summaryrefslogtreecommitdiff
path: root/OvmfPkg/Library/PlatformSecureLib
diff options
context:
space:
mode:
authorjljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>2012-03-09 17:38:06 +0000
committerjljusten <jljusten@6f19259b-4bc3-4df7-8a09-765794883524>2012-03-09 17:38:06 +0000
commit6a52c7a1bb1424637ba1514a4a5d69472facffd0 (patch)
treece71e7eaa5e9534a27182ccf44d5838101feac52 /OvmfPkg/Library/PlatformSecureLib
parent54a26282b3b910ff4648b082f32434c31f1d7246 (diff)
downloadedk2-platforms-6a52c7a1bb1424637ba1514a4a5d69472facffd0.tar.xz
OvmfPkg: Add PlatformSecureLib instance
Signed-off-by: lgrosenb Reviewed-by: jljusten Reviewed-by: mdkinney git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13090 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'OvmfPkg/Library/PlatformSecureLib')
-rw-r--r--OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c57
-rw-r--r--OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf33
2 files changed, 90 insertions, 0 deletions
diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
new file mode 100644
index 0000000000..956ff9e2c5
--- /dev/null
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
@@ -0,0 +1,57 @@
+/** @file
+ Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+
+ Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <Library/PcdLib.h>
+
+/**
+
+ This function detects whether a secure platform-specific method to clear PK(Platform Key)
+ is configured by platform owner. This method is provided for users force to clear PK
+ in case incorrect enrollment mis-haps.
+
+ UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
+ a secure platform-specific method. In this case, the global variable SetupMode
+ must also be updated to 1.
+
+ NOTE THAT: This function cannot depend on any EFI Variable Service since they are
+ not available when this function is called in AuthenticateVariable driver.
+
+ @retval TRUE The Platform owner wants to force clear PK.
+ @retval FALSE The Platform owner doesn't want to force clear PK.
+
+**/
+BOOLEAN
+EFIAPI
+ForceClearPK (
+ VOID
+ )
+{
+ return TRUE;
+}
+
+/**
+
+ This function detects whether current platform is operated by a physical present user.
+
+ @retval TRUE The Platform is operated by a physical present user.
+ @retval FALSE The Platform is NOT operated by a physical persent user.
+
+**/
+BOOLEAN
+EFIAPI
+UserPhysicalPresent (
+ VOID
+ )
+{
+ return TRUE;
+}
diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
new file mode 100644
index 0000000000..267bc182b4
--- /dev/null
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -0,0 +1,33 @@
+## @file
+# Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+#
+# Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = PlatformSecureLib
+ FILE_GUID = 4204D78D-EDBF-4cee-BE80-3881457CF344
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ PlatformSecureLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec