Add password support

[edk2] [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.

Posted by Jiewen Yao 7 years, 8 months ago

This lib is to indicate if the password is cleared.

Cc: Qin Long <qin.long@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Include/Library/PlatformPasswordLib.h | 54 ++++++++++++++++++++
 SecurityPkg/SecurityPkg.dec                       |  4 ++
 2 files changed, 58 insertions(+)

diff --git a/SecurityPkg/Include/Library/PlatformPasswordLib.h b/SecurityPkg/Include/Library/PlatformPasswordLib.h
new file mode 100644
index 0000000..79067d2
--- /dev/null
+++ b/SecurityPkg/Include/Library/PlatformPasswordLib.h
@@ -0,0 +1,54 @@
+/** @file
+  Provides a platform-specific method to return password policy.
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __PLATFORM_PASSWORD_LIB_H__
+#define __PLATFORM_PASSWORD_LIB_H__
+
+/**
+  This function is called at password driver entrypoint.
+  This function should be called only once, to clear the password.
+
+  This function provides a way to reset the password, just in case
+  the platform owner forgets the password.
+  The platform should provide a secure way to make sure
+  only the platform owner is allowed to clear password.
+
+  Once the password is cleared, the platform should provide a way
+  to set a new password.
+
+  @retval TRUE  There is a platform request to clear the password.
+  @retval FALSE There is no platform request to clear the password.
+**/
+BOOLEAN
+EFIAPI
+IsPasswordCleared (
+  VOID
+  );
+
+/**
+  This function is called if the password driver finds that the password is not enrolled,
+  when the password is required to input.
+
+  This function should return the action accroding to platform policy.
+
+  @retval TRUE  The caller should force the user to enroll the password.
+  @retval FALSE The caller may skip the password enroll.
+**/
+BOOLEAN
+EFIAPI
+NeedEnrollPassword (
+  VOID
+  );
+
+#endif
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index da2f84f..7050d3e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -93,6 +93,10 @@
   #
   OpalPasswordSupportLib|Include/Library/OpalPasswordSupportLib.h
 
+  ##  @libraryclass  Provides a platform-specific method to return password policy.
+  #
+  PlatformPasswordLib|Include/Library/PlatformPasswordLib.h
+
 [Guids]
   ## Security package token space guid.
   # Include/Guid/SecurityPkgTokenSpace.h
-- 
2.7.4.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.

Posted by Long, Qin 7 years, 8 months ago

Reviewed-by: Qin Long <qin.long@intel.com>

Please also check the typo: passowrd --> password. 


Best Regards & Thanks,
LONG, Qin

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Tuesday, February 7, 2017 12:24 AM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin <qin.long@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>
> Subject: [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib
> class.
> 
> This lib is to indicate if the password is cleared.
> 
> Cc: Qin Long <qin.long@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Include/Library/PlatformPasswordLib.h | 54
> ++++++++++++++++++++
>  SecurityPkg/SecurityPkg.dec                       |  4 ++
>  2 files changed, 58 insertions(+)
> 
> diff --git a/SecurityPkg/Include/Library/PlatformPasswordLib.h
> b/SecurityPkg/Include/Library/PlatformPasswordLib.h
> new file mode 100644
> index 0000000..79067d2
> --- /dev/null
> +++ b/SecurityPkg/Include/Library/PlatformPasswordLib.h
> @@ -0,0 +1,54 @@
> +/** @file
> +  Provides a platform-specific method to return password policy.
> +
> +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution.  The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __PLATFORM_PASSWORD_LIB_H__
> +#define __PLATFORM_PASSWORD_LIB_H__
> +
> +/**
> +  This function is called at password driver entrypoint.
> +  This function should be called only once, to clear the password.
> +
> +  This function provides a way to reset the password, just in case  the
> + platform owner forgets the password.
> +  The platform should provide a secure way to make sure  only the
> + platform owner is allowed to clear password.
> +
> +  Once the password is cleared, the platform should provide a way  to
> + set a new password.
> +
> +  @retval TRUE  There is a platform request to clear the password.
> +  @retval FALSE There is no platform request to clear the password.
> +**/
> +BOOLEAN
> +EFIAPI
> +IsPasswordCleared (
> +  VOID
> +  );
> +
> +/**
> +  This function is called if the password driver finds that the
> +password is not enrolled,
> +  when the password is required to input.
> +
> +  This function should return the action accroding to platform policy.
> +
> +  @retval TRUE  The caller should force the user to enroll the password.
> +  @retval FALSE The caller may skip the password enroll.
> +**/
> +BOOLEAN
> +EFIAPI
> +NeedEnrollPassword (
> +  VOID
> +  );
> +
> +#endif
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index
> da2f84f..7050d3e 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -93,6 +93,10 @@
>    #
>    OpalPasswordSupportLib|Include/Library/OpalPasswordSupportLib.h
> 
> +  ##  @libraryclass  Provides a platform-specific method to return password
> policy.
> +  #
> +  PlatformPasswordLib|Include/Library/PlatformPasswordLib.h
> +
>  [Guids]
>    ## Security package token space guid.
>    # Include/Guid/SecurityPkgTokenSpace.h
> --
> 2.7.4.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.

Posted by Yao, Jiewen 7 years, 8 months ago

Good catch. Fixed.

From: Long, Qin
Sent: Wednesday, February 8, 2017 4:39 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>
Subject: RE: [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.

Reviewed-by: Qin Long <qin.long@intel.com<mailto:qin.long@intel.com>>

Please also check the typo: passowrd --> password.


Best Regards & Thanks,
LONG, Qin

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Tuesday, February 7, 2017 12:24 AM
> To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Cc: Long, Qin <qin.long@intel.com<mailto:qin.long@intel.com>>; Zhang, Chao B
> <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib
> class.
>
> This lib is to indicate if the password is cleared.
>
> Cc: Qin Long <qin.long@intel.com<mailto:qin.long@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
>  SecurityPkg/Include/Library/PlatformPasswordLib.h | 54
> ++++++++++++++++++++
>  SecurityPkg/SecurityPkg.dec                       |  4 ++
>  2 files changed, 58 insertions(+)
>
> diff --git a/SecurityPkg/Include/Library/PlatformPasswordLib.h
> b/SecurityPkg/Include/Library/PlatformPasswordLib.h
> new file mode 100644
> index 0000000..79067d2
> --- /dev/null
> +++ b/SecurityPkg/Include/Library/PlatformPasswordLib.h
> @@ -0,0 +1,54 @@
> +/** @file
> +  Provides a platform-specific method to return password policy.
> +
> +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution.  The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __PLATFORM_PASSWORD_LIB_H__
> +#define __PLATFORM_PASSWORD_LIB_H__
> +
> +/**
> +  This function is called at password driver entrypoint.
> +  This function should be called only once, to clear the password.
> +
> +  This function provides a way to reset the password, just in case  the
> + platform owner forgets the password.
> +  The platform should provide a secure way to make sure  only the
> + platform owner is allowed to clear password.
> +
> +  Once the password is cleared, the platform should provide a way  to
> + set a new password.
> +
> +  @retval TRUE  There is a platform request to clear the password.
> +  @retval FALSE There is no platform request to clear the password.
> +**/
> +BOOLEAN
> +EFIAPI
> +IsPasswordCleared (
> +  VOID
> +  );
> +
> +/**
> +  This function is called if the password driver finds that the
> +password is not enrolled,
> +  when the password is required to input.
> +
> +  This function should return the action accroding to platform policy.
> +
> +  @retval TRUE  The caller should force the user to enroll the password.
> +  @retval FALSE The caller may skip the password enroll.
> +**/
> +BOOLEAN
> +EFIAPI
> +NeedEnrollPassword (
> +  VOID
> +  );
> +
> +#endif
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index
> da2f84f..7050d3e 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -93,6 +93,10 @@
>    #
>    OpalPasswordSupportLib|Include/Library/OpalPasswordSupportLib.h
>
> +  ##  @libraryclass  Provides a platform-specific method to return password
> policy.
> +  #
> +  PlatformPasswordLib|Include/Library/PlatformPasswordLib.h
> +
>  [Guids]
>    ## Security package token space guid.
>    # Include/Guid/SecurityPkgTokenSpace.h
> --
> 2.7.4.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH V2 1/6] CryptoPkg:SmmCryptLib: Add real Pkcs5Pbkdf2.c.
[edk2] [PATCH V2 2/6] SecurityPkg/dec: Add PcdPasswordCleared.
[edk2] [PATCH V2 3/6] SecurityPkg/include: Add PlatformPasswordLib lib class.
[edk2] [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.
[edk2] [PATCH V2 5/6] SecurityPkg/Password: Add Password based UserAuthentication modules.
[edk2] [PATCH V2 6/6] SecurityPkg/dsc: add Password authentication module.