/** @file\r
- Provides a secure platform-specific method to clear PK(Platform Key).\r
+ NULL PlatformSecureLib instance does NOT really detect whether a physical present \r
+ user exists but return TRUE directly. This instance can be used to verify security\r
+ related features during platform enabling and development. It should be replaced\r
+ by a platform-specific method(e.g. Button pressed) in a real platform for product.\r
\r
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
\r
**/\r
\r
+BOOLEAN mUserPhysicalPresence = FALSE;\r
+\r
/**\r
\r
- This function detects whether a secure platform-specific method to clear PK(Platform Key)\r
- is configured by platform owner. This method is provided for users force to clear PK \r
- in case incorrect enrollment mis-haps.\r
- \r
- UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using \r
- a secure platform-specific method. In this case, the global variable SetupMode \r
- must also be updated to 1.\r
- \r
+ This function provides a platform-specific method to detect whether the platform\r
+ is operating by a physically present user. \r
+\r
+ Programmatic changing of platform security policy (such as disable Secure Boot,\r
+ or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during\r
+ Boot Services or after exiting EFI Boot Services. Only a physically present user\r
+ is allowed to perform these operations.\r
+\r
NOTE THAT: This function cannot depend on any EFI Variable Service since they are\r
not available when this function is called in AuthenticateVariable driver.\r
-\r
- @retval TRUE The Platform owner wants to force clear PK.\r
- @retval FALSE The Platform owner doesn't want to force clear PK. \r
+ \r
+ @retval TRUE The platform is operated by a physically present user.\r
+ @retval FALSE The platform is NOT operated by a physically present user.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
-ForceClearPK (\r
+UserPhysicalPresent (\r
VOID\r
)\r
{\r
- return FALSE;\r
+ return mUserPhysicalPresence; \r
+}\r
+\r
+\r
+/**\r
+ Save user physical presence state from a PCD to mUserPhysicalPresence.\r
+\r
+ @param ImageHandle ImageHandle of the loaded driver.\r
+ @param SystemTable Pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCCESS PcdUserPhysicalPresence is got successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+PlatformSecureLibNullConstructor (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+\r
+ mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);\r
+\r
+ return EFI_SUCCESS;\r
}\r
projects / mirror_edk2.git / blobdiff