]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | EFI Storage Security Command Protocol as defined in UEFI 2.3.1 specification.\r | |
3 | This protocol is used to abstract mass storage devices to allow code running in\r | |
4 | the EFI boot services environment to send security protocol commands to mass\r | |
5 | storage devices without specific knowledge of the type of device or controller\r | |
6 | that manages the device.\r | |
7 | \r | |
8 | Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
9 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
10 | \r | |
11 | **/\r | |
12 | \r | |
13 | #ifndef __STORAGE_SECURITY_COMMAND_H__\r | |
14 | #define __STORAGE_SECURITY_COMMAND_H__\r | |
15 | \r | |
16 | #define EFI_STORAGE_SECURITY_COMMAND_PROTOCOL_GUID \\r | |
17 | { \\r | |
18 | 0xC88B0B6D, 0x0DFC, 0x49A7, {0x9C, 0xB4, 0x49, 0x07, 0x4B, 0x4C, 0x3A, 0x78 } \\r | |
19 | }\r | |
20 | \r | |
21 | typedef struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL EFI_STORAGE_SECURITY_COMMAND_PROTOCOL;\r | |
22 | \r | |
23 | /**\r | |
24 | Send a security protocol command to a device that receives data and/or the result\r | |
25 | of one or more commands sent by SendData.\r | |
26 | \r | |
27 | The ReceiveData function sends a security protocol command to the given MediaId.\r | |
28 | The security protocol command sent is defined by SecurityProtocolId and contains\r | |
29 | the security protocol specific data SecurityProtocolSpecificData. The function\r | |
30 | returns the data from the security protocol command in PayloadBuffer.\r | |
31 | \r | |
32 | For devices supporting the SCSI command set, the security protocol command is sent\r | |
33 | using the SECURITY PROTOCOL IN command defined in SPC-4.\r | |
34 | \r | |
35 | For devices supporting the ATA command set, the security protocol command is sent\r | |
36 | using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize\r | |
37 | is non-zero.\r | |
38 | \r | |
39 | If the PayloadBufferSize is zero, the security protocol command is sent using the\r | |
40 | Trusted Non-Data command defined in ATA8-ACS.\r | |
41 | \r | |
42 | If PayloadBufferSize is too small to store the available data from the security\r | |
43 | protocol command, the function shall copy PayloadBufferSize bytes into the\r | |
44 | PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.\r | |
45 | \r | |
46 | If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero,\r | |
47 | the function shall return EFI_INVALID_PARAMETER.\r | |
48 | \r | |
49 | If the given MediaId does not support security protocol commands, the function shall\r | |
50 | return EFI_UNSUPPORTED. If there is no media in the device, the function returns\r | |
51 | EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device,\r | |
52 | the function returns EFI_MEDIA_CHANGED.\r | |
53 | \r | |
54 | If the security protocol fails to complete within the Timeout period, the function\r | |
55 | shall return EFI_TIMEOUT.\r | |
56 | \r | |
57 | If the security protocol command completes without an error, the function shall\r | |
58 | return EFI_SUCCESS. If the security protocol command completes with an error, the\r | |
59 | function shall return EFI_DEVICE_ERROR.\r | |
60 | \r | |
61 | @param This Indicates a pointer to the calling context.\r | |
62 | @param MediaId ID of the medium to receive data from.\r | |
63 | @param Timeout The timeout, in 100ns units, to use for the execution\r | |
64 | of the security protocol command. A Timeout value of 0\r | |
65 | means that this function will wait indefinitely for the\r | |
66 | security protocol command to execute. If Timeout is greater\r | |
67 | than zero, then this function will return EFI_TIMEOUT if the\r | |
68 | time required to execute the receive data command is greater than Timeout.\r | |
69 | @param SecurityProtocolId The value of the "Security Protocol" parameter of\r | |
70 | the security protocol command to be sent.\r | |
71 | @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter\r | |
72 | of the security protocol command to be sent.\r | |
73 | @param PayloadBufferSize Size in bytes of the payload data buffer.\r | |
74 | @param PayloadBuffer A pointer to a destination buffer to store the security\r | |
75 | protocol command specific payload data for the security\r | |
76 | protocol command. The caller is responsible for having\r | |
77 | either implicit or explicit ownership of the buffer.\r | |
78 | @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the\r | |
79 | data written to the payload data buffer.\r | |
80 | \r | |
81 | @retval EFI_SUCCESS The security protocol command completed successfully.\r | |
82 | @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available\r | |
83 | data from the device. The PayloadBuffer contains the truncated data.\r | |
84 | @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.\r | |
85 | @retval EFI_DEVICE_ERROR The security protocol command completed with an error.\r | |
86 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
87 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
88 | @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and\r | |
89 | PayloadBufferSize is non-zero.\r | |
90 | @retval EFI_TIMEOUT A timeout occurred while waiting for the security\r | |
91 | protocol command to execute.\r | |
92 | \r | |
93 | **/\r | |
94 | typedef\r | |
95 | EFI_STATUS\r | |
96 | (EFIAPI *EFI_STORAGE_SECURITY_RECEIVE_DATA)(\r | |
97 | IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,\r | |
98 | IN UINT32 MediaId,\r | |
99 | IN UINT64 Timeout,\r | |
100 | IN UINT8 SecurityProtocolId,\r | |
101 | IN UINT16 SecurityProtocolSpecificData,\r | |
102 | IN UINTN PayloadBufferSize,\r | |
103 | OUT VOID *PayloadBuffer,\r | |
104 | OUT UINTN *PayloadTransferSize\r | |
105 | );\r | |
106 | \r | |
107 | /**\r | |
108 | Send a security protocol command to a device.\r | |
109 | \r | |
110 | The SendData function sends a security protocol command containing the payload\r | |
111 | PayloadBuffer to the given MediaId. The security protocol command sent is\r | |
112 | defined by SecurityProtocolId and contains the security protocol specific data\r | |
113 | SecurityProtocolSpecificData. If the underlying protocol command requires a\r | |
114 | specific padding for the command payload, the SendData function shall add padding\r | |
115 | bytes to the command payload to satisfy the padding requirements.\r | |
116 | \r | |
117 | For devices supporting the SCSI command set, the security protocol command is sent\r | |
118 | using the SECURITY PROTOCOL OUT command defined in SPC-4.\r | |
119 | \r | |
120 | For devices supporting the ATA command set, the security protocol command is sent\r | |
121 | using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize\r | |
122 | is non-zero. If the PayloadBufferSize is zero, the security protocol command is\r | |
123 | sent using the Trusted Non-Data command defined in ATA8-ACS.\r | |
124 | \r | |
125 | If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall\r | |
126 | return EFI_INVALID_PARAMETER.\r | |
127 | \r | |
128 | If the given MediaId does not support security protocol commands, the function\r | |
129 | shall return EFI_UNSUPPORTED. If there is no media in the device, the function\r | |
130 | returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the\r | |
131 | device, the function returns EFI_MEDIA_CHANGED.\r | |
132 | \r | |
133 | If the security protocol fails to complete within the Timeout period, the function\r | |
134 | shall return EFI_TIMEOUT.\r | |
135 | \r | |
136 | If the security protocol command completes without an error, the function shall return\r | |
137 | EFI_SUCCESS. If the security protocol command completes with an error, the function\r | |
138 | shall return EFI_DEVICE_ERROR.\r | |
139 | \r | |
140 | @param This Indicates a pointer to the calling context.\r | |
141 | @param MediaId ID of the medium to receive data from.\r | |
142 | @param Timeout The timeout, in 100ns units, to use for the execution\r | |
143 | of the security protocol command. A Timeout value of 0\r | |
144 | means that this function will wait indefinitely for the\r | |
145 | security protocol command to execute. If Timeout is greater\r | |
146 | than zero, then this function will return EFI_TIMEOUT if the\r | |
147 | time required to execute the receive data command is greater than Timeout.\r | |
148 | @param SecurityProtocolId The value of the "Security Protocol" parameter of\r | |
149 | the security protocol command to be sent.\r | |
150 | @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter\r | |
151 | of the security protocol command to be sent.\r | |
152 | @param PayloadBufferSize Size in bytes of the payload data buffer.\r | |
153 | @param PayloadBuffer A pointer to a destination buffer to store the security\r | |
154 | protocol command specific payload data for the security\r | |
155 | protocol command.\r | |
156 | \r | |
157 | @retval EFI_SUCCESS The security protocol command completed successfully.\r | |
158 | @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.\r | |
159 | @retval EFI_DEVICE_ERROR The security protocol command completed with an error.\r | |
160 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
161 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
162 | @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero.\r | |
163 | @retval EFI_TIMEOUT A timeout occurred while waiting for the security\r | |
164 | protocol command to execute.\r | |
165 | \r | |
166 | **/\r | |
167 | typedef\r | |
168 | EFI_STATUS\r | |
169 | (EFIAPI *EFI_STORAGE_SECURITY_SEND_DATA) (\r | |
170 | IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,\r | |
171 | IN UINT32 MediaId,\r | |
172 | IN UINT64 Timeout,\r | |
173 | IN UINT8 SecurityProtocolId,\r | |
174 | IN UINT16 SecurityProtocolSpecificData,\r | |
175 | IN UINTN PayloadBufferSize,\r | |
176 | IN VOID *PayloadBuffer\r | |
177 | );\r | |
178 | \r | |
179 | ///\r | |
180 | /// The EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is used to send security protocol\r | |
181 | /// commands to a mass storage device. Two types of security protocol commands\r | |
182 | /// are supported. SendData sends a command with data to a device. ReceiveData\r | |
183 | /// sends a command that receives data and/or the result of one or more commands\r | |
184 | /// sent by SendData.\r | |
185 | ///\r | |
186 | /// The security protocol command formats supported shall be based on the definition\r | |
187 | /// of the SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands defined in SPC-4.\r | |
188 | /// If the device uses the SCSI command set, no translation is needed in the firmware\r | |
189 | /// and the firmware can package the parameters into a SECURITY PROTOCOL IN or SECURITY\r | |
190 | /// PROTOCOL OUT command and send the command to the device. If the device uses a\r | |
191 | /// non-SCSI command set, the firmware shall map the command and data payload to the\r | |
192 | /// corresponding command and payload format defined in the non-SCSI command set\r | |
193 | /// (for example, TRUSTED RECEIVE and TRUSTED SEND in ATA8-ACS).\r | |
194 | ///\r | |
195 | /// The firmware shall automatically add an EFI_STORAGE_SECURITY_COMMAND_PROTOCOL\r | |
196 | /// for any storage devices detected during system boot that support SPC-4, ATA8-ACS\r | |
197 | /// or their successors.\r | |
198 | ///\r | |
199 | struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL {\r | |
200 | EFI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData;\r | |
201 | EFI_STORAGE_SECURITY_SEND_DATA SendData;\r | |
202 | };\r | |
203 | \r | |
204 | extern EFI_GUID gEfiStorageSecurityCommandProtocolGuid;\r | |
205 | \r | |
206 | #endif\r |