From 6a52c7a1bb1424637ba1514a4a5d69472facffd0 Mon Sep 17 00:00:00 2001 From: jljusten Date: Fri, 9 Mar 2012 17:38:06 +0000 Subject: OvmfPkg: Add PlatformSecureLib instance Signed-off-by: lgrosenb Reviewed-by: jljusten Reviewed-by: mdkinney git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13090 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/PlatformSecureLib/PlatformSecureLib.c | 57 ++++++++++++++++++++++ .../PlatformSecureLib/PlatformSecureLib.inf | 33 +++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c create mode 100644 OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf (limited to 'OvmfPkg') diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c new file mode 100644 index 0000000000..956ff9e2c5 --- /dev/null +++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c @@ -0,0 +1,57 @@ +/** @file + Provides a platform-specific method to enable Secure Boot Custom Mode setup. + + Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ +#include + +/** + + This function detects whether a secure platform-specific method to clear PK(Platform Key) + is configured by platform owner. This method is provided for users force to clear PK + in case incorrect enrollment mis-haps. + + UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using + a secure platform-specific method. In this case, the global variable SetupMode + must also be updated to 1. + + NOTE THAT: This function cannot depend on any EFI Variable Service since they are + not available when this function is called in AuthenticateVariable driver. + + @retval TRUE The Platform owner wants to force clear PK. + @retval FALSE The Platform owner doesn't want to force clear PK. + +**/ +BOOLEAN +EFIAPI +ForceClearPK ( + VOID + ) +{ + return TRUE; +} + +/** + + This function detects whether current platform is operated by a physical present user. + + @retval TRUE The Platform is operated by a physical present user. + @retval FALSE The Platform is NOT operated by a physical persent user. + +**/ +BOOLEAN +EFIAPI +UserPhysicalPresent ( + VOID + ) +{ + return TRUE; +} diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf new file mode 100644 index 0000000000..267bc182b4 --- /dev/null +++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf @@ -0,0 +1,33 @@ +## @file +# Provides a platform-specific method to enable Secure Boot Custom Mode setup. +# +# Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformSecureLib + FILE_GUID = 4204D78D-EDBF-4cee-BE80-3881457CF344 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + PlatformSecureLib.c + +[Packages] + MdePkg/MdePkg.dec -- cgit v1.2.3