Reviewed-by: jiewen....@intel.com > -----Original Message----- > From: Zhang, Chao B > Sent: Thursday, July 21, 2016 3:20 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com> > Subject: [PATCH] SecurityPkg: AuthVariableLib: Revert UserPhysicalPresent > feature from AuthVariableLib > > Physical Presence state reporting is constrained by physical presence caching > in variable driver. For example, reporting must be prior to Physical Presence > after caching. After caching, Physical Presence state becomes constant > rather than instant. Therefore, PlatformSecureLib is responsible for reporting > Physical Presence state in expected way. > > This reverts commit 90fa53213ec458b5c4f8851c09aeb3de977531e5. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang <chao.b.zh...@intel.com> > --- > SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++---- > SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h | 1 - > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c | 7 ------- > 3 files changed, 4 insertions(+), 12 deletions(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c > b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index 1d49b6a..6e1e284 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -931,7 +931,7 @@ ProcessVarWithPk ( > // Init state of Del. State may change due to secure check > // > Del = FALSE; > - if ((InCustomMode() && mUserPhysicalPresent) || (mPlatformMode == > SETUP_MODE && !IsPk)) { > + if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == > SETUP_MODE && !IsPk)) { > Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); > PayloadSize = DataSize - AUTHINFO2_SIZE (Data); > if (PayloadSize == 0) { > @@ -1049,7 +1049,7 @@ ProcessVarWithKek ( > } > > Status = EFI_SUCCESS; > - if (mPlatformMode == USER_MODE && !(InCustomMode() && > mUserPhysicalPresent)) { > + if (mPlatformMode == USER_MODE && !(InCustomMode() && > UserPhysicalPresent())) { > // > // Time-based, verify against X509 Cert KEK. > // > @@ -1204,7 +1204,7 @@ ProcessVariable ( > &OrgVariableInfo > ); > > - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable > (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && > mUserPhysicalPresent) { > + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable > (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && > UserPhysicalPresent()) { > // > // Allow the delete operation of common authenticated variable at > user physical presence. > // > @@ -1222,7 +1222,7 @@ ProcessVariable ( > return Status; > } > > - if (NeedPhysicallyPresent (VariableName, VendorGuid) > && !mUserPhysicalPresent) { > + if (NeedPhysicallyPresent (VariableName, VendorGuid) > && !UserPhysicalPresent()) { > // > // This variable is protected, only physical present user could modify > its > value. > // > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h > b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h > index ac7ea89..e7c4bf0 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h > +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h > @@ -128,7 +128,6 @@ extern UINT8 *mCertDbStore; > extern UINT32 mMaxCertDbSize; > extern UINT32 mPlatformMode; > extern UINT8 mVendorKeyState; > -extern BOOLEAN mUserPhysicalPresent; > > extern VOID *mHashCtx; > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c > b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c > index dd35a44..c4fbb64 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c > @@ -35,7 +35,6 @@ UINT8 *mCertDbStore; > UINT32 mMaxCertDbSize; > UINT32 mPlatformMode; > UINT8 mVendorKeyState; > -BOOLEAN mUserPhysicalPresent; > > EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, > EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, > EFI_CERT_X509_GUID}; > > @@ -436,12 +435,6 @@ AuthVariableLibInitialize ( > AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; > AuthVarLibContextOut->AddressPointerCount = sizeof > (mAuthVarAddressPointer) / sizeof (mAuthVarAddressPointer[0]); > > - // > - // Cache UserPhysicalPresent State. > - // Platform should report PhysicalPresent before this point > - // > - mUserPhysicalPresent = UserPhysicalPresent(); > - > return Status; > } > > -- > 1.9.5.msysgit.1
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel