]>
Commit | Line | Data |
---|---|---|
1cf00fbd ED |
1 | /** @file\r |
2 | Implementation of Opal password support library.\r | |
3 | \r | |
4 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include "OpalPasswordSupportNotify.h"\r | |
16 | \r | |
17 | #define OPAL_PASSWORD_MAX_LENGTH 32\r | |
18 | \r | |
19 | LIST_ENTRY mDeviceList = INITIALIZE_LIST_HEAD_VARIABLE (mDeviceList);\r | |
20 | BOOLEAN gInSmm = FALSE;\r | |
21 | EFI_GUID gOpalPasswordNotifyProtocolGuid = OPAL_PASSWORD_NOTIFY_PROTOCOL_GUID;\r | |
22 | \r | |
23 | /**\r | |
24 | \r | |
25 | The function performs determines the available actions for the OPAL_DISK provided.\r | |
26 | \r | |
27 | @param[in] SupportedAttributes The support attribute for the device.\r | |
28 | @param[in] LockingFeature The locking status for the device.\r | |
29 | @param[in] OwnerShip The ownership for the device.\r | |
30 | @param[out] AvalDiskActions Pointer to fill-out with appropriate disk actions.\r | |
31 | \r | |
32 | **/\r | |
33 | TCG_RESULT\r | |
34 | EFIAPI\r | |
35 | OpalSupportGetAvailableActions(\r | |
36 | IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
37 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature,\r | |
38 | IN UINT16 OwnerShip,\r | |
39 | OUT OPAL_DISK_ACTIONS *AvalDiskActions\r | |
40 | )\r | |
41 | {\r | |
42 | BOOLEAN ExistingPassword;\r | |
43 | \r | |
44 | NULL_CHECK(AvalDiskActions);\r | |
45 | \r | |
46 | AvalDiskActions->AdminPass = 1;\r | |
47 | AvalDiskActions->UserPass = 0;\r | |
48 | AvalDiskActions->DisableUser = 0;\r | |
49 | AvalDiskActions->Unlock = 0;\r | |
50 | \r | |
51 | //\r | |
52 | // Revert is performed on locking sp, so only allow if locking sp is enabled\r | |
53 | //\r | |
54 | if (LockingFeature->LockingEnabled) {\r | |
55 | AvalDiskActions->Revert = 1;\r | |
56 | }\r | |
57 | \r | |
58 | //\r | |
59 | // Psid revert is available for any device with media encryption support\r | |
60 | // Revert is allowed for any device with media encryption support, however it requires\r | |
61 | //\r | |
62 | if (SupportedAttributes->MediaEncryption) {\r | |
63 | \r | |
64 | //\r | |
65 | // Only allow psid revert if media encryption is enabled.\r | |
66 | // Otherwise, someone who steals a disk can psid revert the disk and the user Data is still\r | |
67 | // intact and accessible\r | |
68 | //\r | |
69 | AvalDiskActions->PsidRevert = 1;\r | |
70 | AvalDiskActions->RevertKeepDataForced = 0;\r | |
71 | \r | |
72 | //\r | |
73 | // Secure erase is performed by generating a new encryption key\r | |
74 | // this is only available is encryption is supported\r | |
75 | //\r | |
76 | AvalDiskActions->SecureErase = 1;\r | |
77 | } else {\r | |
78 | AvalDiskActions->PsidRevert = 0;\r | |
79 | AvalDiskActions->SecureErase = 0;\r | |
80 | \r | |
81 | //\r | |
82 | // If no media encryption is supported, then a revert (using password) will not\r | |
83 | // erase the Data (since you can't generate a new encryption key)\r | |
84 | //\r | |
85 | AvalDiskActions->RevertKeepDataForced = 1;\r | |
86 | }\r | |
87 | \r | |
88 | if (LockingFeature->Locked) {\r | |
89 | AvalDiskActions->Unlock = 1;\r | |
90 | } else {\r | |
91 | AvalDiskActions->Unlock = 0;\r | |
92 | }\r | |
93 | \r | |
94 | //\r | |
95 | // Only allow user to set password if an admin password exists\r | |
96 | //\r | |
97 | ExistingPassword = OpalUtilAdminPasswordExists(OwnerShip, LockingFeature);\r | |
98 | AvalDiskActions->UserPass = ExistingPassword;\r | |
99 | \r | |
100 | //\r | |
101 | // This will still show up even if there isn't a user, which is fine\r | |
102 | //\r | |
103 | AvalDiskActions->DisableUser = ExistingPassword;\r | |
104 | \r | |
105 | return TcgResultSuccess;\r | |
106 | }\r | |
107 | \r | |
108 | /**\r | |
109 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
110 | \r | |
111 | @param[in] Session The opal session for the opal device.\r | |
112 | @param[in] Psid PSID of device to revert.\r | |
113 | @param[in] PsidLength Length of PSID in bytes.\r | |
114 | @param[in] DevicePath The device path for the opal devcie.\r | |
115 | \r | |
116 | **/\r | |
117 | TCG_RESULT\r | |
118 | EFIAPI\r | |
119 | OpalSupportPsidRevert(\r | |
120 | IN OPAL_SESSION *Session,\r | |
121 | IN VOID *Psid,\r | |
122 | IN UINT32 PsidLength,\r | |
123 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
124 | )\r | |
125 | {\r | |
126 | TCG_RESULT Ret;\r | |
127 | \r | |
128 | NULL_CHECK(Session);\r | |
129 | NULL_CHECK(Psid);\r | |
130 | \r | |
131 | Ret = OpalUtilPsidRevert (Session, Psid, PsidLength);\r | |
132 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
133 | OpalSupportSendPasword (DevicePath, 0, NULL);\r | |
134 | }\r | |
135 | \r | |
136 | return Ret;\r | |
137 | }\r | |
138 | \r | |
139 | /**\r | |
140 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
141 | sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r | |
142 | and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r | |
143 | \r | |
144 | @param[in] Session The opal session for the opal device.\r | |
145 | @param[in] OldPassword Current admin password\r | |
146 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
147 | @param[in] NewPassword New admin password to set\r | |
148 | @param[in] NewPasswordLength Length of new password in bytes\r | |
149 | @param[in] DevicePath The device path for the opal devcie.\r | |
150 | @param[in] SetAdmin Whether set admin password or user password.\r | |
151 | TRUE for admin, FALSE for user.\r | |
152 | \r | |
153 | **/\r | |
154 | TCG_RESULT\r | |
155 | EFIAPI\r | |
156 | OpalSupportSetPassword(\r | |
157 | IN OPAL_SESSION *Session,\r | |
158 | IN VOID *OldPassword,\r | |
159 | IN UINT32 OldPasswordLength,\r | |
160 | IN VOID *NewPassword,\r | |
161 | IN UINT32 NewPasswordLength,\r | |
162 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r | |
163 | IN BOOLEAN SetAdmin\r | |
164 | )\r | |
165 | {\r | |
166 | TCG_RESULT Ret;\r | |
167 | \r | |
168 | NULL_CHECK(Session);\r | |
169 | NULL_CHECK(OldPassword);\r | |
170 | NULL_CHECK(NewPassword);\r | |
171 | \r | |
172 | if (SetAdmin) {\r | |
173 | Ret = OpalUtilSetAdminPassword(Session, OldPassword, OldPasswordLength, NewPassword, NewPasswordLength);\r | |
174 | } else {\r | |
175 | Ret = OpalUtilSetUserPassword(Session, OldPassword, OldPasswordLength, NewPassword, NewPasswordLength);\r | |
176 | }\r | |
177 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
178 | OpalSupportSendPasword (DevicePath, NewPasswordLength, NewPassword);\r | |
179 | }\r | |
180 | \r | |
181 | return Ret;\r | |
182 | }\r | |
183 | \r | |
184 | /**\r | |
185 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
186 | \r | |
187 | @param[in] Session The opal session for the opal device.\r | |
188 | @param[in] Password Admin password\r | |
189 | @param[in] PasswordLength Length of password in bytes\r | |
190 | @param[out] PasswordFailed Indicates if password failed (start session didn't work)\r | |
191 | @param[in] DevicePath The device path for the opal devcie.\r | |
192 | \r | |
193 | **/\r | |
194 | TCG_RESULT\r | |
195 | EFIAPI\r | |
196 | OpalSupportDisableUser(\r | |
197 | IN OPAL_SESSION *Session,\r | |
198 | IN VOID *Password,\r | |
199 | IN UINT32 PasswordLength,\r | |
200 | OUT BOOLEAN *PasswordFailed,\r | |
201 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
202 | )\r | |
203 | {\r | |
204 | TCG_RESULT Ret;\r | |
205 | \r | |
206 | NULL_CHECK(Session);\r | |
207 | NULL_CHECK(Password);\r | |
208 | NULL_CHECK(PasswordFailed);\r | |
209 | \r | |
210 | Ret = OpalUtilDisableUser(Session, Password, PasswordLength, PasswordFailed);\r | |
211 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
212 | OpalSupportSendPasword (DevicePath, PasswordLength, Password);\r | |
213 | }\r | |
214 | \r | |
215 | return Ret;\r | |
216 | }\r | |
217 | \r | |
218 | /**\r | |
219 | Enable Opal Feature for the input device.\r | |
220 | \r | |
221 | @param[in] Session The opal session for the opal device.\r | |
222 | @param[in] Msid Msid\r | |
223 | @param[in] MsidLength Msid Length\r | |
224 | @param[in] Password Admin password\r | |
225 | @param[in] PassLength Length of password in bytes\r | |
226 | @param[in] DevicePath The device path for the opal devcie.\r | |
227 | \r | |
228 | **/\r | |
229 | TCG_RESULT\r | |
230 | EFIAPI\r | |
231 | OpalSupportEnableOpalFeature (\r | |
232 | IN OPAL_SESSION *Session,\r | |
233 | IN VOID *Msid,\r | |
234 | IN UINT32 MsidLength,\r | |
235 | IN VOID *Password,\r | |
236 | IN UINT32 PassLength,\r | |
237 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
238 | )\r | |
239 | {\r | |
240 | TCG_RESULT Ret;\r | |
241 | \r | |
242 | NULL_CHECK(Session);\r | |
243 | NULL_CHECK(Msid);\r | |
244 | NULL_CHECK(Password);\r | |
245 | \r | |
246 | Ret = OpalUtilSetAdminPasswordAsSid(\r | |
247 | Session,\r | |
248 | Msid,\r | |
249 | MsidLength,\r | |
250 | Password,\r | |
251 | PassLength\r | |
252 | );\r | |
253 | if (Ret == TcgResultSuccess) {\r | |
254 | //\r | |
255 | // Enable global locking range\r | |
256 | //\r | |
257 | Ret = OpalUtilSetOpalLockingRange(\r | |
258 | Session,\r | |
259 | Password,\r | |
260 | PassLength,\r | |
261 | OPAL_LOCKING_SP_LOCKING_GLOBALRANGE,\r | |
262 | 0,\r | |
263 | 0,\r | |
264 | TRUE,\r | |
265 | TRUE,\r | |
266 | FALSE,\r | |
267 | FALSE\r | |
268 | );\r | |
269 | }\r | |
270 | \r | |
271 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
272 | OpalSupportSendPasword (DevicePath, PassLength, Password);\r | |
273 | }\r | |
274 | \r | |
275 | return Ret;\r | |
276 | }\r | |
277 | \r | |
278 | /**\r | |
279 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
280 | \r | |
281 | @param[in] Session The opal session for the opal device.\r | |
282 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
283 | @param[in] Password Admin password\r | |
284 | @param[in] PasswordLength Length of password in bytes\r | |
285 | @param[in] Msid Msid\r | |
286 | @param[in] MsidLength Msid Length\r | |
287 | @param[out] PasswordFailed indicates if password failed (start session didn't work)\r | |
288 | @param[in] DevicePath The device path for the opal devcie.\r | |
289 | \r | |
290 | **/\r | |
291 | TCG_RESULT\r | |
292 | EFIAPI\r | |
293 | OpalSupportRevert(\r | |
294 | IN OPAL_SESSION *Session,\r | |
295 | IN BOOLEAN KeepUserData,\r | |
296 | IN VOID *Password,\r | |
297 | IN UINT32 PasswordLength,\r | |
298 | IN VOID *Msid,\r | |
299 | IN UINT32 MsidLength,\r | |
300 | OUT BOOLEAN *PasswordFailed,\r | |
301 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
302 | )\r | |
303 | {\r | |
304 | TCG_RESULT Ret;\r | |
305 | \r | |
306 | NULL_CHECK(Session);\r | |
307 | NULL_CHECK(Password);\r | |
308 | NULL_CHECK(Msid);\r | |
309 | NULL_CHECK(PasswordFailed);\r | |
310 | \r | |
311 | Ret = OpalUtilRevert(Session, KeepUserData, Password, PasswordLength, PasswordFailed, Msid, MsidLength);\r | |
312 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
313 | OpalSupportSendPasword (DevicePath, 0, NULL);\r | |
314 | }\r | |
315 | \r | |
316 | return Ret;\r | |
317 | }\r | |
318 | \r | |
319 | /**\r | |
320 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
321 | and updates the global locking range ReadLocked and WriteLocked columns to FALSE.\r | |
322 | \r | |
323 | @param[in] Session The opal session for the opal device.\r | |
324 | @param[in] Password Admin or user password\r | |
325 | @param[in] PasswordLength Length of password in bytes\r | |
326 | @param[in] DevicePath The device path for the opal devcie.\r | |
327 | \r | |
328 | **/\r | |
329 | TCG_RESULT\r | |
330 | EFIAPI\r | |
331 | OpalSupportUnlock(\r | |
332 | IN OPAL_SESSION *Session,\r | |
333 | IN VOID *Password,\r | |
334 | IN UINT32 PasswordLength,\r | |
335 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
336 | )\r | |
337 | {\r | |
338 | TCG_RESULT Ret;\r | |
339 | \r | |
340 | NULL_CHECK(Session);\r | |
341 | NULL_CHECK(Password);\r | |
342 | \r | |
343 | Ret = OpalUtilUpdateGlobalLockingRange(Session, Password, PasswordLength, FALSE, FALSE);\r | |
344 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
345 | OpalSupportSendPasword (DevicePath, PasswordLength, Password);\r | |
346 | }\r | |
347 | \r | |
348 | return Ret;\r | |
349 | }\r | |
350 | \r | |
351 | /**\r | |
352 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
353 | and updates the global locking range ReadLocked and WriteLocked columns to TRUE.\r | |
354 | \r | |
355 | @param[in] Session The opal session for the opal device.\r | |
356 | @param[in] Password Admin or user password\r | |
357 | @param[in] PasswordLength Length of password in bytes\r | |
358 | @param[in] DevicePath The device path for the opal devcie.\r | |
359 | \r | |
360 | **/\r | |
361 | TCG_RESULT\r | |
362 | EFIAPI\r | |
363 | OpalSupportLock(\r | |
364 | IN OPAL_SESSION *Session,\r | |
365 | IN VOID *Password,\r | |
366 | IN UINT32 PasswordLength,\r | |
367 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r | |
368 | )\r | |
369 | {\r | |
370 | TCG_RESULT Ret;\r | |
371 | \r | |
372 | NULL_CHECK(Session);\r | |
373 | NULL_CHECK(Password);\r | |
374 | \r | |
375 | Ret = OpalUtilUpdateGlobalLockingRange(Session, Password, PasswordLength, TRUE, TRUE);\r | |
376 | if (Ret == TcgResultSuccess && !gInSmm) {\r | |
377 | OpalSupportSendPasword (DevicePath, PasswordLength, Password);\r | |
378 | }\r | |
379 | \r | |
380 | return Ret;\r | |
381 | }\r | |
382 | \r | |
383 | /**\r | |
384 | Initialize the communicate Buffer using DataSize and Function.\r | |
385 | \r | |
386 | @param[out] DataPtr Points to the Data in the communicate Buffer.\r | |
387 | @param[in] DataSize The Data Size to send to SMM.\r | |
388 | @param[in] Function The function number to initialize the communicate Header.\r | |
389 | \r | |
390 | @retval EFI_INVALID_PARAMETER The Data Size is too big.\r | |
391 | @retval EFI_SUCCESS Find the specified variable.\r | |
392 | \r | |
393 | **/\r | |
394 | VOID*\r | |
395 | OpalInitCommunicateBuffer (\r | |
396 | OUT VOID **DataPtr OPTIONAL,\r | |
397 | IN UINTN DataSize,\r | |
398 | IN UINTN Function\r | |
399 | )\r | |
400 | {\r | |
401 | EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;\r | |
402 | OPAL_SMM_COMMUNICATE_HEADER *SmmFunctionHeader;\r | |
403 | VOID *Buffer;\r | |
404 | \r | |
405 | Buffer = AllocateZeroPool (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + OFFSET_OF (OPAL_SMM_COMMUNICATE_HEADER, Data));\r | |
406 | ASSERT (Buffer != NULL);\r | |
407 | \r | |
408 | SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer;\r | |
409 | CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gOpalPasswordNotifyProtocolGuid);\r | |
410 | SmmCommunicateHeader->MessageLength = DataSize + OFFSET_OF (OPAL_SMM_COMMUNICATE_HEADER, Data);\r | |
411 | \r | |
412 | SmmFunctionHeader = (OPAL_SMM_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data;\r | |
413 | SmmFunctionHeader->Function = Function;\r | |
414 | if (DataPtr != NULL) {\r | |
415 | *DataPtr = SmmFunctionHeader->Data;\r | |
416 | }\r | |
417 | \r | |
418 | return Buffer;\r | |
419 | }\r | |
420 | \r | |
421 | /**\r | |
422 | Send the Data in communicate Buffer to SMM.\r | |
423 | \r | |
424 | @param[in] Buffer Points to the Data in the communicate Buffer.\r | |
425 | @param[in] DataSize This Size of the function Header and the Data.\r | |
426 | \r | |
427 | @retval EFI_SUCCESS Success is returned from the functin in SMM.\r | |
428 | @retval Others Failure is returned from the function in SMM.\r | |
429 | \r | |
430 | **/\r | |
431 | EFI_STATUS\r | |
432 | OpalSendCommunicateBuffer (\r | |
433 | IN VOID *Buffer,\r | |
434 | IN UINTN DataSize\r | |
435 | )\r | |
436 | {\r | |
437 | EFI_STATUS Status;\r | |
438 | UINTN CommSize;\r | |
439 | EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;\r | |
440 | OPAL_SMM_COMMUNICATE_HEADER *SmmFunctionHeader;\r | |
441 | EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;\r | |
442 | \r | |
443 | Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &SmmCommunication);\r | |
444 | if (EFI_ERROR (Status)) {\r | |
445 | return Status;\r | |
446 | }\r | |
447 | \r | |
448 | CommSize = DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + OFFSET_OF (OPAL_SMM_COMMUNICATE_HEADER, Data);\r | |
449 | Status = SmmCommunication->Communicate (SmmCommunication, Buffer, &CommSize);\r | |
450 | if (EFI_ERROR (Status)) {\r | |
451 | return Status;\r | |
452 | }\r | |
453 | \r | |
454 | SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) Buffer;\r | |
455 | SmmFunctionHeader = (OPAL_SMM_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data;\r | |
456 | \r | |
457 | return SmmFunctionHeader->ReturnStatus;\r | |
458 | }\r | |
459 | \r | |
460 | /**\r | |
461 | Transfer the password to the smm driver.\r | |
462 | \r | |
463 | @param[in] DevicePath The device path for the opal devcie.\r | |
464 | @param PasswordLen The input password length.\r | |
465 | @param Password Input password buffer.\r | |
466 | \r | |
467 | @retval EFI_SUCCESS Do the required action success.\r | |
468 | @retval Others Error occured.\r | |
469 | \r | |
470 | **/\r | |
471 | EFI_STATUS\r | |
472 | EFIAPI\r | |
473 | OpalSupportSendPasword(\r | |
474 | EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r | |
475 | UINTN PasswordLen,\r | |
476 | VOID *Password\r | |
477 | )\r | |
478 | {\r | |
479 | OPAL_COMM_DEVICE_LIST *Parameter;\r | |
480 | VOID *Buffer;\r | |
481 | UINTN Length;\r | |
482 | EFI_STATUS Status;\r | |
483 | UINTN DevicePathLen;\r | |
484 | \r | |
485 | Parameter = NULL;\r | |
486 | Buffer = NULL;\r | |
487 | \r | |
488 | if (DevicePath == NULL) {\r | |
489 | //\r | |
490 | // Assume DevicePath == NULL only when library used by SMM driver\r | |
491 | // and should not run to here, just return success.\r | |
492 | //\r | |
493 | return EFI_SUCCESS;\r | |
494 | }\r | |
495 | \r | |
496 | DevicePathLen = GetDevicePathSize (DevicePath);\r | |
497 | Length = OFFSET_OF (OPAL_COMM_DEVICE_LIST, OpalDevicePath) + DevicePathLen;\r | |
498 | Buffer = OpalInitCommunicateBuffer((VOID**)&Parameter, Length, SMM_FUNCTION_SET_OPAL_PASSWORD);\r | |
499 | if (Buffer == NULL) {\r | |
500 | return EFI_OUT_OF_RESOURCES;\r | |
501 | }\r | |
502 | \r | |
503 | if (Password != NULL) {\r | |
504 | CopyMem((VOID*)Parameter->Password, Password, PasswordLen);\r | |
505 | Parameter->PasswordLength = (UINT8)PasswordLen;\r | |
506 | }\r | |
507 | CopyMem (&Parameter->OpalDevicePath, DevicePath, DevicePathLen);\r | |
508 | \r | |
509 | Status = OpalSendCommunicateBuffer(Buffer, Length);\r | |
510 | if (EFI_ERROR(Status)) {\r | |
511 | goto EXIT;\r | |
512 | }\r | |
513 | \r | |
514 | EXIT:\r | |
515 | ZeroMem(Parameter, Length);\r | |
516 | FreePool(Buffer);\r | |
517 | \r | |
518 | return Status;\r | |
519 | }\r | |
520 | \r | |
521 | /**\r | |
522 | Get saved Opal device list.\r | |
523 | \r | |
524 | @retval return opal device list.\r | |
525 | \r | |
526 | **/\r | |
527 | LIST_ENTRY*\r | |
528 | EFIAPI\r | |
529 | OpalSupportGetOpalDeviceList (\r | |
530 | VOID\r | |
531 | )\r | |
532 | {\r | |
533 | return &mDeviceList;\r | |
534 | }\r | |
535 | \r | |
536 | /**\r | |
537 | Check if the password is full zero.\r | |
538 | \r | |
539 | @param[in] Password Points to the Data Buffer\r | |
540 | \r | |
541 | @retval TRUE This password string is full zero.\r | |
542 | @retval FALSE This password string is not full zero.\r | |
543 | \r | |
544 | **/\r | |
545 | BOOLEAN\r | |
546 | OpalPasswordIsFullZero (\r | |
547 | IN UINT8 *Password\r | |
548 | )\r | |
549 | {\r | |
550 | UINTN Index;\r | |
551 | \r | |
552 | for (Index = 0; Index < OPAL_PASSWORD_MAX_LENGTH; Index++) {\r | |
553 | if (Password[Index] != 0) {\r | |
554 | return FALSE;\r | |
555 | }\r | |
556 | }\r | |
557 | \r | |
558 | return TRUE;\r | |
559 | }\r | |
560 | \r | |
561 | /**\r | |
562 | Save hdd password to SMM.\r | |
563 | \r | |
564 | @param[in] DevicePath Input device path info for the device.\r | |
565 | @param[in] Password The hdd password of attached ATA device.\r | |
566 | @param[in] PasswordLength The hdd password length.\r | |
567 | \r | |
568 | @retval EFI_OUT_OF_RESOURCES Insufficient resources to create database record\r | |
569 | @retval EFI_SUCCESS The function has been successfully executed.\r | |
570 | \r | |
571 | **/\r | |
572 | EFI_STATUS\r | |
573 | OpalSavePasswordToSmm (\r | |
574 | IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r | |
575 | IN UINT8 *Password,\r | |
576 | IN UINT8 PasswordLength\r | |
577 | )\r | |
578 | {\r | |
579 | OPAL_DISK_AND_PASSWORD_INFO *List;\r | |
580 | OPAL_DISK_AND_PASSWORD_INFO *Dev;\r | |
581 | LIST_ENTRY *Entry;\r | |
582 | UINTN DevicePathLen;\r | |
583 | \r | |
584 | DevicePathLen = GetDevicePathSize (DevicePath);\r | |
585 | \r | |
586 | for (Entry = mDeviceList.ForwardLink; Entry != &mDeviceList; Entry = Entry->ForwardLink) {\r | |
587 | List = BASE_CR (Entry, OPAL_DISK_AND_PASSWORD_INFO, Link);\r | |
588 | if (CompareMem (&List->OpalDevicePath, DevicePath, DevicePathLen) == 0) {\r | |
589 | CopyMem(List->Password, Password, OPAL_PASSWORD_MAX_LENGTH);\r | |
590 | return EFI_SUCCESS;\r | |
591 | }\r | |
592 | }\r | |
593 | \r | |
594 | Dev = AllocateZeroPool (OFFSET_OF (OPAL_DISK_AND_PASSWORD_INFO, OpalDevicePath) + DevicePathLen);\r | |
595 | if (Dev == NULL) {\r | |
596 | return EFI_OUT_OF_RESOURCES;\r | |
597 | }\r | |
598 | \r | |
599 | Dev->PasswordLength = PasswordLength;\r | |
600 | CopyMem(&(Dev->Password), Password, OPAL_PASSWORD_MAX_LENGTH);\r | |
601 | CopyMem(&(Dev->OpalDevicePath), DevicePath, DevicePathLen);\r | |
602 | \r | |
603 | InsertHeadList (&mDeviceList, &Dev->Link);\r | |
604 | \r | |
605 | return EFI_SUCCESS;\r | |
606 | }\r | |
607 | \r | |
608 | /**\r | |
609 | Communication service SMI Handler entry.\r | |
610 | \r | |
611 | This SMI handler provides services for saving HDD password and saving S3 boot script when ready to boot.\r | |
612 | \r | |
613 | @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r | |
614 | @param[in] RegisterContext Points to an optional handler context which was specified when the\r | |
615 | handler was registered.\r | |
616 | @param[in, out] CommBuffer A pointer to a collection of Data in memory that will\r | |
617 | be conveyed from a non-SMM environment into an SMM environment.\r | |
618 | @param[in, out] CommBufferSize The Size of the CommBuffer.\r | |
619 | \r | |
620 | @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers\r | |
621 | should still be called.\r | |
622 | @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should\r | |
623 | still be called.\r | |
624 | @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still\r | |
625 | be called.\r | |
626 | @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r | |
627 | **/\r | |
628 | EFI_STATUS\r | |
629 | SmmOpalPasswordHandler (\r | |
630 | IN EFI_HANDLE DispatchHandle,\r | |
631 | IN CONST VOID *RegisterContext,\r | |
632 | IN OUT VOID *CommBuffer,\r | |
633 | IN OUT UINTN *CommBufferSize\r | |
634 | )\r | |
635 | {\r | |
636 | EFI_STATUS Status;\r | |
637 | OPAL_SMM_COMMUNICATE_HEADER *SmmFunctionHeader;\r | |
638 | UINTN TempCommBufferSize;\r | |
639 | UINT8 *NewPassword;\r | |
640 | UINT8 PasswordLength;\r | |
641 | EFI_DEVICE_PATH_PROTOCOL *DevicePath;\r | |
642 | \r | |
643 | if (CommBuffer == NULL || CommBufferSize == NULL) {\r | |
644 | return EFI_SUCCESS;\r | |
645 | }\r | |
646 | \r | |
647 | TempCommBufferSize = *CommBufferSize;\r | |
648 | if (TempCommBufferSize < OFFSET_OF (OPAL_SMM_COMMUNICATE_HEADER, Data)) {\r | |
649 | return EFI_SUCCESS;\r | |
650 | }\r | |
651 | \r | |
652 | Status = EFI_SUCCESS;\r | |
653 | SmmFunctionHeader = (OPAL_SMM_COMMUNICATE_HEADER *)CommBuffer;\r | |
654 | \r | |
655 | DevicePath = &((OPAL_COMM_DEVICE_LIST*)(SmmFunctionHeader->Data))->OpalDevicePath;\r | |
656 | PasswordLength = ((OPAL_COMM_DEVICE_LIST*)(SmmFunctionHeader->Data))->PasswordLength;\r | |
657 | NewPassword = ((OPAL_COMM_DEVICE_LIST*)(SmmFunctionHeader->Data))->Password;\r | |
658 | \r | |
659 | switch (SmmFunctionHeader->Function) {\r | |
660 | case SMM_FUNCTION_SET_OPAL_PASSWORD:\r | |
661 | if (OpalPasswordIsFullZero (NewPassword) || PasswordLength == 0) {\r | |
662 | Status = EFI_INVALID_PARAMETER;\r | |
663 | goto EXIT;\r | |
664 | }\r | |
665 | \r | |
666 | Status = OpalSavePasswordToSmm (DevicePath, NewPassword, PasswordLength);\r | |
667 | break;\r | |
668 | \r | |
669 | default:\r | |
670 | Status = EFI_UNSUPPORTED;\r | |
671 | break;\r | |
672 | }\r | |
673 | \r | |
674 | EXIT:\r | |
675 | SmmFunctionHeader->ReturnStatus = Status;\r | |
676 | \r | |
677 | //\r | |
678 | // Return EFI_SUCCESS cause only one handler can be trigged.\r | |
679 | // so return EFI_WARN_INTERRUPT_SOURCE_PENDING to make all handler can be trigged.\r | |
680 | //\r | |
681 | return EFI_WARN_INTERRUPT_SOURCE_PENDING;\r | |
682 | }\r | |
683 | \r | |
684 | /**\r | |
685 | The constructor function.\r | |
686 | \r | |
687 | Register SMI handler when link to SMM driver.\r | |
688 | \r | |
689 | @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.\r | |
690 | \r | |
691 | **/\r | |
692 | EFI_STATUS\r | |
693 | EFIAPI\r | |
694 | OpalPasswordSupportLibConstructor (\r | |
695 | VOID\r | |
696 | )\r | |
697 | {\r | |
698 | EFI_SMM_BASE2_PROTOCOL *SmmBase2;\r | |
699 | EFI_SMM_SYSTEM_TABLE2 *Smst;\r | |
700 | EFI_HANDLE SmmHandle;\r | |
701 | EFI_STATUS Status;\r | |
702 | \r | |
703 | Status = gBS->LocateProtocol (&gEfiSmmBase2ProtocolGuid, NULL, (VOID**) &SmmBase2);\r | |
704 | if (EFI_ERROR (Status)) {\r | |
705 | return RETURN_SUCCESS;\r | |
706 | }\r | |
707 | Status = SmmBase2->InSmm (SmmBase2, &gInSmm);\r | |
708 | if (EFI_ERROR (Status)) {\r | |
709 | return RETURN_SUCCESS;\r | |
710 | }\r | |
711 | if (!gInSmm) {\r | |
712 | return RETURN_SUCCESS;\r | |
713 | }\r | |
714 | \r | |
715 | //\r | |
716 | // Good, we are in SMM\r | |
717 | //\r | |
718 | Status = SmmBase2->GetSmstLocation (SmmBase2, &Smst);\r | |
719 | if (EFI_ERROR (Status)) {\r | |
720 | return RETURN_SUCCESS;\r | |
721 | }\r | |
722 | \r | |
723 | SmmHandle = NULL;\r | |
724 | Status = Smst->SmiHandlerRegister (SmmOpalPasswordHandler, &gOpalPasswordNotifyProtocolGuid, &SmmHandle);\r | |
725 | ASSERT_EFI_ERROR (Status);\r | |
726 | \r | |
727 | return EFI_SUCCESS;\r | |
728 | }\r | |
729 | \r | |
730 | /**\r | |
731 | The Destructor function.\r | |
732 | \r | |
733 | Clean the saved opal device list.\r | |
734 | \r | |
735 | @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.\r | |
736 | \r | |
737 | **/\r | |
738 | EFI_STATUS\r | |
739 | EFIAPI\r | |
740 | OpalPasswordSupportLibDestructor (\r | |
741 | VOID\r | |
742 | )\r | |
743 | {\r | |
744 | OPAL_DISK_AND_PASSWORD_INFO *Device;\r | |
745 | \r | |
746 | while (!IsListEmpty (&mDeviceList)) {\r | |
747 | Device = BASE_CR (mDeviceList.ForwardLink, OPAL_DISK_AND_PASSWORD_INFO, Link);\r | |
748 | \r | |
749 | RemoveEntryList (&Device->Link);\r | |
750 | FreePool (Device);\r | |
751 | }\r | |
752 | \r | |
753 | return EFI_SUCCESS;\r | |
754 | }\r |