2 Provides a secure platform-specific method to detect physically present user.
4 Copyright (c) 2013 - 2016 Intel Corporation.
6 This program and the accompanying materials
7 are licensed and made available under the terms and conditions of the BSD License
8 which accompanies this distribution. The full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17 #include <Library/PlatformHelperLib.h>
18 #include <Library/DebugLib.h>
19 #include <Library/UefiBootServicesTableLib.h>
20 #include <Library/I2cLib.h>
22 #include <PlatformBoards.h>
24 #include <QNCAccess.h>
27 // Global variable to cache pointer to I2C protocol.
29 EFI_PLATFORM_TYPE mPlatformType
= TypeUnknown
;
32 CheckResetButtonState (
37 EFI_I2C_DEVICE_ADDRESS I2CSlaveAddress
;
42 DEBUG ((EFI_D_INFO
, "CheckResetButtonState(): mPlatformType == %d\n", mPlatformType
));
43 if (mPlatformType
== GalileoGen2
) {
45 // Read state of Reset Button - EXP2.P1_7
46 // This GPIO is pulled high when the button is not pressed
47 // This GPIO reads low when button is pressed
49 return PlatformPcal9555GpioGetState (
50 GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR
, // IO Expander 2.
54 if (mPlatformType
== Galileo
) {
56 // Detect the I2C Slave Address of the GPIO Expander
58 if (PlatformLegacyGpioGetLevel (R_QNC_GPIO_RGLVL_RESUME_WELL
, GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO
)) {
59 I2CSlaveAddress
.I2CDeviceAddress
= GALILEO_IOEXP_J2HI_7BIT_SLAVE_ADDR
;
61 I2CSlaveAddress
.I2CDeviceAddress
= GALILEO_IOEXP_J2LO_7BIT_SLAVE_ADDR
;
63 DEBUG ((EFI_D_INFO
, "Galileo GPIO Expender Slave Address = %02x\n", I2CSlaveAddress
.I2CDeviceAddress
));
66 // Read state of RESET_N_SHLD (GPORT5_BIT0)
71 Status
= I2cReadMultipleByte (
73 EfiI2CSevenBitAddrMode
,
78 ASSERT_EFI_ERROR (Status
);
81 // Return the state of GPORT5_BIT0
83 return ((Buffer
[1] & BIT0
) != 0);
90 This function provides a platform-specific method to detect whether the platform
91 is operating by a physically present user.
93 Programmatic changing of platform security policy (such as disable Secure Boot,
94 or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
95 Boot Services or after exiting EFI Boot Services. Only a physically present user
96 is allowed to perform these operations.
98 NOTE THAT: This function cannot depend on any EFI Variable Service since they are
99 not available when this function is called in AuthenticateVariable driver.
101 @retval TRUE The platform is operated by a physically present user.
102 @retval FALSE The platform is NOT operated by a physically present user.
107 UserPhysicalPresent (
114 // If user has already been detected as present, then return TRUE
116 if (PcdGetBool (PcdUserIsPhysicallyPresent
)) {
121 // Check to see if user is present now
123 if (CheckResetButtonState ()) {
125 // User is still not present, then return FALSE
131 // User has gone from not present to present state, so set
132 // PcdUserIsPhysicallyPresent to TRUE
134 Status
= PcdSetBoolS (PcdUserIsPhysicallyPresent
, TRUE
);
135 ASSERT_EFI_ERROR (Status
);
141 Determines if a user is physically present by reading the reset button state.
143 @param ImageHandle The image handle of this driver.
144 @param SystemTable A pointer to the EFI System Table.
146 @retval EFI_SUCCESS Install the Secure Boot Helper Protocol successfully.
151 PlatformSecureLibInitialize (
152 IN EFI_HANDLE ImageHandle
,
153 IN EFI_SYSTEM_TABLE
*SystemTable
159 // Get the platform type
161 mPlatformType
= (EFI_PLATFORM_TYPE
)PcdGet16 (PcdPlatformType
);
164 // Read the state of the reset button when the library is initialized
166 Status
= PcdSetBoolS (PcdUserIsPhysicallyPresent
, !CheckResetButtonState ());
167 ASSERT_EFI_ERROR (Status
);