]>
Commit | Line | Data |
---|---|---|
21bd4958 FT |
1 | /** @file\r |
2 | The UEFI Inline Cryptographic Interface protocol provides services to abstract\r | |
3 | access to inline cryptographic capabilities.\r | |
4 | \r | |
5 | Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r | |
6 | This program and the accompanying materials\r | |
7 | are licensed and made available under the terms and conditions of the BSD License\r | |
8 | which accompanies this distribution. The full text of the license may be found at\r | |
9 | http://opensource.org/licenses/bsd-license.php\r | |
10 | \r | |
11 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
12 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
13 | \r | |
14 | **/\r | |
15 | \r | |
16 | #ifndef __BLOCK_IO_CRYPTO_H__\r | |
17 | #define __BLOCK_IO_CRYPTO_H__\r | |
18 | \r | |
19 | #include <Protocol/BlockIo.h>\r | |
20 | \r | |
21 | #define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \\r | |
22 | { \\r | |
23 | 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8} \\r | |
24 | }\r | |
25 | \r | |
26 | typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL;\r | |
27 | \r | |
28 | ///\r | |
29 | /// The struct of Block I/O Crypto Token.\r | |
30 | ///\r | |
31 | typedef struct {\r | |
32 | //\r | |
33 | // If Event is NULL, then blocking I/O is performed. If Event is not NULL and\r | |
34 | // non-blocking I/O is supported, then non-blocking I/O is performed, and\r | |
35 | // Event will be signaled when the read request is completed and data was\r | |
36 | // decrypted (when Index was specified).\r | |
37 | //\r | |
38 | EFI_EVENT Event;\r | |
39 | //\r | |
40 | // Defines whether or not the signaled event encountered an error.\r | |
41 | //\r | |
42 | EFI_STATUS TransactionStatus;\r | |
43 | } EFI_BLOCK_IO_CRYPTO_TOKEN;\r | |
44 | \r | |
e9d6470b FT |
45 | typedef struct {\r |
46 | //\r | |
47 | // GUID of the algorithm.\r | |
48 | //\r | |
49 | EFI_GUID Algorithm;\r | |
50 | //\r | |
51 | // Specifies KeySizein bits used with this Algorithm.\r | |
52 | //\r | |
53 | UINT64 KeySize;\r | |
54 | //\r | |
55 | // Specifies bitmask of block sizes supported by this algorithm.\r | |
56 | // Bit j being set means that 2^j bytes crypto block size is supported.\r | |
57 | //\r | |
58 | UINT64 CryptoBlockSizeBitMask;\r | |
59 | } EFI_BLOCK_IO_CRYPTO_CAPABILITY;\r | |
60 | \r | |
61 | ///\r | |
62 | /// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in CryptoIvInput\r | |
63 | /// parameters passed to the ReadExtended and WriteExtended methods for Inline\r | |
64 | /// Cryptographic Interface.\r | |
65 | /// Its purpose is to pass size of the entire CryptoIvInputparameter memory buffer to\r | |
66 | /// the Inline Cryptographic Interface.\r | |
67 | ///\r | |
68 | typedef struct {\r | |
69 | UINT64 InputSize;\r | |
70 | } EFI_BLOCK_IO_CRYPTO_IV_INPUT;\r | |
71 | \r | |
72 | #define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \\r | |
73 | { \\r | |
74 | 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b, 0xec} \\r | |
75 | }\r | |
76 | \r | |
77 | extern EFI_GUID gEfiBlockIoCryptoAlgoAesXtsGuid;\r | |
78 | \r | |
79 | typedef struct {\r | |
80 | EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r | |
81 | UINT64 CryptoBlockNumber;\r | |
82 | UINT64 CryptoBlockByteSize;\r | |
83 | } EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS;\r | |
84 | \r | |
85 | #define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \\r | |
86 | { \\r | |
87 | 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86, 0x70} \\r | |
88 | }\r | |
89 | \r | |
90 | extern EFI_GUID gEfiBlockIoCryptoAlgoAesCbcMsBitlockerGuid;\r | |
91 | \r | |
92 | typedef struct {\r | |
93 | EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r | |
94 | UINT64 CryptoBlockByteOffset;\r | |
95 | UINT64 CryptoBlockByteSize;\r | |
96 | } EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER;\r | |
97 | \r | |
98 | #define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF\r | |
99 | \r | |
100 | typedef struct {\r | |
101 | //\r | |
102 | // Is inline cryptographic capability supported on this device.\r | |
103 | //\r | |
104 | BOOLEAN Supported;\r | |
105 | //\r | |
106 | // Maximum number of keys that can be configured at the same time.\r | |
107 | //\r | |
108 | UINT64 KeyCount;\r | |
109 | //\r | |
110 | // Number of supported capabilities.\r | |
111 | //\r | |
112 | UINT64 CapabilityCount;\r | |
113 | //\r | |
114 | // Array of supported capabilities.\r | |
115 | //\r | |
116 | EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1];\r | |
117 | } EFI_BLOCK_IO_CRYPTO_CAPABILITIES;\r | |
118 | \r | |
119 | typedef struct {\r | |
120 | //\r | |
121 | // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be\r | |
122 | // used to set any available entry in the configuration table.\r | |
123 | //\r | |
124 | UINT64 Index;\r | |
125 | //\r | |
126 | // Identifies the owner of the configuration table entry. Entry can also be used\r | |
127 | // with the Nil value to clear key from the configuration table index.\r | |
128 | //\r | |
129 | EFI_GUID KeyOwnerGuid;\r | |
130 | //\r | |
131 | // A supported capability to be used. The CryptoBlockSizeBitMask field of the\r | |
132 | // structure should have only one bit set from the supported mask.\r | |
133 | //\r | |
134 | EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r | |
135 | //\r | |
136 | // Pointer to the key. The size of the key is defined by the KeySize field of\r | |
137 | // the capability specified by the Capability parameter.\r | |
138 | //\r | |
139 | VOID *CryptoKey;\r | |
140 | } EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY;\r | |
141 | \r | |
142 | typedef struct {\r | |
143 | //\r | |
144 | // Configuration table index.\r | |
145 | //\r | |
146 | UINT64 Index;\r | |
147 | //\r | |
148 | // Identifies the current owner of the entry.\r | |
149 | //\r | |
150 | EFI_GUID KeyOwnerGuid;\r | |
151 | //\r | |
152 | // The capability to be used. The CryptoBlockSizeBitMask field of the structure\r | |
153 | // has only one bit set from the supported mask.\r | |
154 | //\r | |
155 | EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r | |
156 | } EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY;\r | |
21bd4958 FT |
157 | \r |
158 | /**\r | |
159 | Reset the block device hardware.\r | |
160 | \r | |
161 | The Reset() function resets the block device hardware.\r | |
162 | \r | |
163 | As part of the initialization process, the firmware/device will make a quick but\r | |
164 | reasonable attempt to verify that the device is functioning.\r | |
165 | \r | |
166 | If the ExtendedVerificationflag is TRUE the firmware may take an extended amount\r | |
167 | of time to verify the device is operating on reset. Otherwise the reset operation\r | |
168 | is to occur as quickly as possible.\r | |
169 | \r | |
170 | The hardware verification process is not defined by this specification and is left\r | |
171 | up to the platform firmware or driver to implement.\r | |
172 | \r | |
173 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
174 | @param[in] ExtendedVerification Indicates that the driver may perform a more exhausive\r | |
00b7cc0f | 175 | verification operation of the device during reset.\r |
21bd4958 FT |
176 | \r |
177 | @retval EFI_SUCCESS The block device was reset.\r | |
178 | @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could\r | |
179 | not be reset.\r | |
180 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
181 | \r | |
182 | **/\r | |
183 | typedef\r | |
184 | EFI_STATUS\r | |
185 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) (\r | |
186 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
187 | IN BOOLEAN ExtendedVerification\r | |
188 | );\r | |
189 | \r | |
190 | /**\r | |
191 | Get the capabilities of the underlying inline cryptographic interface.\r | |
192 | \r | |
193 | The GetCapabilities() function determines whether pre-OS controllable inline crypto\r | |
194 | is supported by the system for the current disk and, if so, returns the capabilities\r | |
195 | of the crypto engine.\r | |
196 | \r | |
197 | The caller is responsible for providing the Capabilities structure with a sufficient\r | |
198 | number of entries.\r | |
199 | \r | |
200 | If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is returned and the\r | |
201 | CapabilityCount field contains the number of entries needed to contain the capabilities.\r | |
202 | \r | |
203 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
204 | @param[out] Capabilities Pointer to the EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure.\r | |
205 | \r | |
206 | @retval EFI_SUCCESS The ICI is ready for use.\r | |
207 | @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The number of\r | |
208 | entries needed is returned in the CapabilityCount field\r | |
209 | of the structure.\r | |
210 | @retval EFI_NO_RESPONSE No response was received from the ICI.\r | |
211 | @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r | |
212 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
213 | @retval EFI_INVALID_PARAMETER Capabilities is NULL.\r | |
214 | \r | |
215 | **/\r | |
216 | typedef\r | |
217 | EFI_STATUS\r | |
218 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) (\r | |
219 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
220 | OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities\r | |
221 | );\r | |
222 | \r | |
223 | /**\r | |
224 | Set the configuration of the underlying inline cryptographic interface.\r | |
225 | \r | |
226 | The SetConfiguration() function allows the user to set the current configuration of the\r | |
227 | inline cryptographic interface and should be called before attempting any crypto operations.\r | |
228 | \r | |
229 | This configures the configuration table entries with algorithms, key sizes and keys. Each\r | |
230 | configured entry can later be referred to by index at the time of storage transaction.\r | |
231 | \r | |
232 | The configuration table index will refer to the combination ofKeyOwnerGuid, Algorithm, and\r | |
233 | CryptoKey.\r | |
234 | \r | |
235 | KeyOwnerGuid identifies the component taking ownership of the entry. It helps components to\r | |
236 | identify their own entries, cooperate with other owner components, and avoid conflicts. This\r | |
237 | Guid identifier is there to help coordination between cooperating components and not a security\r | |
238 | or synchronization feature. The Nil GUID can be used by a component to release use of entry\r | |
239 | owned. It is also used to identify potentially available entries (see GetConfiguration).\r | |
240 | \r | |
241 | CryptoKey specifies algorithm-specific key material to use within parameters of selected crypto\r | |
242 | capability.\r | |
243 | \r | |
244 | This function is called infrequently typically once, on device start, before IO starts. It\r | |
245 | can be called at later times in cases the number of keysused on the drive is higher than what\r | |
246 | can be configured at a time or a new key has to be added.\r | |
247 | \r | |
248 | Components setting or changing an entry or entries for a given index or indices must ensure\r | |
249 | that IO referencing affected indices is temporarily blocked (run-down) at the time of change.\r | |
250 | \r | |
251 | Indices parameters in each parameter table entry allow to set only a portion of the available\r | |
252 | table entries in the crypto module anywhere from single entry to entire table supported.\r | |
253 | \r | |
254 | If corresponding table entry or entries being set are already in use by another owner the call\r | |
255 | should be failed and none of the entries should be modified. The interface implementation must\r | |
256 | enforce atomicity of this operation (should either succeed fully or fail completely without\r | |
257 | modifying state).\r | |
258 | \r | |
259 | Note that components using GetConfiguration command to discover available entries should be\r | |
260 | prepared that by the time of calling SetConfiguration the previously available entry may have\r | |
261 | become occupied. Such components should be prepared to re-try the sequence of operations.\r | |
262 | \r | |
263 | Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the implementation discover\r | |
264 | and allocate available,if any, indices atomically.\r | |
265 | \r | |
266 | An optional ResultingTable pointer can be provided by the caller to receive the newly configured\r | |
267 | entries. The array provided by the caller must have at least ConfigurationCount of entries.\r | |
268 | \r | |
269 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
270 | @param[in] ConfigurationCount Number of entries being configured with this call.\r | |
271 | @param[in] ConfigurationTable Pointer to a table used to populate the configuration table.\r | |
272 | @param[out] ResultingTable Optional pointer to a table that receives the newly configured\r | |
273 | entries.\r | |
274 | \r | |
275 | @retval EFI_SUCCESS The ICI is ready for use.\r | |
276 | @retval EFI_NO_RESPONSE No response was received from the ICI.\r | |
277 | @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r | |
278 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
279 | @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL.\r | |
280 | @retval EFI_INVALID_PARAMETER ConfigurationCount is 0.\r | |
281 | @retval EFI_OUT_OF_RESOURCES Could not find the requested number of available entries in the\r | |
282 | configuration table.\r | |
283 | \r | |
284 | **/\r | |
285 | typedef\r | |
286 | EFI_STATUS\r | |
287 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) (\r | |
288 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
289 | IN UINT64 ConfigurationCount,\r | |
290 | IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable,\r | |
291 | OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable OPTIONAL\r | |
292 | );\r | |
293 | \r | |
21bd4958 FT |
294 | /**\r |
295 | Get the configuration of the underlying inline cryptographic interface.\r | |
296 | \r | |
297 | The GetConfiguration() function allows the user to get the configuration of the inline\r | |
298 | cryptographic interface.\r | |
299 | \r | |
300 | Retrieves, entirely or partially, the currently configured key table. Note that the keys\r | |
301 | themselves are not retrieved, but rather just indices, owner GUIDs and capabilities.\r | |
302 | \r | |
303 | If fewer entries than specified by ConfigurationCount are returned, the Index field of the\r | |
304 | unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY.\r | |
305 | \r | |
306 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
307 | @param[in] StartIndex Configuration table index at which to start the configuration\r | |
308 | query.\r | |
309 | @param[in] ConfigurationCount Number of entries to return in the response table.\r | |
310 | @param[in] KeyOwnerGuid Optional parameter to filter response down to entries with a\r | |
311 | given owner. A pointer to the Nil value can be used to return\r | |
312 | available entries. Set to NULL when no owner filtering is required.\r | |
313 | @param[out] ConfigurationTable Table of configured configuration table entries (with no CryptoKey\r | |
314 | returned): configuration table index, KeyOwnerGuid, Capability.\r | |
315 | Should have sufficient space to store up to ConfigurationCount\r | |
316 | entries.\r | |
317 | \r | |
318 | @retval EFI_SUCCESS The ICI is ready for use.\r | |
319 | @retval EFI_NO_RESPONSE No response was received from the ICI.\r | |
320 | @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r | |
321 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
322 | @retval EFI_INVALID_PARAMETER Configuration table is NULL.\r | |
323 | @retval EFI_INVALID_PARAMETER StartIndex is out of bounds.\r | |
324 | \r | |
325 | **/\r | |
326 | typedef\r | |
327 | EFI_STATUS\r | |
328 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) (\r | |
329 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
330 | IN UINT64 StartIndex,\r | |
331 | IN UINT64 ConfigurationCount,\r | |
332 | IN EFI_GUID *KeyOwnerGuid OPTIONAL,\r | |
333 | OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable\r | |
334 | );\r | |
335 | \r | |
336 | /**\r | |
337 | Reads the requested number of blocks from the device and optionally decrypts\r | |
338 | them inline.\r | |
339 | \r | |
340 | TheReadExtended() function allows the caller to perform a storage device read\r | |
341 | operation. The function reads the requested number of blocks from the device\r | |
342 | and then if Index is specified decrypts them inline. All the blocks are read\r | |
343 | and decrypted (if decryption requested), or an error is returned.\r | |
344 | \r | |
345 | If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r | |
346 | MediaId is not the ID for the current media in the device, the function returns\r | |
347 | EFI_MEDIA_CHANGED.\r | |
348 | \r | |
349 | If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r | |
350 | I/O is being used, the Event associated with this request will not be signaled.\r | |
351 | \r | |
352 | In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r | |
353 | this command will also specify a configuration table Index and CryptoIvInput\r | |
354 | when data has to be decrypted inline by the controller after being read from\r | |
355 | the storage device. If an Index parameter is not specified, no decryption is\r | |
356 | performed.\r | |
357 | \r | |
358 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
359 | @param[in] MediaId The media ID that the read request is for.\r | |
360 | @param[in] LBA The starting logical block address to read from on\r | |
361 | the device.\r | |
362 | @param[in, out] Token A pointer to the token associated with the transaction.\r | |
363 | @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r | |
364 | of the intrinsic block size of the device.\r | |
365 | @param[out] Buffer A pointer to the destination buffer for the data. The\r | |
366 | caller is responsible for either having implicit or\r | |
367 | explicit ownership of the buffer.\r | |
368 | @param[in] Index A pointer to the configuration table index. This is\r | |
369 | optional.\r | |
370 | @param[in] CryptoIvInput A pointer to a buffer that contains additional\r | |
371 | cryptographic parameters as required by the capability\r | |
372 | referenced by the configuration table index, such as\r | |
373 | cryptographic initialization vector.\r | |
374 | \r | |
375 | @retval EFI_SUCCESS The read request was queued if Token-> Event is not NULL.\r | |
376 | The data was read correctly from the device if the\r | |
377 | Token->Event is NULL.\r | |
378 | @retval EFI_DEVICE_ERROR The device reported an error while attempting to perform\r | |
379 | the read operation and/or decryption operation.\r | |
380 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
381 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
382 | @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r | |
383 | block size of the device.\r | |
384 | @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains LBAs that are\r | |
385 | not valid, or the buffer is not on proper alignment.\r | |
386 | @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r | |
387 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r | |
388 | resources.\r | |
389 | \r | |
390 | **/\r | |
391 | typedef\r | |
392 | EFI_STATUS\r | |
393 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) (\r | |
394 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
395 | IN UINT32 MediaId,\r | |
396 | IN EFI_LBA LBA,\r | |
397 | IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r | |
398 | IN UINT64 BufferSize,\r | |
399 | OUT VOID *Buffer,\r | |
400 | IN UINT64 *Index OPTIONAL,\r | |
401 | IN VOID *CryptoIvInput OPTIONAL\r | |
402 | );\r | |
403 | \r | |
404 | /**\r | |
405 | Optionally encrypts a specified number of blocks inline and then writes to the\r | |
406 | device.\r | |
407 | \r | |
408 | The WriteExtended() function allows the caller to perform a storage device write\r | |
409 | operation. The function encrypts the requested number of blocks inline if Index\r | |
410 | is specified and then writes them to the device. All the blocks are encrypted\r | |
411 | (if encryption requested) and written, or an error is returned.\r | |
412 | \r | |
413 | If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r | |
414 | MediaId is not the ID for the current media in the device, the function returns\r | |
415 | EFI_MEDIA_CHANGED.\r | |
416 | \r | |
417 | If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r | |
418 | I/O is being used, the Event associated with this request will not be signaled.\r | |
419 | \r | |
420 | In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r | |
421 | this command will also specify a configuration table Index and a CryptoIvInput\r | |
422 | when data has to be decrypted inline by the controller before being written to\r | |
423 | the storage device. If no Index parameter is specified, no encryption is performed.\r | |
424 | \r | |
425 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
426 | @param[in] MediaId The media ID that the read request is for.\r | |
427 | @param[in] LBA The starting logical block address to read from on\r | |
428 | the device.\r | |
429 | @param[in, out] Token A pointer to the token associated with the transaction.\r | |
430 | @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r | |
431 | of the intrinsic block size of the device.\r | |
432 | @param[in] Buffer A pointer to the source buffer for the data.\r | |
433 | @param[in] Index A pointer to the configuration table index. This is\r | |
434 | optional.\r | |
435 | @param[in] CryptoIvInput A pointer to a buffer that contains additional\r | |
436 | cryptographic parameters as required by the capability\r | |
437 | referenced by the configuration table index, such as\r | |
438 | cryptographic initialization vector.\r | |
439 | \r | |
440 | @retval EFI_SUCCESS The request to encrypt (optionally) and write was queued\r | |
441 | if Event is not NULL. The data was encrypted (optionally)\r | |
442 | and written correctly to the device if the Event is NULL.\r | |
443 | @retval EFI_WRITE_PROTECTED The device cannot be written to.\r | |
444 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
445 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
446 | @retval EFI_DEVICE_ERROR The device reported an error while attempting to encrypt\r | |
447 | blocks or to perform the write operation.\r | |
448 | @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r | |
449 | block size of the device.\r | |
450 | @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains LBAs that are\r | |
451 | not valid, or the buffer is not on proper alignment.\r | |
452 | @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r | |
453 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r | |
454 | resources.\r | |
455 | \r | |
456 | **/\r | |
457 | typedef\r | |
458 | EFI_STATUS\r | |
459 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) (\r | |
460 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
461 | IN UINT32 MediaId,\r | |
462 | IN EFI_LBA LBA,\r | |
463 | IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r | |
464 | IN UINT64 BufferSize,\r | |
465 | IN VOID *Buffer,\r | |
466 | IN UINT64 *Index OPTIONAL,\r | |
467 | IN VOID *CryptoIvInput OPTIONAL\r | |
468 | );\r | |
469 | \r | |
470 | /**\r | |
471 | Flushes all modified data toa physical block device.\r | |
472 | \r | |
473 | The FlushBlocks() function flushes all modified data to the physical block device.\r | |
474 | Any modified data that has to be encrypted must have been already encrypted as a\r | |
475 | part of WriteExtended() operation - inline crypto operation cannot be a part of\r | |
476 | flush operation.\r | |
477 | \r | |
478 | All data written to the device prior to the flush must be physically written before\r | |
479 | returning EFI_SUCCESS from this function. This would include any cached data the\r | |
480 | driver may have cached, and cached data the device may have cached. A flush may\r | |
481 | cause a read request following the flush to force a device access.\r | |
482 | \r | |
483 | If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED is\r | |
484 | returned and non-blocking I/O is being used, the Event associated with this request\r | |
485 | will not be signaled.\r | |
486 | \r | |
487 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
488 | @param[in, out] Token A pointer to the token associated with the transaction.\r | |
489 | \r | |
490 | @retval EFI_SUCCESS The flush request was queued if Event is not NULL. All\r | |
491 | outstanding data was written correctly to the device if\r | |
492 | the Event is NULL.\r | |
493 | @retval EFI_DEVICE_ERROR The device reported an error while attempting to write data.\r | |
494 | @retval EFI_WRITE_PROTECTED The device cannot be written to.\r | |
495 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
496 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
497 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
498 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r | |
499 | resources.\r | |
500 | \r | |
501 | **/\r | |
502 | typedef\r | |
503 | EFI_STATUS\r | |
504 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) (\r | |
505 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
506 | IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token\r | |
507 | );\r | |
508 | \r | |
21bd4958 FT |
509 | ///\r |
510 | /// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI\r | |
511 | /// drivers and applications to perform block encryption on a storage device, such as UFS.\r | |
512 | ///\r | |
513 | struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL {\r | |
514 | EFI_BLOCK_IO_MEDIA *Media;\r | |
515 | EFI_BLOCK_IO_CRYPTO_RESET Reset;\r | |
516 | EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities;\r | |
517 | EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration;\r | |
518 | EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration;\r | |
519 | EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended;\r | |
520 | EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended;\r | |
521 | EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks;\r | |
522 | };\r | |
523 | \r | |
524 | extern EFI_GUID gEfiBlockIoCryptoProtocolGuid;\r | |
525 | \r | |
526 | #endif\r | |
527 | \r |