public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Qin Long <qin.long@intel.com>, Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.
Date: Tue,  7 Feb 2017 00:24:23 -0800	[thread overview]
Message-ID: <1486455866-7896-4-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1486455866-7896-1-git-send-email-jiewen.yao@intel.com>

This lib is to indicate if the password is cleared.

Cc: Qin Long <qin.long@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Include/Library/PlatformPasswordLib.h | 54 ++++++++++++++++++++
 SecurityPkg/SecurityPkg.dec                       |  4 ++
 2 files changed, 58 insertions(+)

diff --git a/SecurityPkg/Include/Library/PlatformPasswordLib.h b/SecurityPkg/Include/Library/PlatformPasswordLib.h
new file mode 100644
index 0000000..79067d2
--- /dev/null
+++ b/SecurityPkg/Include/Library/PlatformPasswordLib.h
@@ -0,0 +1,54 @@
+/** @file
+  Provides a platform-specific method to return password policy.
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __PLATFORM_PASSWORD_LIB_H__
+#define __PLATFORM_PASSWORD_LIB_H__
+
+/**
+  This function is called at password driver entrypoint.
+  This function should be called only once, to clear the password.
+
+  This function provides a way to reset the password, just in case
+  the platform owner forgets the password.
+  The platform should provide a secure way to make sure
+  only the platform owner is allowed to clear password.
+
+  Once the password is cleared, the platform should provide a way
+  to set a new password.
+
+  @retval TRUE  There is a platform request to clear the password.
+  @retval FALSE There is no platform request to clear the password.
+**/
+BOOLEAN
+EFIAPI
+IsPasswordCleared (
+  VOID
+  );
+
+/**
+  This function is called if the password driver finds that the password is not enrolled,
+  when the password is required to input.
+
+  This function should return the action accroding to platform policy.
+
+  @retval TRUE  The caller should force the user to enroll the password.
+  @retval FALSE The caller may skip the password enroll.
+**/
+BOOLEAN
+EFIAPI
+NeedEnrollPassword (
+  VOID
+  );
+
+#endif
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index da2f84f..7050d3e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -93,6 +93,10 @@
   #
   OpalPasswordSupportLib|Include/Library/OpalPasswordSupportLib.h
 
+  ##  @libraryclass  Provides a platform-specific method to return password policy.
+  #
+  PlatformPasswordLib|Include/Library/PlatformPasswordLib.h
+
 [Guids]
   ## Security package token space guid.
   # Include/Guid/SecurityPkgTokenSpace.h
-- 
2.7.4.windows.1



  parent reply	other threads:[~2017-02-07  8:24 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-07  8:24 [PATCH V2 0/6] Add password support Jiewen Yao
2017-02-07  8:24 ` [PATCH V2 1/6] CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c Jiewen Yao
2017-02-09  0:37   ` Long, Qin
2017-02-07  8:24 ` [PATCH V2 2/6] SecurityPkg/dec: Add PcdPasswordCleared Jiewen Yao
2017-02-09  0:41   ` Long, Qin
2017-02-09  6:04     ` Yao, Jiewen
2017-02-07  8:24 ` Jiewen Yao [this message]
2017-02-09  0:39   ` [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class Long, Qin
2017-02-09  6:04     ` Yao, Jiewen
2017-02-07  8:24 ` [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance Jiewen Yao
2017-02-09  0:42   ` Long, Qin
2017-02-07  8:24 ` [PATCH V2 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules Jiewen Yao
2017-02-09  0:49   ` Long, Qin
2017-02-09  1:03     ` Yao, Jiewen
2017-02-09  1:29       ` Long, Qin
2017-02-07  8:24 ` [PATCH V2 6/6] SecurityPkg/dsc: add Password authentication module Jiewen Yao
2017-02-09  0:49   ` Long, Qin
2017-02-09  1:05 ` [PATCH V2 0/6] Add password support Zhang, Chao B

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1486455866-7896-4-git-send-email-jiewen.yao@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox