Re: [edk2] [Patch 2/2] SecurityPkg: Update PlatformSecureLibNull with PCD to get physical presence.

Thu, 23 Jun 2016 08:09:17 -0700 

Looks good to me.
Reviewed-by: Giri P Mudusuru <[email protected]>


> -----Original Message-----
> From: edk2-devel [mailto:[email protected]] On Behalf Of
> Liming Gao
> Sent: Thursday, June 23, 2016 2:53 AM
> To: [email protected]
> Subject: [edk2] [Patch 2/2] SecurityPkg: Update PlatformSecureLibNull with PCD
> to get physical presence.
> 
> This is an incompatible change. It uses PcdUserPhysicalPresence value instead
> of hard code TRUE. Because PcdUserPhysicalPresence default value is FALSE,
> this patch changes UserPhysicalPresent() return value from TRUE to FALSE.
> 
> From Security point, it is not safe to always return TRUE. If user wants this
> behavior, he can still configure PcdUserPhysicalPresence value to TRUE in
> the platform DSC file.
> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Liming Gao <[email protected]>
> ---
>  .../PlatformSecureLibNull/PlatformSecureLibNull.c  | 29
> ++++++++++++++++++++--
>  .../PlatformSecureLibNull.inf                      |  9 +++++--
>  2 files changed, 34 insertions(+), 4 deletions(-)
> 
> diff --git a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
> b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
> index 1450ac4..8dc07ec 100644
> --- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
> +++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c
> @@ -4,7 +4,7 @@
>    related features during platform enabling and development. It should be
> replaced
>    by a platform-specific method(e.g. Button pressed) in a real platform for
> product.
> 
> -Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD
> License
>  which accompanies this distribution.  The full text of the license may be 
> found
> at
> @@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY
> KIND, EITHER EXPRESS OR IMPLIED.
> 
>  **/
> 
> +BOOLEAN       mUserPhysicalPresence      = FALSE;
> +
>  /**
> 
>    This function provides a platform-specific method to detect whether the
> platform
> @@ -38,5 +40,28 @@ UserPhysicalPresent (
>    VOID
>    )
>  {
> -  return TRUE;
> +  return mUserPhysicalPresence;
> +}
> +
> +
> +/**
> +  Save user physical presence state from a PCD to mUserPhysicalPresence.
> +
> +  @param  ImageHandle   ImageHandle of the loaded driver.
> +  @param  SystemTable   Pointer to the EFI System Table.
> +
> +  @retval  EFI_SUCCESS          PcdUserPhysicalPresence is got successfully.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +PlatformSecureLibNullConstructor (
> +  IN EFI_HANDLE        ImageHandle,
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +
> +  mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence);
> +
> +  return EFI_SUCCESS;
>  }
> diff --git 
> a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> index 7a5229d..be415f4 100644
> --- a/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> +++ b/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
> @@ -6,7 +6,7 @@
>  #  related features during platform enabling and development. It should be
> replaced
>  #  by a platform-specific method(e.g. Button pressed) in a real platform for
> product.
>  #
> -# Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
> +# Copyright (c) 2011 - 2016, Intel Corporation. All rights reserved.<BR>
>  # This program and the accompanying materials
>  # are licensed and made available under the terms and conditions of the BSD
> License
>  # which accompanies this distribution. The full text of the license may be 
> found
> at
> @@ -24,7 +24,7 @@
>    MODULE_TYPE                    = DXE_DRIVER
>    VERSION_STRING                 = 1.0
>    LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER
> DXE_SMM_DRIVER DXE_DRIVER
> -
> +  CONSTRUCTOR                    = PlatformSecureLibNullConstructor
> 
>  #
>  # The following information is for reference only and not required by the 
> build
> tools.
> @@ -37,3 +37,8 @@
> 
>  [Packages]
>    MdePkg/MdePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +
> +[Pcd]
> +  gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence    ## CONSUMES
> +
> --
> 2.8.0.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to