OvmfPkg: Add PlatformSecureLib instance

Signed-off-by: lgrosenb Reviewed-by: jljusten Reviewed-by: mdkinney git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13090 6f19259b-4bc3-4df7-8a09-765794883524
2012-03-09 17:38:06 +00:00 · 2012-03-09 17:38:06 +00:00 · 6a52c7a1bb
parent 54a26282b3
commit 6a52c7a1bb
2 changed files with 90 additions and 0 deletions
--- a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.c
@ -0,0 +1,57 @@
+/** @file
+  Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+
+  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <Library/PcdLib.h>
+
+/**
+
+  This function detects whether a secure platform-specific method to clear PK(Platform Key)
+  is configured by platform owner. This method is provided for users force to clear PK
+  in case incorrect enrollment mis-haps.
+
+  UEFI231 spec chapter 27.5.2 stipulates: The platform key may also be cleared using
+  a secure platform-specific method. In  this case, the global variable SetupMode
+  must also be updated to 1.
+
+  NOTE THAT: This function cannot depend on any EFI Variable Service since they are
+  not available when this function is called in AuthenticateVariable driver.
+
+  @retval  TRUE       The Platform owner wants to force clear PK.
+  @retval  FALSE      The Platform owner doesn't want to force clear PK.
+
+**/
+BOOLEAN
+EFIAPI
+ForceClearPK (
+  VOID
+  )
+{
+    return TRUE;
+}
+
+/**
+
+  This function detects whether current platform is operated by a physical present user.
+
+  @retval  TRUE       The Platform is operated by a physical present user.
+  @retval  FALSE      The Platform is NOT operated by a physical persent user.
+
+**/
+BOOLEAN
+EFIAPI
+UserPhysicalPresent (
+  VOID
+  )
+{
+  return TRUE;
+}
--- a/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+++ b/OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@ -0,0 +1,33 @@
+## @file
+#  Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+#
+#  Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.<BR>
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PlatformSecureLib
+  FILE_GUID                      = 4204D78D-EDBF-4cee-BE80-3881457CF344
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  PlatformSecureLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec