# @Prompt Possible TPM2 Interrupt Number buffer\r
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00, 0x00}|VOID*|0x0001001D\r
\r
- ## Indicates if Opal DXE driver skip unlock device flow.<BR><BR>\r
- # TRUE - Skip unlock device flow.<BR>\r
- # FALSE - Does not skip unlock device flow.<BR>\r
- # @Prompt Skip Opal DXE driver unlock device flow.\r
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020\r
+ ## Indicates if Opal DXE driver skip password prompt.<BR><BR>\r
+ # TRUE - Skip password prompt.<BR>\r
+ # FALSE - Does not skip password prompt.<BR>\r
+ # @Prompt Skip Opal DXE driver password prompt.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOLEAN|0x00010020\r
\r
[PcdsDynamic, PcdsDynamicEx]\r
\r
\r
IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature);\r
\r
- if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {\r
- return;\r
+ //\r
+ // Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt.\r
+ // Due to board design, device may not power off during system warm boot, which result in\r
+ // security status remain unlocked status, hence we add device security status check here.\r
+ //\r
+ // If device is in the locked status, device keeps locked and system continues booting.\r
+ // If device is in the unlocked status, system is forced shutdown to support security requirement.\r
+ //\r
+ if (PcdGetBool (PcdSkipOpalPasswordPrompt)) {\r
+ if (IsLocked) {\r
+ return;\r
+ } else {\r
+ gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);\r
+ }\r
}\r
\r
while (Count < MAX_PASSWORD_TRY_COUNT) {\r
gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED\r
\r
[Pcd]\r
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES\r
\r
[Depex]\r
gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid\r