2 Provides a secure platform-specific method to detect physically present user.
4 Copyright (c) 2013 - 2016 Intel Corporation.
6 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #include <Library/PlatformHelperLib.h>
12 #include <Library/DebugLib.h>
13 #include <Library/UefiBootServicesTableLib.h>
14 #include <Library/I2cLib.h>
16 #include <PlatformBoards.h>
18 #include <QNCAccess.h>
21 // Global variable to cache pointer to I2C protocol.
23 EFI_PLATFORM_TYPE mPlatformType
= TypeUnknown
;
26 CheckResetButtonState (
31 EFI_I2C_DEVICE_ADDRESS I2CSlaveAddress
;
36 DEBUG ((EFI_D_INFO
, "CheckResetButtonState(): mPlatformType == %d\n", mPlatformType
));
37 if (mPlatformType
== GalileoGen2
) {
39 // Read state of Reset Button - EXP2.P1_7
40 // This GPIO is pulled high when the button is not pressed
41 // This GPIO reads low when button is pressed
43 return PlatformPcal9555GpioGetState (
44 GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR
, // IO Expander 2.
48 if (mPlatformType
== Galileo
) {
50 // Detect the I2C Slave Address of the GPIO Expander
52 if (PlatformLegacyGpioGetLevel (R_QNC_GPIO_RGLVL_RESUME_WELL
, GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO
)) {
53 I2CSlaveAddress
.I2CDeviceAddress
= GALILEO_IOEXP_J2HI_7BIT_SLAVE_ADDR
;
55 I2CSlaveAddress
.I2CDeviceAddress
= GALILEO_IOEXP_J2LO_7BIT_SLAVE_ADDR
;
57 DEBUG ((EFI_D_INFO
, "Galileo GPIO Expender Slave Address = %02x\n", I2CSlaveAddress
.I2CDeviceAddress
));
60 // Read state of RESET_N_SHLD (GPORT5_BIT0)
65 Status
= I2cReadMultipleByte (
67 EfiI2CSevenBitAddrMode
,
72 ASSERT_EFI_ERROR (Status
);
75 // Return the state of GPORT5_BIT0
77 return ((Buffer
[1] & BIT0
) != 0);
84 This function provides a platform-specific method to detect whether the platform
85 is operating by a physically present user.
87 Programmatic changing of platform security policy (such as disable Secure Boot,
88 or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
89 Boot Services or after exiting EFI Boot Services. Only a physically present user
90 is allowed to perform these operations.
92 NOTE THAT: This function cannot depend on any EFI Variable Service since they are
93 not available when this function is called in AuthenticateVariable driver.
95 @retval TRUE The platform is operated by a physically present user.
96 @retval FALSE The platform is NOT operated by a physically present user.
101 UserPhysicalPresent (
108 // If user has already been detected as present, then return TRUE
110 if (PcdGetBool (PcdUserIsPhysicallyPresent
)) {
115 // Check to see if user is present now
117 if (CheckResetButtonState ()) {
119 // User is still not present, then return FALSE
125 // User has gone from not present to present state, so set
126 // PcdUserIsPhysicallyPresent to TRUE
128 Status
= PcdSetBoolS (PcdUserIsPhysicallyPresent
, TRUE
);
129 ASSERT_EFI_ERROR (Status
);
135 Determines if a user is physically present by reading the reset button state.
137 @param ImageHandle The image handle of this driver.
138 @param SystemTable A pointer to the EFI System Table.
140 @retval EFI_SUCCESS Install the Secure Boot Helper Protocol successfully.
145 PlatformSecureLibInitialize (
146 IN EFI_HANDLE ImageHandle
,
147 IN EFI_SYSTEM_TABLE
*SystemTable
153 // Get the platform type
155 mPlatformType
= (EFI_PLATFORM_TYPE
)PcdGet16 (PcdPlatformType
);
158 // Read the state of the reset button when the library is initialized
160 Status
= PcdSetBoolS (PcdUserIsPhysicallyPresent
, !CheckResetButtonState ());
161 ASSERT_EFI_ERROR (Status
);