From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Qin Long <qin.long@intel.com>, Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.
Date: Thu, 26 Jan 2017 19:50:16 +0800 [thread overview]
Message-ID: <1485431418-16540-5-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1485431418-16540-1-git-send-email-jiewen.yao@intel.com>
This lib instance is to return if the password is cleared based upon PCD.
Cc: Qin Long <qin.long@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c | 84 ++++++++++++++++++++
SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf | 44 ++++++++++
SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni | 24 ++++++
3 files changed, 152 insertions(+)
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
new file mode 100644
index 0000000..ebfe35a
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
@@ -0,0 +1,84 @@
+/** @file
+ NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+ but returns the PCD value directly. This instance can be used to verify security
+ related features during platform enabling and development. It should be replaced
+ by a platform-specific method(e.g. Button pressed) in a real platform for product.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+BOOLEAN mPasswordCleared = FALSE;
+
+/**
+ This function is called at password driver entrypoint.
+ This function should be called only once, to clear the password.
+
+ This function provides a way to reset the password, just in case
+ the platform owner forgets the password.
+ The platform should provide a secure way to make sure
+ only the platform owner is allowed to clear password.
+
+ Once the password is cleared, the platform should provide a way
+ to set a new password.
+
+ @retval TRUE There is a platform request to clear the password.
+ @retval FALSE There is no platform request to clear the password.
+**/
+BOOLEAN
+EFIAPI
+IsPasswordCleared (
+ VOID
+ )
+{
+ return mPasswordCleared;
+}
+
+/**
+ This function is called if the password driver finds that the password is not enrolled,
+ when the password is required to input.
+
+ This function should return the action accroding to platform policy.
+
+ @retval TRUE The caller should force the user to enroll the password.
+ @retval FALSE The caller may skip the password enroll.
+**/
+BOOLEAN
+EFIAPI
+NeedEnrollPassword (
+ VOID
+ )
+{
+ return FALSE;
+}
+
+
+/**
+ Save password clear state from a PCD to mPasswordCleared.
+
+ @param ImageHandle ImageHandle of the loaded driver.
+ @param SystemTable Pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS PcdPasswordCleared is got successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformPasswordLibNullConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+
+ mPasswordCleared = PcdGetBool(PcdPasswordCleared);
+
+ return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
new file mode 100644
index 0000000..d071565
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
@@ -0,0 +1,44 @@
+## @file
+# NULL platform password library instance that returns the password clear state based upon PCD.
+#
+# NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+# but returns the PCD value directly. This instance can be used to verify security
+# related features during platform enabling and development. It should be replaced
+# by a platform-specific method(e.g. Button pressed) in a real platform for product.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010006
+ BASE_NAME = PlatformPasswordLibNull
+ MODULE_UNI_FILE = PlatformPasswordLibNull.uni
+ FILE_GUID = 27417BCA-0CCD-4089-9711-AD069A33C555
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+ CONSTRUCTOR = PlatformPasswordLibNullConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF EBC
+#
+
+[Sources]
+ PlatformPasswordLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdPasswordCleared ## CONSUMES
+
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni
new file mode 100644
index 0000000..bbedef6
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni
@@ -0,0 +1,24 @@
+// /** @file
+// NULL platform password library instance that returns the password clear state based upon PCD.
+//
+// NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+// but returns the PCD value directly. This instance can be used to verify security
+// related features during platform enabling and development. It should be replaced
+// by a platform-specific method(e.g. Button pressed) in a real platform for product.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "NULL platform password library instance that returns the password clear state based upon PCD."
+
+#string STR_MODULE_DESCRIPTION #language en-US "NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared but returns the PCD value directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product."
+
--
2.7.4.windows.1
next prev parent reply other threads:[~2017-01-26 11:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-26 11:50 [PATCH 0/6] Add password support Jiewen Yao
2017-01-26 11:50 ` [PATCH 1/6] CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c Jiewen Yao
2017-01-26 11:50 ` [PATCH 2/6] SecurityPkg/dec: Add PcdPasswordCleared Jiewen Yao
2017-01-26 11:50 ` [PATCH 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class Jiewen Yao
2017-01-26 11:50 ` Jiewen Yao [this message]
2017-01-26 11:50 ` [PATCH 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules Jiewen Yao
2017-02-04 3:05 ` Zhang, Chao B
2017-02-04 3:07 ` Yao, Jiewen
2017-01-26 11:50 ` [PATCH 6/6] SecurityPkg/dsc: add Password authentication module Jiewen Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485431418-16540-5-git-send-email-jiewen.yao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox