]>
Commit | Line | Data |
---|---|---|
1cf00fbd ED |
1 | /** @file\r |
2 | Header file of Opal password support library.\r | |
3 | \r | |
4 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | \r | |
16 | #ifndef _OPAL_PASSWORD_SUPPORT_LIB_H_\r | |
17 | #define _OPAL_PASSWORD_SUPPORT_LIB_H_\r | |
18 | \r | |
19 | #include <Protocol/DevicePath.h>\r | |
20 | #include <Library/TcgStorageOpalLib.h>\r | |
21 | \r | |
22 | \r | |
23 | #pragma pack(1)\r | |
24 | \r | |
25 | //\r | |
26 | // Structure that is used to represent the available actions for an OpalDisk.\r | |
27 | // The data can then be utilized to expose/hide certain actions available to an end user\r | |
28 | // by the consumer of this library.\r | |
29 | //\r | |
30 | typedef struct {\r | |
31 | //\r | |
32 | // Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority\r | |
33 | //\r | |
34 | UINT16 PsidRevert : 1;\r | |
35 | \r | |
36 | //\r | |
37 | // Indicates if the disk can support Revert action\r | |
38 | //\r | |
39 | UINT16 Revert : 1;\r | |
40 | \r | |
41 | //\r | |
42 | // Indicates if the user must keep data for revert action. It is true if no media encryption is supported.\r | |
43 | //\r | |
44 | UINT16 RevertKeepDataForced : 1;\r | |
45 | \r | |
46 | //\r | |
47 | // Indicates if the disk can support set Admin password\r | |
48 | //\r | |
49 | UINT16 AdminPass : 1;\r | |
50 | \r | |
51 | //\r | |
52 | // Indicates if the disk can support set User password. This action requires that a user\r | |
53 | // password is first enabled.\r | |
54 | //\r | |
55 | UINT16 UserPass : 1;\r | |
56 | \r | |
57 | //\r | |
58 | // Indicates if unlock action is available. Requires disk to be currently locked.\r | |
59 | //\r | |
60 | UINT16 Unlock : 1;\r | |
61 | \r | |
62 | //\r | |
63 | // Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support.\r | |
64 | //\r | |
65 | UINT16 SecureErase : 1;\r | |
66 | \r | |
67 | //\r | |
68 | // Indicates if Disable User action is available. Action requires admin credentials.\r | |
69 | //\r | |
70 | UINT16 DisableUser : 1;\r | |
71 | } OPAL_DISK_ACTIONS;\r | |
72 | \r | |
73 | //\r | |
74 | // Structure that is used to represent the Opal device with password info.\r | |
75 | //\r | |
76 | typedef struct {\r | |
77 | LIST_ENTRY Link;\r | |
78 | \r | |
79 | UINT8 Password[32];\r | |
80 | UINT8 PasswordLength;\r | |
81 | \r | |
82 | EFI_DEVICE_PATH_PROTOCOL OpalDevicePath;\r | |
83 | } OPAL_DISK_AND_PASSWORD_INFO;\r | |
84 | \r | |
85 | #pragma pack()\r | |
86 | \r | |
87 | /**\r | |
88 | \r | |
89 | The function performs determines the available actions for the OPAL_DISK provided.\r | |
90 | \r | |
91 | @param[in] SupportedAttributes The support attribute for the device.\r | |
92 | @param[in] LockingFeature The locking status for the device.\r | |
93 | @param[in] OwnerShip The ownership for the device.\r | |
94 | @param[out] AvalDiskActions Pointer to fill-out with appropriate disk actions.\r | |
95 | \r | |
96 | **/\r | |
97 | TCG_RESULT\r | |
98 | EFIAPI\r | |
99 | OpalSupportGetAvailableActions(\r | |
100 | IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
101 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature,\r | |
102 | IN UINT16 OwnerShip,\r | |
103 | OUT OPAL_DISK_ACTIONS *AvalDiskActions\r | |
104 | );\r | |
105 | \r | |
106 | /**\r | |
107 | Enable Opal Feature for the input device.\r | |
108 | \r | |
109 | @param[in] Session The opal session for the opal device.\r | |
110 | @param[in] Msid Msid\r | |
111 | @param[in] MsidLength Msid Length\r | |
112 | @param[in] Password Admin password\r | |
113 | @param[in] PassLength Length of password in bytes\r | |
114 | @param[in] DevicePath The device path for the opal devcie.\r | |
115 | \r | |
116 | **/\r | |
117 | TCG_RESULT\r | |
118 | EFIAPI\r | |
119 | OpalSupportEnableOpalFeature(\r | |
120 | IN OPAL_SESSION *Session,\r | |
121 | IN VOID *Msid,\r | |
122 | IN UINT32 MsidLength,\r | |
123 | IN VOID *Password,\r | |
124 | IN UINT32 PassLength,\r | |
125 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
126 | );\r | |
127 | \r | |
128 | /**\r | |
129 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
130 | \r | |
131 | @param[in] Session The opal session for the opal device.\r | |
132 | @param[in] Psid PSID of device to revert.\r | |
133 | @param[in] PsidLength Length of PSID in bytes.\r | |
134 | @param[in] DevicePath The device path for the opal devcie.\r | |
135 | \r | |
136 | **/\r | |
137 | TCG_RESULT\r | |
138 | EFIAPI\r | |
139 | OpalSupportPsidRevert(\r | |
140 | IN OPAL_SESSION *Session,\r | |
141 | IN VOID *Psid,\r | |
142 | IN UINT32 PsidLength,\r | |
143 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
144 | );\r | |
145 | \r | |
146 | /**\r | |
147 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
148 | \r | |
149 | @param[in] Session The opal session for the opal device.\r | |
150 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
151 | @param[in] Password Admin password\r | |
152 | @param[in] PasswordLength Length of password in bytes\r | |
153 | @param[in] Msid Msid\r | |
154 | @param[in] MsidLength Msid Length\r | |
155 | @param[out] PasswordFailed indicates if password failed (start session didn't work)\r | |
156 | @param[in] DevicePath The device path for the opal devcie.\r | |
157 | \r | |
158 | **/\r | |
159 | TCG_RESULT\r | |
160 | EFIAPI\r | |
161 | OpalSupportRevert(\r | |
162 | IN OPAL_SESSION *Session,\r | |
163 | IN BOOLEAN KeepUserData,\r | |
164 | IN VOID *Password,\r | |
165 | IN UINT32 PasswordLength,\r | |
166 | IN VOID *Msid,\r | |
167 | IN UINT32 MsidLength,\r | |
168 | OUT BOOLEAN *PasswordFailed,\r | |
169 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
170 | );\r | |
171 | \r | |
172 | /**\r | |
173 | Set new password.\r | |
174 | \r | |
175 | @param[in] Session The opal session for the opal device.\r | |
176 | @param[in] OldPassword Current admin password\r | |
177 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
178 | @param[in] NewPassword New admin password to set\r | |
179 | @param[in] NewPasswordLength Length of new password in bytes\r | |
180 | @param[in] DevicePath The device path for the opal devcie.\r | |
181 | @param[in] SetAdmin Whether set admin password or user password.\r | |
182 | TRUE for admin, FALSE for user.\r | |
183 | \r | |
184 | **/\r | |
185 | TCG_RESULT\r | |
186 | EFIAPI\r | |
187 | OpalSupportSetPassword(\r | |
188 | IN OPAL_SESSION *Session,\r | |
189 | IN VOID *OldPassword,\r | |
190 | IN UINT32 OldPasswordLength,\r | |
191 | IN VOID *NewPassword,\r | |
192 | IN UINT32 NewPasswordLength,\r | |
193 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r | |
194 | IN BOOLEAN SetAdmin\r | |
195 | );\r | |
196 | \r | |
197 | /**\r | |
198 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
199 | \r | |
200 | @param[in] Session The opal session for the opal device.\r | |
201 | @param[in] Password Admin password\r | |
202 | @param[in] PasswordLength Length of password in bytes\r | |
203 | @param[out] PasswordFailed Indicates if password failed (start session didn't work)\r | |
204 | @param[in] DevicePath The device path for the opal devcie.\r | |
205 | \r | |
206 | **/\r | |
207 | TCG_RESULT\r | |
208 | EFIAPI\r | |
209 | OpalSupportDisableUser(\r | |
210 | IN OPAL_SESSION *Session,\r | |
211 | IN VOID *Password,\r | |
212 | IN UINT32 PasswordLength,\r | |
213 | OUT BOOLEAN *PasswordFailed,\r | |
214 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
215 | );\r | |
216 | \r | |
217 | /**\r | |
218 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
219 | and updates the global locking range ReadLocked and WriteLocked columns to FALSE.\r | |
220 | \r | |
221 | @param[in] Session The opal session for the opal device.\r | |
222 | @param[in] Password Admin or user password\r | |
223 | @param[in] PasswordLength Length of password in bytes\r | |
224 | @param[in] DevicePath The device path for the opal devcie.\r | |
225 | \r | |
226 | **/\r | |
227 | TCG_RESULT\r | |
228 | EFIAPI\r | |
229 | OpalSupportUnlock(\r | |
230 | IN OPAL_SESSION *Session,\r | |
231 | IN VOID *Password,\r | |
232 | IN UINT32 PasswordLength,\r | |
233 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
234 | );\r | |
235 | \r | |
236 | /**\r | |
237 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
238 | and updates the global locking range ReadLocked and WriteLocked columns to TRUE.\r | |
239 | \r | |
240 | @param[in] Session The opal session for the opal device.\r | |
241 | @param[in] Password Admin or user password\r | |
242 | @param[in] PasswordLength Length of password in bytes\r | |
243 | @param[in] DevicePath The device path for the opal devcie.\r | |
244 | \r | |
245 | **/\r | |
246 | TCG_RESULT\r | |
247 | EFIAPI\r | |
248 | OpalSupportLock(\r | |
249 | IN OPAL_SESSION *Session,\r | |
250 | IN VOID *Password,\r | |
251 | IN UINT32 PasswordLength,\r | |
252 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
253 | );\r | |
254 | \r | |
255 | /**\r | |
256 | Check if the password is full zero.\r | |
257 | \r | |
258 | @param[in] Password Points to the Data Buffer\r | |
259 | \r | |
260 | @retval TRUE This password string is full zero.\r | |
261 | @retval FALSE This password string is not full zero.\r | |
262 | \r | |
263 | **/\r | |
264 | LIST_ENTRY *\r | |
265 | EFIAPI\r | |
266 | OpalSupportGetOpalDeviceList (\r | |
267 | VOID\r | |
268 | );\r | |
269 | \r | |
270 | /**\r | |
271 | Transfer the password to the smm driver.\r | |
272 | \r | |
273 | @param[in] DevicePath The device path for the opal devcie.\r | |
274 | @param PasswordLen The input password length.\r | |
275 | @param Password Input password buffer.\r | |
276 | \r | |
277 | @retval EFI_SUCCESS Do the required action success.\r | |
278 | @retval Others Error occured.\r | |
279 | \r | |
280 | **/\r | |
281 | EFI_STATUS\r | |
282 | EFIAPI\r | |
283 | OpalSupportSendPasword(\r | |
284 | EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r | |
285 | UINTN PasswordLen,\r | |
286 | VOID *Password\r | |
287 | );\r | |
288 | \r | |
289 | #endif // _OPAL_CORE_H_\r |