This is an incompatible change. It uses PcdUserPhysicalPresence value instead
of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE,
this patch changes UserPhysicalPresent() return value from TRUE to FALSE.
>From Security point, it is not safe to always return TRUE. If user wants this
behavior, he can still configure PcdUserPhysicalPresence value to TRUE in
the platform DSC file.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Liming Gao <liming....@intel.com>
---
.../PlatformSecureLibNull/PlatformSecureLibNull.c | 29 ++++++++++++++++++++--
.../PlatformSecureLibNull.inf | 9 +++++--
2 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
index 1450ac4..8dc07ec 100644
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
@@ -4,7 +4,7 @@
related features during platform enabling and development. It should be
replaced
by a platform-specific method(e.g. Button pressed) in a real platform for
product.
-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
**/
+BOOLEAN mUserPhysicalPresence = FALSE;
+
/**
This function provides a platform-specific method to detect whether the
platform
@@ -38,5 +40,28 @@ UserPhysicalPresent (
VOID
)
{
- return TRUE;
+ return mUserPhysicalPresence;
+}
+
+
+/**
+ Save user physical presence state from a PCD to mUserPhysicalPresence.
+
+ @param ImageHandle ImageHandle of the loaded driver.
+ @param SystemTable Pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS PcdUserPhysicalPresence is got successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformSecureLibNullConstructor (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+
+ mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);
+
+ return EFI_SUCCESS;
}
diff --git
a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
index 7a5229d..be415f4 100644
--- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -6,7 +6,7 @@
# related features during platform enabling and development. It should be
replaced
# by a platform-specific method(e.g. Button pressed) in a real platform for
product.
#
-# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD
License
# which accompanies this distribution. The full text of the license may be
found at
@@ -24,7 +24,7 @@
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER
DXE_SMM_DRIVER DXE_DRIVER
-
+ CONSTRUCTOR = PlatformSecureLibNullConstructor
#
# The following information is for reference only and not required by the
build tools.
@@ -37,3 +37,8 @@
[Packages]
MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence ## CONSUMES
+
--
2.8.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
