diff options
author | Chu, Maggie <maggie.chu@intel.com> | 2019-05-22 15:04:43 +0800 |
---|---|---|
committer | Eric Dong <eric.dong@intel.com> | 2019-06-10 14:16:07 +0800 |
commit | 6cbed0e36fe734f3fc11d30d652122d7714627c4 (patch) | |
tree | 34b79880815a118c2f053457e8069871282b6647 /SecurityPkg/Tcg | |
parent | 9fc1b85fd16b1740de66e99a406a08471eeafa61 (diff) | |
download | edk2-6cbed0e36fe734f3fc11d30d652122d7714627c4.zip edk2-6cbed0e36fe734f3fc11d30d652122d7714627c4.tar.gz edk2-6cbed0e36fe734f3fc11d30d652122d7714627c4.tar.bz2 |
SecurityPkg/OpalPassword: Add PCD to skip password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1801
Add a PCD for skipping password prompt in device unlocked status.
Previous change only support if storage device is in locked status.
This change is added to support the case that security status of the
storage device is unlocked.
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'SecurityPkg/Tcg')
-rw-r--r-- | SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 16 | ||||
-rw-r--r-- | SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 2 |
2 files changed, 15 insertions, 3 deletions
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index 965205c..e14fa32 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -899,8 +899,20 @@ OpalDriverRequestPassword ( IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature);
- if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {
- return;
+ //
+ // Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt.
+ // Due to board design, device may not power off during system warm boot, which result in
+ // security status remain unlocked status, hence we add device security status check here.
+ //
+ // If device is in the locked status, device keeps locked and system continues booting.
+ // If device is in the unlocked status, system is forced shutdown to support security requirement.
+ //
+ if (PcdGetBool (PcdSkipOpalPasswordPrompt)) {
+ if (IsLocked) {
+ return;
+ } else {
+ gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
}
while (Count < MAX_PASSWORD_TRY_COUNT) {
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf index e74f147..8751919 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf @@ -71,7 +71,7 @@ gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES
[Depex]
gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid
|