Hi Maggie, Reviewed-by: Eric Dong <eric.d...@intel.com>
And pushed: 9e2416ae2e1d26c6e6daa58353de519745bb322d Thanks, Eric > -----Original Message----- > From: Chu, Maggie > Sent: Monday, June 10, 2019 6:19 PM > To: devel@edk2.groups.io > Cc: Zhang, Chao B <chao.b.zh...@intel.com>; Yao, Jiewen > <jiewen....@intel.com>; Dong, Eric <eric.d...@intel.com> > Subject: [PATCH] SecurityPkg/HddPassword: Add a PCD to skip Hdd > password prompt > > https://bugzilla.tianocore.org/show_bug.cgi?id=1876 > Add a PCD for skipping Hdd password prompt. > If device is in the locked status while attempting to skip password prompt, > device will keep locked and system continue to boot. > If device is in the unlocked status while attempting to skip password prompt, > system will be forced shutdown. > > Signed-off-by: Maggie Chu <maggie....@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Eric Dong <eric.d...@intel.com> > --- > SecurityPkg/HddPassword/HddPasswordDxe.c | 16 ++++++++++++++++ > SecurityPkg/HddPassword/HddPasswordDxe.inf | 4 ++++ > SecurityPkg/SecurityPkg.dec | 6 ++++++ > 3 files changed, 26 insertions(+) > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c > b/SecurityPkg/HddPassword/HddPasswordDxe.c > index 253af9f78f..b0d795b659 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c > @@ -1345,6 +1345,22 @@ HddPasswordRequestPassword ( > // > if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) && > (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) { > + > + // > + // Add PcdSkipHddPasswordPrompt to determin whether to skip > password prompt. > + // Due to board design, device may not power off during system warm > boot, which result in > + // security status remain unlocked status, hence we add device security > status check here. > + // > + // If device is in the locked status, device keeps locked and system > continues booting. > + // If device is in the unlocked status, system is forced shutdown for > security concern. > + // > + if (PcdGetBool (PcdSkipHddPasswordPrompt)) { > + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { > + return; > + } else { > + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); > + } > + } > // > // As soon as the HDD password is in enabled state, we pop up a window > to unlock hdd > // no matter it's really in locked or unlocked state. > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf > b/SecurityPkg/HddPassword/HddPasswordDxe.inf > index f7550079ed..06e8755ffc 100644 > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf > @@ -34,6 +34,7 @@ > MdePkg/MdePkg.dec > MdeModulePkg/MdeModulePkg.dec > CryptoPkg/CryptoPkg.dec > + SecurityPkg/SecurityPkg.dec > > [LibraryClasses] > BaseLib > @@ -64,6 +65,9 @@ > gEfiPciIoProtocolGuid ## CONSUMES > gEdkiiVariableLockProtocolGuid ## CONSUMES > > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## > CONSUMES > + > [Depex] > gEfiVariableWriteArchProtocolGuid > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index > 3314f1854b..82929fe38e 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -428,6 +428,12 @@ > # @Prompt Skip Opal DXE driver unlock device flow. > > gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0 > x00010020 > > + ## Indicates if Hdd Password driver skip password prompt.<BR><BR> > + # TRUE - Skip password prompt.<BR> > + # FALSE - Does not skip password prompt.<BR> > + # @Prompt Skip Hdd Password prompt. > + > + > gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLE > AN|0 > + x00010021 > + > [PcdsDynamic, PcdsDynamicEx] > > ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly > follows > TCG Algorithm Registry.<BR><BR> > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42236): https://edk2.groups.io/g/devel/message/42236 Mute This Topic: https://groups.io/mt/32002537/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
