Nt32Pkg: Add Secure Boot build option including Custom Mode setup

If –D SECURE_BOOT_ENABLE is specified with the build command, Secure Boot support is enabled including custom mode setup. This allows Secure Boot to be configured through setup allowing Nt32Pkg to be a fully functional Secure Boot reference platforms. Signed-off-by: lee.g.rosenbaum@intel.com Reviewed-by: jiewen.yao@intel.com git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13186 6f19259b-4bc3-4df7-8a09-765794883524
2012-04-11 16:23:41 +00:00
parent a46c36572d
commit 0ff38cbfa3
4 changed files with 142 additions and 1 deletions
--- a/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c
+++ b/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.c
@@ -0,0 +1,41 @@
+/** @file
+  Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+
+  Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+  This program and the accompanying materials
+  are licensed and made available under the terms and conditions of the BSD License
+  which accompanies this distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+#include <Library/PcdLib.h>
+
+
+/**
+
+  This function provides a platform-specific method to detect whether the platform
+  is operating by a physically present user. 
+
+  Programmatic changing of platform security policy (such as disable Secure Boot,
+  or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
+  Boot Services or after exiting EFI Boot Services. Only a physically present user
+  is allowed to perform these operations.
+
+  NOTE THAT: This function cannot depend on any EFI Variable Service since they are
+  not available when this function is called in AuthenticateVariable driver.
+  
+  @retval  TRUE       The platform is operated by a physically present user.
+  @retval  FALSE      The platform is NOT operated by a physically present user.
+
+**/
+BOOLEAN
+EFIAPI
+UserPhysicalPresent (
+  VOID
+  )
+{
+  return TRUE;
+}
--- a/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
+++ b/Nt32Pkg/Library/PlatformSecureLib/PlatformSecureLib.inf
@@ -0,0 +1,33 @@
+## @file
+#  Provides a platform-specific method to enable Secure Boot Custom Mode setup.
+#
+#  Copyright (c) 2008 - 2012, Intel Corporation. All rights reserved.<BR>
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD License
+#  which accompanies this distribution. The full text of the license may be found at
+#  http://opensource.org/licenses/bsd-license.php
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PlatformSecureLib
+  FILE_GUID                      = F263EC2A-F0DB-4640-8B12-4ED22A506FB1
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
+#
+
+[Sources]
+  PlatformSecureLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec