QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

/** @file
Provides a secure platform-specific method to detect physically present user.

Copyright (c) 2013 - 2016 Intel Corporation.

This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution.  The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

#include <PiDxe.h>
#include <Library/PlatformHelperLib.h>
#include <Library/DebugLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/I2cLib.h>

#include <PlatformBoards.h>
#include <Pcal9555.h>
#include <QNCAccess.h>

//
// Global variable to cache pointer to I2C protocol.
//
EFI_PLATFORM_TYPE mPlatformType = TypeUnknown;

BOOLEAN
CheckResetButtonState (
  VOID
  )
{
  EFI_STATUS              Status;
  EFI_I2C_DEVICE_ADDRESS  I2CSlaveAddress;
  UINTN                   Length;
  UINTN                   ReadLength;
  UINT8                   Buffer[2];

  DEBUG ((EFI_D_INFO, "CheckResetButtonState(): mPlatformType == %d\n", mPlatformType));
  if (mPlatformType == GalileoGen2) {
    //
    // Read state of Reset Button - EXP2.P1_7
    // This GPIO is pulled high when the button is not pressed
    // This GPIO reads low when button is pressed
    //
    return PlatformPcal9555GpioGetState (
      GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR,  // IO Expander 2.
      15                                    // P1-7.
      );
  }
  if (mPlatformType == Galileo) {
    //
    // Detect the I2C Slave Address of the GPIO Expander
    //
    if (PlatformLegacyGpioGetLevel (R_QNC_GPIO_RGLVL_RESUME_WELL, GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO)) {
      I2CSlaveAddress.I2CDeviceAddress = GALILEO_IOEXP_J2HI_7BIT_SLAVE_ADDR;
    } else {
      I2CSlaveAddress.I2CDeviceAddress = GALILEO_IOEXP_J2LO_7BIT_SLAVE_ADDR;
    }
    DEBUG ((EFI_D_INFO, "Galileo GPIO Expender Slave Address = %02x\n", I2CSlaveAddress.I2CDeviceAddress));

    //
    // Read state of RESET_N_SHLD (GPORT5_BIT0)
    //
    Buffer[1] = 5;
    Length = 1;
    ReadLength = 1;
    Status = I2cReadMultipleByte (
               I2CSlaveAddress,
               EfiI2CSevenBitAddrMode,
               &Length,
               &ReadLength,
               &Buffer[1]
               );
    ASSERT_EFI_ERROR (Status);

    //
    // Return the state of GPORT5_BIT0
    //
    return ((Buffer[1] & BIT0) != 0);
  }
  return TRUE;
}

/**

  This function provides a platform-specific method to detect whether the platform
  is operating by a physically present user.

  Programmatic changing of platform security policy (such as disable Secure Boot,
  or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
  Boot Services or after exiting EFI Boot Services. Only a physically present user
  is allowed to perform these operations.

  NOTE THAT: This function cannot depend on any EFI Variable Service since they are
  not available when this function is called in AuthenticateVariable driver.

  @retval  TRUE       The platform is operated by a physically present user.
  @retval  FALSE      The platform is NOT operated by a physically present user.

**/
BOOLEAN
EFIAPI
UserPhysicalPresent (
  VOID
  )
{
  EFI_STATUS  Status;

  //
  // If user has already been detected as present, then return TRUE
  //
  if (PcdGetBool (PcdUserIsPhysicallyPresent)) {
    return TRUE;
  }

  //
  // Check to see if user is present now
  //
  if (CheckResetButtonState ()) {
    //
    // User is still not present, then return FALSE
    //
    return FALSE;
  }

  //
  // User has gone from not present to present state, so set
  // PcdUserIsPhysicallyPresent to TRUE
  //
  Status = PcdSetBoolS (PcdUserIsPhysicallyPresent, TRUE);
  ASSERT_EFI_ERROR (Status);

  return TRUE;
}

/**
  Determines if a user is physically present by reading the reset button state.

  @param  ImageHandle  The image handle of this driver.
  @param  SystemTable  A pointer to the EFI System Table.

  @retval EFI_SUCCESS   Install the Secure Boot Helper Protocol successfully.

**/
EFI_STATUS
EFIAPI
PlatformSecureLibInitialize (
  IN EFI_HANDLE        ImageHandle,
  IN EFI_SYSTEM_TABLE  *SystemTable
  )
{
  EFI_STATUS  Status;

  //
  // Get the platform type
  //
  mPlatformType = (EFI_PLATFORM_TYPE)PcdGet16 (PcdPlatformType);

  //
  // Read the state of the reset button when the library is initialized
  //
  Status = PcdSetBoolS (PcdUserIsPhysicallyPresent, !CheckResetButtonState ());
  ASSERT_EFI_ERROR (Status);

  return EFI_SUCCESS;
}