]>
Commit | Line | Data |
---|---|---|
9dd05dde ED |
1 | /** @file\r |
2 | Public API for Opal Core library.\r | |
3 | \r | |
4b806739 | 4 | (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,\r |
4b8552d7 | 5 | https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/\r |
4b806739 | 6 | \r |
d2aefa0a ED |
7 | Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00,\r |
8 | https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/\r | |
4b806739 ED |
9 | \r |
10 | Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00,\r | |
4b8552d7 | 11 | https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/\r |
4b806739 ED |
12 | \r |
13 | TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00,\r | |
4b8552d7 | 14 | https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/\r |
4b806739 ED |
15 | \r |
16 | TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00,\r | |
4b8552d7 | 17 | https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/\r |
4b806739 ED |
18 | \r |
19 | TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00,\r | |
4b8552d7 | 20 | https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/)\r |
4b806739 ED |
21 | \r |
22 | Check http://trustedcomputinggroup.org for latest specification updates.\r | |
23 | \r | |
24 | Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
289b714b | 25 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9dd05dde ED |
26 | \r |
27 | **/\r | |
28 | \r | |
29 | #ifndef _OPAL_CORE_H_\r | |
30 | #define _OPAL_CORE_H_\r | |
31 | \r | |
32 | #include <IndustryStandard/TcgStorageOpal.h>\r | |
33 | \r | |
34 | #include <Library/TcgStorageCoreLib.h>\r | |
35 | #include <Protocol/StorageSecurityCommand.h>\r | |
36 | \r | |
37 | #pragma pack(1)\r | |
38 | \r | |
39 | typedef struct {\r | |
c411b485 MK |
40 | //\r |
41 | // Opal SSC 1 support (0 - not supported, 1 - supported)\r | |
42 | //\r | |
43 | UINT32 OpalSsc1 : 1;\r | |
44 | \r | |
45 | //\r | |
46 | // Opal SSC 2support (0 - not supported, 1 - supported)\r | |
47 | //\r | |
48 | UINT32 OpalSsc2 : 1;\r | |
49 | \r | |
50 | //\r | |
51 | // Opal SSC Lite support (0 - not supported, 1 - supported)\r | |
52 | //\r | |
53 | UINT32 OpalSscLite : 1;\r | |
54 | \r | |
55 | //\r | |
56 | // Pyrite SSC support (0 - not supported, 1 - supported)\r | |
57 | //\r | |
58 | UINT32 PyriteSsc : 1;\r | |
59 | \r | |
60 | //\r | |
61 | // Security protocol 1 support (0 - not supported, 1 - supported)\r | |
62 | //\r | |
63 | UINT32 Sp1 : 1;\r | |
64 | \r | |
65 | //\r | |
66 | // Security protocol 2 support (0 - not supported, 1 - supported)\r | |
67 | //\r | |
68 | UINT32 Sp2 : 1;\r | |
69 | \r | |
70 | //\r | |
71 | // Security protocol IEEE1667 support (0 - not supported, 1 - supported)\r | |
72 | //\r | |
73 | UINT32 SpIeee1667 : 1;\r | |
74 | \r | |
75 | //\r | |
76 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
77 | //\r | |
78 | UINT32 MediaEncryption : 1;\r | |
79 | \r | |
80 | //\r | |
81 | // Initial C_PIN_SID PIN Indicator\r | |
82 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
83 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
84 | //\r | |
85 | UINT32 InitCpinIndicator : 1;\r | |
86 | \r | |
87 | //\r | |
88 | // Behavior of C_PIN_SID PIN upon TPer Revert\r | |
89 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
90 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
91 | //\r | |
92 | UINT32 CpinUponRevert : 1;\r | |
93 | \r | |
94 | //\r | |
95 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
96 | //\r | |
97 | UINT32 BlockSid : 1;\r | |
98 | \r | |
99 | //\r | |
100 | // Pyrite SSC V2 support (0 - not supported, 1 - supported)\r | |
101 | //\r | |
102 | UINT32 PyriteSscV2 : 1;\r | |
103 | \r | |
104 | //\r | |
105 | // Supported Data Removal Mechanism support (0 - not supported, 1 - supported)\r | |
106 | //\r | |
107 | UINT32 DataRemoval : 1;\r | |
9dd05dde ED |
108 | } OPAL_DISK_SUPPORT_ATTRIBUTE;\r |
109 | \r | |
110 | //\r | |
111 | // Opal device ownership type\r | |
112 | // The type indicates who was the determined owner of the device.\r | |
113 | //\r | |
114 | typedef enum {\r | |
c411b485 MK |
115 | //\r |
116 | // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP\r | |
117 | // was unsuccessful with the provided PIN\r | |
118 | //\r | |
119 | OpalOwnershipUnknown,\r | |
120 | \r | |
121 | //\r | |
122 | // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN\r | |
123 | //\r | |
124 | OpalOwnershipNobody,\r | |
9dd05dde ED |
125 | } OPAL_OWNER_SHIP;\r |
126 | \r | |
127 | //\r | |
128 | // Structure that is used to represent an Opal session.\r | |
129 | // The structure must be initialized by calling OpalStartSession before being used as a parameter\r | |
130 | // for any other Opal function.\r | |
131 | // This structure should NOT be directly modified by the client of this library.\r | |
132 | //\r | |
133 | //\r | |
134 | typedef struct {\r | |
c411b485 MK |
135 | UINT32 HostSessionId;\r |
136 | UINT32 TperSessionId;\r | |
137 | UINT16 ComIdExtension;\r | |
9dd05dde | 138 | \r |
c411b485 | 139 | UINT16 OpalBaseComId;\r |
9dd05dde | 140 | \r |
c411b485 MK |
141 | EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;\r |
142 | UINT32 MediaId;\r | |
9dd05dde ED |
143 | } OPAL_SESSION;\r |
144 | #pragma pack()\r | |
145 | \r | |
146 | /**\r | |
147 | \r | |
148 | The function fills in the provided Buffer with the supported protocol list\r | |
149 | of the device specified.\r | |
150 | \r | |
151 | @param[in] Session OPAL_SESSION data.\r | |
152 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
153 | @param[in] BuffAddress Buffer address to fill with security protocol list\r | |
154 | \r | |
155 | **/\r | |
156 | TCG_RESULT\r | |
157 | EFIAPI\r | |
c411b485 MK |
158 | OpalRetrieveSupportedProtocolList (\r |
159 | OPAL_SESSION *Session,\r | |
160 | UINTN BufferSize,\r | |
161 | VOID *BuffAddress\r | |
9dd05dde ED |
162 | );\r |
163 | \r | |
164 | /**\r | |
165 | \r | |
166 | The function fills in the provided Buffer with the level 0 discovery Header\r | |
167 | of the device specified.\r | |
168 | \r | |
169 | @param[in] Session OPAL_SESSION data.\r | |
170 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
171 | @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response\r | |
172 | \r | |
173 | **/\r | |
174 | TCG_RESULT\r | |
175 | EFIAPI\r | |
c411b485 MK |
176 | OpalRetrieveLevel0DiscoveryHeader (\r |
177 | OPAL_SESSION *Session,\r | |
178 | UINTN BufferSize,\r | |
179 | VOID *BuffAddress\r | |
9dd05dde ED |
180 | );\r |
181 | \r | |
182 | /**\r | |
183 | Starts a session with a security provider (SP).\r | |
184 | \r | |
185 | If a session is started successfully, the caller must end the session with OpalEndSession when finished\r | |
186 | performing Opal actions.\r | |
187 | \r | |
188 | @param[in/out] Session OPAL_SESSION to initialize.\r | |
189 | @param[in] SpId Security provider ID to start the session with.\r | |
190 | @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).\r | |
191 | @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL\r | |
192 | @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.\r | |
193 | @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.\r | |
194 | @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.\r | |
195 | \r | |
196 | @return TcgResultSuccess indicates that the function completed without any internal errors.\r | |
197 | The caller must inspect the MethodStatus field to determine whether the method completed successfully.\r | |
198 | \r | |
199 | **/\r | |
200 | TCG_RESULT\r | |
201 | EFIAPI\r | |
c411b485 MK |
202 | OpalStartSession (\r |
203 | OPAL_SESSION *Session,\r | |
204 | TCG_UID SpId,\r | |
205 | BOOLEAN Write,\r | |
206 | UINT32 HostChallengeLength,\r | |
207 | const VOID *HostChallenge,\r | |
208 | TCG_UID HostSigningAuthority,\r | |
209 | UINT8 *MethodStatus\r | |
9dd05dde ED |
210 | );\r |
211 | \r | |
212 | /**\r | |
213 | Close a session opened with OpalStartSession.\r | |
214 | \r | |
215 | @param[in/out] Session OPAL_SESSION to end.\r | |
216 | \r | |
217 | **/\r | |
218 | TCG_RESULT\r | |
219 | EFIAPI\r | |
c411b485 MK |
220 | OpalEndSession (\r |
221 | OPAL_SESSION *Session\r | |
9dd05dde ED |
222 | );\r |
223 | \r | |
224 | /**\r | |
225 | \r | |
226 | Reverts device using Admin SP Revert method.\r | |
227 | \r | |
228 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
229 | \r | |
230 | **/\r | |
231 | TCG_RESULT\r | |
232 | EFIAPI\r | |
c411b485 MK |
233 | OpalPsidRevert (\r |
234 | OPAL_SESSION *AdminSpSession\r | |
9dd05dde ED |
235 | );\r |
236 | \r | |
9dd05dde ED |
237 | /**\r |
238 | \r | |
239 | The function retrieves the MSID from the device specified\r | |
240 | \r | |
241 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
242 | @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller\r | |
243 | @param[in] Msid Variable length byte sequence representing MSID of device\r | |
244 | @param[in] MsidLength Actual length of MSID retrieved from device\r | |
245 | \r | |
246 | **/\r | |
247 | TCG_RESULT\r | |
248 | EFIAPI\r | |
c411b485 MK |
249 | OpalGetMsid (\r |
250 | OPAL_SESSION *AdminSpSession,\r | |
251 | UINT32 MsidBufferSize,\r | |
252 | UINT8 *Msid,\r | |
253 | UINT32 *MsidLength\r | |
9dd05dde ED |
254 | );\r |
255 | \r | |
256 | /**\r | |
257 | \r | |
258 | The function activates the Locking SP.\r | |
259 | Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.\r | |
260 | If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.\r | |
261 | \r | |
262 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP\r | |
263 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
264 | \r | |
265 | **/\r | |
266 | TCG_RESULT\r | |
267 | EFIAPI\r | |
c411b485 MK |
268 | OpalActivateLockingSp (\r |
269 | OPAL_SESSION *AdminSpSession,\r | |
270 | UINT8 *MethodStatus\r | |
9dd05dde ED |
271 | );\r |
272 | \r | |
9dd05dde ED |
273 | /**\r |
274 | \r | |
275 | The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.\r | |
276 | \r | |
277 | @param[in/out] Session OPAL_SESSION to set password\r | |
278 | @param[in] CpinRowUid UID of row (authority) to update PIN column\r | |
279 | @param[in] NewPin New Pin to set for cpinRowUid specified\r | |
280 | @param[in] NewPinLength Length in bytes of newPin\r | |
281 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
282 | \r | |
283 | **/\r | |
284 | TCG_RESULT\r | |
285 | EFIAPI\r | |
c411b485 MK |
286 | OpalSetPassword (\r |
287 | OPAL_SESSION *Session,\r | |
288 | TCG_UID CpinRowUid,\r | |
289 | const VOID *NewPin,\r | |
290 | UINT32 NewPinLength,\r | |
291 | UINT8 *MethodStatus\r | |
9dd05dde ED |
292 | );\r |
293 | \r | |
294 | /**\r | |
295 | \r | |
296 | The function retrieves the active key of the global locking range\r | |
297 | and calls the GenKey method on the active key retrieved.\r | |
298 | \r | |
299 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
300 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
301 | \r | |
302 | **/\r | |
303 | TCG_RESULT\r | |
304 | EFIAPI\r | |
c411b485 MK |
305 | OpalGlobalLockingRangeGenKey (\r |
306 | OPAL_SESSION *LockingSpSession,\r | |
307 | UINT8 *MethodStatus\r | |
9dd05dde ED |
308 | );\r |
309 | \r | |
9dd05dde ED |
310 | /**\r |
311 | \r | |
312 | The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r | |
0ab475c9 | 313 | This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r |
9dd05dde ED |
314 | (not ReadLockEnabled and WriteLockEnabled columns).\r |
315 | \r | |
316 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
317 | @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range\r | |
318 | @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range\r | |
319 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
320 | \r | |
321 | **/\r | |
322 | TCG_RESULT\r | |
323 | EFIAPI\r | |
c411b485 MK |
324 | OpalUpdateGlobalLockingRange (\r |
325 | OPAL_SESSION *LockingSpSession,\r | |
326 | BOOLEAN ReadLocked,\r | |
327 | BOOLEAN WriteLocked,\r | |
328 | UINT8 *MethodStatus\r | |
9dd05dde ED |
329 | );\r |
330 | \r | |
9dd05dde ED |
331 | /**\r |
332 | \r | |
333 | The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns\r | |
334 | of the specified Locking Range. This function requires admin authority of a locking SP session.\r | |
335 | \r | |
336 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
337 | @param[in] LockingRangeUid Locking range UID to set values\r | |
338 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
339 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
340 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
341 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
342 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
343 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
344 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
345 | \r | |
346 | **/\r | |
347 | TCG_RESULT\r | |
348 | EFIAPI\r | |
c411b485 MK |
349 | OpalSetLockingRange (\r |
350 | OPAL_SESSION *LockingSpSession,\r | |
351 | TCG_UID LockingRangeUid,\r | |
352 | UINT64 RangeStart,\r | |
353 | UINT64 RangeLength,\r | |
354 | BOOLEAN ReadLockEnabled,\r | |
355 | BOOLEAN WriteLockEnabled,\r | |
356 | BOOLEAN ReadLocked,\r | |
357 | BOOLEAN WriteLocked,\r | |
358 | UINT8 *MethodStatus\r | |
9dd05dde ED |
359 | );\r |
360 | \r | |
361 | /**\r | |
362 | \r | |
363 | The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided\r | |
364 | using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.\r | |
365 | \r | |
366 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update\r | |
367 | @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN\r | |
368 | @param[in] AuthorityUid UID of Locking SP authority to update Pin column with\r | |
369 | @param[in] NewPin New Password used to set Pin column\r | |
370 | @param[in] NewPinLength Length in bytes of new password\r | |
371 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
372 | \r | |
373 | **/\r | |
374 | TCG_RESULT\r | |
375 | EFIAPI\r | |
c411b485 MK |
376 | OpalSetLockingSpAuthorityEnabledAndPin (\r |
377 | OPAL_SESSION *LockingSpSession,\r | |
378 | TCG_UID CpinRowUid,\r | |
379 | TCG_UID AuthorityUid,\r | |
380 | const VOID *NewPin,\r | |
381 | UINT32 NewPinLength,\r | |
382 | UINT8 *MethodStatus\r | |
9dd05dde ED |
383 | );\r |
384 | \r | |
9dd05dde ED |
385 | /**\r |
386 | \r | |
387 | The function sets the Enabled column to FALSE for the USER1 authority.\r | |
388 | \r | |
389 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1\r | |
390 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
391 | \r | |
392 | **/\r | |
393 | TCG_RESULT\r | |
394 | EFIAPI\r | |
c411b485 MK |
395 | OpalDisableUser (\r |
396 | OPAL_SESSION *LockingSpSession,\r | |
397 | UINT8 *MethodStatus\r | |
9dd05dde ED |
398 | );\r |
399 | \r | |
9dd05dde ED |
400 | /**\r |
401 | \r | |
402 | The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter\r | |
403 | to keep the user data is set to True, otherwise the optional parameter is not provided.\r | |
404 | \r | |
405 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP\r | |
406 | @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.\r | |
407 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
408 | \r | |
409 | **/\r | |
410 | TCG_RESULT\r | |
411 | EFIAPI\r | |
c411b485 MK |
412 | OpalAdminRevert (\r |
413 | OPAL_SESSION *LockingSpSession,\r | |
414 | BOOLEAN KeepUserData,\r | |
415 | UINT8 *MethodStatus\r | |
9dd05dde ED |
416 | );\r |
417 | \r | |
9dd05dde ED |
418 | /**\r |
419 | \r | |
420 | The function retrieves the TryLimit column for the specified rowUid (authority).\r | |
421 | \r | |
422 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit\r | |
423 | @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column\r | |
424 | @param[in/out] TryLimit Value from TryLimit column\r | |
425 | \r | |
426 | **/\r | |
427 | TCG_RESULT\r | |
428 | EFIAPI\r | |
c411b485 MK |
429 | OpalGetTryLimit (\r |
430 | OPAL_SESSION *LockingSpSession,\r | |
431 | TCG_UID RowUid,\r | |
432 | UINT32 *TryLimit\r | |
9dd05dde ED |
433 | );\r |
434 | \r | |
9dd05dde ED |
435 | /**\r |
436 | \r | |
437 | The function populates the CreateStruct with a payload that will retrieve the global locking range active key.\r | |
438 | It is intended to be called with a session that is already started with a valid credential.\r | |
439 | The function does not send the payload.\r | |
440 | \r | |
441 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
442 | @param[in/out] CreateStruct Structure to populate with encoded TCG command\r | |
443 | @param[in/out] Size Size in bytes of the command created.\r | |
444 | \r | |
445 | **/\r | |
446 | TCG_RESULT\r | |
447 | EFIAPI\r | |
c411b485 MK |
448 | OpalCreateRetrieveGlobalLockingRangeActiveKey (\r |
449 | const OPAL_SESSION *Session,\r | |
450 | TCG_CREATE_STRUCT *CreateStruct,\r | |
451 | UINT32 *Size\r | |
9dd05dde ED |
452 | );\r |
453 | \r | |
9dd05dde ED |
454 | /**\r |
455 | \r | |
456 | The function acquires the activeKey specified for the Global Locking Range from the parseStruct.\r | |
457 | \r | |
458 | @param[in] ParseStruct Structure that contains the device's response with the activekey\r | |
459 | @param[in/out] ActiveKey The UID of the active key retrieved\r | |
460 | \r | |
461 | **/\r | |
462 | TCG_RESULT\r | |
463 | EFIAPI\r | |
c411b485 | 464 | OpalParseRetrieveGlobalLockingRangeActiveKey (\r |
9dd05dde ED |
465 | TCG_PARSE_STRUCT *ParseStruct,\r |
466 | TCG_UID *ActiveKey\r | |
467 | );\r | |
468 | \r | |
469 | /**\r | |
470 | \r | |
471 | Get the support attribute info.\r | |
472 | \r | |
473 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
474 | @param[in/out] LockingFeature Return the Locking info.\r | |
475 | \r | |
476 | **/\r | |
477 | TCG_RESULT\r | |
478 | EFIAPI\r | |
c411b485 MK |
479 | OpalGetLockingInfo (\r |
480 | OPAL_SESSION *Session,\r | |
481 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
9dd05dde ED |
482 | );\r |
483 | \r | |
484 | /**\r | |
485 | \r | |
486 | The function determines whether or not all of the requirements for the Opal Feature (not full specification)\r | |
487 | are met by the specified device.\r | |
488 | \r | |
489 | @param[in] SupportedAttributes Opal device attribute.\r | |
490 | \r | |
491 | **/\r | |
492 | BOOLEAN\r | |
493 | EFIAPI\r | |
c411b485 MK |
494 | OpalFeatureSupported (\r |
495 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes\r | |
9dd05dde ED |
496 | );\r |
497 | \r | |
498 | /**\r | |
499 | \r | |
500 | The function returns whether or not the device is Opal Enabled.\r | |
501 | TRUE means that the device is partially or fully locked.\r | |
502 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
503 | \r | |
504 | @param[in] SupportedAttributes Opal device attribute.\r | |
505 | @param[in] LockingFeature Opal device locking status.\r | |
506 | \r | |
507 | \r | |
508 | **/\r | |
509 | BOOLEAN\r | |
510 | EFIAPI\r | |
c411b485 MK |
511 | OpalFeatureEnabled (\r |
512 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
513 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
9dd05dde ED |
514 | );\r |
515 | \r | |
516 | /**\r | |
517 | \r | |
518 | The function returns whether or not the device is Opal Locked.\r | |
519 | TRUE means that the device is partially or fully locked.\r | |
520 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
521 | \r | |
522 | @param[in] SupportedAttributes Opal device attribute.\r | |
523 | @param[in] LockingFeature Opal device locking status.\r | |
524 | \r | |
525 | **/\r | |
526 | BOOLEAN\r | |
c411b485 MK |
527 | OpalDeviceLocked (\r |
528 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
529 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
9dd05dde ED |
530 | );\r |
531 | \r | |
532 | /**\r | |
533 | Trig the block sid action.\r | |
534 | \r | |
535 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
536 | @param[in] HardwareReset Whether need to do hardware reset.\r | |
537 | \r | |
538 | **/\r | |
539 | TCG_RESULT\r | |
540 | EFIAPI\r | |
c411b485 MK |
541 | OpalBlockSid (\r |
542 | OPAL_SESSION *Session,\r | |
543 | BOOLEAN HardwareReset\r | |
9dd05dde ED |
544 | );\r |
545 | \r | |
546 | /**\r | |
547 | \r | |
548 | Get the support attribute info.\r | |
549 | \r | |
550 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
551 | @param[in/out] SupportedAttributes Return the support attribute info.\r | |
552 | @param[out] OpalBaseComId Return the base com id info.\r | |
553 | \r | |
554 | **/\r | |
555 | TCG_RESULT\r | |
556 | EFIAPI\r | |
c411b485 | 557 | OpalGetSupportedAttributesInfo (\r |
9dd05dde ED |
558 | OPAL_SESSION *Session,\r |
559 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
560 | UINT16 *OpalBaseComId\r | |
561 | );\r | |
562 | \r | |
563 | /**\r | |
564 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
565 | \r | |
566 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
567 | @param[in] Psid PSID of device to revert.\r | |
568 | @param[in] PsidLength Length of PSID in bytes.\r | |
569 | \r | |
570 | **/\r | |
571 | TCG_RESULT\r | |
572 | EFIAPI\r | |
c411b485 MK |
573 | OpalUtilPsidRevert (\r |
574 | OPAL_SESSION *AdminSpSession,\r | |
575 | const VOID *Psid,\r | |
576 | UINT32 PsidLength\r | |
9dd05dde ED |
577 | );\r |
578 | \r | |
579 | /**\r | |
580 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
581 | sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r | |
582 | and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.\r | |
583 | \r | |
584 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
585 | @param[in] GeneratedSid Generated SID of disk\r | |
586 | @param[in] SidLength Length of generatedSid in bytes\r | |
587 | @param[in] Password New admin password to set\r | |
588 | @param[in] PassLength Length of password in bytes\r | |
589 | \r | |
590 | **/\r | |
591 | TCG_RESULT\r | |
592 | EFIAPI\r | |
c411b485 MK |
593 | OpalUtilSetAdminPasswordAsSid (\r |
594 | OPAL_SESSION *AdminSpSession,\r | |
595 | const VOID *GeneratedSid,\r | |
596 | UINT32 SidLength,\r | |
597 | const VOID *Password,\r | |
598 | UINT32 PassLength\r | |
9dd05dde ED |
599 | );\r |
600 | \r | |
601 | /**\r | |
602 | \r | |
603 | Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
604 | and updates the specified locking range with the provided column values.\r | |
605 | \r | |
606 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
607 | @param[in] Password New admin password to set\r | |
608 | @param[in] PassLength Length of password in bytes\r | |
609 | @param[in] LockingRangeUid Locking range UID to set values\r | |
610 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
611 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
612 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
613 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
614 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
615 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
616 | \r | |
617 | **/\r | |
618 | TCG_RESULT\r | |
619 | EFIAPI\r | |
c411b485 MK |
620 | OpalUtilSetOpalLockingRange (\r |
621 | OPAL_SESSION *LockingSpSession,\r | |
622 | const VOID *Password,\r | |
623 | UINT32 PassLength,\r | |
624 | TCG_UID LockingRangeUid,\r | |
625 | UINT64 RangeStart,\r | |
626 | UINT64 RangeLength,\r | |
627 | BOOLEAN ReadLockEnabled,\r | |
628 | BOOLEAN WriteLockEnabled,\r | |
629 | BOOLEAN ReadLocked,\r | |
630 | BOOLEAN WriteLocked\r | |
9dd05dde ED |
631 | );\r |
632 | \r | |
633 | /**\r | |
634 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
635 | sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r | |
636 | and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r | |
637 | \r | |
638 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
639 | @param[in] OldPassword Current admin password\r | |
640 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
641 | @param[in] NewPassword New admin password to set\r | |
642 | @param[in] NewPasswordLength Length of new password in bytes\r | |
643 | \r | |
644 | **/\r | |
645 | TCG_RESULT\r | |
646 | EFIAPI\r | |
c411b485 | 647 | OpalUtilSetAdminPassword (\r |
9dd05dde ED |
648 | OPAL_SESSION *AdminSpSession,\r |
649 | const VOID *OldPassword,\r | |
650 | UINT32 OldPasswordLength,\r | |
651 | const VOID *NewPassword,\r | |
652 | UINT32 NewPasswordLength\r | |
653 | );\r | |
654 | \r | |
655 | /**\r | |
656 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
657 | and sets the User1 SP authority to enabled and sets the User1 password.\r | |
658 | \r | |
659 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
660 | @param[in] OldPassword Current admin password\r | |
661 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
662 | @param[in] NewPassword New admin password to set\r | |
663 | @param[in] NewPasswordLength Length of new password in bytes\r | |
664 | \r | |
665 | **/\r | |
666 | TCG_RESULT\r | |
667 | EFIAPI\r | |
c411b485 MK |
668 | OpalUtilSetUserPassword (\r |
669 | OPAL_SESSION *LockingSpSession,\r | |
670 | const VOID *OldPassword,\r | |
671 | UINT32 OldPasswordLength,\r | |
672 | const VOID *NewPassword,\r | |
673 | UINT32 NewPasswordLength\r | |
9dd05dde ED |
674 | );\r |
675 | \r | |
676 | /**\r | |
677 | Verify whether user input the correct password.\r | |
678 | \r | |
679 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
680 | @param[in] Password Admin password\r | |
681 | @param[in] PasswordLength Length of password in bytes\r | |
682 | @param[in/out] HostSigningAuthority Use the Host signing authority type.\r | |
683 | \r | |
684 | **/\r | |
685 | TCG_RESULT\r | |
686 | EFIAPI\r | |
687 | OpalUtilVerifyPassword (\r | |
c411b485 MK |
688 | OPAL_SESSION *LockingSpSession,\r |
689 | const VOID *Password,\r | |
690 | UINT32 PasswordLength,\r | |
691 | TCG_UID HostSigningAuthority\r | |
9dd05dde ED |
692 | );\r |
693 | \r | |
694 | /**\r | |
695 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
696 | and generates a new global locking range key to erase the Data.\r | |
697 | \r | |
698 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
699 | @param[in] Password Admin or user password\r | |
700 | @param[in] PasswordLength Length of password in bytes\r | |
701 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
702 | \r | |
703 | **/\r | |
704 | TCG_RESULT\r | |
705 | EFIAPI\r | |
c411b485 MK |
706 | OpalUtilSecureErase (\r |
707 | OPAL_SESSION *LockingSpSession,\r | |
708 | const VOID *Password,\r | |
709 | UINT32 PasswordLength,\r | |
710 | BOOLEAN *PasswordFailed\r | |
9dd05dde ED |
711 | );\r |
712 | \r | |
713 | /**\r | |
714 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
715 | \r | |
716 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
717 | @param[in] Password Admin password\r | |
718 | @param[in] PasswordLength Length of password in bytes\r | |
719 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
720 | \r | |
721 | **/\r | |
722 | TCG_RESULT\r | |
723 | EFIAPI\r | |
c411b485 MK |
724 | OpalUtilDisableUser (\r |
725 | OPAL_SESSION *LockingSpSession,\r | |
726 | const VOID *Password,\r | |
727 | UINT32 PasswordLength,\r | |
728 | BOOLEAN *PasswordFailed\r | |
9dd05dde ED |
729 | );\r |
730 | \r | |
731 | /**\r | |
732 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
733 | \r | |
734 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
735 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
736 | @param[in] Password Admin password\r | |
737 | @param[in] PasswordLength Length of password in bytes\r | |
738 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
739 | @param[in] Msid Input Msid info.\r | |
740 | @param[in] MsidLength Input Msid info length.\r | |
741 | \r | |
742 | **/\r | |
743 | TCG_RESULT\r | |
744 | EFIAPI\r | |
c411b485 MK |
745 | OpalUtilRevert (\r |
746 | OPAL_SESSION *LockingSpSession,\r | |
747 | BOOLEAN KeepUserData,\r | |
748 | const VOID *Password,\r | |
749 | UINT32 PasswordLength,\r | |
750 | BOOLEAN *PasswordFailed,\r | |
751 | UINT8 *Msid,\r | |
752 | UINT32 MsidLength\r | |
9dd05dde ED |
753 | );\r |
754 | \r | |
755 | /**\r | |
756 | After revert success, set SID to MSID.\r | |
757 | \r | |
758 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
759 | @param Password, Input password info.\r | |
760 | @param PasswordLength, Input password length.\r | |
761 | @param[in] Msid Input Msid info.\r | |
762 | @param[in] MsidLength Input Msid info length.\r | |
763 | \r | |
764 | **/\r | |
765 | TCG_RESULT\r | |
766 | EFIAPI\r | |
767 | OpalUtilSetSIDtoMSID (\r | |
c411b485 MK |
768 | OPAL_SESSION *AdminSpSession,\r |
769 | const VOID *Password,\r | |
770 | UINT32 PasswordLength,\r | |
771 | UINT8 *Msid,\r | |
772 | UINT32 MsidLength\r | |
9dd05dde ED |
773 | );\r |
774 | \r | |
775 | /**\r | |
776 | Update global locking range.\r | |
777 | \r | |
778 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
779 | @param Password, Input password info.\r | |
780 | @param PasswordLength, Input password length.\r | |
781 | @param ReadLocked, Read lock info.\r | |
782 | @param WriteLocked write lock info.\r | |
783 | \r | |
784 | **/\r | |
785 | TCG_RESULT\r | |
786 | EFIAPI\r | |
c411b485 MK |
787 | OpalUtilUpdateGlobalLockingRange (\r |
788 | OPAL_SESSION *LockingSpSession,\r | |
789 | const VOID *Password,\r | |
790 | UINT32 PasswordLength,\r | |
791 | BOOLEAN ReadLocked,\r | |
792 | BOOLEAN WriteLocked\r | |
9dd05dde ED |
793 | );\r |
794 | \r | |
795 | /**\r | |
796 | Update global locking range.\r | |
797 | \r | |
798 | @param Session, The session info for one opal device.\r | |
799 | @param Msid, The data buffer to save Msid info.\r | |
800 | @param MsidBufferLength, The data buffer length for Msid.\r | |
801 | @param MsidLength, The actual data length for Msid.\r | |
802 | \r | |
803 | **/\r | |
804 | TCG_RESULT\r | |
805 | EFIAPI\r | |
c411b485 MK |
806 | OpalUtilGetMsid (\r |
807 | OPAL_SESSION *Session,\r | |
808 | UINT8 *Msid,\r | |
809 | UINT32 MsidBufferLength,\r | |
810 | UINT32 *MsidLength\r | |
9dd05dde ED |
811 | );\r |
812 | \r | |
813 | /**\r | |
814 | \r | |
815 | The function determines who owns the device by attempting to start a session with different credentials.\r | |
816 | If the SID PIN matches the MSID PIN, the no one owns the device.\r | |
817 | If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.\r | |
818 | \r | |
819 | \r | |
820 | @param[in] Session The session info for one opal device.\r | |
821 | @param Msid, The Msid info.\r | |
822 | @param MsidLength, The data length for Msid.\r | |
823 | \r | |
824 | **/\r | |
825 | OPAL_OWNER_SHIP\r | |
826 | EFIAPI\r | |
c411b485 MK |
827 | OpalUtilDetermineOwnership (\r |
828 | OPAL_SESSION *Session,\r | |
829 | UINT8 *Msid,\r | |
830 | UINT32 MsidLength\r | |
9dd05dde ED |
831 | );\r |
832 | \r | |
833 | /**\r | |
834 | \r | |
835 | The function returns if admin password exists.\r | |
836 | \r | |
837 | @param[in] OwnerShip The owner ship of the opal device.\r | |
838 | @param[in] LockingFeature The locking info of the opal device.\r | |
839 | \r | |
840 | @retval TRUE Admin password existed.\r | |
841 | @retval FALSE Admin password not existed.\r | |
842 | \r | |
843 | **/\r | |
844 | BOOLEAN\r | |
845 | EFIAPI\r | |
c411b485 MK |
846 | OpalUtilAdminPasswordExists (\r |
847 | IN UINT16 OwnerShip,\r | |
848 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
9dd05dde ED |
849 | );\r |
850 | \r | |
a3068f06 ED |
851 | /**\r |
852 | Get Active Data Removal Mechanism Value.\r | |
853 | \r | |
854 | @param[in] Session, The session info for one opal device.\r | |
855 | @param[in] GeneratedSid Generated SID of disk\r | |
856 | @param[in] SidLength Length of generatedSid in bytes\r | |
857 | @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.\r | |
858 | \r | |
859 | **/\r | |
860 | TCG_RESULT\r | |
861 | EFIAPI\r | |
862 | OpalUtilGetActiveDataRemovalMechanism (\r | |
c411b485 MK |
863 | OPAL_SESSION *Session,\r |
864 | const VOID *GeneratedSid,\r | |
865 | UINT32 SidLength,\r | |
866 | UINT8 *ActiveDataRemovalMechanism\r | |
a3068f06 ED |
867 | );\r |
868 | \r | |
869 | /**\r | |
870 | Get the supported Data Removal Mechanism list.\r | |
871 | \r | |
872 | @param[in] Session, The session info for one opal device.\r | |
873 | @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.\r | |
874 | \r | |
875 | **/\r | |
876 | TCG_RESULT\r | |
877 | EFIAPI\r | |
878 | OpalUtilGetDataRemovalMechanismLists (\r | |
c411b485 MK |
879 | IN OPAL_SESSION *Session,\r |
880 | OUT UINT32 *RemovalMechanismLists\r | |
a3068f06 ED |
881 | );\r |
882 | \r | |
9dd05dde | 883 | #endif // _OPAL_CORE_H_\r |