[mirror_edk2.git] / SecurityPkg / Include / Library / TcgStorageOpalLib.h

/** @file\r
  Public API for Opal Core library.\r
\r
  (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,\r
  https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/\r
\r
  Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00,\r
  https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/\r
\r
  Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00,\r
  https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/\r
\r
  TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00,\r
  https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/\r
\r
  TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00,\r
  https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/\r
\r
  TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00,\r
  https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/)\r
\r
  Check http://trustedcomputinggroup.org for latest specification updates.\r
\r
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#ifndef _OPAL_CORE_H_\r
#define _OPAL_CORE_H_\r
\r
#include <IndustryStandard/TcgStorageOpal.h>\r
\r
#include <Library/TcgStorageCoreLib.h>\r
#include <Protocol/StorageSecurityCommand.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
    //\r
    // Opal SSC 1 support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 OpalSsc1 : 1;\r
\r
    //\r
    // Opal SSC 2support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 OpalSsc2 : 1;\r
\r
    //\r
    // Opal SSC Lite support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 OpalSscLite : 1;\r
\r
    //\r
    // Pyrite SSC support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 PyriteSsc : 1;\r
\r
    //\r
    // Security protocol 1 support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 Sp1 : 1;\r
\r
    //\r
    // Security protocol 2 support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 Sp2 : 1;\r
\r
    //\r
    // Security protocol IEEE1667 support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 SpIeee1667 : 1;\r
\r
    //\r
    // Media encryption supported (0 - not supported, 1 - supported)\r
    //\r
    UINT32 MediaEncryption : 1;\r
\r
    //\r
    // Initial C_PIN_SID PIN Indicator\r
    //  0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r
    //  1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r
    //\r
    UINT32 InitCpinIndicator : 1;\r
\r
    //\r
    // Behavior of C_PIN_SID PIN upon TPer Revert\r
    //  0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r
    //  1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r
    //\r
    UINT32 CpinUponRevert : 1;\r
\r
    //\r
    // Media encryption supported (0 - not supported, 1 - supported)\r
    //\r
    UINT32 BlockSid : 1;\r
\r
    //\r
    // Pyrite SSC V2 support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 PyriteSscV2 : 1;\r
\r
    //\r
    // Supported Data Removal Mechanism support  (0 - not supported, 1 - supported)\r
    //\r
    UINT32 DataRemoval : 1;\r
} OPAL_DISK_SUPPORT_ATTRIBUTE;\r
\r
//\r
// Opal device ownership type\r
// The type indicates who was the determined owner of the device.\r
//\r
typedef enum {\r
    //\r
    // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP\r
    //was unsuccessful with the provided PIN\r
    //\r
    OpalOwnershipUnknown,\r
\r
    //\r
    // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN\r
    //\r
    OpalOwnershipNobody,\r
} OPAL_OWNER_SHIP;\r
\r
//\r
// Structure that is used to represent an Opal session.\r
// The structure must be initialized by calling OpalStartSession before being used as a parameter\r
// for any other Opal function.\r
// This structure should NOT be directly modified by the client of this library.\r
//\r
//\r
typedef struct  {\r
    UINT32                                 HostSessionId;\r
    UINT32                                 TperSessionId;\r
    UINT16                                 ComIdExtension;\r
\r
    UINT16                                 OpalBaseComId;\r
\r
    EFI_STORAGE_SECURITY_COMMAND_PROTOCOL  *Sscp;\r
    UINT32                                 MediaId;\r
} OPAL_SESSION;\r
#pragma pack()\r
\r
/**\r
\r
  The function fills in the provided Buffer with the supported protocol list\r
  of the device specified.\r
\r
  @param[in]        Session         OPAL_SESSION data.\r
  @param[in]        BufferSize      Size of Buffer provided (in bytes)\r
  @param[in]        BuffAddress     Buffer address to fill with security protocol list\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalRetrieveSupportedProtocolList(\r
  OPAL_SESSION     *Session,\r
  UINTN            BufferSize,\r
  VOID             *BuffAddress\r
  );\r
\r
/**\r
\r
  The function fills in the provided Buffer with the level 0 discovery Header\r
  of the device specified.\r
\r
  @param[in]        Session         OPAL_SESSION data.\r
  @param[in]        BufferSize      Size of Buffer provided (in bytes)\r
  @param[in]        BuffAddress     Buffer address to fill with Level 0 Discovery response\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalRetrieveLevel0DiscoveryHeader(\r
  OPAL_SESSION     *Session,\r
  UINTN            BufferSize,\r
  VOID             *BuffAddress\r
  );\r
\r
/**\r
  Starts a session with a security provider (SP).\r
\r
  If a session is started successfully, the caller must end the session with OpalEndSession when finished\r
  performing Opal actions.\r
\r
  @param[in/out]  Session                 OPAL_SESSION to initialize.\r
  @param[in]      SpId                    Security provider ID to start the session with.\r
  @param[in]      Write                   Whether the session should be read-only (FALSE) or read/write (TRUE).\r
  @param[in]      HostChallengeLength     Length of the host challenge.  Length should be 0 if hostChallenge is NULL\r
  @param[in]      HostChallenge           Host challenge for Host Signing Authority.  If NULL, then no Host Challenge will be sent.\r
  @param[in]      HostSigningAuthority    Host Signing Authority used for start session.  If NULL, then no Host Signing Authority will be sent.\r
  @param[in/out]  MethodStatus            Status of the StartSession method; only valid if TcgResultSuccess is returned.\r
\r
  @return TcgResultSuccess indicates that the function completed without any internal errors.\r
  The caller must inspect the MethodStatus field to determine whether the method completed successfully.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalStartSession(\r
  OPAL_SESSION     *Session,\r
  TCG_UID          SpId,\r
  BOOLEAN          Write,\r
  UINT32           HostChallengeLength,\r
  const VOID       *HostChallenge,\r
  TCG_UID          HostSigningAuthority,\r
  UINT8            *MethodStatus\r
  );\r
\r
/**\r
  Close a session opened with OpalStartSession.\r
\r
  @param[in/out]  Session                 OPAL_SESSION to end.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalEndSession(\r
  OPAL_SESSION     *Session\r
  );\r
\r
/**\r
\r
  Reverts device using Admin SP Revert method.\r
\r
  @param[in]  AdminSpSession      OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalPsidRevert(\r
  OPAL_SESSION              *AdminSpSession\r
  );\r
\r
\r
/**\r
\r
  The function retrieves the MSID from the device specified\r
\r
  @param[in]  AdminSpSession      OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r
  @param[in]  MsidBufferSize      Allocated buffer size (in bytes) for MSID allocated by caller\r
  @param[in]  Msid                Variable length byte sequence representing MSID of device\r
  @param[in]  MsidLength          Actual length of MSID retrieved from device\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalGetMsid(\r
  OPAL_SESSION    *AdminSpSession,\r
  UINT32          MsidBufferSize,\r
  UINT8           *Msid,\r
  UINT32          *MsidLength\r
  );\r
\r
/**\r
\r
  The function activates the Locking SP.\r
  Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.\r
  If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.\r
\r
  @param[in]      AdminSpSession      OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP\r
  @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalActivateLockingSp(\r
  OPAL_SESSION           *AdminSpSession,\r
  UINT8                  *MethodStatus\r
  );\r
\r
\r
/**\r
\r
  The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.\r
\r
  @param[in/out]  Session                 OPAL_SESSION to set password\r
  @param[in]      CpinRowUid              UID of row (authority) to update PIN column\r
  @param[in]      NewPin                  New Pin to set for cpinRowUid specified\r
  @param[in]      NewPinLength            Length in bytes of newPin\r
  @param[in/out]  MethodStatus            Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalSetPassword(\r
  OPAL_SESSION   *Session,\r
  TCG_UID        CpinRowUid,\r
  const VOID     *NewPin,\r
  UINT32         NewPinLength,\r
  UINT8          *MethodStatus\r
  );\r
\r
/**\r
\r
  The function retrieves the active key of the global locking range\r
  and calls the GenKey method on the active key retrieved.\r
\r
  @param[in]        LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
  @param[in/out]    MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalGlobalLockingRangeGenKey(\r
  OPAL_SESSION   *LockingSpSession,\r
  UINT8          *MethodStatus\r
  );\r
\r
\r
/**\r
\r
  The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r
  This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r
  (not ReadLockEnabled and WriteLockEnabled columns).\r
\r
  @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
  @param[in]      ReadLocked          Value to set ReadLocked column for Global Locking Range\r
  @param[in]      WriteLocked         Value to set WriteLocked column for Global Locking Range\r
  @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUpdateGlobalLockingRange(\r
  OPAL_SESSION             *LockingSpSession,\r
  BOOLEAN                  ReadLocked,\r
  BOOLEAN                  WriteLocked,\r
  UINT8                    *MethodStatus\r
  );\r
\r
\r
/**\r
\r
  The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns\r
  of the specified Locking Range.  This function requires admin authority of a locking SP session.\r
\r
  @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
  @param[in]      LockingRangeUid     Locking range UID to set values\r
  @param[in]      RangeStart          Value to set RangeStart column for Locking Range\r
  @param[in]      RangeLength         Value to set RangeLength column for Locking Range\r
  @param[in]      ReadLockEnabled     Value to set readLockEnabled column for Locking Range\r
  @param[in]      WriteLockEnabled    Value to set writeLockEnabled column for Locking Range\r
  @param[in]      ReadLocked          Value to set ReadLocked column for Locking Range\r
  @param[in]      WriteLocked         Value to set WriteLocked column for Locking Range\r
  @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalSetLockingRange(\r
  OPAL_SESSION     *LockingSpSession,\r
  TCG_UID          LockingRangeUid,\r
  UINT64           RangeStart,\r
  UINT64           RangeLength,\r
  BOOLEAN          ReadLockEnabled,\r
  BOOLEAN          WriteLockEnabled,\r
  BOOLEAN          ReadLocked,\r
  BOOLEAN          WriteLocked,\r
  UINT8            *MethodStatus\r
  );\r
\r
/**\r
\r
  The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided\r
  using the newPin provided.  AuthorityUid and cpinRowUid should describe the same authority.\r
\r
  @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update\r
  @param[in]      CpinRowUid          Row UID of C_PIN table of Locking SP to update PIN\r
  @param[in]      AuthorityUid        UID of Locking SP authority to update Pin column with\r
  @param[in]      NewPin              New Password used to set Pin column\r
  @param[in]      NewPinLength        Length in bytes of new password\r
  @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalSetLockingSpAuthorityEnabledAndPin(\r
  OPAL_SESSION    *LockingSpSession,\r
  TCG_UID         CpinRowUid,\r
  TCG_UID         AuthorityUid,\r
  const VOID      *NewPin,\r
  UINT32          NewPinLength,\r
  UINT8           *MethodStatus\r
  );\r
\r
\r
/**\r
\r
  The function sets the Enabled column to FALSE for the USER1 authority.\r
\r
  @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1\r
  @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalDisableUser(\r
  OPAL_SESSION     *LockingSpSession,\r
  UINT8            *MethodStatus\r
  );\r
\r
\r
/**\r
\r
  The function calls the Admin SP RevertSP method on the Locking SP.  If KeepUserData is True, then the optional parameter\r
  to keep the user data is set to True, otherwise the optional parameter is not provided.\r
\r
  @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP\r
  @param[in]      KeepUserData        Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.\r
  @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalAdminRevert(\r
  OPAL_SESSION    *LockingSpSession,\r
  BOOLEAN         KeepUserData,\r
  UINT8           *MethodStatus\r
  );\r
\r
\r
/**\r
\r
  The function retrieves the TryLimit column for the specified rowUid (authority).\r
\r
  @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit\r
  @param[in]      RowUid              Row UID of the Locking SP C_PIN table to retrieve TryLimit column\r
  @param[in/out]  TryLimit            Value from TryLimit column\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalGetTryLimit(\r
  OPAL_SESSION   *LockingSpSession,\r
  TCG_UID        RowUid,\r
  UINT32         *TryLimit\r
  );\r
\r
\r
/**\r
\r
  The function populates the CreateStruct with a payload that will retrieve the global locking range active key.\r
  It is intended to be called with a session that is already started with a valid credential.\r
  The function does not send the payload.\r
\r
  @param[in]      Session        OPAL_SESSION to populate command for, needs comId\r
  @param[in/out]  CreateStruct   Structure to populate with encoded TCG command\r
  @param[in/out]  Size           Size in bytes of the command created.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalCreateRetrieveGlobalLockingRangeActiveKey(\r
  const OPAL_SESSION    *Session,\r
  TCG_CREATE_STRUCT     *CreateStruct,\r
  UINT32                *Size\r
  );\r
\r
\r
/**\r
\r
  The function acquires the activeKey specified for the Global Locking Range from the parseStruct.\r
\r
  @param[in]      ParseStruct    Structure that contains the device's response with the activekey\r
  @param[in/out]  ActiveKey      The UID of the active key retrieved\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalParseRetrieveGlobalLockingRangeActiveKey(\r
  TCG_PARSE_STRUCT  *ParseStruct,\r
  TCG_UID           *ActiveKey\r
  );\r
\r
/**\r
\r
  Get the support attribute info.\r
\r
  @param[in]      Session             OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r
  @param[in/out]  LockingFeature      Return the Locking info.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalGetLockingInfo(\r
  OPAL_SESSION                     *Session,\r
  TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature\r
  );\r
\r
/**\r
\r
  The function determines whether or not all of the requirements for the Opal Feature (not full specification)\r
  are met by the specified device.\r
\r
  @param[in]      SupportedAttributes     Opal device attribute.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
OpalFeatureSupported(\r
  OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes\r
  );\r
\r
/**\r
\r
  The function returns whether or not the device is Opal Enabled.\r
  TRUE means that the device is partially or fully locked.\r
  This will perform a Level 0 Discovery and parse the locking feature descriptor\r
\r
  @param[in]      SupportedAttributes     Opal device attribute.\r
  @param[in]      LockingFeature          Opal device locking status.\r
\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
OpalFeatureEnabled(\r
  OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes,\r
  TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature\r
  );\r
\r
/**\r
\r
  The function returns whether or not the device is Opal Locked.\r
  TRUE means that the device is partially or fully locked.\r
  This will perform a Level 0 Discovery and parse the locking feature descriptor\r
\r
  @param[in]      SupportedAttributes     Opal device attribute.\r
  @param[in]      LockingFeature          Opal device locking status.\r
\r
**/\r
BOOLEAN\r
OpalDeviceLocked(\r
  OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes,\r
  TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature\r
  );\r
\r
/**\r
  Trig the block sid action.\r
\r
  @param[in]      Session            OPAL_SESSION to populate command for, needs comId\r
  @param[in]      HardwareReset      Whether need to do hardware reset.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalBlockSid(\r
  OPAL_SESSION                           *Session,\r
  BOOLEAN                                HardwareReset\r
  );\r
\r
/**\r
\r
  Get the support attribute info.\r
\r
  @param[in]      Session             OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r
  @param[in/out]  SupportedAttributes Return the support attribute info.\r
  @param[out]     OpalBaseComId       Return the base com id info.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalGetSupportedAttributesInfo(\r
  OPAL_SESSION                 *Session,\r
  OPAL_DISK_SUPPORT_ATTRIBUTE  *SupportedAttributes,\r
  UINT16                       *OpalBaseComId\r
  );\r
\r
/**\r
  Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r
\r
  @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId\r
  @param[in]      Psid               PSID of device to revert.\r
  @param[in]      PsidLength         Length of PSID in bytes.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilPsidRevert(\r
  OPAL_SESSION   *AdminSpSession,\r
  const VOID     *Psid,\r
  UINT32         PsidLength\r
  );\r
\r
/**\r
  Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r
  sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r
  and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.\r
\r
  @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId\r
  @param[in]      GeneratedSid       Generated SID of disk\r
  @param[in]      SidLength          Length of generatedSid in bytes\r
  @param[in]      Password           New admin password to set\r
  @param[in]      PassLength         Length of password in bytes\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilSetAdminPasswordAsSid(\r
  OPAL_SESSION      *AdminSpSession,\r
  const VOID        *GeneratedSid,\r
  UINT32            SidLength,\r
  const VOID        *Password,\r
  UINT32            PassLength\r
  );\r
\r
/**\r
\r
  Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r
  and updates the specified locking range with the provided column values.\r
\r
  @param[in]      LockingSpSession   OPAL_SESSION to populate command for, needs comId\r
  @param[in]      Password           New admin password to set\r
  @param[in]      PassLength         Length of password in bytes\r
  @param[in]      LockingRangeUid    Locking range UID to set values\r
  @param[in]      RangeStart         Value to set RangeStart column for Locking Range\r
  @param[in]      RangeLength        Value to set RangeLength column for Locking Range\r
  @param[in]      ReadLockEnabled    Value to set readLockEnabled column for Locking Range\r
  @param[in]      WriteLockEnabled   Value to set writeLockEnabled column for Locking Range\r
  @param[in]      ReadLocked         Value to set ReadLocked column for Locking Range\r
  @param[in]      WriteLocked        Value to set WriteLocked column for Locking Range\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilSetOpalLockingRange(\r
  OPAL_SESSION   *LockingSpSession,\r
  const VOID     *Password,\r
  UINT32         PassLength,\r
  TCG_UID        LockingRangeUid,\r
  UINT64         RangeStart,\r
  UINT64         RangeLength,\r
  BOOLEAN        ReadLockEnabled,\r
  BOOLEAN        WriteLockEnabled,\r
  BOOLEAN        ReadLocked,\r
  BOOLEAN        WriteLocked\r
  );\r
\r
/**\r
  Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r
  sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r
  and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r
\r
  @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId\r
  @param[in]      OldPassword        Current admin password\r
  @param[in]      OldPasswordLength  Length of current admin password in bytes\r
  @param[in]      NewPassword        New admin password to set\r
  @param[in]      NewPasswordLength  Length of new password in bytes\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilSetAdminPassword(\r
  OPAL_SESSION  *AdminSpSession,\r
  const VOID    *OldPassword,\r
  UINT32        OldPasswordLength,\r
  const VOID    *NewPassword,\r
  UINT32        NewPasswordLength\r
  );\r
\r
/**\r
  Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r
  and sets the User1 SP authority to enabled and sets the User1 password.\r
\r
  @param[in]      LockingSpSession   OPAL_SESSION to populate command for, needs comId\r
  @param[in]      OldPassword        Current admin password\r
  @param[in]      OldPasswordLength  Length of current admin password in bytes\r
  @param[in]      NewPassword        New admin password to set\r
  @param[in]      NewPasswordLength  Length of new password in bytes\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilSetUserPassword(\r
  OPAL_SESSION    *LockingSpSession,\r
  const VOID      *OldPassword,\r
  UINT32          OldPasswordLength,\r
  const VOID      *NewPassword,\r
  UINT32          NewPasswordLength\r
  );\r
\r
/**\r
  Verify whether user input the correct password.\r
\r
  @param[in]      LockingSpSession            OPAL_SESSION to populate command for, needs comId\r
  @param[in]      Password                    Admin password\r
  @param[in]      PasswordLength              Length of password in bytes\r
  @param[in/out]  HostSigningAuthority        Use the Host signing authority type.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilVerifyPassword (\r
  OPAL_SESSION   *LockingSpSession,\r
  const VOID     *Password,\r
  UINT32         PasswordLength,\r
  TCG_UID        HostSigningAuthority\r
  );\r
\r
/**\r
  Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r
  and generates a new global locking range key to erase the Data.\r
\r
  @param[in]      LockingSpSession     OPAL_SESSION to populate command for, needs comId\r
  @param[in]      Password             Admin or user password\r
  @param[in]      PasswordLength       Length of password in bytes\r
  @param[in/out]  PasswordFailed       indicates if password failed (start session didn't work)\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilSecureErase(\r
  OPAL_SESSION     *LockingSpSession,\r
  const VOID       *Password,\r
  UINT32           PasswordLength,\r
  BOOLEAN          *PasswordFailed\r
  );\r
\r
/**\r
  Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r
\r
  @param[in]      LockingSpSession      OPAL_SESSION to populate command for, needs comId\r
  @param[in]      Password              Admin password\r
  @param[in]      PasswordLength        Length of password in bytes\r
  @param[in/out]  PasswordFailed        indicates if password failed (start session didn't work)\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilDisableUser(\r
  OPAL_SESSION   *LockingSpSession,\r
  const VOID     *Password,\r
  UINT32         PasswordLength,\r
  BOOLEAN        *PasswordFailed\r
  );\r
\r
/**\r
  Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r
\r
  @param[in]      LockingSpSession      OPAL_SESSION to populate command for, needs comId\r
  @param[in]      KeepUserData       TRUE to keep existing Data on the disk, or FALSE to erase it\r
  @param[in]      Password           Admin password\r
  @param[in]      PasswordLength     Length of password in bytes\r
  @param[in/out]  PasswordFailed     indicates if password failed (start session didn't work)\r
  @param[in]      Msid               Input Msid info.\r
  @param[in]      MsidLength         Input Msid info length.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilRevert(\r
  OPAL_SESSION     *LockingSpSession,\r
  BOOLEAN          KeepUserData,\r
  const VOID       *Password,\r
  UINT32           PasswordLength,\r
  BOOLEAN          *PasswordFailed,\r
  UINT8            *Msid,\r
  UINT32           MsidLength\r
  );\r
\r
/**\r
  After revert success, set SID to MSID.\r
\r
  @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId\r
  @param          Password,          Input password info.\r
  @param          PasswordLength,    Input password length.\r
  @param[in]      Msid               Input Msid info.\r
  @param[in]      MsidLength         Input Msid info length.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilSetSIDtoMSID (\r
  OPAL_SESSION     *AdminSpSession,\r
  const VOID       *Password,\r
  UINT32           PasswordLength,\r
  UINT8            *Msid,\r
  UINT32           MsidLength\r
  );\r
\r
/**\r
  Update global locking range.\r
\r
  @param[in]      LockingSpSession   OPAL_SESSION to populate command for, needs comId\r
  @param          Password,          Input password info.\r
  @param          PasswordLength,    Input password length.\r
  @param          ReadLocked,        Read lock info.\r
  @param          WriteLocked        write lock info.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilUpdateGlobalLockingRange(\r
  OPAL_SESSION    *LockingSpSession,\r
  const VOID      *Password,\r
  UINT32          PasswordLength,\r
  BOOLEAN         ReadLocked,\r
  BOOLEAN         WriteLocked\r
  );\r
\r
/**\r
  Update global locking range.\r
\r
  @param          Session,           The session info for one opal device.\r
  @param          Msid,              The data buffer to save Msid info.\r
  @param          MsidBufferLength,  The data buffer length for Msid.\r
  @param          MsidLength,        The actual data length for Msid.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilGetMsid(\r
  OPAL_SESSION    *Session,\r
  UINT8           *Msid,\r
  UINT32          MsidBufferLength,\r
  UINT32          *MsidLength\r
  );\r
\r
/**\r
\r
  The function determines who owns the device by attempting to start a session with different credentials.\r
  If the SID PIN matches the MSID PIN, the no one owns the device.\r
  If the SID PIN matches the ourSidPin, then "Us" owns the device.  Otherwise it is unknown.\r
\r
\r
  @param[in]      Session            The session info for one opal device.\r
  @param          Msid,              The Msid info.\r
  @param          MsidLength,        The data length for Msid.\r
\r
**/\r
OPAL_OWNER_SHIP\r
EFIAPI\r
OpalUtilDetermineOwnership(\r
  OPAL_SESSION       *Session,\r
  UINT8              *Msid,\r
  UINT32             MsidLength\r
  );\r
\r
/**\r
\r
  The function returns if admin password exists.\r
\r
  @param[in]      OwnerShip         The owner ship of the opal device.\r
  @param[in]      LockingFeature    The locking info of the opal device.\r
\r
  @retval         TRUE              Admin password existed.\r
  @retval         FALSE             Admin password not existed.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
OpalUtilAdminPasswordExists(\r
  IN  UINT16                           OwnerShip,\r
  IN  TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature\r
  );\r
\r
/**\r
  Get Active Data Removal Mechanism Value.\r
\r
  @param[in]      Session,                       The session info for one opal device.\r
  @param[in]      GeneratedSid                   Generated SID of disk\r
  @param[in]      SidLength                      Length of generatedSid in bytes\r
  @param[out]     ActiveDataRemovalMechanism     Return the active data removal mechanism.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilGetActiveDataRemovalMechanism (\r
  OPAL_SESSION      *Session,\r
  const VOID        *GeneratedSid,\r
  UINT32            SidLength,\r
  UINT8             *ActiveDataRemovalMechanism\r
  );\r
\r
/**\r
  Get the supported Data Removal Mechanism list.\r
\r
  @param[in]      Session,                       The session info for one opal device.\r
  @param[out]     RemovalMechanismLists          Return the supported data removal mechanism lists.\r
\r
**/\r
TCG_RESULT\r
EFIAPI\r
OpalUtilGetDataRemovalMechanismLists (\r
  IN  OPAL_SESSION      *Session,\r
  OUT UINT32            *RemovalMechanismLists\r
  );\r
\r
#endif // _OPAL_CORE_H_\r