2 Header file of Opal password support library.
4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #ifndef _OPAL_PASSWORD_SUPPORT_LIB_H_
17 #define _OPAL_PASSWORD_SUPPORT_LIB_H_
19 #include <Protocol/DevicePath.h>
20 #include <Library/TcgStorageOpalLib.h>
26 // Structure that is used to represent the available actions for an OpalDisk.
27 // The data can then be utilized to expose/hide certain actions available to an end user
28 // by the consumer of this library.
32 // Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority
34 UINT16 PsidRevert
: 1;
37 // Indicates if the disk can support Revert action
42 // Indicates if the user must keep data for revert action. It is true if no media encryption is supported.
44 UINT16 RevertKeepDataForced
: 1;
47 // Indicates if the disk can support set Admin password
52 // Indicates if the disk can support set User password. This action requires that a user
53 // password is first enabled.
58 // Indicates if unlock action is available. Requires disk to be currently locked.
63 // Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support.
65 UINT16 SecureErase
: 1;
68 // Indicates if Disable User action is available. Action requires admin credentials.
70 UINT16 DisableUser
: 1;
74 // Structure that is used to represent the Opal device with password info.
82 EFI_DEVICE_PATH_PROTOCOL OpalDevicePath
;
83 } OPAL_DISK_AND_PASSWORD_INFO
;
89 The function performs determines the available actions for the OPAL_DISK provided.
91 @param[in] SupportedAttributes The support attribute for the device.
92 @param[in] LockingFeature The locking status for the device.
93 @param[in] OwnerShip The ownership for the device.
94 @param[out] AvalDiskActions Pointer to fill-out with appropriate disk actions.
99 OpalSupportGetAvailableActions(
100 IN OPAL_DISK_SUPPORT_ATTRIBUTE
*SupportedAttributes
,
101 IN TCG_LOCKING_FEATURE_DESCRIPTOR
*LockingFeature
,
103 OUT OPAL_DISK_ACTIONS
*AvalDiskActions
107 Enable Opal Feature for the input device.
109 @param[in] Session The opal session for the opal device.
111 @param[in] MsidLength Msid Length
112 @param[in] Password Admin password
113 @param[in] PassLength Length of password in bytes
114 @param[in] DevicePath The device path for the opal devcie.
119 OpalSupportEnableOpalFeature(
120 IN OPAL_SESSION
*Session
,
122 IN UINT32 MsidLength
,
124 IN UINT32 PassLength
,
125 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
129 Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
131 @param[in] Session The opal session for the opal device.
132 @param[in] Psid PSID of device to revert.
133 @param[in] PsidLength Length of PSID in bytes.
134 @param[in] DevicePath The device path for the opal devcie.
139 OpalSupportPsidRevert(
140 IN OPAL_SESSION
*Session
,
142 IN UINT32 PsidLength
,
143 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
147 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
149 @param[in] Session The opal session for the opal device.
150 @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it
151 @param[in] Password Admin password
152 @param[in] PasswordLength Length of password in bytes
154 @param[in] MsidLength Msid Length
155 @param[out] PasswordFailed indicates if password failed (start session didn't work)
156 @param[in] DevicePath The device path for the opal devcie.
162 IN OPAL_SESSION
*Session
,
163 IN BOOLEAN KeepUserData
,
165 IN UINT32 PasswordLength
,
167 IN UINT32 MsidLength
,
168 OUT BOOLEAN
*PasswordFailed
,
169 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
175 @param[in] Session The opal session for the opal device.
176 @param[in] OldPassword Current admin password
177 @param[in] OldPasswordLength Length of current admin password in bytes
178 @param[in] NewPassword New admin password to set
179 @param[in] NewPasswordLength Length of new password in bytes
180 @param[in] DevicePath The device path for the opal devcie.
181 @param[in] SetAdmin Whether set admin password or user password.
182 TRUE for admin, FALSE for user.
187 OpalSupportSetPassword(
188 IN OPAL_SESSION
*Session
,
189 IN VOID
*OldPassword
,
190 IN UINT32 OldPasswordLength
,
191 IN VOID
*NewPassword
,
192 IN UINT32 NewPasswordLength
,
193 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
,
198 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
200 @param[in] Session The opal session for the opal device.
201 @param[in] Password Admin password
202 @param[in] PasswordLength Length of password in bytes
203 @param[out] PasswordFailed Indicates if password failed (start session didn't work)
204 @param[in] DevicePath The device path for the opal devcie.
209 OpalSupportDisableUser(
210 IN OPAL_SESSION
*Session
,
212 IN UINT32 PasswordLength
,
213 OUT BOOLEAN
*PasswordFailed
,
214 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
218 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
219 and updates the global locking range ReadLocked and WriteLocked columns to FALSE.
221 @param[in] Session The opal session for the opal device.
222 @param[in] Password Admin or user password
223 @param[in] PasswordLength Length of password in bytes
224 @param[in] DevicePath The device path for the opal devcie.
230 IN OPAL_SESSION
*Session
,
232 IN UINT32 PasswordLength
,
233 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
237 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
238 and updates the global locking range ReadLocked and WriteLocked columns to TRUE.
240 @param[in] Session The opal session for the opal device.
241 @param[in] Password Admin or user password
242 @param[in] PasswordLength Length of password in bytes
243 @param[in] DevicePath The device path for the opal devcie.
249 IN OPAL_SESSION
*Session
,
251 IN UINT32 PasswordLength
,
252 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
256 Check if the password is full zero.
258 @param[in] Password Points to the Data Buffer
260 @retval TRUE This password string is full zero.
261 @retval FALSE This password string is not full zero.
266 OpalSupportGetOpalDeviceList (
271 Transfer the password to the smm driver.
273 @param[in] DevicePath The device path for the opal devcie.
274 @param PasswordLen The input password length.
275 @param Password Input password buffer.
277 @retval EFI_SUCCESS Do the required action success.
278 @retval Others Error occured.
283 OpalSupportSendPasword(
284 EFI_DEVICE_PATH_PROTOCOL
*DevicePath
,
289 #endif // _OPAL_CORE_H_