SecurityPkg: Add a PCD to skip Opal password prompt

https://bugzilla.tianocore.org/show_bug.cgi?id=1484
Add a PCD for skipping password prompt and device unlock flow.
so that other pre-OS applications are able to take over Opal
devices unlock flow.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 7ae42ea150c2c23ad838087c7d983c033020045c..a46d88d392323ffc111881a6b14045befaf2d091 100644 (file)
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -428,6 +428,12 @@
   # @Prompt Possible TPM2 Interrupt Number buffer\r
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00, 0x00}|VOID*|0x0001001D\r
 \r
+  ## Indicates if Opal DXE driver skip unlock device flow.<BR><BR>\r
+  #   TRUE  - Skip unlock device flow.<BR>\r
+  #   FALSE - Does not skip unlock device flow.<BR>\r
+  # @Prompt Skip Opal DXE driver unlock device flow.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020\r
+\r
 [PcdsDynamic, PcdsDynamicEx]\r
 \r
   ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly follows TCG Algorithm Registry.<BR><BR>\r

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 38268539fb055b9ddb51f693e3cfc144bf06cbf1..734c5f06ff054fe35c1377c96d70784537d2c820 100644 (file)
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -988,6 +988,10 @@ OpalDriverRequestPassword (
 \r
     IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature);\r
 \r
+    if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {\r
+      return;\r
+    }\r
+\r
     while (Count < MAX_PASSWORD_TRY_COUNT) {\r
       Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc);\r
       if (PressEsc) {\r

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
index cfa55dded7871b71e3c17a36404aaee7fe5b22fc..11e58b95cde74420b1a3981390ff389d9d65225b 100644 (file)
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
@@ -75,5 +75,8 @@
 [Guids]\r
   gEfiEndOfDxeEventGroupGuid                    ## CONSUMES             ## Event\r
 \r
+[Pcd]\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock  ## CONSUMES\r
+\r
 [Depex]\r
   gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid\r