From 0ff38cbfa31468aaa96fb13aa489a684f22d647f Mon Sep 17 00:00:00 2001 From: leegrosenbaum Date: Wed, 11 Apr 2012 16:23:41 +0000 Subject: Nt32Pkg: Add Secure Boot build option including Custom Mode setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If –D SECURE_BOOT_ENABLE is specified with the build command, Secure Boot support is enabled including custom mode setup. This allows Secure Boot to be configured through setup allowing Nt32Pkg to be a fully functional Secure Boot reference platforms. Signed-off-by: lee.g.rosenbaum@intel.com Reviewed-by: jiewen.yao@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13186 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/PlatformSecureLib/PlatformSecureLib.c | 41 ++++++++++++++++++++++ .../PlatformSecureLib/PlatformSecureLib.inf | 33 +++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c create mode 100644 Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf (limited to 'Nt32Pkg/Library/PlatformSecureLib') diff --git a/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c b/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c new file mode 100644 index 0000000000..e7f33277f5 --- /dev/null +++ b/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c @@ -0,0 +1,41 @@ +/** @file + Provides a platform-specific method to enable Secure Boot Custom Mode setup. + + Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +#include + + +/** + + This function provides a platform-specific method to detect whether the platform + is operating by a physically present user. + + Programmatic changing of platform security policy (such as disable Secure Boot, + or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during + Boot Services or after exiting EFI Boot Services. Only a physically present user + is allowed to perform these operations. + + NOTE THAT: This function cannot depend on any EFI Variable Service since they are + not available when this function is called in AuthenticateVariable driver. + + @retval TRUE The platform is operated by a physically present user. + @retval FALSE The platform is NOT operated by a physically present user. + +**/ +BOOLEAN +EFIAPI +UserPhysicalPresent ( + VOID + ) +{ + return TRUE; +} diff --git a/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf new file mode 100644 index 0000000000..a6891dd5f3 --- /dev/null +++ b/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf @@ -0,0 +1,33 @@ +## @file +# Provides a platform-specific method to enable Secure Boot Custom Mode setup. +# +# Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformSecureLib + FILE_GUID = F263EC2A-F0DB-4640-8B12-4ED22A506FB1 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + PlatformSecureLib.c + +[Packages] + MdePkg/MdePkg.dec -- cgit v1.2.3