QuarkPlatformPkg/Library/PlatformSecureLib/PlatformSecureLib.c

   1 /** @file
   2 Provides a secure platform-specific method to detect physically present user.
   3
   4 Copyright (c) 2013 - 2016 Intel Corporation.
   5
   6 SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #include <PiDxe.h>
  11 #include <Library/PlatformHelperLib.h>
  12 #include <Library/DebugLib.h>
  13 #include <Library/UefiBootServicesTableLib.h>
  14 #include <Library/I2cLib.h>
  15
  16 #include <PlatformBoards.h>
  17 #include <Pcal9555.h>
  18 #include <QNCAccess.h>
  19
  20 //
  21 // Global variable to cache pointer to I2C protocol.
  22 //
  23 EFI_PLATFORM_TYPE mPlatformType = TypeUnknown;
  24
  25 BOOLEAN
  26 CheckResetButtonState (
  27   VOID
  28   )
  29 {
  30   EFI_STATUS              Status;
  31   EFI_I2C_DEVICE_ADDRESS  I2CSlaveAddress;
  32   UINTN                   Length;
  33   UINTN                   ReadLength;
  34   UINT8                   Buffer[2];
  35
  36   DEBUG ((EFI_D_INFO, "CheckResetButtonState(): mPlatformType == %d\n", mPlatformType));
  37   if (mPlatformType == GalileoGen2) {
  38     //
  39     // Read state of Reset Button - EXP2.P1_7
  40     // This GPIO is pulled high when the button is not pressed
  41     // This GPIO reads low when button is pressed
  42     //
  43     return PlatformPcal9555GpioGetState (
  44       GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR,  // IO Expander 2.
  45       15                                    // P1-7.
  46       );
  47   }
  48   if (mPlatformType == Galileo) {
  49     //
  50     // Detect the I2C Slave Address of the GPIO Expander
  51     //
  52     if (PlatformLegacyGpioGetLevel (R_QNC_GPIO_RGLVL_RESUME_WELL, GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO)) {
  53       I2CSlaveAddress.I2CDeviceAddress = GALILEO_IOEXP_J2HI_7BIT_SLAVE_ADDR;
  54     } else {
  55       I2CSlaveAddress.I2CDeviceAddress = GALILEO_IOEXP_J2LO_7BIT_SLAVE_ADDR;
  56     }
  57     DEBUG ((EFI_D_INFO, "Galileo GPIO Expender Slave Address = %02x\n", I2CSlaveAddress.I2CDeviceAddress));
  58
  59     //
  60     // Read state of RESET_N_SHLD (GPORT5_BIT0)
  61     //
  62     Buffer[1] = 5;
  63     Length = 1;
  64     ReadLength = 1;
  65     Status = I2cReadMultipleByte (
  66                I2CSlaveAddress,
  67                EfiI2CSevenBitAddrMode,
  68                &Length,
  69                &ReadLength,
  70                &Buffer[1]
  71                );
  72     ASSERT_EFI_ERROR (Status);
  73
  74     //
  75     // Return the state of GPORT5_BIT0
  76     //
  77     return ((Buffer[1] & BIT0) != 0);
  78   }
  79   return TRUE;
  80 }
  81
  82 /**
  83
  84   This function provides a platform-specific method to detect whether the platform
  85   is operating by a physically present user.
  86
  87   Programmatic changing of platform security policy (such as disable Secure Boot,
  88   or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
  89   Boot Services or after exiting EFI Boot Services. Only a physically present user
  90   is allowed to perform these operations.
  91
  92   NOTE THAT: This function cannot depend on any EFI Variable Service since they are
  93   not available when this function is called in AuthenticateVariable driver.
  94
  95   @retval  TRUE       The platform is operated by a physically present user.
  96   @retval  FALSE      The platform is NOT operated by a physically present user.
  97
  98 **/
  99 BOOLEAN
 100 EFIAPI
 101 UserPhysicalPresent (
 102   VOID
 103   )
 104 {
 105   EFI_STATUS  Status;
 106
 107   //
 108   // If user has already been detected as present, then return TRUE
 109   //
 110   if (PcdGetBool (PcdUserIsPhysicallyPresent)) {
 111     return TRUE;
 112   }
 113
 114   //
 115   // Check to see if user is present now
 116   //
 117   if (CheckResetButtonState ()) {
 118     //
 119     // User is still not present, then return FALSE
 120     //
 121     return FALSE;
 122   }
 123
 124   //
 125   // User has gone from not present to present state, so set
 126   // PcdUserIsPhysicallyPresent to TRUE
 127   //
 128   Status = PcdSetBoolS (PcdUserIsPhysicallyPresent, TRUE);
 129   ASSERT_EFI_ERROR (Status);
 130
 131   return TRUE;
 132 }
 133
 134 /**
 135   Determines if a user is physically present by reading the reset button state.
 136
 137   @param  ImageHandle  The image handle of this driver.
 138   @param  SystemTable  A pointer to the EFI System Table.
 139
 140   @retval EFI_SUCCESS   Install the Secure Boot Helper Protocol successfully.
 141
 142 **/
 143 EFI_STATUS
 144 EFIAPI
 145 PlatformSecureLibInitialize (
 146   IN EFI_HANDLE        ImageHandle,
 147   IN EFI_SYSTEM_TABLE  *SystemTable
 148   )
 149 {
 150   EFI_STATUS  Status;
 151
 152   //
 153   // Get the platform type
 154   //
 155   mPlatformType = (EFI_PLATFORM_TYPE)PcdGet16 (PcdPlatformType);
 156
 157   //
 158   // Read the state of the reset button when the library is initialized
 159   //
 160   Status = PcdSetBoolS (PcdUserIsPhysicallyPresent, !CheckResetButtonState ());
 161   ASSERT_EFI_ERROR (Status);
 162
 163   return EFI_SUCCESS;
 164 }