]>
Commit | Line | Data |
---|---|---|
9dd05dde ED |
1 | /** @file\r |
2 | Public API for Opal Core library.\r | |
3 | \r | |
4b806739 | 4 | (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,\r |
4b8552d7 | 5 | https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/\r |
4b806739 ED |
6 | \r |
7 | Storage Work Group Storage Security Subsystem Class: Pyrite, Version 1.00 Final, Revision 1.00,\r | |
4b8552d7 | 8 | https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-pyrite/\r |
4b806739 ED |
9 | \r |
10 | Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00,\r | |
4b8552d7 | 11 | https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/\r |
4b806739 ED |
12 | \r |
13 | TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00,\r | |
4b8552d7 | 14 | https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/\r |
4b806739 ED |
15 | \r |
16 | TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00,\r | |
4b8552d7 | 17 | https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/\r |
4b806739 ED |
18 | \r |
19 | TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00,\r | |
4b8552d7 | 20 | https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/)\r |
4b806739 ED |
21 | \r |
22 | Check http://trustedcomputinggroup.org for latest specification updates.\r | |
23 | \r | |
24 | Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
9dd05dde ED |
25 | This program and the accompanying materials\r |
26 | are licensed and made available under the terms and conditions of the BSD License\r | |
27 | which accompanies this distribution. The full text of the license may be found at\r | |
28 | http://opensource.org/licenses/bsd-license.php\r | |
29 | \r | |
30 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
31 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
32 | \r | |
33 | **/\r | |
34 | \r | |
35 | #ifndef _OPAL_CORE_H_\r | |
36 | #define _OPAL_CORE_H_\r | |
37 | \r | |
38 | #include <IndustryStandard/TcgStorageOpal.h>\r | |
39 | \r | |
40 | #include <Library/TcgStorageCoreLib.h>\r | |
41 | #include <Protocol/StorageSecurityCommand.h>\r | |
42 | \r | |
43 | #pragma pack(1)\r | |
44 | \r | |
45 | typedef struct {\r | |
46 | //\r | |
47 | // Opal SSC 1 support (0 - not supported, 1 - supported)\r | |
48 | //\r | |
49 | UINT32 OpalSsc1 : 1;\r | |
50 | \r | |
51 | //\r | |
52 | // Opal SSC 2support (0 - not supported, 1 - supported)\r | |
53 | //\r | |
54 | UINT32 OpalSsc2 : 1;\r | |
55 | \r | |
56 | //\r | |
57 | // Opal SSC Lite support (0 - not supported, 1 - supported)\r | |
58 | //\r | |
59 | UINT32 OpalSscLite : 1;\r | |
60 | \r | |
61 | //\r | |
62 | // Pyrite SSC support (0 - not supported, 1 - supported)\r | |
63 | //\r | |
64 | UINT32 PyriteSsc : 1;\r | |
65 | \r | |
66 | //\r | |
67 | // Security protocol 1 support (0 - not supported, 1 - supported)\r | |
68 | //\r | |
69 | UINT32 Sp1 : 1;\r | |
70 | \r | |
71 | //\r | |
72 | // Security protocol 2 support (0 - not supported, 1 - supported)\r | |
73 | //\r | |
74 | UINT32 Sp2 : 1;\r | |
75 | \r | |
76 | //\r | |
77 | // Security protocol IEEE1667 support (0 - not supported, 1 - supported)\r | |
78 | //\r | |
79 | UINT32 SpIeee1667 : 1;\r | |
80 | \r | |
81 | //\r | |
82 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
83 | //\r | |
84 | UINT32 MediaEncryption : 1;\r | |
85 | \r | |
86 | //\r | |
87 | // Initial C_PIN_SID PIN Indicator\r | |
88 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
89 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
90 | //\r | |
91 | UINT32 InitCpinIndicator : 1;\r | |
92 | \r | |
93 | //\r | |
94 | // Behavior of C_PIN_SID PIN upon TPer Revert\r | |
95 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
96 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
97 | //\r | |
98 | UINT32 CpinUponRevert : 1;\r | |
b20e0d29 ED |
99 | \r |
100 | //\r | |
101 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
102 | //\r | |
103 | UINT32 BlockSid : 1;\r | |
104 | \r | |
a3068f06 ED |
105 | //\r |
106 | // Pyrite SSC V2 support (0 - not supported, 1 - supported)\r | |
107 | //\r | |
108 | UINT32 PyriteSscV2 : 1;\r | |
109 | \r | |
110 | //\r | |
111 | // Supported Data Removal Mechanism support (0 - not supported, 1 - supported)\r | |
112 | //\r | |
113 | UINT32 DataRemoval : 1;\r | |
9dd05dde ED |
114 | } OPAL_DISK_SUPPORT_ATTRIBUTE;\r |
115 | \r | |
116 | //\r | |
117 | // Opal device ownership type\r | |
118 | // The type indicates who was the determined owner of the device.\r | |
119 | //\r | |
120 | typedef enum {\r | |
121 | //\r | |
122 | // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP\r | |
123 | //was unsuccessful with the provided PIN\r | |
124 | //\r | |
125 | OpalOwnershipUnknown,\r | |
126 | \r | |
127 | //\r | |
128 | // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN\r | |
129 | //\r | |
130 | OpalOwnershipNobody,\r | |
131 | } OPAL_OWNER_SHIP;\r | |
132 | \r | |
133 | //\r | |
134 | // Structure that is used to represent an Opal session.\r | |
135 | // The structure must be initialized by calling OpalStartSession before being used as a parameter\r | |
136 | // for any other Opal function.\r | |
137 | // This structure should NOT be directly modified by the client of this library.\r | |
138 | //\r | |
139 | //\r | |
140 | typedef struct {\r | |
141 | UINT32 HostSessionId;\r | |
142 | UINT32 TperSessionId;\r | |
143 | UINT16 ComIdExtension;\r | |
144 | \r | |
145 | UINT16 OpalBaseComId;\r | |
146 | \r | |
147 | EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;\r | |
148 | UINT32 MediaId;\r | |
149 | } OPAL_SESSION;\r | |
150 | #pragma pack()\r | |
151 | \r | |
152 | /**\r | |
153 | \r | |
154 | The function fills in the provided Buffer with the supported protocol list\r | |
155 | of the device specified.\r | |
156 | \r | |
157 | @param[in] Session OPAL_SESSION data.\r | |
158 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
159 | @param[in] BuffAddress Buffer address to fill with security protocol list\r | |
160 | \r | |
161 | **/\r | |
162 | TCG_RESULT\r | |
163 | EFIAPI\r | |
164 | OpalRetrieveSupportedProtocolList(\r | |
165 | OPAL_SESSION *Session,\r | |
166 | UINTN BufferSize,\r | |
167 | VOID *BuffAddress\r | |
168 | );\r | |
169 | \r | |
170 | /**\r | |
171 | \r | |
172 | The function fills in the provided Buffer with the level 0 discovery Header\r | |
173 | of the device specified.\r | |
174 | \r | |
175 | @param[in] Session OPAL_SESSION data.\r | |
176 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
177 | @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response\r | |
178 | \r | |
179 | **/\r | |
180 | TCG_RESULT\r | |
181 | EFIAPI\r | |
182 | OpalRetrieveLevel0DiscoveryHeader(\r | |
183 | OPAL_SESSION *Session,\r | |
184 | UINTN BufferSize,\r | |
185 | VOID *BuffAddress\r | |
186 | );\r | |
187 | \r | |
188 | /**\r | |
189 | Starts a session with a security provider (SP).\r | |
190 | \r | |
191 | If a session is started successfully, the caller must end the session with OpalEndSession when finished\r | |
192 | performing Opal actions.\r | |
193 | \r | |
194 | @param[in/out] Session OPAL_SESSION to initialize.\r | |
195 | @param[in] SpId Security provider ID to start the session with.\r | |
196 | @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).\r | |
197 | @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL\r | |
198 | @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.\r | |
199 | @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.\r | |
200 | @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.\r | |
201 | \r | |
202 | @return TcgResultSuccess indicates that the function completed without any internal errors.\r | |
203 | The caller must inspect the MethodStatus field to determine whether the method completed successfully.\r | |
204 | \r | |
205 | **/\r | |
206 | TCG_RESULT\r | |
207 | EFIAPI\r | |
208 | OpalStartSession(\r | |
209 | OPAL_SESSION *Session,\r | |
210 | TCG_UID SpId,\r | |
211 | BOOLEAN Write,\r | |
212 | UINT32 HostChallengeLength,\r | |
213 | const VOID *HostChallenge,\r | |
214 | TCG_UID HostSigningAuthority,\r | |
215 | UINT8 *MethodStatus\r | |
216 | );\r | |
217 | \r | |
218 | /**\r | |
219 | Close a session opened with OpalStartSession.\r | |
220 | \r | |
221 | @param[in/out] Session OPAL_SESSION to end.\r | |
222 | \r | |
223 | **/\r | |
224 | TCG_RESULT\r | |
225 | EFIAPI\r | |
226 | OpalEndSession(\r | |
227 | OPAL_SESSION *Session\r | |
228 | );\r | |
229 | \r | |
230 | /**\r | |
231 | \r | |
232 | Reverts device using Admin SP Revert method.\r | |
233 | \r | |
234 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
235 | \r | |
236 | **/\r | |
237 | TCG_RESULT\r | |
238 | EFIAPI\r | |
239 | OpalPsidRevert(\r | |
240 | OPAL_SESSION *AdminSpSession\r | |
241 | );\r | |
242 | \r | |
243 | \r | |
244 | /**\r | |
245 | \r | |
246 | The function retrieves the MSID from the device specified\r | |
247 | \r | |
248 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
249 | @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller\r | |
250 | @param[in] Msid Variable length byte sequence representing MSID of device\r | |
251 | @param[in] MsidLength Actual length of MSID retrieved from device\r | |
252 | \r | |
253 | **/\r | |
254 | TCG_RESULT\r | |
255 | EFIAPI\r | |
256 | OpalGetMsid(\r | |
257 | OPAL_SESSION *AdminSpSession,\r | |
258 | UINT32 MsidBufferSize,\r | |
259 | UINT8 *Msid,\r | |
260 | UINT32 *MsidLength\r | |
261 | );\r | |
262 | \r | |
263 | /**\r | |
264 | \r | |
265 | The function activates the Locking SP.\r | |
266 | Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.\r | |
267 | If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.\r | |
268 | \r | |
269 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP\r | |
270 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
271 | \r | |
272 | **/\r | |
273 | TCG_RESULT\r | |
274 | EFIAPI\r | |
275 | OpalActivateLockingSp(\r | |
276 | OPAL_SESSION *AdminSpSession,\r | |
277 | UINT8 *MethodStatus\r | |
278 | );\r | |
279 | \r | |
280 | \r | |
281 | /**\r | |
282 | \r | |
283 | The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.\r | |
284 | \r | |
285 | @param[in/out] Session OPAL_SESSION to set password\r | |
286 | @param[in] CpinRowUid UID of row (authority) to update PIN column\r | |
287 | @param[in] NewPin New Pin to set for cpinRowUid specified\r | |
288 | @param[in] NewPinLength Length in bytes of newPin\r | |
289 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
290 | \r | |
291 | **/\r | |
292 | TCG_RESULT\r | |
293 | EFIAPI\r | |
294 | OpalSetPassword(\r | |
295 | OPAL_SESSION *Session,\r | |
296 | TCG_UID CpinRowUid,\r | |
297 | const VOID *NewPin,\r | |
298 | UINT32 NewPinLength,\r | |
299 | UINT8 *MethodStatus\r | |
300 | );\r | |
301 | \r | |
302 | /**\r | |
303 | \r | |
304 | The function retrieves the active key of the global locking range\r | |
305 | and calls the GenKey method on the active key retrieved.\r | |
306 | \r | |
307 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
308 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
309 | \r | |
310 | **/\r | |
311 | TCG_RESULT\r | |
312 | EFIAPI\r | |
313 | OpalGlobalLockingRangeGenKey(\r | |
314 | OPAL_SESSION *LockingSpSession,\r | |
315 | UINT8 *MethodStatus\r | |
316 | );\r | |
317 | \r | |
318 | \r | |
319 | /**\r | |
320 | \r | |
321 | The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r | |
0ab475c9 | 322 | This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r |
9dd05dde ED |
323 | (not ReadLockEnabled and WriteLockEnabled columns).\r |
324 | \r | |
325 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
326 | @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range\r | |
327 | @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range\r | |
328 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
329 | \r | |
330 | **/\r | |
331 | TCG_RESULT\r | |
332 | EFIAPI\r | |
333 | OpalUpdateGlobalLockingRange(\r | |
334 | OPAL_SESSION *LockingSpSession,\r | |
335 | BOOLEAN ReadLocked,\r | |
336 | BOOLEAN WriteLocked,\r | |
337 | UINT8 *MethodStatus\r | |
338 | );\r | |
339 | \r | |
340 | \r | |
341 | /**\r | |
342 | \r | |
343 | The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns\r | |
344 | of the specified Locking Range. This function requires admin authority of a locking SP session.\r | |
345 | \r | |
346 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
347 | @param[in] LockingRangeUid Locking range UID to set values\r | |
348 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
349 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
350 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
351 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
352 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
353 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
354 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
355 | \r | |
356 | **/\r | |
357 | TCG_RESULT\r | |
358 | EFIAPI\r | |
359 | OpalSetLockingRange(\r | |
360 | OPAL_SESSION *LockingSpSession,\r | |
361 | TCG_UID LockingRangeUid,\r | |
362 | UINT64 RangeStart,\r | |
363 | UINT64 RangeLength,\r | |
364 | BOOLEAN ReadLockEnabled,\r | |
365 | BOOLEAN WriteLockEnabled,\r | |
366 | BOOLEAN ReadLocked,\r | |
367 | BOOLEAN WriteLocked,\r | |
368 | UINT8 *MethodStatus\r | |
369 | );\r | |
370 | \r | |
371 | /**\r | |
372 | \r | |
373 | The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided\r | |
374 | using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.\r | |
375 | \r | |
376 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update\r | |
377 | @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN\r | |
378 | @param[in] AuthorityUid UID of Locking SP authority to update Pin column with\r | |
379 | @param[in] NewPin New Password used to set Pin column\r | |
380 | @param[in] NewPinLength Length in bytes of new password\r | |
381 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
382 | \r | |
383 | **/\r | |
384 | TCG_RESULT\r | |
385 | EFIAPI\r | |
386 | OpalSetLockingSpAuthorityEnabledAndPin(\r | |
387 | OPAL_SESSION *LockingSpSession,\r | |
388 | TCG_UID CpinRowUid,\r | |
389 | TCG_UID AuthorityUid,\r | |
390 | const VOID *NewPin,\r | |
391 | UINT32 NewPinLength,\r | |
392 | UINT8 *MethodStatus\r | |
393 | );\r | |
394 | \r | |
395 | \r | |
396 | /**\r | |
397 | \r | |
398 | The function sets the Enabled column to FALSE for the USER1 authority.\r | |
399 | \r | |
400 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1\r | |
401 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
402 | \r | |
403 | **/\r | |
404 | TCG_RESULT\r | |
405 | EFIAPI\r | |
406 | OpalDisableUser(\r | |
407 | OPAL_SESSION *LockingSpSession,\r | |
408 | UINT8 *MethodStatus\r | |
409 | );\r | |
410 | \r | |
411 | \r | |
412 | /**\r | |
413 | \r | |
414 | The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter\r | |
415 | to keep the user data is set to True, otherwise the optional parameter is not provided.\r | |
416 | \r | |
417 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP\r | |
418 | @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.\r | |
419 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
420 | \r | |
421 | **/\r | |
422 | TCG_RESULT\r | |
423 | EFIAPI\r | |
424 | OpalAdminRevert(\r | |
425 | OPAL_SESSION *LockingSpSession,\r | |
426 | BOOLEAN KeepUserData,\r | |
427 | UINT8 *MethodStatus\r | |
428 | );\r | |
429 | \r | |
430 | \r | |
431 | /**\r | |
432 | \r | |
433 | The function retrieves the TryLimit column for the specified rowUid (authority).\r | |
434 | \r | |
435 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit\r | |
436 | @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column\r | |
437 | @param[in/out] TryLimit Value from TryLimit column\r | |
438 | \r | |
439 | **/\r | |
440 | TCG_RESULT\r | |
441 | EFIAPI\r | |
442 | OpalGetTryLimit(\r | |
443 | OPAL_SESSION *LockingSpSession,\r | |
444 | TCG_UID RowUid,\r | |
445 | UINT32 *TryLimit\r | |
446 | );\r | |
447 | \r | |
448 | \r | |
449 | /**\r | |
450 | \r | |
451 | The function populates the CreateStruct with a payload that will retrieve the global locking range active key.\r | |
452 | It is intended to be called with a session that is already started with a valid credential.\r | |
453 | The function does not send the payload.\r | |
454 | \r | |
455 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
456 | @param[in/out] CreateStruct Structure to populate with encoded TCG command\r | |
457 | @param[in/out] Size Size in bytes of the command created.\r | |
458 | \r | |
459 | **/\r | |
460 | TCG_RESULT\r | |
461 | EFIAPI\r | |
462 | OpalCreateRetrieveGlobalLockingRangeActiveKey(\r | |
463 | const OPAL_SESSION *Session,\r | |
464 | TCG_CREATE_STRUCT *CreateStruct,\r | |
465 | UINT32 *Size\r | |
466 | );\r | |
467 | \r | |
468 | \r | |
469 | /**\r | |
470 | \r | |
471 | The function acquires the activeKey specified for the Global Locking Range from the parseStruct.\r | |
472 | \r | |
473 | @param[in] ParseStruct Structure that contains the device's response with the activekey\r | |
474 | @param[in/out] ActiveKey The UID of the active key retrieved\r | |
475 | \r | |
476 | **/\r | |
477 | TCG_RESULT\r | |
478 | EFIAPI\r | |
479 | OpalParseRetrieveGlobalLockingRangeActiveKey(\r | |
480 | TCG_PARSE_STRUCT *ParseStruct,\r | |
481 | TCG_UID *ActiveKey\r | |
482 | );\r | |
483 | \r | |
484 | /**\r | |
485 | \r | |
486 | Get the support attribute info.\r | |
487 | \r | |
488 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
489 | @param[in/out] LockingFeature Return the Locking info.\r | |
490 | \r | |
491 | **/\r | |
492 | TCG_RESULT\r | |
493 | EFIAPI\r | |
494 | OpalGetLockingInfo(\r | |
495 | OPAL_SESSION *Session,\r | |
496 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
497 | );\r | |
498 | \r | |
499 | /**\r | |
500 | \r | |
501 | The function determines whether or not all of the requirements for the Opal Feature (not full specification)\r | |
502 | are met by the specified device.\r | |
503 | \r | |
504 | @param[in] SupportedAttributes Opal device attribute.\r | |
505 | \r | |
506 | **/\r | |
507 | BOOLEAN\r | |
508 | EFIAPI\r | |
509 | OpalFeatureSupported(\r | |
510 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes\r | |
511 | );\r | |
512 | \r | |
513 | /**\r | |
514 | \r | |
515 | The function returns whether or not the device is Opal Enabled.\r | |
516 | TRUE means that the device is partially or fully locked.\r | |
517 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
518 | \r | |
519 | @param[in] SupportedAttributes Opal device attribute.\r | |
520 | @param[in] LockingFeature Opal device locking status.\r | |
521 | \r | |
522 | \r | |
523 | **/\r | |
524 | BOOLEAN\r | |
525 | EFIAPI\r | |
526 | OpalFeatureEnabled(\r | |
527 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
528 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
529 | );\r | |
530 | \r | |
531 | /**\r | |
532 | \r | |
533 | The function returns whether or not the device is Opal Locked.\r | |
534 | TRUE means that the device is partially or fully locked.\r | |
535 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
536 | \r | |
537 | @param[in] SupportedAttributes Opal device attribute.\r | |
538 | @param[in] LockingFeature Opal device locking status.\r | |
539 | \r | |
540 | **/\r | |
541 | BOOLEAN\r | |
542 | OpalDeviceLocked(\r | |
543 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
544 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
545 | );\r | |
546 | \r | |
547 | /**\r | |
548 | Trig the block sid action.\r | |
549 | \r | |
550 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
551 | @param[in] HardwareReset Whether need to do hardware reset.\r | |
552 | \r | |
553 | **/\r | |
554 | TCG_RESULT\r | |
555 | EFIAPI\r | |
556 | OpalBlockSid(\r | |
557 | OPAL_SESSION *Session,\r | |
558 | BOOLEAN HardwareReset\r | |
559 | );\r | |
560 | \r | |
561 | /**\r | |
562 | \r | |
563 | Get the support attribute info.\r | |
564 | \r | |
565 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
566 | @param[in/out] SupportedAttributes Return the support attribute info.\r | |
567 | @param[out] OpalBaseComId Return the base com id info.\r | |
568 | \r | |
569 | **/\r | |
570 | TCG_RESULT\r | |
571 | EFIAPI\r | |
572 | OpalGetSupportedAttributesInfo(\r | |
573 | OPAL_SESSION *Session,\r | |
574 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
575 | UINT16 *OpalBaseComId\r | |
576 | );\r | |
577 | \r | |
578 | /**\r | |
579 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
580 | \r | |
581 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
582 | @param[in] Psid PSID of device to revert.\r | |
583 | @param[in] PsidLength Length of PSID in bytes.\r | |
584 | \r | |
585 | **/\r | |
586 | TCG_RESULT\r | |
587 | EFIAPI\r | |
588 | OpalUtilPsidRevert(\r | |
589 | OPAL_SESSION *AdminSpSession,\r | |
590 | const VOID *Psid,\r | |
591 | UINT32 PsidLength\r | |
592 | );\r | |
593 | \r | |
594 | /**\r | |
595 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
596 | sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r | |
597 | and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.\r | |
598 | \r | |
599 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
600 | @param[in] GeneratedSid Generated SID of disk\r | |
601 | @param[in] SidLength Length of generatedSid in bytes\r | |
602 | @param[in] Password New admin password to set\r | |
603 | @param[in] PassLength Length of password in bytes\r | |
604 | \r | |
605 | **/\r | |
606 | TCG_RESULT\r | |
607 | EFIAPI\r | |
608 | OpalUtilSetAdminPasswordAsSid(\r | |
609 | OPAL_SESSION *AdminSpSession,\r | |
610 | const VOID *GeneratedSid,\r | |
611 | UINT32 SidLength,\r | |
612 | const VOID *Password,\r | |
613 | UINT32 PassLength\r | |
614 | );\r | |
615 | \r | |
616 | /**\r | |
617 | \r | |
618 | Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
619 | and updates the specified locking range with the provided column values.\r | |
620 | \r | |
621 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
622 | @param[in] Password New admin password to set\r | |
623 | @param[in] PassLength Length of password in bytes\r | |
624 | @param[in] LockingRangeUid Locking range UID to set values\r | |
625 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
626 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
627 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
628 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
629 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
630 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
631 | \r | |
632 | **/\r | |
633 | TCG_RESULT\r | |
634 | EFIAPI\r | |
635 | OpalUtilSetOpalLockingRange(\r | |
636 | OPAL_SESSION *LockingSpSession,\r | |
637 | const VOID *Password,\r | |
638 | UINT32 PassLength,\r | |
639 | TCG_UID LockingRangeUid,\r | |
640 | UINT64 RangeStart,\r | |
641 | UINT64 RangeLength,\r | |
642 | BOOLEAN ReadLockEnabled,\r | |
643 | BOOLEAN WriteLockEnabled,\r | |
644 | BOOLEAN ReadLocked,\r | |
645 | BOOLEAN WriteLocked\r | |
646 | );\r | |
647 | \r | |
648 | /**\r | |
649 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
650 | sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r | |
651 | and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r | |
652 | \r | |
653 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
654 | @param[in] OldPassword Current admin password\r | |
655 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
656 | @param[in] NewPassword New admin password to set\r | |
657 | @param[in] NewPasswordLength Length of new password in bytes\r | |
658 | \r | |
659 | **/\r | |
660 | TCG_RESULT\r | |
661 | EFIAPI\r | |
662 | OpalUtilSetAdminPassword(\r | |
663 | OPAL_SESSION *AdminSpSession,\r | |
664 | const VOID *OldPassword,\r | |
665 | UINT32 OldPasswordLength,\r | |
666 | const VOID *NewPassword,\r | |
667 | UINT32 NewPasswordLength\r | |
668 | );\r | |
669 | \r | |
670 | /**\r | |
671 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
672 | and sets the User1 SP authority to enabled and sets the User1 password.\r | |
673 | \r | |
674 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
675 | @param[in] OldPassword Current admin password\r | |
676 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
677 | @param[in] NewPassword New admin password to set\r | |
678 | @param[in] NewPasswordLength Length of new password in bytes\r | |
679 | \r | |
680 | **/\r | |
681 | TCG_RESULT\r | |
682 | EFIAPI\r | |
683 | OpalUtilSetUserPassword(\r | |
684 | OPAL_SESSION *LockingSpSession,\r | |
685 | const VOID *OldPassword,\r | |
686 | UINT32 OldPasswordLength,\r | |
687 | const VOID *NewPassword,\r | |
688 | UINT32 NewPasswordLength\r | |
689 | );\r | |
690 | \r | |
691 | /**\r | |
692 | Verify whether user input the correct password.\r | |
693 | \r | |
694 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
695 | @param[in] Password Admin password\r | |
696 | @param[in] PasswordLength Length of password in bytes\r | |
697 | @param[in/out] HostSigningAuthority Use the Host signing authority type.\r | |
698 | \r | |
699 | **/\r | |
700 | TCG_RESULT\r | |
701 | EFIAPI\r | |
702 | OpalUtilVerifyPassword (\r | |
703 | OPAL_SESSION *LockingSpSession,\r | |
704 | const VOID *Password,\r | |
705 | UINT32 PasswordLength,\r | |
706 | TCG_UID HostSigningAuthority\r | |
707 | );\r | |
708 | \r | |
709 | /**\r | |
710 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
711 | and generates a new global locking range key to erase the Data.\r | |
712 | \r | |
713 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
714 | @param[in] Password Admin or user password\r | |
715 | @param[in] PasswordLength Length of password in bytes\r | |
716 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
717 | \r | |
718 | **/\r | |
719 | TCG_RESULT\r | |
720 | EFIAPI\r | |
721 | OpalUtilSecureErase(\r | |
722 | OPAL_SESSION *LockingSpSession,\r | |
723 | const VOID *Password,\r | |
724 | UINT32 PasswordLength,\r | |
725 | BOOLEAN *PasswordFailed\r | |
726 | );\r | |
727 | \r | |
728 | /**\r | |
729 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
730 | \r | |
731 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
732 | @param[in] Password Admin password\r | |
733 | @param[in] PasswordLength Length of password in bytes\r | |
734 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
735 | \r | |
736 | **/\r | |
737 | TCG_RESULT\r | |
738 | EFIAPI\r | |
739 | OpalUtilDisableUser(\r | |
740 | OPAL_SESSION *LockingSpSession,\r | |
741 | const VOID *Password,\r | |
742 | UINT32 PasswordLength,\r | |
743 | BOOLEAN *PasswordFailed\r | |
744 | );\r | |
745 | \r | |
746 | /**\r | |
747 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
748 | \r | |
749 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
750 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
751 | @param[in] Password Admin password\r | |
752 | @param[in] PasswordLength Length of password in bytes\r | |
753 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
754 | @param[in] Msid Input Msid info.\r | |
755 | @param[in] MsidLength Input Msid info length.\r | |
756 | \r | |
757 | **/\r | |
758 | TCG_RESULT\r | |
759 | EFIAPI\r | |
760 | OpalUtilRevert(\r | |
761 | OPAL_SESSION *LockingSpSession,\r | |
762 | BOOLEAN KeepUserData,\r | |
763 | const VOID *Password,\r | |
764 | UINT32 PasswordLength,\r | |
765 | BOOLEAN *PasswordFailed,\r | |
766 | UINT8 *Msid,\r | |
767 | UINT32 MsidLength\r | |
768 | );\r | |
769 | \r | |
770 | /**\r | |
771 | After revert success, set SID to MSID.\r | |
772 | \r | |
773 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
774 | @param Password, Input password info.\r | |
775 | @param PasswordLength, Input password length.\r | |
776 | @param[in] Msid Input Msid info.\r | |
777 | @param[in] MsidLength Input Msid info length.\r | |
778 | \r | |
779 | **/\r | |
780 | TCG_RESULT\r | |
781 | EFIAPI\r | |
782 | OpalUtilSetSIDtoMSID (\r | |
783 | OPAL_SESSION *AdminSpSession,\r | |
784 | const VOID *Password,\r | |
785 | UINT32 PasswordLength,\r | |
786 | UINT8 *Msid,\r | |
787 | UINT32 MsidLength\r | |
788 | );\r | |
789 | \r | |
790 | /**\r | |
791 | Update global locking range.\r | |
792 | \r | |
793 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
794 | @param Password, Input password info.\r | |
795 | @param PasswordLength, Input password length.\r | |
796 | @param ReadLocked, Read lock info.\r | |
797 | @param WriteLocked write lock info.\r | |
798 | \r | |
799 | **/\r | |
800 | TCG_RESULT\r | |
801 | EFIAPI\r | |
802 | OpalUtilUpdateGlobalLockingRange(\r | |
803 | OPAL_SESSION *LockingSpSession,\r | |
804 | const VOID *Password,\r | |
805 | UINT32 PasswordLength,\r | |
806 | BOOLEAN ReadLocked,\r | |
807 | BOOLEAN WriteLocked\r | |
808 | );\r | |
809 | \r | |
810 | /**\r | |
811 | Update global locking range.\r | |
812 | \r | |
813 | @param Session, The session info for one opal device.\r | |
814 | @param Msid, The data buffer to save Msid info.\r | |
815 | @param MsidBufferLength, The data buffer length for Msid.\r | |
816 | @param MsidLength, The actual data length for Msid.\r | |
817 | \r | |
818 | **/\r | |
819 | TCG_RESULT\r | |
820 | EFIAPI\r | |
821 | OpalUtilGetMsid(\r | |
822 | OPAL_SESSION *Session,\r | |
823 | UINT8 *Msid,\r | |
824 | UINT32 MsidBufferLength,\r | |
825 | UINT32 *MsidLength\r | |
826 | );\r | |
827 | \r | |
828 | /**\r | |
829 | \r | |
830 | The function determines who owns the device by attempting to start a session with different credentials.\r | |
831 | If the SID PIN matches the MSID PIN, the no one owns the device.\r | |
832 | If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.\r | |
833 | \r | |
834 | \r | |
835 | @param[in] Session The session info for one opal device.\r | |
836 | @param Msid, The Msid info.\r | |
837 | @param MsidLength, The data length for Msid.\r | |
838 | \r | |
839 | **/\r | |
840 | OPAL_OWNER_SHIP\r | |
841 | EFIAPI\r | |
842 | OpalUtilDetermineOwnership(\r | |
843 | OPAL_SESSION *Session,\r | |
844 | UINT8 *Msid,\r | |
845 | UINT32 MsidLength\r | |
846 | );\r | |
847 | \r | |
848 | /**\r | |
849 | \r | |
850 | The function returns if admin password exists.\r | |
851 | \r | |
852 | @param[in] OwnerShip The owner ship of the opal device.\r | |
853 | @param[in] LockingFeature The locking info of the opal device.\r | |
854 | \r | |
855 | @retval TRUE Admin password existed.\r | |
856 | @retval FALSE Admin password not existed.\r | |
857 | \r | |
858 | **/\r | |
859 | BOOLEAN\r | |
860 | EFIAPI\r | |
861 | OpalUtilAdminPasswordExists(\r | |
862 | IN UINT16 OwnerShip,\r | |
863 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
864 | );\r | |
865 | \r | |
a3068f06 ED |
866 | /**\r |
867 | Get Active Data Removal Mechanism Value.\r | |
868 | \r | |
869 | @param[in] Session, The session info for one opal device.\r | |
870 | @param[in] GeneratedSid Generated SID of disk\r | |
871 | @param[in] SidLength Length of generatedSid in bytes\r | |
872 | @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.\r | |
873 | \r | |
874 | **/\r | |
875 | TCG_RESULT\r | |
876 | EFIAPI\r | |
877 | OpalUtilGetActiveDataRemovalMechanism (\r | |
878 | OPAL_SESSION *Session,\r | |
879 | const VOID *GeneratedSid,\r | |
880 | UINT32 SidLength,\r | |
881 | UINT8 *ActiveDataRemovalMechanism\r | |
882 | );\r | |
883 | \r | |
884 | /**\r | |
885 | Get the supported Data Removal Mechanism list.\r | |
886 | \r | |
887 | @param[in] Session, The session info for one opal device.\r | |
888 | @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.\r | |
889 | \r | |
890 | **/\r | |
891 | TCG_RESULT\r | |
892 | EFIAPI\r | |
893 | OpalUtilGetDataRemovalMechanismLists (\r | |
894 | IN OPAL_SESSION *Session,\r | |
895 | OUT UINT32 *RemovalMechanismLists\r | |
896 | );\r | |
897 | \r | |
9dd05dde | 898 | #endif // _OPAL_CORE_H_\r |