]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SecurityPkg: Fix typos in comments
[mirror_edk2.git] / SecurityPkg / Library / TcgStorageOpalLib / TcgStorageOpalCore.c
diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
index f60a427012bc4480359a23f2d28cdf6a348cdb8b..90cc51a24c170e829873f5a7180fa9f0a183657f 100644 (file)
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
@@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin(
   TCG_PARSE_STRUCT  ParseStruct;\r
   UINT32            Size;\r
   TCG_UID           ActiveKey;\r
+  TCG_RESULT        Ret;\r
 \r
   NULL_CHECK(LockingSpSession);\r
   NULL_CHECK(NewPin);\r
@@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin(
   ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size));\r
   ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));\r
 \r
-  ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey));\r
-\r
-  ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));\r
-  ERROR_CHECK(TcgCreateSetAce(\r
-                  &CreateStruct,\r
-                  &Size,\r
-                  LockingSpSession->OpalBaseComId,\r
-                  LockingSpSession->ComIdExtension,\r
-                  LockingSpSession->TperSessionId,\r
-                  LockingSpSession->HostSessionId,\r
-                  (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,\r
-                  OPAL_LOCKING_SP_USER1_AUTHORITY,\r
-                  TCG_ACE_EXPRESSION_OR,\r
-                  OPAL_LOCKING_SP_ADMINS_AUTHORITY\r
-              ));\r
+  //\r
+  // For Pyrite type SSC, it not supports Active Key. \r
+  // So here add check logic before enable it.\r
+  //\r
+  Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey);\r
+  if (Ret == TcgResultSuccess) {\r
+    ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));\r
+    ERROR_CHECK(TcgCreateSetAce(\r
+                    &CreateStruct,\r
+                    &Size,\r
+                    LockingSpSession->OpalBaseComId,\r
+                    LockingSpSession->ComIdExtension,\r
+                    LockingSpSession->TperSessionId,\r
+                    LockingSpSession->HostSessionId,\r
+                    (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,\r
+                    OPAL_LOCKING_SP_USER1_AUTHORITY,\r
+                    TCG_ACE_EXPRESSION_OR,\r
+                    OPAL_LOCKING_SP_ADMINS_AUTHORITY\r
+                ));\r
 \r
-  ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));\r
+    ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));\r
 \r
-  if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r
-    DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));\r
-    //\r
-    //TODO do we want to disable user1 if all permissions are not granted\r
-    //\r
-    return TcgResultFailure;\r
+    if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r
+      DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));\r
+      //\r
+      // Disable user1 if all permissions are not granted.\r
+      //\r
+      return TcgResultFailure;\r
+    }\r
   }\r
 \r
   ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));\r
@@ -1049,7 +1055,7 @@ OpalGlobalLockingRangeGenKey(
 /**\r
 \r
   The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r
-  This funciton is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r
+  This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r
   (not ReadLockEnabled and WriteLockEnabled columns).\r
 \r
   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r
@@ -1515,6 +1521,12 @@ OpalGetSupportedAttributesInfo(
     SupportedAttributes->MediaEncryption = Feat->Locking.MediaEncryption;\r
   }\r
 \r
+  Size = 0;\r
+  Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_BLOCK_SID, &Size);\r
+  if (Feat != NULL && Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR)) {\r
+    SupportedAttributes->BlockSid = TRUE;\r
+  }\r
+\r
   DEBUG ((DEBUG_INFO, "Base COMID 0x%04X \n", *OpalBaseComId));\r
 \r
 \r
EFI Development Kit II mirror for PVE