalPresent (

+  VOID

+  )

+{

+  EFI_STATUS                Status;

+  SYSTEM_CONFIGURATION      SystemConfiguration;

+

+  CopyMem (&SystemConfiguration, PcdGetPtr (PcdSystemConfiguration), sizeof(SYSTEM_CONFIGURATION));

+

+  return (SystemConfiguration->SecureBootUserPhysicalPresent == 1);

+}

diff --git a/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
new file mode 100644
index 0000000000..651c363e03
--- /dev/null
+++ b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -0,0 +1,40 @@
+## @file

+#  Provides a secure platform-specific method to clear PK(Platform Key).

+#

+#  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+#

+#  This program and the accompanying materials

+#  are licensed and made available under the terms and conditions of the BSD License

+#  which accompanies this distribution.  The full text of the license may be found at

+#  http://opensource.org/licenses/bsd-license.php.

+#

+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

+#

+##

+

+[Defines]

+  INF_VERSION                    = 0x00010005

+  BASE_NAME                      = PlatformSecureLib

+  FILE_GUID                      = 4204D78D-EDBF-4cee-BE80-3881457CF344

+  MODULE_TYPE                    = DXE_DRIVER

+  VERSION_STRING                 = 1.0

+  LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER

+

+#

+# The following information is for reference only and not required by the build tools.

+#

+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC

+#

+

+[Sources]

+  PlatformSecureLib.c

+

+[Packages]

+  MdePkg/MdePkg.dec

+  BraswellPlatformPkg/BraswellPlatformPkg.dec

+

+[LibraryClasses]

+  PcdLib

+

+[Pcd]