Hi Maggie, Reviewed-by: Eric Dong <eric.d...@intel.com>
And pushed: 6cbed0e36fe734f3fc11d30d652122d7714627c4 Thanks, Eric > -----Original Message----- > From: Chu, Maggie > Sent: Wednesday, May 22, 2019 3:05 PM > To: devel@edk2.groups.io > Cc: Dong, Eric <eric.d...@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com>; Yao, Jiewen <jiewen....@intel.com> > Subject: [PATCH] SecurityPkg/OpalPassword: Add PCD to skip password > prompt > > https://bugzilla.tianocore.org/show_bug.cgi?id=1801 > Add a PCD for skipping password prompt in device unlocked status. > Previous change only support if storage device is in locked status. > This change is added to support the case that security status of the storage > device is unlocked. > > Signed-off-by: Maggie Chu <maggie....@intel.com> > Cc: Eric Dong <eric.d...@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > --- > SecurityPkg/SecurityPkg.dec | 10 +++++----- > SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 16 > ++++++++++++++-- > SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 2 +- > 3 files changed, 20 insertions(+), 8 deletions(-) > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index > 3314f1854b..96db80c2d2 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -422,11 +422,11 @@ > # @Prompt Possible TPM2 Interrupt Number buffer > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, > 0x00, 0x00}|VOID*|0x0001001D > > - ## Indicates if Opal DXE driver skip unlock device flow.<BR><BR> > - # TRUE - Skip unlock device flow.<BR> > - # FALSE - Does not skip unlock device flow.<BR> > - # @Prompt Skip Opal DXE driver unlock device flow. > - > gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0 > x00010020 > + ## Indicates if Opal DXE driver skip password prompt.<BR><BR> > + # TRUE - Skip password prompt.<BR> > + # FALSE - Does not skip password prompt.<BR> > + # @Prompt Skip Opal DXE driver password prompt. > + > + > gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOL > EAN| > + 0x00010020 > > [PcdsDynamic, PcdsDynamicEx] > > diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > index 965205c0b2..e14fa32354 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > @@ -899,8 +899,20 @@ OpalDriverRequestPassword ( > > IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, > &Dev->OpalDisk.LockingFeature); > > - if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) { > - return; > + // > + // Add PcdSkipOpalPasswordPrompt to determin whether to skip > password prompt. > + // Due to board design, device may not power off during system warm > boot, which result in > + // security status remain unlocked status, hence we add device security > status check here. > + // > + // If device is in the locked status, device keeps locked and system > continues booting. > + // If device is in the unlocked status, system is forced shutdown to > support security requirement. > + // > + if (PcdGetBool (PcdSkipOpalPasswordPrompt)) { > + if (IsLocked) { > + return; > + } else { > + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); > + } > } > > while (Count < MAX_PASSWORD_TRY_COUNT) { diff --git > a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf > index e74f147aaa..87519198c0 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf > @@ -71,7 +71,7 @@ > gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## > UNDEFINED > > [Pcd] > - gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## > CONSUMES > > [Depex] > gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42062): https://edk2.groups.io/g/devel/message/42062 Mute This Topic: https://groups.io/mt/31717459/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
