From 6a0ad90b1829ab4203a4c527005c9d366d549360 Mon Sep 17 00:00:00 2001 From: Guo Mang Date: Thu, 2 Jun 2016 10:15:18 +0800 Subject: BraswellPlatformPkg: Add PlatformSecureLib Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Guo Mang --- .../Library/PlatformSecureLib/PlatformSecureLib.c | 47 ++++++++++++++++++++++ .../PlatformSecureLib/PlatformSecureLib.inf | 40 ++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c create mode 100644 BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c new file mode 100644 index 0000000000..bc7d83fabf --- /dev/null +++ b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c @@ -0,0 +1,47 @@ +/** @file + Provides a secure platform-specific method to clear PK(Platform Key). + + Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.
+ + This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php. + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +/** + This function provides a platform-specific method to detect whether the platform + is operating by a physically present user. + + Programmatic changing of platform security policy (such as disable Secure Boot, + or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during + Boot Services or after exiting EFI Boot Services. Only a physically present user + is allowed to perform these operations. + + NOTE THAT: This function cannot depend on any EFI Variable Service since they are + not available when this function is called in AuthenticateVariable driver. + + @retval TRUE The platform is operated by a physically present user. + @retval FALSE The platform is NOT operated by a physically present user. + +**/ +BOOLEAN +EFIAPI +UserPhysicalPresent ( + VOID + ) +{ + EFI_STATUS Status; + SYSTEM_CONFIGURATION SystemConfiguration; + + CopyMem (&SystemConfiguration, PcdGetPtr (PcdSystemConfiguration), sizeof(SYSTEM_CONFIGURATION)); + + return (SystemConfiguration->SecureBootUserPhysicalPresent == 1); +} diff --git a/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf new file mode 100644 index 0000000000..651c363e03 --- /dev/null +++ b/BraswellPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.inf @@ -0,0 +1,40 @@ +## @file +# Provides a secure platform-specific method to clear PK(Platform Key). +# +# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformSecureLib + FILE_GUID = 4204D78D-EDBF-4cee-BE80-3881457CF344 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + PlatformSecureLib.c + +[Packages] + MdePkg/MdePkg.dec + BraswellPlatformPkg/BraswellPlatformPkg.dec + +[LibraryClasses] + PcdLib + +[Pcd] -- cgit v1.2.3