OvmfPkg: Add PlatformSecureLib instance

Signed-off-by: lgrosenb
Reviewed-by: jljusten
Reviewed-by: mdkinney
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13090 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
new file mode 100644 (file)
index 0000000..956ff9e
--- /dev/null
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
@@ -0,0 +1,57 @@
+/** @file\r
+  Provides a platform-specific method to enable Secure Boot Custom Mode setup.\r
+\r
+  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
+  This program and the accompanying materials\r
+  are licensed and made available under the terms and conditions of the BSD License\r
+  which accompanies this distribution.  The full text of the license may be found at\r
+  http://opensource.org/licenses/bsd-license.php\r
+\r
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+#include <Library/PcdLib.h>\r
+\r
+/**\r
+\r
+  This function detects whether a secure platform-specific method to clear PK(Platform Key)\r
+  is configured by platform owner. This method is provided for users force to clear PK\r
+  in case incorrect enrollment mis-haps.\r
+\r
+  UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using\r
+  a secure platform-specific method. In  this case, the global variable SetupMode\r
+  must also be updated to 1.\r
+\r
+  NOTE THAT: This function cannot depend on any EFI Variable Service since they are\r
+  not available when this function is called in AuthenticateVariable driver.\r
+\r
+  @retval  TRUE       The Platform owner wants to force clear PK.\r
+  @retval  FALSE      The Platform owner doesn't want to force clear PK.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+ForceClearPK (\r
+  VOID\r
+  )\r
+{\r
+    return TRUE;\r
+}\r
+\r
+/**\r
+\r
+  This function detects whether current platform is operated by a physical present user.\r
+\r
+  @retval  TRUE       The Platform is operated by a physical present user.\r
+  @retval  FALSE      The Platform is NOT operated by a physical persent user.\r
+\r
+**/\r
+BOOLEAN\r
+EFIAPI\r
+UserPhysicalPresent (\r
+  VOID\r
+  )\r
+{\r
+  return TRUE;\r
+}\r

diff --git a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
new file mode 100644 (file)
index 0000000..267bc18
--- /dev/null
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -0,0 +1,33 @@
+## @file\r
+#  Provides a platform-specific method to enable Secure Boot Custom Mode setup.\r
+#\r
+#  Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.<BR>\r
+#\r
+#  This program and the accompanying materials\r
+#  are licensed and made available under the terms and conditions of the BSD License\r
+#  which accompanies this distribution. The full text of the license may be found at\r
+#  http://opensource.org/licenses/bsd-license.php\r
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 0x00010005\r
+  BASE_NAME                      = PlatformSecureLib\r
+  FILE_GUID                      = 4204D78D-EDBF-4cee-BE80-3881457CF344\r
+  MODULE_TYPE                    = DXE_DRIVER\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC\r
+#\r
+\r
+[Sources]\r
+  PlatformSecureLib.c\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r