SecurityPkg: Update PlatformSecureLibNull with PCD to get physical presence.

This is an incompatible change. It uses PcdUserPhysicalPresence value instead
of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE,
this patch changes UserPhysicalPresent() return value from TRUE to FALSE.

From Security point, it is not safe to always return TRUE. If user wants this
behavior, he can still configure PcdUserPhysicalPresence value to TRUE in
the platform DSC file.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Giri P Mudusuru <giri.p.mudusuru@intel.com>

diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
index 1450ac44abe77dd0d9bdfbb24cc320cd05957450..8dc07ec74a10967a7cc7e65ca56a5989a95b591b 100644 (file)
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
@@ -4,7 +4,7 @@
   related features during platform enabling and development. It should be replaced\r
   by a platform-specific method(e.g. Button pressed) in a real platform for product.\r
 \r
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
@@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 \r
 **/\r
 \r
+BOOLEAN       mUserPhysicalPresence      = FALSE;\r
+\r
 /**\r
 \r
   This function provides a platform-specific method to detect whether the platform\r
@@ -38,5 +40,28 @@ UserPhysicalPresent (
   VOID\r
   )\r
 {\r
-  return TRUE;\r
+  return mUserPhysicalPresence;  \r
+}\r
+\r
+\r
+/**\r
+  Save user physical presence state from a PCD to mUserPhysicalPresence.\r
+\r
+  @param  ImageHandle   ImageHandle of the loaded driver.\r
+  @param  SystemTable   Pointer to the EFI System Table.\r
+\r
+  @retval  EFI_SUCCESS          PcdUserPhysicalPresence is got successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+PlatformSecureLibNullConstructor (\r
+  IN EFI_HANDLE        ImageHandle,\r
+  IN EFI_SYSTEM_TABLE  *SystemTable\r
+  )\r
+{\r
+\r
+  mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);\r
+\r
+  return EFI_SUCCESS;\r
 }\r

diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
index 7a5229d039232165909bfb61c03aba0951fc65ba..be415f4166bbd428f9d302b2903cdd8c6677f197 100644 (file)
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -6,7 +6,7 @@
 #  related features during platform enabling and development. It should be replaced\r
 #  by a platform-specific method(e.g. Button pressed) in a real platform for product.\r
 #\r
-# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
@@ -24,7 +24,7 @@
   MODULE_TYPE                    = DXE_DRIVER\r
   VERSION_STRING                 = 1.0\r
   LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER\r
-\r
+  CONSTRUCTOR                    = PlatformSecureLibNullConstructor\r
 \r
 #\r
 # The following information is for reference only and not required by the build tools.\r
@@ -37,3 +37,8 @@
 \r
 [Packages]\r
   MdePkg/MdePkg.dec\r
+  SecurityPkg/SecurityPkg.dec\r
+\r
+[Pcd]\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence    ## CONSUMES\r
+\r