From 76bfc7e3ea136412808ad4cf54471c651bdec464 Mon Sep 17 00:00:00 2001 From: "Zhang, Chao B" Date: Thu, 21 Jul 2016 14:59:54 +0800 Subject: [PATCH] SecurityPkg: AuthVariableLib: Revert UserPhysicalPresent feature from AuthVariableLib Physical Presence state reporting is constrained by physical presence caching in variable driver. For example, reporting must be prior to Physical Presence caching. Physical Presence state becomes constant rather than instant after caching. Therefore, PlatformSecureLib is responsible for reporting Physical Presence state in expected way. This reverts commit 90fa53213ec458b5c4f8851c09aeb3de977531e5. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Yao Jiewen --- SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++---- SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h | 1 - SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 7 ------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 1d49b6a16e..6e1e284801 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -931,7 +931,7 @@ ProcessVarWithPk ( // Init state of Del. State may change due to secure check // Del = FALSE; - if ((InCustomMode() && mUserPhysicalPresent) || (mPlatformMode == SETUP_MODE && !IsPk)) { + if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) { Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data); if (PayloadSize == 0) { @@ -1049,7 +1049,7 @@ ProcessVarWithKek ( } Status = EFI_SUCCESS; - if (mPlatformMode == USER_MODE && !(InCustomMode() && mUserPhysicalPresent)) { + if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) { // // Time-based, verify against X509 Cert KEK. // @@ -1204,7 +1204,7 @@ ProcessVariable ( &OrgVariableInfo ); - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && mUserPhysicalPresent) { + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) { // // Allow the delete operation of common authenticated variable at user physical presence. // @@ -1222,7 +1222,7 @@ ProcessVariable ( return Status; } - if (NeedPhysicallyPresent (VariableName, VendorGuid) && !mUserPhysicalPresent) { + if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) { // // This variable is protected, only physical present user could modify its value. // diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h index ac7ea89a80..e7c4bf043d 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -128,7 +128,6 @@ extern UINT8 *mCertDbStore; extern UINT32 mMaxCertDbSize; extern UINT32 mPlatformMode; extern UINT8 mVendorKeyState; -extern BOOLEAN mUserPhysicalPresent; extern VOID *mHashCtx; diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index dd35a44409..c4fbb649f1 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -35,7 +35,6 @@ UINT8 *mCertDbStore; UINT32 mMaxCertDbSize; UINT32 mPlatformMode; UINT8 mVendorKeyState; -BOOLEAN mUserPhysicalPresent; EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID}; @@ -436,12 +435,6 @@ AuthVariableLibInitialize ( AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; AuthVarLibContextOut->AddressPointerCount = sizeof (mAuthVarAddressPointer) / sizeof (mAuthVarAddressPointer[0]); - // - // Cache UserPhysicalPresent State. - // Platform should report PhysicalPresent before this point - // - mUserPhysicalPresent = UserPhysicalPresent(); - return Status; } -- 2.39.2