From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 87FD982118 for ; Wed, 8 Feb 2017 16:42:49 -0800 (PST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP; 08 Feb 2017 16:42:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,348,1484035200"; d="scan'208";a="62487516" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga005.jf.intel.com with ESMTP; 08 Feb 2017 16:42:48 -0800 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 8 Feb 2017 16:42:48 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 8 Feb 2017 16:42:48 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.20]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.177]) with mapi id 14.03.0248.002; Thu, 9 Feb 2017 08:42:46 +0800 From: "Long, Qin" To: "Yao, Jiewen" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance. Thread-Index: AQHSgRui9m3YSMLCDkmPXLygHnYtcKFf2Ejw Date: Thu, 9 Feb 2017 00:42:45 +0000 Message-ID: References: <1486455866-7896-1-git-send-email-jiewen.yao@intel.com> <1486455866-7896-5-git-send-email-jiewen.yao@intel.com> In-Reply-To: <1486455866-7896-5-git-send-email-jiewen.yao@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2017 00:42:49 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Qin Long Best Regards & Thanks, LONG, Qin > -----Original Message----- > From: Yao, Jiewen > Sent: Tuesday, February 7, 2017 12:24 AM > To: edk2-devel@lists.01.org > Cc: Long, Qin ; Zhang, Chao B > > Subject: [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add > PlatformPasswordLib instance. >=20 > This lib instance is to return if the password is cleared based upon PCD. >=20 > Cc: Qin Long > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Jiewen Yao > --- > SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c = | > 84 ++++++++++++++++++++ > SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf = | > 44 ++++++++++ > SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni | > 24 ++++++ > 3 files changed, 152 insertions(+) >=20 > diff --git > a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c > b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c > new file mode 100644 > index 0000000..9722607 > --- /dev/null > +++ > b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNul > +++ l.c > @@ -0,0 +1,84 @@ > +/** @file > + NULL PlatformPasswordLib instance does NOT really detect whether the > +password is cleared > + but returns the PCD value directly. This instance can be used to > +verify security > + related features during platform enabling and development. It should > +be replaced > + by a platform-specific method(e.g. Button pressed) in a real platform = for > product. > + > +Copyright (c) 2017, Intel Corporation. All rights reserved.
This > +program and the accompanying materials are licensed and made available > +under the terms and conditions of the BSD License which accompanies > +this distribution. The full text of the license may be found at > +http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > + > +**/ > + > +BOOLEAN mPasswordCleared =3D FALSE; > + > +/** > + This function is called at password driver entrypoint. > + This function should be called only once, to clear the password. > + > + This function provides a way to reset the password, just in case the > + platform owner forgets the password. > + The platform should provide a secure way to make sure only the > + platform owner is allowed to clear password. > + > + Once the password is cleared, the platform should provide a way to > + set a new password. > + > + @retval TRUE There is a platform request to clear the password. > + @retval FALSE There is no platform request to clear the password. > +**/ > +BOOLEAN > +EFIAPI > +IsPasswordCleared ( > + VOID > + ) > +{ > + return mPasswordCleared; > +} > + > +/** > + This function is called if the password driver finds that the > +password is not enrolled, > + when the password is required to input. > + > + This function should return the action accroding to platform policy. > + > + @retval TRUE The caller should force the user to enroll the password. > + @retval FALSE The caller may skip the password enroll. > +**/ > +BOOLEAN > +EFIAPI > +NeedEnrollPassword ( > + VOID > + ) > +{ > + return FALSE; > +} > + > + > +/** > + Save password clear state from a PCD to mPasswordCleared. > + > + @param ImageHandle ImageHandle of the loaded driver. > + @param SystemTable Pointer to the EFI System Table. > + > + @retval EFI_SUCCESS PcdPasswordCleared is got successfully. > + > +**/ > +EFI_STATUS > +EFIAPI > +PlatformPasswordLibNullConstructor ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + > + mPasswordCleared =3D PcdGetBool(PcdPasswordCleared); > + > + return EFI_SUCCESS; > +} > + > diff --git > a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf > b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf > new file mode 100644 > index 0000000..74e9bda > --- /dev/null > +++ > b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNul > +++ l.inf > @@ -0,0 +1,44 @@ > +## @file > +# NULL platform password library instance that returns the password cle= ar > state based upon PCD. > +# > +# NULL PlatformPasswordLib instance does NOT really detect whether the > +password is cleared # but returns the PCD value directly. This > +instance can be used to verify security # related features during > +platform enabling and development. It should be replaced # by a platfor= m- > specific method(e.g. Button pressed) in a real platform for product. > +# > +# Copyright (c) 2017, Intel Corporation. All rights reserved.
# > +This program and the accompanying materials # are licensed and made > +available under the terms and conditions of the BSD License # which > +accompanies this distribution. The full text of the license may be > +found at # http://opensource.org/licenses/bsd-license.php > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER > EXPRESS OR IMPLIED. > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010006 > + BASE_NAME =3D PlatformPasswordLibNull > + MODULE_UNI_FILE =3D PlatformPasswordLibNull.uni > + FILE_GUID =3D 27417BCA-0CCD-4089-9711-AD069A33C55= 5 > + MODULE_TYPE =3D DXE_DRIVER > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D PlatformPasswordLib|DXE_RUNTIME_DRI= VER > DXE_SMM_DRIVER DXE_DRIVER > + CONSTRUCTOR =3D PlatformPasswordLibNullConstructor > + > +# > +# The following information is for reference only and not required by th= e > build tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC > +# > + > +[Sources] > + PlatformPasswordLibNull.c > + > +[Packages] > + MdePkg/MdePkg.dec > + SecurityPkg/SecurityPkg.dec > + > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdPasswordCleared ## CONSUMES > + > diff --git > a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.un > i > b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.un > i > new file mode 100644 > index 0000000..5369ac5 > --- /dev/null > +++ > b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNul > +++ l.uni > @@ -0,0 +1,24 @@ > +// /** @file > +// NULL platform password library instance that returns the password cle= ar > state based upon PCD. > +// > +// NULL PlatformPasswordLib instance does NOT really detect whether the > +password is cleared // but returns the PCD value directly. This > +instance can be used to verify security // related features during > +platform enabling and development. It should be replaced // by a platfor= m- > specific method(e.g. Button pressed) in a real platform for product. > +// > +// Copyright (c) 2017, Intel Corporation. All rights reserved.
// > +// This program and the accompanying materials // are licensed and made > +available under the terms and conditions of the BSD License // which > +accompanies this distribution. The full text of the license may be > +found at // http://opensource.org/licenses/bsd-license.php > +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > +BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "NULL platform > password library instance that returns the password clear state based upo= n > PCD." > + > +#string STR_MODULE_DESCRIPTION #language en-US "NULL > PlatformPasswordLib instance does NOT really detect whether the password > is cleared but returns the PCD value directly. This instance can be used = to > verify security related features during platform enabling and development= . It > should be replaced by a platform-specific method(e.g. Button pressed) in = a > real platform for product." > + > -- > 2.7.4.windows.1