From nobody Sat May 18 23:44:01 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as
 permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+41863+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+41863+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1559657175; cv=none;
	d=zoho.com; s=zohoarc;
	b=CEJpgKKZ0z9SWDn4Ro6XZEYnj5sA84Fm1ABOVsCdeRCBfLjx1GzZ3iQQ2RdwPOJ9aAOXmim/suo9RQ9nwo7feXYbwg3K7e3K1RV+Obeuuxh+9CBZZvDwdAz+Lfpw1ea+SW6dRrCVyRzdUMK/hFXsCt9V/D2YmtAhftbYRJfLWlQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1559657175;
 h=Cc:Date:From:List-Id:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To:ARC-Authentication-Results;
	bh=pLm1AlFzva0lHFoTWqwtO8RKLvOGk1vyy6MXKlRpbXk=;
	b=F4VRWH7j0FENgb4qozaG1eKIlthLvUvXYDglVS7/L89R6sGOGYsqVvGOR5XDlszpX2V5ikXoDVCEVKg+EiWf1DoELAUG2Q1Hyla0G+BcJp7MOq4YYCEaENePruPNDQww1mh5jWcKjr8I8Akc3R/T8db0Ek89P0jgztY5/GCof28=
ARC-Authentication-Results: i=1; mx.zoho.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+41863+1787277+3901457@groups.io;
	dmarc=fail header.from=<maggie.chu@intel.com> (p=none dis=none)
 header.from=<maggie.chu@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1559657174990215.85249714535905;
 Tue, 4 Jun 2019 07:06:14 -0700 (PDT)
Return-Path: <bounce+27952+41863+1787277+3901457@groups.io>
X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by groups.io with SMTP; Tue, 04 Jun 2019 07:06:13 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 04 Jun 2019 07:06:12 -0700
X-ExtLoop1: 1
X-Received: from chumaggi-mobl.gar.corp.intel.com ([10.5.245.223])
  by orsmga007.jf.intel.com with ESMTP; 04 Jun 2019 07:06:11 -0700
From: "Maggie Chu" <maggie.chu@intel.com>
To: devel@edk2.groups.io
Cc: Chao Zhang <chao.b.zhang@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Eric Dong <eric.dong@intel.com>
Subject: [edk2-devel] [PATCH] SecurityPkg: Add a PCD to skip Hdd password
 prompt
Date: Tue,  4 Jun 2019 22:06:06 +0800
Message-Id: <20190604140606.18228-1-maggie.chu@intel.com>
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,maggie.chu@intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1559657174;
 bh=YacEqFaQZ1dwKCj3UTPG1c536D3D3wAo0wFFrie99io=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=u29P1l7zmGIKvyPlPSWb9hzEy5Cm/lkvuqaaDkoO/A1AnrsdpgkoV9BBqJDWi5guTCI
 k+7RpNcmldou5qJlpmX1nIUTqTuOsO7AdJbO085/6n4Ba+HMwULyIml2zPS2yA4GqUJ5M
 vdnh7fgUgv96cAXx7G0Wr8oggMFTz0Ds+fo=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.tianocore.org/show_bug.cgi?id=3D1876
Add a PCD for skipping Hdd password prompt.
If device is in the locked status while attempting to skip
password prompt, device will keep locked and system
continue to boot.
If device is in the unlocked status while attempting to skip
password prompt, system will be forced shutdown for
security concern.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
---
 SecurityPkg/HddPassword/HddPasswordDxe.c   | 16 ++++++++++++++++
 SecurityPkg/HddPassword/HddPasswordDxe.inf |  4 ++++
 SecurityPkg/SecurityPkg.dec                |  6 ++++++
 3 files changed, 26 insertions(+)

diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPass=
word/HddPasswordDxe.c
index 253af9f78f..b97f5d63f6 100644
--- a/SecurityPkg/HddPassword/HddPasswordDxe.c
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.c
@@ -1345,6 +1345,22 @@ HddPasswordRequestPassword (
   //
   if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
       (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
+
+     //
+     // Add PcdSkipHddPasswordPrompt to determin whether to skip password =
prompt.
+     // Due to board design, device may not power off during system warm b=
oot, which result in=20
+     // security status remain unlocked status, hence we add device securi=
ty status check here.
+     //
+     // If device is in the locked status, device keeps locked and system =
continues booting.
+     // If device is in the unlocked status, system is forced shutdown for=
 security concern.
+     //
+     if (PcdGetBool (PcdSkipHddPasswordPrompt)) {
+       if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
+         return;
+       } else {
+         gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+       }
+    }
     //
     // As soon as the HDD password is in enabled state, we pop up a window=
 to unlock hdd
     // no matter it's really in locked or unlocked state.
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPa=
ssword/HddPasswordDxe.inf
index f7550079ed..06e8755ffc 100644
--- a/SecurityPkg/HddPassword/HddPasswordDxe.inf
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf
@@ -34,6 +34,7 @@
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
   CryptoPkg/CryptoPkg.dec
+  SecurityPkg/SecurityPkg.dec
=20
 [LibraryClasses]
   BaseLib
@@ -64,6 +65,9 @@
   gEfiPciIoProtocolGuid                         ## CONSUMES
   gEdkiiVariableLockProtocolGuid                ## CONSUMES
=20
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt  ## CONSUMES
+
 [Depex]
   gEfiVariableWriteArchProtocolGuid
=20
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 3314f1854b..82929fe38e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -428,6 +428,12 @@
   # @Prompt Skip Opal DXE driver unlock device flow.
   gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010=
020
=20
+  ## Indicates if Hdd Password driver skip password prompt.<BR><BR>
+  #   TRUE  - Skip password prompt.<BR>
+  #   FALSE - Does not skip password prompt.<BR>
+  # @Prompt Skip Hdd Password prompt.
+  gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLEAN|0x0=
0010021
+
 [PcdsDynamic, PcdsDynamicEx]
=20
   ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly fol=
lows TCG Algorithm Registry.<BR><BR>
--=20
2.16.2.windows.1


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#41863): https://edk2.groups.io/g/devel/message/41863
Mute This Topic: https://groups.io/mt/31926751/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-