\r
/**\r
\r
- This function detects whether a secure platform-specific method to clear PK(Platform Key)\r
- is configured by platform owner. This method is provided for users force to clear PK\r
- in case incorrect enrollment mis-haps.\r
+ This function provides a platform-specific method to detect whether the platform\r
+ is operating by a physically present user. \r
\r
- UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using\r
- a secure platform-specific method. In this case, the global variable SetupMode\r
- must also be updated to 1.\r
+ Programmatic changing of platform security policy (such as disable Secure Boot,\r
+ or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during\r
+ Boot Services or after exiting EFI Boot Services. Only a physically present user\r
+ is allowed to perform these operations.\r
\r
NOTE THAT: This function cannot depend on any EFI Variable Service since they are\r
not available when this function is called in AuthenticateVariable driver.\r
-\r
- @retval TRUE The Platform owner wants to force clear PK.\r
- @retval FALSE The Platform owner doesn't want to force clear PK.\r
-\r
-**/\r
-BOOLEAN\r
-EFIAPI\r
-ForceClearPK (\r
- VOID\r
- )\r
-{\r
- return TRUE;\r
-}\r
-\r
-/**\r
-\r
- This function detects whether current platform is operated by a physical present user.\r
-\r
- @retval TRUE The Platform is operated by a physical present user.\r
- @retval FALSE The Platform is NOT operated by a physical persent user.\r
+ \r
+ @retval TRUE The platform is operated by a physically present user.\r
+ @retval FALSE The platform is NOT operated by a physically present user.\r
\r
**/\r
BOOLEAN\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {\r
<LibraryClasses>\r
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
!else\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
## @file\r
# Open Virtual Machine Firmware: FDF\r
#\r
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
#\r
# This program and the accompanying materials\r
# are licensed and made available under the terms and conditions of the BSD License\r
INF OvmfPkg/BlockMmioToBlockIoDxe/BlockIo.inf\r
INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf\r
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf\r
+\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf\r
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!else\r
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
!endif\r
+\r
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf\r
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf\r
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {\r
<LibraryClasses>\r
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
!else\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
## @file\r
# Open Virtual Machine Firmware: FDF\r
#\r
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
#\r
# This program and the accompanying materials\r
# are licensed and made available under the terms and conditions of the BSD License\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf\r
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!else\r
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
!endif\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {\r
<LibraryClasses>\r
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf\r
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf\r
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
!else\r
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf\r
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf\r
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf\r
}\r
+ SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!endif\r
## @file\r
# Open Virtual Machine Firmware: FDF\r
#\r
-# Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>\r
#\r
# This program and the accompanying materials\r
# are licensed and made available under the terms and conditions of the BSD License\r
\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf\r
+ INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf\r
!else\r
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf\r
!endif\r