summaryrefslogtreecommitdiff
path: root/SecurityPkg
diff options
context:
space:
mode:
authorLiming Gao <liming.gao@intel.com>2016-06-23 17:52:33 +0800
committerLiming Gao <liming.gao@intel.com>2016-06-29 09:43:00 +0800
commitc99bcf3d8aa5c098881360e8598b4c9e612d0a2b (patch)
tree724c1eab212ed91cc2639a0db12b535b98a4cdf0 /SecurityPkg
parente2b083de916cfc56a227df6f4ef67202cf5449c8 (diff)
downloadedk2-platforms-c99bcf3d8aa5c098881360e8598b4c9e612d0a2b.tar.xz
SecurityPkg: Update PlatformSecureLibNull with PCD to get physical presence.
This is an incompatible change. It uses PcdUserPhysicalPresence value instead of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE, this patch changes UserPhysicalPresent() return value from TRUE to FALSE. From Security point, it is not safe to always return TRUE. If user wants this behavior, he can still configure PcdUserPhysicalPresence value to TRUE in the platform DSC file. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>
Diffstat (limited to 'SecurityPkg')
-rw-r--r--SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c29
-rw-r--r--SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf9
2 files changed, 34 insertions, 4 deletions
diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
index 1450ac44ab..8dc07ec74a 100644
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
@@ -4,7 +4,7 @@
related features during platform enabling and development. It should be replaced
by a platform-specific method(e.g. Button pressed) in a real platform for product.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
+BOOLEAN mUserPhysicalPresence = FALSE;
+
/**
This function provides a platform-specific method to detect whether the platform
@@ -38,5 +40,28 @@ UserPhysicalPresent (
VOID
)
{
- return TRUE;
+ return mUserPhysicalPresence;
+}
+
+
+/**
+ Save user physical presence state from a PCD to mUserPhysicalPresence.
+
+ @param ImageHandle ImageHandle of the loaded driver.
+ @param SystemTable Pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS PcdUserPhysicalPresence is got successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformSecureLibNullConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+
+ mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);
+
+ return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
index 7a5229d039..be415f4166 100644
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -6,7 +6,7 @@
# related features during platform enabling and development. It should be replaced
# by a platform-specific method(e.g. Button pressed) in a real platform for product.
#
-# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -24,7 +24,7 @@
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
-
+ CONSTRUCTOR = PlatformSecureLibNullConstructor
#
# The following information is for reference only and not required by the build tools.
@@ -37,3 +37,8 @@
[Packages]
MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence ## CONSUMES
+