X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;ds=sidebyside;f=SecurityPkg%2FTcg%2FOpal%2FOpalPassword%2FOpalDriver.c;h=e14fa32354ea09c7665e661c95ba0dcbe48e7c63;hb=6cbed0e36fe734f3fc11d30d652122d7714627c4;hp=965205c0b22447f46a6070018eed23a04379f0d5;hpb=46e696088a0a6473b3a7e5ff9dd5952fb99eb9aa;p=mirror_edk2.git

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 965205c0b2..e14fa32354 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -899,8 +899,20 @@ OpalDriverRequestPassword (
 
     IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature);
 
-    if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {
-      return;
+    //
+    // Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt.
+    // Due to board design, device may not power off during system warm boot, which result in
+    // security status remain unlocked status, hence we add device security status check here.
+    //
+    // If device is in the locked status, device keeps locked and system continues booting.
+    // If device is in the unlocked status, system is forced shutdown to support security requirement.
+    //
+    if (PcdGetBool (PcdSkipOpalPasswordPrompt)) {
+      if (IsLocked) {
+        return;
+      } else {
+        gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+      }
     }
 
     while (Count < MAX_PASSWORD_TRY_COUNT) {