]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Include/Library/TcgStorageOpalLib.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg: Apply uncrustify changes
[mirror_edk2.git] / SecurityPkg / Include / Library / TcgStorageOpalLib.h
CommitLineData
9dd05dde
ED		 1/** @file\r
2 Public API for Opal Core library.\r
3\r
4b806739 4 (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,\r
4b8552d7 5 https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/\r
4b806739 6\r
d2aefa0a
ED		 7 Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00,\r
8 https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/\r
4b806739
ED		 9\r
10 Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00,\r
4b8552d7 11 https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/\r
4b806739
ED		 12\r
13 TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00,\r
4b8552d7 14 https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/\r
4b806739
ED		 15\r
16 TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00,\r
4b8552d7 17 https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/\r
4b806739
ED		 18\r
19 TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00,\r
4b8552d7 20 https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/)\r
4b806739
ED		 21\r
22 Check http://trustedcomputinggroup.org for latest specification updates.\r
23\r
24Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b 25SPDX-License-Identifier: BSD-2-Clause-Patent\r
9dd05dde
ED		 26\r
27**/\r
28\r
29#ifndef _OPAL_CORE_H_\r
30#define _OPAL_CORE_H_\r
31\r
32#include <IndustryStandard/TcgStorageOpal.h>\r
33\r
34#include <Library/TcgStorageCoreLib.h>\r
35#include <Protocol/StorageSecurityCommand.h>\r
36\r
37#pragma pack(1)\r
38\r
39typedef struct {\r
c411b485
MK		 40 //\r
41 // Opal SSC 1 support (0 - not supported, 1 - supported)\r
42 //\r
43 UINT32 OpalSsc1 : 1;\r
44\r
45 //\r
46 // Opal SSC 2support (0 - not supported, 1 - supported)\r
47 //\r
48 UINT32 OpalSsc2 : 1;\r
49\r
50 //\r
51 // Opal SSC Lite support (0 - not supported, 1 - supported)\r
52 //\r
53 UINT32 OpalSscLite : 1;\r
54\r
55 //\r
56 // Pyrite SSC support (0 - not supported, 1 - supported)\r
57 //\r
58 UINT32 PyriteSsc : 1;\r
59\r
60 //\r
61 // Security protocol 1 support (0 - not supported, 1 - supported)\r
62 //\r
63 UINT32 Sp1 : 1;\r
64\r
65 //\r
66 // Security protocol 2 support (0 - not supported, 1 - supported)\r
67 //\r
68 UINT32 Sp2 : 1;\r
69\r
70 //\r
71 // Security protocol IEEE1667 support (0 - not supported, 1 - supported)\r
72 //\r
73 UINT32 SpIeee1667 : 1;\r
74\r
75 //\r
76 // Media encryption supported (0 - not supported, 1 - supported)\r
77 //\r
78 UINT32 MediaEncryption : 1;\r
79\r
80 //\r
81 // Initial C_PIN_SID PIN Indicator\r
82 // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r
83 // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r
84 //\r
85 UINT32 InitCpinIndicator : 1;\r
86\r
87 //\r
88 // Behavior of C_PIN_SID PIN upon TPer Revert\r
89 // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r
90 // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r
91 //\r
92 UINT32 CpinUponRevert : 1;\r
93\r
94 //\r
95 // Media encryption supported (0 - not supported, 1 - supported)\r
96 //\r
97 UINT32 BlockSid : 1;\r
98\r
99 //\r
100 // Pyrite SSC V2 support (0 - not supported, 1 - supported)\r
101 //\r
102 UINT32 PyriteSscV2 : 1;\r
103\r
104 //\r
105 // Supported Data Removal Mechanism support (0 - not supported, 1 - supported)\r
106 //\r
107 UINT32 DataRemoval : 1;\r
9dd05dde
ED		 108} OPAL_DISK_SUPPORT_ATTRIBUTE;\r
109\r
110//\r
111// Opal device ownership type\r
112// The type indicates who was the determined owner of the device.\r
113//\r
114typedef enum {\r
c411b485
MK		 115 //\r
116 // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP\r
117 // was unsuccessful with the provided PIN\r
118 //\r
119 OpalOwnershipUnknown,\r
120\r
121 //\r
122 // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN\r
123 //\r
124 OpalOwnershipNobody,\r
9dd05dde
ED		 125} OPAL_OWNER_SHIP;\r
126\r
127//\r
128// Structure that is used to represent an Opal session.\r
129// The structure must be initialized by calling OpalStartSession before being used as a parameter\r
130// for any other Opal function.\r
131// This structure should NOT be directly modified by the client of this library.\r
132//\r
133//\r
134typedef struct {\r
c411b485
MK		 135 UINT32 HostSessionId;\r
136 UINT32 TperSessionId;\r
137 UINT16 ComIdExtension;\r
9dd05dde 138\r
c411b485 139 UINT16 OpalBaseComId;\r
9dd05dde 140\r
c411b485
MK		 141 EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;\r
142 UINT32 MediaId;\r
9dd05dde
ED		 143} OPAL_SESSION;\r
144#pragma pack()\r
145\r
146/**\r
147\r
148 The function fills in the provided Buffer with the supported protocol list\r
149 of the device specified.\r
150\r
151 @param[in] Session OPAL_SESSION data.\r
152 @param[in] BufferSize Size of Buffer provided (in bytes)\r
153 @param[in] BuffAddress Buffer address to fill with security protocol list\r
154\r
155**/\r
156TCG_RESULT\r
157EFIAPI\r
c411b485
MK		 158OpalRetrieveSupportedProtocolList (\r
159 OPAL_SESSION *Session,\r
160 UINTN BufferSize,\r
161 VOID *BuffAddress\r
9dd05dde
ED		 162 );\r
163\r
164/**\r
165\r
166 The function fills in the provided Buffer with the level 0 discovery Header\r
167 of the device specified.\r
168\r
169 @param[in] Session OPAL_SESSION data.\r
170 @param[in] BufferSize Size of Buffer provided (in bytes)\r
171 @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response\r
172\r
173**/\r
174TCG_RESULT\r
175EFIAPI\r
c411b485
MK		 176OpalRetrieveLevel0DiscoveryHeader (\r
177 OPAL_SESSION *Session,\r
178 UINTN BufferSize,\r
179 VOID *BuffAddress\r
9dd05dde
ED		 180 );\r
181\r
182/**\r
183 Starts a session with a security provider (SP).\r
184\r
185 If a session is started successfully, the caller must end the session with OpalEndSession when finished\r
186 performing Opal actions.\r
187\r
188 @param[in/out] Session OPAL_SESSION to initialize.\r
189 @param[in] SpId Security provider ID to start the session with.\r
190 @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).\r
191 @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL\r
192 @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.\r
193 @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.\r
194 @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.\r
195\r
196 @return TcgResultSuccess indicates that the function completed without any internal errors.\r
197 The caller must inspect the MethodStatus field to determine whether the method completed successfully.\r
198\r
199**/\r
200TCG_RESULT\r
201EFIAPI\r
c411b485
MK		 202OpalStartSession (\r
203 OPAL_SESSION *Session,\r
204 TCG_UID SpId,\r
205 BOOLEAN Write,\r
206 UINT32 HostChallengeLength,\r
207 const VOID *HostChallenge,\r
208 TCG_UID HostSigningAuthority,\r
209 UINT8 *MethodStatus\r
9dd05dde
ED		 210 );\r
211\r
212/**\r
213 Close a session opened with OpalStartSession.\r
214\r
215 @param[in/out] Session OPAL_SESSION to end.\r
216\r
217**/\r
218TCG_RESULT\r
219EFIAPI\r
c411b485
MK		 220OpalEndSession (\r
221 OPAL_SESSION *Session\r
9dd05dde
ED		 222 );\r
223\r
224/**\r
225\r
226 Reverts device using Admin SP Revert method.\r
227\r
228 @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r
229\r
230**/\r
231TCG_RESULT\r
232EFIAPI\r
c411b485
MK		 233OpalPsidRevert (\r
234 OPAL_SESSION *AdminSpSession\r
9dd05dde
ED		 235 );\r
236\r
9dd05dde
ED		 237/**\r
238\r
239 The function retrieves the MSID from the device specified\r
240\r
241 @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r
242 @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller\r
243 @param[in] Msid Variable length byte sequence representing MSID of device\r
244 @param[in] MsidLength Actual length of MSID retrieved from device\r
245\r
246**/\r
247TCG_RESULT\r
248EFIAPI\r
c411b485
MK		 249OpalGetMsid (\r
250 OPAL_SESSION *AdminSpSession,\r
251 UINT32 MsidBufferSize,\r
252 UINT8 *Msid,\r
253 UINT32 *MsidLength\r
9dd05dde
ED		 254 );\r
255\r
256/**\r
257\r
258 The function activates the Locking SP.\r
259 Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.\r
260 If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.\r
261\r
262 @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP\r
263 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
264\r
265**/\r
266TCG_RESULT\r
267EFIAPI\r
c411b485
MK		 268OpalActivateLockingSp (\r
269 OPAL_SESSION *AdminSpSession,\r
270 UINT8 *MethodStatus\r
9dd05dde
ED		 271 );\r
272\r
9dd05dde
ED		 273/**\r
274\r
275 The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.\r
276\r
277 @param[in/out] Session OPAL_SESSION to set password\r
278 @param[in] CpinRowUid UID of row (authority) to update PIN column\r
279 @param[in] NewPin New Pin to set for cpinRowUid specified\r
280 @param[in] NewPinLength Length in bytes of newPin\r
281 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
282\r
283**/\r
284TCG_RESULT\r
285EFIAPI\r
c411b485
MK		 286OpalSetPassword (\r
287 OPAL_SESSION *Session,\r
288 TCG_UID CpinRowUid,\r
289 const VOID *NewPin,\r
290 UINT32 NewPinLength,\r
291 UINT8 *MethodStatus\r
9dd05dde
ED		 292 );\r
293\r
294/**\r
295\r
296 The function retrieves the active key of the global locking range\r
297 and calls the GenKey method on the active key retrieved.\r
298\r
299 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
300 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
301\r
302**/\r
303TCG_RESULT\r
304EFIAPI\r
c411b485
MK		 305OpalGlobalLockingRangeGenKey (\r
306 OPAL_SESSION *LockingSpSession,\r
307 UINT8 *MethodStatus\r
9dd05dde
ED		 308 );\r
309\r
9dd05dde
ED		 310/**\r
311\r
312 The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r
0ab475c9 313 This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r
9dd05dde
ED		 314 (not ReadLockEnabled and WriteLockEnabled columns).\r
315\r
316 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
317 @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range\r
318 @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range\r
319 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
320\r
321**/\r
322TCG_RESULT\r
323EFIAPI\r
c411b485
MK		 324OpalUpdateGlobalLockingRange (\r
325 OPAL_SESSION *LockingSpSession,\r
326 BOOLEAN ReadLocked,\r
327 BOOLEAN WriteLocked,\r
328 UINT8 *MethodStatus\r
9dd05dde
ED		 329 );\r
330\r
9dd05dde
ED		 331/**\r
332\r
333 The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns\r
334 of the specified Locking Range. This function requires admin authority of a locking SP session.\r
335\r
336 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
337 @param[in] LockingRangeUid Locking range UID to set values\r
338 @param[in] RangeStart Value to set RangeStart column for Locking Range\r
339 @param[in] RangeLength Value to set RangeLength column for Locking Range\r
340 @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r
341 @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r
342 @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r
343 @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r
344 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
345\r
346**/\r
347TCG_RESULT\r
348EFIAPI\r
c411b485
MK		 349OpalSetLockingRange (\r
350 OPAL_SESSION *LockingSpSession,\r
351 TCG_UID LockingRangeUid,\r
352 UINT64 RangeStart,\r
353 UINT64 RangeLength,\r
354 BOOLEAN ReadLockEnabled,\r
355 BOOLEAN WriteLockEnabled,\r
356 BOOLEAN ReadLocked,\r
357 BOOLEAN WriteLocked,\r
358 UINT8 *MethodStatus\r
9dd05dde
ED		 359 );\r
360\r
361/**\r
362\r
363 The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided\r
364 using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.\r
365\r
366 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update\r
367 @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN\r
368 @param[in] AuthorityUid UID of Locking SP authority to update Pin column with\r
369 @param[in] NewPin New Password used to set Pin column\r
370 @param[in] NewPinLength Length in bytes of new password\r
371 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
372\r
373**/\r
374TCG_RESULT\r
375EFIAPI\r
c411b485
MK		 376OpalSetLockingSpAuthorityEnabledAndPin (\r
377 OPAL_SESSION *LockingSpSession,\r
378 TCG_UID CpinRowUid,\r
379 TCG_UID AuthorityUid,\r
380 const VOID *NewPin,\r
381 UINT32 NewPinLength,\r
382 UINT8 *MethodStatus\r
9dd05dde
ED		 383 );\r
384\r
9dd05dde
ED		 385/**\r
386\r
387 The function sets the Enabled column to FALSE for the USER1 authority.\r
388\r
389 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1\r
390 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
391\r
392**/\r
393TCG_RESULT\r
394EFIAPI\r
c411b485
MK		 395OpalDisableUser (\r
396 OPAL_SESSION *LockingSpSession,\r
397 UINT8 *MethodStatus\r
9dd05dde
ED		 398 );\r
399\r
9dd05dde
ED		 400/**\r
401\r
402 The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter\r
403 to keep the user data is set to True, otherwise the optional parameter is not provided.\r
404\r
405 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP\r
406 @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.\r
407 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
408\r
409**/\r
410TCG_RESULT\r
411EFIAPI\r
c411b485
MK		 412OpalAdminRevert (\r
413 OPAL_SESSION *LockingSpSession,\r
414 BOOLEAN KeepUserData,\r
415 UINT8 *MethodStatus\r
9dd05dde
ED		 416 );\r
417\r
9dd05dde
ED		 418/**\r
419\r
420 The function retrieves the TryLimit column for the specified rowUid (authority).\r
421\r
422 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit\r
423 @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column\r
424 @param[in/out] TryLimit Value from TryLimit column\r
425\r
426**/\r
427TCG_RESULT\r
428EFIAPI\r
c411b485
MK		 429OpalGetTryLimit (\r
430 OPAL_SESSION *LockingSpSession,\r
431 TCG_UID RowUid,\r
432 UINT32 *TryLimit\r
9dd05dde
ED		 433 );\r
434\r
9dd05dde
ED		 435/**\r
436\r
437 The function populates the CreateStruct with a payload that will retrieve the global locking range active key.\r
438 It is intended to be called with a session that is already started with a valid credential.\r
439 The function does not send the payload.\r
440\r
441 @param[in] Session OPAL_SESSION to populate command for, needs comId\r
442 @param[in/out] CreateStruct Structure to populate with encoded TCG command\r
443 @param[in/out] Size Size in bytes of the command created.\r
444\r
445**/\r
446TCG_RESULT\r
447EFIAPI\r
c411b485
MK		 448OpalCreateRetrieveGlobalLockingRangeActiveKey (\r
449 const OPAL_SESSION *Session,\r
450 TCG_CREATE_STRUCT *CreateStruct,\r
451 UINT32 *Size\r
9dd05dde
ED		 452 );\r
453\r
9dd05dde
ED		 454/**\r
455\r
456 The function acquires the activeKey specified for the Global Locking Range from the parseStruct.\r
457\r
458 @param[in] ParseStruct Structure that contains the device's response with the activekey\r
459 @param[in/out] ActiveKey The UID of the active key retrieved\r
460\r
461**/\r
462TCG_RESULT\r
463EFIAPI\r
c411b485 464OpalParseRetrieveGlobalLockingRangeActiveKey (\r
9dd05dde
ED		 465 TCG_PARSE_STRUCT *ParseStruct,\r
466 TCG_UID *ActiveKey\r
467 );\r
468\r
469/**\r
470\r
471 Get the support attribute info.\r
472\r
473 @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r
474 @param[in/out] LockingFeature Return the Locking info.\r
475\r
476**/\r
477TCG_RESULT\r
478EFIAPI\r
c411b485
MK		 479OpalGetLockingInfo (\r
480 OPAL_SESSION *Session,\r
481 TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r
9dd05dde
ED		 482 );\r
483\r
484/**\r
485\r
486 The function determines whether or not all of the requirements for the Opal Feature (not full specification)\r
487 are met by the specified device.\r
488\r
489 @param[in] SupportedAttributes Opal device attribute.\r
490\r
491**/\r
492BOOLEAN\r
493EFIAPI\r
c411b485
MK		 494OpalFeatureSupported (\r
495 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes\r
9dd05dde
ED		 496 );\r
497\r
498/**\r
499\r
500 The function returns whether or not the device is Opal Enabled.\r
501 TRUE means that the device is partially or fully locked.\r
502 This will perform a Level 0 Discovery and parse the locking feature descriptor\r
503\r
504 @param[in] SupportedAttributes Opal device attribute.\r
505 @param[in] LockingFeature Opal device locking status.\r
506\r
507\r
508**/\r
509BOOLEAN\r
510EFIAPI\r
c411b485
MK		 511OpalFeatureEnabled (\r
512 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r
513 TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r
9dd05dde
ED		 514 );\r
515\r
516/**\r
517\r
518 The function returns whether or not the device is Opal Locked.\r
519 TRUE means that the device is partially or fully locked.\r
520 This will perform a Level 0 Discovery and parse the locking feature descriptor\r
521\r
522 @param[in] SupportedAttributes Opal device attribute.\r
523 @param[in] LockingFeature Opal device locking status.\r
524\r
525**/\r
526BOOLEAN\r
c411b485
MK		 527OpalDeviceLocked (\r
528 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r
529 TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r
9dd05dde
ED		 530 );\r
531\r
532/**\r
533 Trig the block sid action.\r
534\r
535 @param[in] Session OPAL_SESSION to populate command for, needs comId\r
536 @param[in] HardwareReset Whether need to do hardware reset.\r
537\r
538**/\r
539TCG_RESULT\r
540EFIAPI\r
c411b485
MK		 541OpalBlockSid (\r
542 OPAL_SESSION *Session,\r
543 BOOLEAN HardwareReset\r
9dd05dde
ED		 544 );\r
545\r
546/**\r
547\r
548 Get the support attribute info.\r
549\r
550 @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r
551 @param[in/out] SupportedAttributes Return the support attribute info.\r
552 @param[out] OpalBaseComId Return the base com id info.\r
553\r
554**/\r
555TCG_RESULT\r
556EFIAPI\r
c411b485 557OpalGetSupportedAttributesInfo (\r
9dd05dde
ED		 558 OPAL_SESSION *Session,\r
559 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r
560 UINT16 *OpalBaseComId\r
561 );\r
562\r
563/**\r
564 Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r
565\r
566 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r
567 @param[in] Psid PSID of device to revert.\r
568 @param[in] PsidLength Length of PSID in bytes.\r
569\r
570**/\r
571TCG_RESULT\r
572EFIAPI\r
c411b485
MK		 573OpalUtilPsidRevert (\r
574 OPAL_SESSION *AdminSpSession,\r
575 const VOID *Psid,\r
576 UINT32 PsidLength\r
9dd05dde
ED		 577 );\r
578\r
579/**\r
580 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r
581 sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r
582 and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.\r
583\r
584 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r
585 @param[in] GeneratedSid Generated SID of disk\r
586 @param[in] SidLength Length of generatedSid in bytes\r
587 @param[in] Password New admin password to set\r
588 @param[in] PassLength Length of password in bytes\r
589\r
590**/\r
591TCG_RESULT\r
592EFIAPI\r
c411b485
MK		 593OpalUtilSetAdminPasswordAsSid (\r
594 OPAL_SESSION *AdminSpSession,\r
595 const VOID *GeneratedSid,\r
596 UINT32 SidLength,\r
597 const VOID *Password,\r
598 UINT32 PassLength\r
9dd05dde
ED		 599 );\r
600\r
601/**\r
602\r
603 Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r
604 and updates the specified locking range with the provided column values.\r
605\r
606 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
607 @param[in] Password New admin password to set\r
608 @param[in] PassLength Length of password in bytes\r
609 @param[in] LockingRangeUid Locking range UID to set values\r
610 @param[in] RangeStart Value to set RangeStart column for Locking Range\r
611 @param[in] RangeLength Value to set RangeLength column for Locking Range\r
612 @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r
613 @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r
614 @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r
615 @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r
616\r
617**/\r
618TCG_RESULT\r
619EFIAPI\r
c411b485
MK		 620OpalUtilSetOpalLockingRange (\r
621 OPAL_SESSION *LockingSpSession,\r
622 const VOID *Password,\r
623 UINT32 PassLength,\r
624 TCG_UID LockingRangeUid,\r
625 UINT64 RangeStart,\r
626 UINT64 RangeLength,\r
627 BOOLEAN ReadLockEnabled,\r
628 BOOLEAN WriteLockEnabled,\r
629 BOOLEAN ReadLocked,\r
630 BOOLEAN WriteLocked\r
9dd05dde
ED		 631 );\r
632\r
633/**\r
634 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r
635 sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r
636 and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r
637\r
638 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r
639 @param[in] OldPassword Current admin password\r
640 @param[in] OldPasswordLength Length of current admin password in bytes\r
641 @param[in] NewPassword New admin password to set\r
642 @param[in] NewPasswordLength Length of new password in bytes\r
643\r
644**/\r
645TCG_RESULT\r
646EFIAPI\r
c411b485 647OpalUtilSetAdminPassword (\r
9dd05dde
ED		 648 OPAL_SESSION *AdminSpSession,\r
649 const VOID *OldPassword,\r
650 UINT32 OldPasswordLength,\r
651 const VOID *NewPassword,\r
652 UINT32 NewPasswordLength\r
653 );\r
654\r
655/**\r
656 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r
657 and sets the User1 SP authority to enabled and sets the User1 password.\r
658\r
659 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
660 @param[in] OldPassword Current admin password\r
661 @param[in] OldPasswordLength Length of current admin password in bytes\r
662 @param[in] NewPassword New admin password to set\r
663 @param[in] NewPasswordLength Length of new password in bytes\r
664\r
665**/\r
666TCG_RESULT\r
667EFIAPI\r
c411b485
MK		 668OpalUtilSetUserPassword (\r
669 OPAL_SESSION *LockingSpSession,\r
670 const VOID *OldPassword,\r
671 UINT32 OldPasswordLength,\r
672 const VOID *NewPassword,\r
673 UINT32 NewPasswordLength\r
9dd05dde
ED		 674 );\r
675\r
676/**\r
677 Verify whether user input the correct password.\r
678\r
679 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
680 @param[in] Password Admin password\r
681 @param[in] PasswordLength Length of password in bytes\r
682 @param[in/out] HostSigningAuthority Use the Host signing authority type.\r
683\r
684**/\r
685TCG_RESULT\r
686EFIAPI\r
687OpalUtilVerifyPassword (\r
c411b485
MK		 688 OPAL_SESSION *LockingSpSession,\r
689 const VOID *Password,\r
690 UINT32 PasswordLength,\r
691 TCG_UID HostSigningAuthority\r
9dd05dde
ED		 692 );\r
693\r
694/**\r
695 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r
696 and generates a new global locking range key to erase the Data.\r
697\r
698 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
699 @param[in] Password Admin or user password\r
700 @param[in] PasswordLength Length of password in bytes\r
701 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r
702\r
703**/\r
704TCG_RESULT\r
705EFIAPI\r
c411b485
MK		 706OpalUtilSecureErase (\r
707 OPAL_SESSION *LockingSpSession,\r
708 const VOID *Password,\r
709 UINT32 PasswordLength,\r
710 BOOLEAN *PasswordFailed\r
9dd05dde
ED		 711 );\r
712\r
713/**\r
714 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r
715\r
716 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
717 @param[in] Password Admin password\r
718 @param[in] PasswordLength Length of password in bytes\r
719 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r
720\r
721**/\r
722TCG_RESULT\r
723EFIAPI\r
c411b485
MK		 724OpalUtilDisableUser (\r
725 OPAL_SESSION *LockingSpSession,\r
726 const VOID *Password,\r
727 UINT32 PasswordLength,\r
728 BOOLEAN *PasswordFailed\r
9dd05dde
ED		 729 );\r
730\r
731/**\r
732 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r
733\r
734 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
735 @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r
736 @param[in] Password Admin password\r
737 @param[in] PasswordLength Length of password in bytes\r
738 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r
739 @param[in] Msid Input Msid info.\r
740 @param[in] MsidLength Input Msid info length.\r
741\r
742**/\r
743TCG_RESULT\r
744EFIAPI\r
c411b485
MK		 745OpalUtilRevert (\r
746 OPAL_SESSION *LockingSpSession,\r
747 BOOLEAN KeepUserData,\r
748 const VOID *Password,\r
749 UINT32 PasswordLength,\r
750 BOOLEAN *PasswordFailed,\r
751 UINT8 *Msid,\r
752 UINT32 MsidLength\r
9dd05dde
ED		 753 );\r
754\r
755/**\r
756 After revert success, set SID to MSID.\r
757\r
758 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r
759 @param Password, Input password info.\r
760 @param PasswordLength, Input password length.\r
761 @param[in] Msid Input Msid info.\r
762 @param[in] MsidLength Input Msid info length.\r
763\r
764**/\r
765TCG_RESULT\r
766EFIAPI\r
767OpalUtilSetSIDtoMSID (\r
c411b485
MK		 768 OPAL_SESSION *AdminSpSession,\r
769 const VOID *Password,\r
770 UINT32 PasswordLength,\r
771 UINT8 *Msid,\r
772 UINT32 MsidLength\r
9dd05dde
ED		 773 );\r
774\r
775/**\r
776 Update global locking range.\r
777\r
778 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r
779 @param Password, Input password info.\r
780 @param PasswordLength, Input password length.\r
781 @param ReadLocked, Read lock info.\r
782 @param WriteLocked write lock info.\r
783\r
784**/\r
785TCG_RESULT\r
786EFIAPI\r
c411b485
MK		 787OpalUtilUpdateGlobalLockingRange (\r
788 OPAL_SESSION *LockingSpSession,\r
789 const VOID *Password,\r
790 UINT32 PasswordLength,\r
791 BOOLEAN ReadLocked,\r
792 BOOLEAN WriteLocked\r
9dd05dde
ED		 793 );\r
794\r
795/**\r
796 Update global locking range.\r
797\r
798 @param Session, The session info for one opal device.\r
799 @param Msid, The data buffer to save Msid info.\r
800 @param MsidBufferLength, The data buffer length for Msid.\r
801 @param MsidLength, The actual data length for Msid.\r
802\r
803**/\r
804TCG_RESULT\r
805EFIAPI\r
c411b485
MK		 806OpalUtilGetMsid (\r
807 OPAL_SESSION *Session,\r
808 UINT8 *Msid,\r
809 UINT32 MsidBufferLength,\r
810 UINT32 *MsidLength\r
9dd05dde
ED		 811 );\r
812\r
813/**\r
814\r
815 The function determines who owns the device by attempting to start a session with different credentials.\r
816 If the SID PIN matches the MSID PIN, the no one owns the device.\r
817 If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.\r
818\r
819\r
820 @param[in] Session The session info for one opal device.\r
821 @param Msid, The Msid info.\r
822 @param MsidLength, The data length for Msid.\r
823\r
824**/\r
825OPAL_OWNER_SHIP\r
826EFIAPI\r
c411b485
MK		 827OpalUtilDetermineOwnership (\r
828 OPAL_SESSION *Session,\r
829 UINT8 *Msid,\r
830 UINT32 MsidLength\r
9dd05dde
ED		 831 );\r
832\r
833/**\r
834\r
835 The function returns if admin password exists.\r
836\r
837 @param[in] OwnerShip The owner ship of the opal device.\r
838 @param[in] LockingFeature The locking info of the opal device.\r
839\r
840 @retval TRUE Admin password existed.\r
841 @retval FALSE Admin password not existed.\r
842\r
843**/\r
844BOOLEAN\r
845EFIAPI\r
c411b485
MK		 846OpalUtilAdminPasswordExists (\r
847 IN UINT16 OwnerShip,\r
848 IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r
9dd05dde
ED		 849 );\r
850\r
a3068f06
ED		 851/**\r
852 Get Active Data Removal Mechanism Value.\r
853\r
854 @param[in] Session, The session info for one opal device.\r
855 @param[in] GeneratedSid Generated SID of disk\r
856 @param[in] SidLength Length of generatedSid in bytes\r
857 @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.\r
858\r
859**/\r
860TCG_RESULT\r
861EFIAPI\r
862OpalUtilGetActiveDataRemovalMechanism (\r
c411b485
MK		 863 OPAL_SESSION *Session,\r
864 const VOID *GeneratedSid,\r
865 UINT32 SidLength,\r
866 UINT8 *ActiveDataRemovalMechanism\r
a3068f06
ED		 867 );\r
868\r
869/**\r
870 Get the supported Data Removal Mechanism list.\r
871\r
872 @param[in] Session, The session info for one opal device.\r
873 @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.\r
874\r
875**/\r
876TCG_RESULT\r
877EFIAPI\r
878OpalUtilGetDataRemovalMechanismLists (\r
c411b485
MK		 879 IN OPAL_SESSION *Session,\r
880 OUT UINT32 *RemovalMechanismLists\r
a3068f06
ED		 881 );\r
882\r
9dd05dde 883#endif // _OPAL_CORE_H_\r
EFI Development Kit II mirror for PVE