SecurityPkg/Include/Library/PlatformSecureLib.h

   1 /** @file
   2   Provides a secure platform-specific method to clear PK(Platform Key).
   3
   4 Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>
   5 This program and the accompanying materials
   6 are licensed and made available under the terms and conditions of the BSD License
   7 which accompanies this distribution.  The full text of the license may be found at
   8 http://opensource.org/licenses/bsd-license.php
   9
  10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
  11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
  12
  13 **/
  14
  15 #ifndef __PLATFORM_SECURE_LIB_H__
  16 #define __PLATFORM_SECURE_LIB_H__
  17
  18
  19 /**
  20
  21   This function detects whether a secure platform-specific method to clear PK(Platform Key)
  22   is configured by platform owner. This method is provided for users force to clear PK
  23   in case incorrect enrollment mis-haps.
  24
  25   UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
  26   a secure platform-specific method. In  this case, the global variable SetupMode
  27   must also be updated to 1.
  28
  29   NOTE THAT: This function cannot depend on any EFI Variable Service since they are
  30   not available when this function is called in AuthenticateVariable driver.
  31
  32   @retval  TRUE       The Platform owner wants to force clear PK.
  33   @retval  FALSE      The Platform owner doesn't want to force clear PK.
  34
  35 **/
  36 BOOLEAN
  37 EFIAPI
  38 ForceClearPK (
  39   VOID
  40   );
  41
  42 #endif