Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / PasswordCheck / README.md
@Ajax Dong Ajax Dong 2 days ago 2 KB Init
Raw Blame History

PasswordCheck

  • Module: 0092
  • File: PasswordCheck.efi
  • Size: 7712 bytes (0x1E20)
  • Phase: DXE (Driver Execution Environment)
  • MD5: a2f4ecba66a3d4da37f19775399c9a3d

Overview

Password policy enforcement module for HR650X BIOS. Implements password validation for PAP (primary/admin) and POP (power-on/user) passwords: minimum length verification, password history checking (against previously saved passwords), time-based lockout with cooldown periods, verify-attempt throttling, and HOB list initialization. The module installs a protocol interface to register password-check services with the system and maintains password history and timestamp variables in UEFI NVRAM.

Key Functions

Function Description
ModuleEntryPoint Initializes UEFI service table pointers, locates HOB list, installs password check protocol interface
GetMinPasswordLength Reads the Setup UEFI variable and returns minimum password length from offset 12; defaults to 8 if variable not found
CheckTimeLockout Reads PapSaveTimeStamp/PopSaveTimeStamp NVRAM variables, gets current time via GetTime(), and determines if the lockout period (configured in Setup variable) has elapsed
CheckPasswordHistory Searches PapSaveHistory/PopSaveHistory variable for matches against the proposed password; each history entry is 40 bytes
SavePasswordWithHistory Saves a new password into history (shifts existing entries) and records current timestamp in NVRAM
DateTimeToEpochSeconds Converts date/time components to seconds since year 2000, handling leap year rules
GetHobList Retrieves HOB list pointer from system table

Protocols/Dependencies

  • UefiBootServicesTableLib - Boot services table access
  • UefiRuntimeServicesTableLib - Runtime services table access
  • HobLib - HOB list initialization
  • DebugLib - Debug assertion support
  • Password variable GUID - Storage for password policy variables
  • PasswordCheck protocol - Self-published protocol interface
  • Setup UEFI variable - Password configuration (min length, lockout days, history count)
  • NVRAM variables: PapSaveTimeStamp, PopSaveTimeStamp, PapSaveHistory, PopSaveHistory

Platform

Lenovo ThinkSystem HR650X (Purley platform) - BIOS password policy enforcement