mirror of https://github.com/acidanthera/audk.git
232 lines
6.1 KiB
C
232 lines
6.1 KiB
C
/** @file
|
|
Provides a secure platform-specific method to detect physically present user.
|
|
|
|
Copyright (c) 2013 Intel Corporation.
|
|
|
|
This program and the accompanying materials
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
**/
|
|
|
|
#include <PiDxe.h>
|
|
#include <Library/PlatformHelperLib.h>
|
|
#include <Library/DebugLib.h>
|
|
#include <Library/UefiBootServicesTableLib.h>
|
|
#include <Library/I2cLib.h>
|
|
|
|
#include <PlatformBoards.h>
|
|
#include <Pcal9555.h>
|
|
#include <QNCAccess.h>
|
|
|
|
//
|
|
// Global variable to cache pointer to I2C protocol.
|
|
//
|
|
EFI_PLATFORM_TYPE mPlatformType = TypeUnknown;
|
|
|
|
BOOLEAN
|
|
CheckResetButtonState (
|
|
VOID
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
EFI_I2C_DEVICE_ADDRESS I2CSlaveAddress;
|
|
UINTN Length;
|
|
UINTN ReadLength;
|
|
UINT8 Buffer[2];
|
|
|
|
DEBUG ((EFI_D_ERROR, "CheckResetButtonState(): mPlatformType == %d\n", mPlatformType));
|
|
if (mPlatformType == GalileoGen2) {
|
|
//
|
|
// Reset Button - EXP2.P1_7 should be configured as an input.
|
|
//
|
|
PlatformPcal9555GpioSetDir (
|
|
GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR, // IO Expander 2.
|
|
15, // P1-7.
|
|
FALSE
|
|
);
|
|
|
|
//
|
|
// Reset Button - EXP2.P1_7 pullup should be disabled.
|
|
//
|
|
PlatformPcal9555GpioDisablePull (
|
|
GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR, // IO Expander 2.
|
|
15 // P1-7.
|
|
);
|
|
|
|
//
|
|
// Read state of Reset Button - EXP2.P1_7
|
|
// This GPIO is pulled high when the button is not pressed
|
|
// This GPIO reads low when button is pressed
|
|
//
|
|
return PlatformPcal9555GpioGetState (
|
|
GALILEO_GEN2_IOEXP2_7BIT_SLAVE_ADDR, // IO Expander 2.
|
|
15 // P1-7.
|
|
);
|
|
}
|
|
if (mPlatformType == Galileo) {
|
|
//
|
|
// Detect the I2C Slave Address of the GPIO Expander
|
|
//
|
|
if (PlatformLegacyGpioGetLevel (R_QNC_GPIO_RGLVL_RESUME_WELL, GALILEO_DETERMINE_IOEXP_SLA_RESUMEWELL_GPIO)) {
|
|
I2CSlaveAddress.I2CDeviceAddress = GALILEO_IOEXP_J2HI_7BIT_SLAVE_ADDR;
|
|
} else {
|
|
I2CSlaveAddress.I2CDeviceAddress = GALILEO_IOEXP_J2LO_7BIT_SLAVE_ADDR;
|
|
}
|
|
|
|
//
|
|
// Select Port 5
|
|
//
|
|
Length = 2;
|
|
Buffer[0] = 0x18;
|
|
Buffer[1] = 0x05;
|
|
Status = I2cWriteMultipleByte (
|
|
I2CSlaveAddress,
|
|
EfiI2CSevenBitAddrMode,
|
|
&Length,
|
|
&Buffer
|
|
);
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
//
|
|
// Read "Pin Direction" of Port 5
|
|
//
|
|
Length = 1;
|
|
ReadLength = 1;
|
|
Buffer[1] = 0x1C;
|
|
Status = I2cReadMultipleByte (
|
|
I2CSlaveAddress,
|
|
EfiI2CSevenBitAddrMode,
|
|
&Length,
|
|
&ReadLength,
|
|
&Buffer[1]
|
|
);
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
//
|
|
// Set "Pin Direction" of Port 5, Bit 0 as input
|
|
//
|
|
Length = 2;
|
|
Buffer[0] = 0x1C;
|
|
Buffer[1] = Buffer[1] | BIT0;
|
|
|
|
Status = I2cWriteMultipleByte (
|
|
I2CSlaveAddress,
|
|
EfiI2CSevenBitAddrMode,
|
|
&Length,
|
|
&Buffer
|
|
);
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
//
|
|
// Read Port 5
|
|
//
|
|
Buffer[1] = 5;
|
|
Length = 1;
|
|
ReadLength = 1;
|
|
|
|
Status = I2cReadMultipleByte (
|
|
I2CSlaveAddress,
|
|
EfiI2CSevenBitAddrMode,
|
|
&Length,
|
|
&ReadLength,
|
|
&Buffer[1]
|
|
);
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
//
|
|
// Return the state of Port 5, Bit 0
|
|
//
|
|
return ((Buffer[1] & BIT0) != 0);
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
/**
|
|
|
|
This function provides a platform-specific method to detect whether the platform
|
|
is operating by a physically present user.
|
|
|
|
Programmatic changing of platform security policy (such as disable Secure Boot,
|
|
or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
|
|
Boot Services or after exiting EFI Boot Services. Only a physically present user
|
|
is allowed to perform these operations.
|
|
|
|
NOTE THAT: This function cannot depend on any EFI Variable Service since they are
|
|
not available when this function is called in AuthenticateVariable driver.
|
|
|
|
@retval TRUE The platform is operated by a physically present user.
|
|
@retval FALSE The platform is NOT operated by a physically present user.
|
|
|
|
**/
|
|
BOOLEAN
|
|
EFIAPI
|
|
UserPhysicalPresent (
|
|
VOID
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
|
|
//
|
|
// If user has already been detected as present, then return TRUE
|
|
//
|
|
if (PcdGetBool (PcdUserIsPhysicallyPresent)) {
|
|
return TRUE;
|
|
}
|
|
|
|
//
|
|
// Check to see if user is present now
|
|
//
|
|
if (CheckResetButtonState ()) {
|
|
//
|
|
// User is still not present, then return FALSE
|
|
//
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// User has gone from not present to present state, so set
|
|
// PcdUserIsPhysicallyPresent to TRUE
|
|
//
|
|
Status = PcdSetBoolS (PcdUserIsPhysicallyPresent, TRUE);
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
/**
|
|
Determines if a user is physically present by reading the reset button state.
|
|
|
|
@param ImageHandle The image handle of this driver.
|
|
@param SystemTable A pointer to the EFI System Table.
|
|
|
|
@retval EFI_SUCCESS Install the Secure Boot Helper Protocol successfully.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
PlatformSecureLibInitialize (
|
|
IN EFI_HANDLE ImageHandle,
|
|
IN EFI_SYSTEM_TABLE *SystemTable
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
|
|
//
|
|
// Get the platform type
|
|
//
|
|
mPlatformType = (EFI_PLATFORM_TYPE)PcdGet16 (PcdPlatformType);
|
|
|
|
//
|
|
// Read the state of the reset button when the library is initialized
|
|
//
|
|
Status = PcdSetBoolS (PcdUserIsPhysicallyPresent, !CheckResetButtonState ());
|
|
ASSERT_EFI_ERROR (Status);
|
|
|
|
return EFI_SUCCESS;
|
|
}
|