1. Patchew
  2. EDK2
  3. [edk2] [PATCH V2 0/6] Add password support
  4. View patch

[edk2] [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.

Jiewen Yao posted 6 patches 7 years, 8 months ago
[edk2] [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.
Posted by Jiewen Yao 7 years, 8 months ago 
This lib instance is to return if the password is cleared based upon PCD.

Cc: Qin Long <qin.long@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c   | 84 ++++++++++++++++++++
 SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf | 44 ++++++++++
 SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni | 24 ++++++
 3 files changed, 152 insertions(+)

diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
new file mode 100644
index 0000000..9722607
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
@@ -0,0 +1,84 @@
+/** @file
+  NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+  but returns the PCD value directly. This instance can be used to verify security
+  related features during platform enabling and development. It should be replaced
+  by a platform-specific method(e.g. Button pressed) in a real platform for product.
+
+Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+BOOLEAN       mPasswordCleared      = FALSE;
+
+/**
+  This function is called at password driver entrypoint.
+  This function should be called only once, to clear the password.
+
+  This function provides a way to reset the password, just in case
+  the platform owner forgets the password.
+  The platform should provide a secure way to make sure
+  only the platform owner is allowed to clear password.
+
+  Once the password is cleared, the platform should provide a way
+  to set a new password.
+
+  @retval TRUE  There is a platform request to clear the password.
+  @retval FALSE There is no platform request to clear the password.
+**/
+BOOLEAN
+EFIAPI
+IsPasswordCleared (
+  VOID
+  )
+{
+  return mPasswordCleared;
+}
+
+/**
+  This function is called if the password driver finds that the password is not enrolled,
+  when the password is required to input.
+
+  This function should return the action accroding to platform policy.
+
+  @retval TRUE  The caller should force the user to enroll the password.
+  @retval FALSE The caller may skip the password enroll.
+**/
+BOOLEAN
+EFIAPI
+NeedEnrollPassword (
+  VOID
+  )
+{
+  return FALSE;
+}
+
+
+/**
+  Save password clear state from a PCD to mPasswordCleared.
+
+  @param  ImageHandle   ImageHandle of the loaded driver.
+  @param  SystemTable   Pointer to the EFI System Table.
+
+  @retval  EFI_SUCCESS          PcdPasswordCleared is got successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+PlatformPasswordLibNullConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+
+  mPasswordCleared = PcdGetBool(PcdPasswordCleared);
+
+  return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
new file mode 100644
index 0000000..74e9bda
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
@@ -0,0 +1,44 @@
+## @file
+#  NULL platform password library instance that returns the password clear state based upon PCD.
+#
+#  NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+#  but returns the PCD value directly. This instance can be used to verify security
+#  related features during platform enabling and development. It should be replaced
+#  by a platform-specific method(e.g. Button pressed) in a real platform for product.
+#
+# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010006
+  BASE_NAME                      = PlatformPasswordLibNull
+  MODULE_UNI_FILE                = PlatformPasswordLibNull.uni
+  FILE_GUID                      = 27417BCA-0CCD-4089-9711-AD069A33C555
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformPasswordLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+  CONSTRUCTOR                    = PlatformPasswordLibNullConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  PlatformPasswordLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdPasswordCleared    ## CONSUMES
+
diff --git a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni
new file mode 100644
index 0000000..5369ac5
--- /dev/null
+++ b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni
@@ -0,0 +1,24 @@
+// /** @file
+// NULL platform password library instance that returns the password clear state based upon PCD.
+//
+// NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared
+// but returns the PCD value directly. This instance can be used to verify security
+// related features during platform enabling and development. It should be replaced
+// by a platform-specific method(e.g. Button pressed) in a real platform for product.
+//
+// Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "NULL platform password library instance that returns the password clear state based upon PCD."
+
+#string STR_MODULE_DESCRIPTION          #language en-US "NULL PlatformPasswordLib instance does NOT really detect whether the password is cleared but returns the PCD value directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product."
+
-- 
2.7.4.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add PlatformPasswordLib instance.
Posted by Long, Qin 7 years, 8 months ago 
Reviewed-by: Qin Long <qin.long@intel.com>


Best Regards & Thanks,
LONG, Qin

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Tuesday, February 7, 2017 12:24 AM
> To: edk2-devel@lists.01.org
> Cc: Long, Qin <qin.long@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>
> Subject: [PATCH V2 4/6] SecurityPkg/PlatformPasswordLibNull: Add
> PlatformPasswordLib instance.
> 
> This lib instance is to return if the password is cleared based upon PCD.
> 
> Cc: Qin Long <qin.long@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c   |
> 84 ++++++++++++++++++++
>  SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf |
> 44 ++++++++++
> SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.uni |
> 24 ++++++
>  3 files changed, 152 insertions(+)
> 
> diff --git
> a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
> b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.c
> new file mode 100644
> index 0000000..9722607
> --- /dev/null
> +++
> b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNul
> +++ l.c
> @@ -0,0 +1,84 @@
> +/** @file
> +  NULL PlatformPasswordLib instance does NOT really detect whether the
> +password is cleared
> +  but returns the PCD value directly. This instance can be used to
> +verify security
> +  related features during platform enabling and development. It should
> +be replaced
> +  by a platform-specific method(e.g. Button pressed) in a real platform for
> product.
> +
> +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> This
> +program and the accompanying materials are licensed and made available
> +under the terms and conditions of the BSD License which accompanies
> +this distribution.  The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +BOOLEAN       mPasswordCleared      = FALSE;
> +
> +/**
> +  This function is called at password driver entrypoint.
> +  This function should be called only once, to clear the password.
> +
> +  This function provides a way to reset the password, just in case  the
> + platform owner forgets the password.
> +  The platform should provide a secure way to make sure  only the
> + platform owner is allowed to clear password.
> +
> +  Once the password is cleared, the platform should provide a way  to
> + set a new password.
> +
> +  @retval TRUE  There is a platform request to clear the password.
> +  @retval FALSE There is no platform request to clear the password.
> +**/
> +BOOLEAN
> +EFIAPI
> +IsPasswordCleared (
> +  VOID
> +  )
> +{
> +  return mPasswordCleared;
> +}
> +
> +/**
> +  This function is called if the password driver finds that the
> +password is not enrolled,
> +  when the password is required to input.
> +
> +  This function should return the action accroding to platform policy.
> +
> +  @retval TRUE  The caller should force the user to enroll the password.
> +  @retval FALSE The caller may skip the password enroll.
> +**/
> +BOOLEAN
> +EFIAPI
> +NeedEnrollPassword (
> +  VOID
> +  )
> +{
> +  return FALSE;
> +}
> +
> +
> +/**
> +  Save password clear state from a PCD to mPasswordCleared.
> +
> +  @param  ImageHandle   ImageHandle of the loaded driver.
> +  @param  SystemTable   Pointer to the EFI System Table.
> +
> +  @retval  EFI_SUCCESS          PcdPasswordCleared is got successfully.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +PlatformPasswordLibNullConstructor (
> +  IN EFI_HANDLE        ImageHandle,
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +
> +  mPasswordCleared = PcdGetBool(PcdPasswordCleared);
> +
> +  return EFI_SUCCESS;
> +}
> +
> diff --git
> a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
> b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.inf
> new file mode 100644
> index 0000000..74e9bda
> --- /dev/null
> +++
> b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNul
> +++ l.inf
> @@ -0,0 +1,44 @@
> +## @file
> +#  NULL platform password library instance that returns the password clear
> state based upon PCD.
> +#
> +#  NULL PlatformPasswordLib instance does NOT really detect whether the
> +password is cleared #  but returns the PCD value directly. This
> +instance can be used to verify security #  related features during
> +platform enabling and development. It should be replaced #  by a platform-
> specific method(e.g. Button pressed) in a real platform for product.
> +#
> +# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> #
> +This program and the accompanying materials # are licensed and made
> +available under the terms and conditions of the BSD License # which
> +accompanies this distribution. The full text of the license may be
> +found at # http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x00010006
> +  BASE_NAME                      = PlatformPasswordLibNull
> +  MODULE_UNI_FILE                = PlatformPasswordLibNull.uni
> +  FILE_GUID                      = 27417BCA-0CCD-4089-9711-AD069A33C555
> +  MODULE_TYPE                    = DXE_DRIVER
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = PlatformPasswordLib|DXE_RUNTIME_DRIVER
> DXE_SMM_DRIVER DXE_DRIVER
> +  CONSTRUCTOR                    = PlatformPasswordLibNullConstructor
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
> +#
> +
> +[Sources]
> +  PlatformPasswordLibNull.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  SecurityPkg/SecurityPkg.dec
> +
> +[Pcd]
> +  gEfiSecurityPkgTokenSpaceGuid.PcdPasswordCleared    ## CONSUMES
> +
> diff --git
> a/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.un
> i
> b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNull.un
> i
> new file mode 100644
> index 0000000..5369ac5
> --- /dev/null
> +++
> b/SecurityPkg/Library/PlatformPasswordLibNull/PlatformPasswordLibNul
> +++ l.uni
> @@ -0,0 +1,24 @@
> +// /** @file
> +// NULL platform password library instance that returns the password clear
> state based upon PCD.
> +//
> +// NULL PlatformPasswordLib instance does NOT really detect whether the
> +password is cleared // but returns the PCD value directly. This
> +instance can be used to verify security // related features during
> +platform enabling and development. It should be replaced // by a platform-
> specific method(e.g. Button pressed) in a real platform for product.
> +//
> +// Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> //
> +// This program and the accompanying materials // are licensed and made
> +available under the terms and conditions of the BSD License // which
> +accompanies this distribution. The full text of the license may be
> +found at // http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> +BASIS, // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "NULL platform
> password library instance that returns the password clear state based upon
> PCD."
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "NULL
> PlatformPasswordLib instance does NOT really detect whether the password
> is cleared but returns the PCD value directly. This instance can be used to
> verify security related features during platform enabling and development. It
> should be replaced by a platform-specific method(e.g. Button pressed) in a
> real platform for product."
> +
> --
> 2.7.4.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.