1 files changed, 36 insertions, 0 deletions

diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/PlatformSecureLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/PlatformSecureLib.h
new file mode 100644
index 00000000..2e7b6672
--- /dev/null
+++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/PlatformSecureLib.h
@@ -0,0 +1,36 @@
+/** @file
+  Provides a secure platform-specific method to detect physically present user.
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __PLATFORM_SECURE_LIB_H__
+#define __PLATFORM_SECURE_LIB_H__
+
+
+/**
+
+  This function provides a platform-specific method to detect whether the platform
+  is operating by a physically present user.
+
+  Programmatic changing of platform security policy (such as disable Secure Boot,
+  or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during
+  Boot Services or after exiting EFI Boot Services. Only a physically present user
+  is allowed to perform these operations.
+
+  NOTE THAT: This function cannot depend on any EFI Variable Service since they are
+  not available when this function is called in AuthenticateVariable driver.
+
+  @retval  TRUE       The platform is operated by a physically present user.
+  @retval  FALSE      The platform is NOT operated by a physically present user.
+
+**/
+BOOLEAN
+EFIAPI
+UserPhysicalPresent (
+  VOID
+  );
+
+#endif