/** @file\r
- Provides a secure platform-specific method to clear PK(Platform Key).\r
+ NULL PlatformSecureLib instance does NOT really detect whether a physical present\r
+ user exists but return TRUE directly. This instance can be used to verify security\r
+ related features during platform enabling and development. It should be replaced\r
+ by a platform-specific method(e.g. Button pressed) in a real platform for product.\r
\r
-Copyright (c) 2011, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
+#include <Uefi/UefiBaseType.h>\r
+\r
+BOOLEAN mUserPhysicalPresence = FALSE;\r
+\r
/**\r
\r
- This function detects whether a secure platform-specific method to clear PK(Platform Key)\r
- is configured by platform owner. This method is provided for users force to clear PK \r
- in case incorrect enrollment mis-haps.\r
- \r
- UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using \r
- a secure platform-specific method. In this case, the global variable SetupMode \r
- must also be updated to 1.\r
- \r
+ This function provides a platform-specific method to detect whether the platform\r
+ is operating by a physically present user.\r
+\r
+ Programmatic changing of platform security policy (such as disable Secure Boot,\r
+ or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during\r
+ Boot Services or after exiting EFI Boot Services. Only a physically present user\r
+ is allowed to perform these operations.\r
+\r
NOTE THAT: This function cannot depend on any EFI Variable Service since they are\r
not available when this function is called in AuthenticateVariable driver.\r
\r
- @retval TRUE The Platform owner wants to force clear PK.\r
- @retval FALSE The Platform owner doesn't want to force clear PK. \r
+ @retval TRUE The platform is operated by a physically present user.\r
+ @retval FALSE The platform is NOT operated by a physically present user.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
-ForceClearPK (\r
+UserPhysicalPresent (\r
+ VOID\r
+ )\r
+{\r
+ return mUserPhysicalPresence;\r
+}\r
+\r
+/**\r
+ Save user physical presence state from a PCD to mUserPhysicalPresence.\r
+\r
+ @retval EFI_SUCCESS PcdUserPhysicalPresence is got successfully.\r
+\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+PlatformSecureLibNullConstructor (\r
VOID\r
)\r
{\r
- return FALSE;\r
+ mUserPhysicalPresence = PcdGetBool (PcdUserPhysicalPresence);\r
+\r
+ return RETURN_SUCCESS;\r
}\r