# PasswordCheck

- **Module:** 0092
- **File:** PasswordCheck.efi
- **Size:** 7712 bytes (0x1E20)
- **Phase:** DXE (Driver Execution Environment)
- **MD5:** a2f4ecba66a3d4da37f19775399c9a3d

## Overview

Password policy enforcement module for HR650X BIOS. Implements password validation for PAP (primary/admin) and POP (power-on/user) passwords: minimum length verification, password history checking (against previously saved passwords), time-based lockout with cooldown periods, verify-attempt throttling, and HOB list initialization. The module installs a protocol interface to register password-check services with the system and maintains password history and timestamp variables in UEFI NVRAM.

## Key Functions

| Function | Description |
|---|---|
| `ModuleEntryPoint` | Initializes UEFI service table pointers, locates HOB list, installs password check protocol interface |
| `GetMinPasswordLength` | Reads the Setup UEFI variable and returns minimum password length from offset 12; defaults to 8 if variable not found |
| `CheckTimeLockout` | Reads PapSaveTimeStamp/PopSaveTimeStamp NVRAM variables, gets current time via GetTime(), and determines if the lockout period (configured in Setup variable) has elapsed |
| `CheckPasswordHistory` | Searches PapSaveHistory/PopSaveHistory variable for matches against the proposed password; each history entry is 40 bytes |
| `SavePasswordWithHistory` | Saves a new password into history (shifts existing entries) and records current timestamp in NVRAM |
| `DateTimeToEpochSeconds` | Converts date/time components to seconds since year 2000, handling leap year rules |
| `GetHobList` | Retrieves HOB list pointer from system table |

## Protocols/Dependencies

- **UefiBootServicesTableLib** - Boot services table access
- **UefiRuntimeServicesTableLib** - Runtime services table access
- **HobLib** - HOB list initialization
- **DebugLib** - Debug assertion support
- Password variable GUID - Storage for password policy variables
- PasswordCheck protocol - Self-published protocol interface
- Setup UEFI variable - Password configuration (min length, lockout days, history count)
- NVRAM variables: PapSaveTimeStamp, PopSaveTimeStamp, PapSaveHistory, PopSaveHistory

## Platform

Lenovo ThinkSystem HR650X (Purley platform) - BIOS password policy enforcement