public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Jiewen Yao <jiewen.yao@intel.com>
To: edk2-devel@lists.01.org
Cc: Qin Long <qin.long@intel.com>, Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.
Date: Tue,  7 Feb 2017 00:24:24 -0800	[thread overview]
Message-ID: <1486455866-7896-5-git-send-email-jiewen.yao@intel.com> (raw)
In-Reply-To: <1486455866-7896-1-git-send-email-jiewen.yao@intel.com>

This lib instance is to return if the password is cleared based upon PCD.

Cc: Qin Long <qin.long@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c   | 84 ++++++++++++++++++++
 SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf | 44 ++++++++++
 SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni | 24 ++++++
 3 files changed, 152 insertions(+)

diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
new file mode 100644
index 0000000..9722607
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
@@ -0,0 +1,84 @@
+/** @file
+  NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+  but returns the PCD value directly. This instance can be used to verify security
+  related features during platform enabling and development. It should be replaced
+  by a platform-specific method(e.g. Button pressed) in a real platform for product.
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+BOOLEAN       mPasswordCleared      = FALSE;
+
+/**
+  This function is called at password driver entrypoint.
+  This function should be called only once, to clear the password.
+
+  This function provides a way to reset the password, just in case
+  the platform owner forgets the password.
+  The platform should provide a secure way to make sure
+  only the platform owner is allowed to clear password.
+
+  Once the password is cleared, the platform should provide a way
+  to set a new password.
+
+  @retval TRUE  There is a platform request to clear the password.
+  @retval FALSE There is no platform request to clear the password.
+**/
+BOOLEAN
+EFIAPI
+IsPasswordCleared (
+  VOID
+  )
+{
+  return mPasswordCleared;
+}
+
+/**
+  This function is called if the password driver finds that the password is not enrolled,
+  when the password is required to input.
+
+  This function should return the action accroding to platform policy.
+
+  @retval TRUE  The caller should force the user to enroll the password.
+  @retval FALSE The caller may skip the password enroll.
+**/
+BOOLEAN
+EFIAPI
+NeedEnrollPassword (
+  VOID
+  )
+{
+  return FALSE;
+}
+
+
+/**
+  Save password clear state from a PCD to mPasswordCleared.
+
+  @param  ImageHandle   ImageHandle of the loaded driver.
+  @param  SystemTable   Pointer to the EFI System Table.
+
+  @retval  EFI_SUCCESS          PcdPasswordCleared is got successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformPasswordLibNullConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+
+  mPasswordCleared = PcdGetBool(PcdPasswordCleared);
+
+  return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
new file mode 100644
index 0000000..74e9bda
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
@@ -0,0 +1,44 @@
+## @file
+#  NULL platform password library instance that returns the password clear state based upon PCD.
+#
+#  NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+#  but returns the PCD value directly. This instance can be used to verify security
+#  related features during platform enabling and development. It should be replaced
+#  by a platform-specific method(e.g. Button pressed) in a real platform for product.
+#
+# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010006
+  BASE_NAME                      = PlatformPasswordLibNull
+  MODULE_UNI_FILE                = PlatformPasswordLibNull.uni
+  FILE_GUID                      = 27417BCA-0CCD-4089-9711-AD069A33C555
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+  CONSTRUCTOR                    = PlatformPasswordLibNullConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  PlatformPasswordLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdPasswordCleared    ## CONSUMES
+
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni
new file mode 100644
index 0000000..5369ac5
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni
@@ -0,0 +1,24 @@
+// /** @file
+// NULL platform password library instance that returns the password clear state based upon PCD.
+//
+// NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+// but returns the PCD value directly. This instance can be used to verify security
+// related features during platform enabling and development. It should be replaced
+// by a platform-specific method(e.g. Button pressed) in a real platform for product.
+//
+// Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "NULL platform password library instance that returns the password clear state based upon PCD."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared but returns the PCD value directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product."
+
-- 
2.7.4.windows.1



  parent reply	other threads:[~2017-02-07  8:24 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-07  8:24 [PATCH V2 0/6] Add password support Jiewen Yao
2017-02-07  8:24 ` [PATCH V2 1/6] CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c Jiewen Yao
2017-02-09  0:37   ` Long, Qin
2017-02-07  8:24 ` [PATCH V2 2/6] SecurityPkg/dec: Add PcdPasswordCleared Jiewen Yao
2017-02-09  0:41   ` Long, Qin
2017-02-09  6:04     ` Yao, Jiewen
2017-02-07  8:24 ` [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class Jiewen Yao
2017-02-09  0:39   ` Long, Qin
2017-02-09  6:04     ` Yao, Jiewen
2017-02-07  8:24 ` Jiewen Yao [this message]
2017-02-09  0:42   ` [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance Long, Qin
2017-02-07  8:24 ` [PATCH V2 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules Jiewen Yao
2017-02-09  0:49   ` Long, Qin
2017-02-09  1:03     ` Yao, Jiewen
2017-02-09  1:29       ` Long, Qin
2017-02-07  8:24 ` [PATCH V2 6/6] SecurityPkg/dsc: add Password authentication module Jiewen Yao
2017-02-09  0:49   ` Long, Qin
2017-02-09  1:05 ` [PATCH V2 0/6] Add password support Zhang, Chao B

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1486455866-7896-5-git-send-email-jiewen.yao@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox