SecurityPkg/OpalPassword: Add PCD to skip password prompt

[mirror_edk2.git] / SecurityPkg / Tcg / Opal / OpalPassword / OpalDriver.c

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 965205c0b22447f46a6070018eed23a04379f0d5..e14fa32354ea09c7665e661c95ba0dcbe48e7c63 100644 (file)
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -899,8 +899,20 @@ OpalDriverRequestPassword (
 \r
     IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature);\r
 \r
-    if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {\r
-      return;\r
+    //\r
+    // Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt.\r
+    // Due to board design, device may not power off during system warm boot, which result in\r
+    // security status remain unlocked status, hence we add device security status check here.\r
+    //\r
+    // If device is in the locked status, device keeps locked and system continues booting.\r
+    // If device is in the unlocked status, system is forced shutdown to support security requirement.\r
+    //\r
+    if (PcdGetBool (PcdSkipOpalPasswordPrompt)) {\r
+      if (IsLocked) {\r
+        return;\r
+      } else {\r
+        gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);\r
+      }\r
     }\r
 \r
     while (Count < MAX_PASSWORD_TRY_COUNT) {\r