diff options
| author | Chu, Maggie <maggie.chu@intel.com> | 2019-06-10 18:19:27 +0800 |
|---|---|---|
| committer | Eric Dong <eric.dong@intel.com> | 2019-06-12 09:12:05 +0800 |
| commit | 9e2416ae2e1d26c6e6daa58353de519745bb322d (patch) | |
| tree | fefdffaffb1180733ac733089d79972e3068ae5b /SecurityPkg/HddPassword | |
| parent | e5b4d825afc474a8cb916a2476dc0bb85fb32b2d (diff) | |
| download | edk2-9e2416ae2e1d26c6e6daa58353de519745bb322d.zip edk2-9e2416ae2e1d26c6e6daa58353de519745bb322d.tar.gz edk2-9e2416ae2e1d26c6e6daa58353de519745bb322d.tar.bz2 | |
SecurityPkg/HddPassword: Add a PCD to skip Hdd password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1876
Add a PCD for skipping Hdd password prompt.
If device is in the locked status while attempting to skip
password prompt, device will keep locked and system
continue to boot.
If device is in the unlocked status while attempting to skip
password prompt, system will be forced shutdown.
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Diffstat (limited to 'SecurityPkg/HddPassword')
| -rw-r--r-- | SecurityPkg/HddPassword/HddPasswordDxe.c | 16 | ||||
| -rw-r--r-- | SecurityPkg/HddPassword/HddPasswordDxe.inf | 4 |
2 files changed, 20 insertions, 0 deletions
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 253af9f..b0d795b 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -1345,6 +1345,22 @@ HddPasswordRequestPassword ( //
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
+
+ //
+ // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt.
+ // Due to board design, device may not power off during system warm boot, which result in
+ // security status remain unlocked status, hence we add device security status check here.
+ //
+ // If device is in the locked status, device keeps locked and system continues booting.
+ // If device is in the unlocked status, system is forced shutdown for security concern.
+ //
+ if (PcdGetBool (PcdSkipHddPasswordPrompt)) {
+ if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
+ return;
+ } else {
+ gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
+ }
//
// As soon as the HDD password is in enabled state, we pop up a window to unlock hdd
// no matter it's really in locked or unlocked state.
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index f755007..06e8755 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -34,6 +34,7 @@ MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
+ SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
@@ -64,6 +65,9 @@ gEfiPciIoProtocolGuid ## CONSUMES
gEdkiiVariableLockProtocolGuid ## CONSUMES
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES
+
[Depex]
gEfiVariableWriteArchProtocolGuid
|