1 files changed, 9 insertions, 26 deletions
diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
index 956ff9e2c5..de0e4fa938 100644
--- a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
@@ -15,36 +15,19 @@
 
 /**
 
-  This function detects whether a secure platform-specific method to clear PK(Platform Key)
-  is configured by platform owner. This method is provided for users force to clear PK
-  in case incorrect enrollment mis-haps.
+  This function provides a platform-specific method to detect whether the platform
+  is operating by a physically present user. 
 
-  UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
-  a secure platform-specific method. In  this case, the global variable SetupMode
-  must also be updated to 1.
+  Programmatic changing of platform security policy (such as disable Secure Boot,
+  or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
+  Boot Services or after exiting EFI Boot Services. Only a physically present user
+  is allowed to perform these operations.
 
   NOTE THAT: This function cannot depend on any EFI Variable Service since they are
   not available when this function is called in AuthenticateVariable driver.
-
-  @retval  TRUE       The Platform owner wants to force clear PK.
-  @retval  FALSE      The Platform owner doesn't want to force clear PK.
-
-**/
-BOOLEAN
-EFIAPI
-ForceClearPK (
-  VOID
-  )
-{
-    return TRUE;
-}
-
-/**
-
-  This function detects whether current platform is operated by a physical present user.
-
-  @retval  TRUE       The Platform is operated by a physical present user.
-  @retval  FALSE      The Platform is NOT operated by a physical persent user.
+  
+  @retval  TRUE       The platform is operated by a physically present user.
+  @retval  FALSE      The platform is NOT operated by a physically present user.
 
 **/
 BOOLEAN