From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5BF5B81FB2 for ; Thu, 26 Jan 2017 03:50:30 -0800 (PST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP; 26 Jan 2017 03:50:30 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,289,1477983600"; d="scan'208";a="57767621" Received: from haifengy-mobl2.ccr.corp.intel.com (HELO jyao1-MOBL.ccr.corp.intel.com) ([10.254.213.43]) by fmsmga005.fm.intel.com with ESMTP; 26 Jan 2017 03:50:29 -0800 From: Jiewen Yao To: edk2-devel@lists.01.org Cc: Qin Long , Chao Zhang Date: Thu, 26 Jan 2017 19:50:16 +0800 Message-Id: <1485431418-16540-5-git-send-email-jiewen.yao@intel.com> X-Mailer: git-send-email 2.7.4.windows.1 In-Reply-To: <1485431418-16540-1-git-send-email-jiewen.yao@intel.com> References: <1485431418-16540-1-git-send-email-jiewen.yao@intel.com> Subject: [PATCH 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2017 11:50:30 -0000 This lib instance is to return if the password is cleared based upon PCD. Cc: Qin Long Cc: Chao Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao --- SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c | 84 ++++++++++++++++++++ SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf | 44 ++++++++++ SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni | 24 ++++++ 3 files changed, 152 insertions(+) diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c new file mode 100644 index 0000000..ebfe35a --- /dev/null +++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c @@ -0,0 +1,84 @@ +/** @file + NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared + but returns the PCD value directly. This instance can be used to verify security + related features during platform enabling and development. It should be replaced + by a platform-specific method(e.g. Button pressed) in a real platform for product. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +BOOLEAN mPasswordCleared = FALSE; + +/** + This function is called at password driver entrypoint. + This function should be called only once, to clear the password. + + This function provides a way to reset the password, just in case + the platform owner forgets the password. + The platform should provide a secure way to make sure + only the platform owner is allowed to clear password. + + Once the password is cleared, the platform should provide a way + to set a new password. + + @retval TRUE There is a platform request to clear the password. + @retval FALSE There is no platform request to clear the password. +**/ +BOOLEAN +EFIAPI +IsPasswordCleared ( + VOID + ) +{ + return mPasswordCleared; +} + +/** + This function is called if the password driver finds that the password is not enrolled, + when the password is required to input. + + This function should return the action accroding to platform policy. + + @retval TRUE The caller should force the user to enroll the password. + @retval FALSE The caller may skip the password enroll. +**/ +BOOLEAN +EFIAPI +NeedEnrollPassword ( + VOID + ) +{ + return FALSE; +} + + +/** + Save password clear state from a PCD to mPasswordCleared. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS PcdPasswordCleared is got successfully. + +**/ +EFI_STATUS +EFIAPI +PlatformPasswordLibNullConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + + mPasswordCleared = PcdGetBool(PcdPasswordCleared); + + return EFI_SUCCESS; +} + diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf new file mode 100644 index 0000000..d071565 --- /dev/null +++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf @@ -0,0 +1,44 @@ +## @file +# NULL platform password library instance that returns the password clear state based upon PCD. +# +# NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared +# but returns the PCD value directly. This instance can be used to verify security +# related features during platform enabling and development. It should be replaced +# by a platform-specific method(e.g. Button pressed) in a real platform for product. +# +# Copyright (c) 2016, Intel Corporation. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010006 + BASE_NAME = PlatformPasswordLibNull + MODULE_UNI_FILE = PlatformPasswordLibNull.uni + FILE_GUID = 27417BCA-0CCD-4089-9711-AD069A33C555 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER + CONSTRUCTOR = PlatformPasswordLibNullConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + PlatformPasswordLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdPasswordCleared ## CONSUMES + diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni new file mode 100644 index 0000000..bbedef6 --- /dev/null +++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni @@ -0,0 +1,24 @@ +// /** @file +// NULL platform password library instance that returns the password clear state based upon PCD. +// +// NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared +// but returns the PCD value directly. This instance can be used to verify security +// related features during platform enabling and development. It should be replaced +// by a platform-specific method(e.g. Button pressed) in a real platform for product. +// +// Copyright (c) 2016, Intel Corporation. All rights reserved.
+// +// This program and the accompanying materials +// are licensed and made available under the terms and conditions of the BSD License +// which accompanies this distribution. The full text of the license may be found at +// http://opensource.org/licenses/bsd-license.php +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "NULL platform password library instance that returns the password clear state based upon PCD." + +#string STR_MODULE_DESCRIPTION #language en-US "NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared but returns the PCD value directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product." + -- 2.7.4.windows.1