[edk2-devel] [PATCH 08/13] SecurityPkg/TcgPyhsicalPresenceLib: Use Pcd for user resp wait time

Thu, 02 Jan 2020 19:05:36 -0800 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2443

Use the pcd PcdPhysicalPresenceUserConfirmTimeout to control the
wait time of user response.

Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Signed-off-by: Zhichao Gao <zhichao....@intel.com>
---
 .../DxeTcgPhysicalPresenceLib.c               | 76 ++++++++++++-------
 .../DxeTcgPhysicalPresenceLib.inf             |  6 +-
 2 files changed, 55 insertions(+), 27 deletions(-)

diff --git 
a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c 
b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
index 174172d5d7..14423991f0 100644
--- a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c
@@ -8,7 +8,7 @@
 
   ExecutePendingTpmRequest() will receive untrusted input and do validation.
 
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -29,6 +29,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Guid/EventGroup.h>
 #include <Guid/PhysicalPresenceData.h>
 #include <Library/TcgPpVendorLib.h>
+#include <Library/TimerLib.h>
+#include <Library/PcdLib.h>
 
 #define CONFIRM_BUFFER_SIZE         4096
 
@@ -444,35 +446,57 @@ ReadUserKey (
 {
   EFI_STATUS                        Status;
   EFI_INPUT_KEY                     Key;
-  UINT16                            InputKey;
-  UINTN                             Index;
+  UINT16                            ConfirmKey;
+  UINTN                             Interval;
+  INT64                             Timeout;
 
-  InputKey = 0;
-  do {
-    Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
-    if (Status == EFI_NOT_READY) {
-      gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index);
-      continue;
-    }
+  //
+  // delay 100 milli-second
+  //
+  Interval    = 100;
+  ConfirmKey  = (CautionKey) ? SCAN_F12 : SCAN_F10;
+  Timeout     = (INT64)PcdGet32 (PcdPhysicalPresenceUserConfirmTimeout);
+  if (Timeout > 0) {
+    Timeout   = (INT64)MultU64x32 ((UINT64)Timeout, 1000);
+  } else {
+    //
+    // Wait forever
+    //
+    Timeout   = MAX_INT64;
+  }
 
-    if (Status == EFI_DEVICE_ERROR) {
-      return FALSE;
-    }
+  //
+  // Wait for user response within the time-out
+  //
+  do {
+    MicroSecondDelay (Interval * 1000);
+
+    Status = gBS->CheckEvent (gST->ConIn->WaitForKey);
+    if (!EFI_ERROR (Status)) {
+      Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key);
+      if (!EFI_ERROR (Status)) {
+        if (Key.ScanCode == ConfirmKey) {
+          //
+          // User Confirmation
+          //
+          return TRUE;
+        }
 
-    if (Key.ScanCode == SCAN_ESC) {
-      InputKey = Key.ScanCode;
-    }
-    if ((Key.ScanCode == SCAN_F10) && !CautionKey) {
-      InputKey = Key.ScanCode;
-    }
-    if ((Key.ScanCode == SCAN_F12) && CautionKey) {
-      InputKey = Key.ScanCode;
+        if (Key.ScanCode == SCAN_ESC) {
+          //
+          // User Rejection
+          //
+          return FALSE;
+        }
+      } else if (Status == EFI_DEVICE_ERROR) {
+        //
+        // If error, assume User Rejection
+        //
+        return FALSE;
+      }
     }
-  } while (InputKey == 0);
-
-  if (InputKey != SCAN_ESC) {
-    return TRUE;
-  }
+    Timeout -= Interval;
+  } while (Timeout > 0);
 
   return FALSE;
 }
diff --git 
a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf 
b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
index cfe14f20ca..13b7246290 100644
--- 
a/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
+++ 
b/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf
@@ -9,7 +9,7 @@
 #  This driver will have external input - variable.
 #  This external input must be validated carefully to avoid security issue.
 #
-# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -50,11 +50,15 @@
   PrintLib
   HiiLib
   TcgPpVendorLib
+  TimerLib
 
 [Protocols]
   gEfiTcgProtocolGuid                   ## SOMETIMES_CONSUMES
   gEdkiiVariableLockProtocolGuid        ## SOMETIMES_CONSUMES
 
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceUserConfirmTimeout
+
 [Guids]
   ## SOMETIMES_CONSUMES ## HII
   ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence"
-- 
2.21.0.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#52715): https://edk2.groups.io/g/devel/message/52715
Mute This Topic: https://groups.io/mt/69392335/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to