Suggest to updated the comment log like below: 1. When the device is unlocked at BIOS phase and system does a warm reboot, the device may be still in unlock status if it uses external power. For such case, we would still popup password window to ask user input. If user presses ESC key here, we would force the system shut down or ask user input again to avoid security hole.
Others look good to me Reviewed-by: Feng Tian <[email protected]> Thanks Feng -----Original Message----- From: edk2-devel [mailto:[email protected]] On Behalf Of Eric Dong Sent: Wednesday, May 11, 2016 11:15 AM To: [email protected] Cc: Tian, Feng <[email protected]> Subject: [edk2] [Patch v3] SecurityPkg OpalPasswordDxe: Error handling enhance when input password. V2 -> V3: Refine the message in the popup dialog: 1. L"Confirm: Not unlock device and continue boot?.", L"Press ENTER to confirm, Press Esc to input password", -> L"Press ENTER to skip password, Press ESC to input password", 2. L"Warning: system in unknown status, must shutdown!", L"Press ENTER to shutdown.", -> L"Press ENTER to shutdown, Press ESC to input password", 3. Add more explaination in the check in log. Enhance the error handling: 1. When device use external power and do a hot reboot, device will be in unlock status. If user input ESC, force shutdown or return to input password. 2. When user reach max retry count, force shutdown. Cc: Feng Tian <[email protected]> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <[email protected]> --- SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 76 ++++++++++++++++------- 1 file changed, 53 insertions(+), 23 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c index 7c6deb8..3764b24 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c @@ -263,6 +263,7 @@ OpalDriverRequestPassword ( EFI_INPUT_KEY Key; OPAL_SESSION Session; BOOLEAN PressEsc; + BOOLEAN Locked; if (Dev == NULL) { return; @@ -277,33 +278,61 @@ OpalDriverRequestPassword ( Session.MediaId = Dev->OpalDisk.MediaId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + Locked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, + &Dev->OpalDisk.LockingFeature); + while (Count < MAX_PASSWORD_TRY_COUNT) { Password = OpalDriverPopUpHddPassword (Dev, &PressEsc); if (PressEsc) { - // - // User not input password and press ESC, keep device in lock status and continue boot. - // - do { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Confirm: Not unlock device and continue boot?.", - L"Press ENTER to confirm, Press Esc to input password", - NULL - ); - } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); - - if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { - gST->ConOut->ClearScreen(gST->ConOut); + if (Locked) { // - // Keep lock and continue boot. + // Current device in the lock status and + // User not input password and press ESC, + // keep device in lock status and continue boot. // - return; + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip password, Press ESC to input password", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != + CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + // + // Keep lock and continue boot. + // + return; + } else { + // + // Let user input password again. + // + continue; + } } else { // - // Let user input password again. + // Current device in the unlock status and + // User not input password and press ESC, + // Shutdown the device. // - continue; + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to shutdown, Press ESC to input password", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != + CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } else { + // + // Let user input password again. + // + continue; + } } } @@ -313,7 +342,7 @@ OpalDriverRequestPassword ( } PasswordLen = (UINT32) AsciiStrLen(Password); - if (OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature)) { + if (Locked) { Ret = OpalSupportUnlock(&Session, Password, PasswordLen, Dev->OpalDevicePath); } else { Ret = OpalSupportLock(&Session, Password, PasswordLen, Dev->OpalDevicePath); @@ -349,12 +378,13 @@ OpalDriverRequestPassword ( CreatePopUp ( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, - L"Opal password retry count is expired. Keep lock and continue boot.", - L"Press ENTER to continue", + L"Opal password retry count exceeds the limit. Must shutdown!", + L"Press ENTER to shutdown", NULL ); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); - gST->ConOut->ClearScreen(gST->ConOut); + + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); } } } -- 2.6.4.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
