]> git.proxmox.com Git - mirror_edk2.git/blame - MdePkg/Include/Protocol/BlockIoCrypto.h
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
MdePkg: Add the missing spec version information for header files
[mirror_edk2.git] / MdePkg / Include / Protocol / BlockIoCrypto.h
CommitLineData
21bd4958
FT		 1/** @file\r
2 The UEFI Inline Cryptographic Interface protocol provides services to abstract\r
3 access to inline cryptographic capabilities.\r
4\r
497a5fb1 5 Copyright (c) 2015-2018, Intel Corporation. All rights reserved.<BR>\r
21bd4958
FT		 6 This program and the accompanying materials\r
7 are licensed and made available under the terms and conditions of the BSD License\r
8 which accompanies this distribution. The full text of the license may be found at\r
9 http://opensource.org/licenses/bsd-license.php\r
10\r
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
13\r
497a5fb1
SZ		 14 @par Revision Reference:\r
15 This Protocol was introduced in UEFI Specification 2.5.\r
16\r
21bd4958
FT		 17**/\r
18\r
19#ifndef __BLOCK_IO_CRYPTO_H__\r
20#define __BLOCK_IO_CRYPTO_H__\r
21\r
22#include <Protocol/BlockIo.h>\r
23\r
24#define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \\r
25 { \\r
26 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8} \\r
27 }\r
28\r
29typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL;\r
30\r
31///\r
32/// The struct of Block I/O Crypto Token.\r
33///\r
34typedef struct {\r
35 //\r
36 // If Event is NULL, then blocking I/O is performed. If Event is not NULL and\r
37 // non-blocking I/O is supported, then non-blocking I/O is performed, and\r
38 // Event will be signaled when the read request is completed and data was\r
39 // decrypted (when Index was specified).\r
40 //\r
41 EFI_EVENT Event;\r
42 //\r
43 // Defines whether or not the signaled event encountered an error.\r
44 //\r
45 EFI_STATUS TransactionStatus;\r
46} EFI_BLOCK_IO_CRYPTO_TOKEN;\r
47\r
e9d6470b
FT		 48typedef struct {\r
49 //\r
50 // GUID of the algorithm.\r
51 //\r
52 EFI_GUID Algorithm;\r
53 //\r
54 // Specifies KeySizein bits used with this Algorithm.\r
55 //\r
56 UINT64 KeySize;\r
57 //\r
58 // Specifies bitmask of block sizes supported by this algorithm.\r
59 // Bit j being set means that 2^j bytes crypto block size is supported.\r
60 //\r
61 UINT64 CryptoBlockSizeBitMask;\r
62} EFI_BLOCK_IO_CRYPTO_CAPABILITY;\r
63\r
64///\r
65/// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in CryptoIvInput\r
66/// parameters passed to the ReadExtended and WriteExtended methods for Inline\r
67/// Cryptographic Interface.\r
68/// Its purpose is to pass size of the entire CryptoIvInputparameter memory buffer to\r
69/// the Inline Cryptographic Interface.\r
70///\r
71typedef struct {\r
72 UINT64 InputSize;\r
73} EFI_BLOCK_IO_CRYPTO_IV_INPUT;\r
74\r
75#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \\r
76 { \\r
77 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b, 0xec} \\r
78 }\r
79\r
80extern EFI_GUID gEfiBlockIoCryptoAlgoAesXtsGuid;\r
81\r
82typedef struct {\r
83 EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r
84 UINT64 CryptoBlockNumber;\r
85 UINT64 CryptoBlockByteSize;\r
86} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS;\r
87\r
88#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \\r
89 { \\r
90 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86, 0x70} \\r
91 }\r
92\r
93extern EFI_GUID gEfiBlockIoCryptoAlgoAesCbcMsBitlockerGuid;\r
94\r
95typedef struct {\r
96 EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r
97 UINT64 CryptoBlockByteOffset;\r
98 UINT64 CryptoBlockByteSize;\r
99} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER;\r
100\r
101#define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF\r
102\r
103typedef struct {\r
104 //\r
105 // Is inline cryptographic capability supported on this device.\r
106 //\r
107 BOOLEAN Supported;\r
108 //\r
109 // Maximum number of keys that can be configured at the same time.\r
110 //\r
111 UINT64 KeyCount;\r
112 //\r
113 // Number of supported capabilities.\r
114 //\r
115 UINT64 CapabilityCount;\r
116 //\r
117 // Array of supported capabilities.\r
118 //\r
119 EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1];\r
120} EFI_BLOCK_IO_CRYPTO_CAPABILITIES;\r
121\r
122typedef struct {\r
123 //\r
124 // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be\r
125 // used to set any available entry in the configuration table.\r
126 //\r
127 UINT64 Index;\r
128 //\r
129 // Identifies the owner of the configuration table entry. Entry can also be used\r
130 // with the Nil value to clear key from the configuration table index.\r
131 //\r
132 EFI_GUID KeyOwnerGuid;\r
133 //\r
134 // A supported capability to be used. The CryptoBlockSizeBitMask field of the\r
135 // structure should have only one bit set from the supported mask.\r
136 //\r
137 EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r
138 //\r
139 // Pointer to the key. The size of the key is defined by the KeySize field of\r
140 // the capability specified by the Capability parameter.\r
141 //\r
142 VOID *CryptoKey;\r
143} EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY;\r
144\r
145typedef struct {\r
146 //\r
147 // Configuration table index.\r
148 //\r
149 UINT64 Index;\r
150 //\r
151 // Identifies the current owner of the entry.\r
152 //\r
153 EFI_GUID KeyOwnerGuid;\r
154 //\r
155 // The capability to be used. The CryptoBlockSizeBitMask field of the structure\r
156 // has only one bit set from the supported mask.\r
157 //\r
158 EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r
159} EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY;\r
21bd4958
FT		 160\r
161/**\r
162 Reset the block device hardware.\r
163\r
164 The Reset() function resets the block device hardware.\r
165\r
166 As part of the initialization process, the firmware/device will make a quick but\r
167 reasonable attempt to verify that the device is functioning.\r
168\r
169 If the ExtendedVerificationflag is TRUE the firmware may take an extended amount\r
170 of time to verify the device is operating on reset. Otherwise the reset operation\r
171 is to occur as quickly as possible.\r
172\r
173 The hardware verification process is not defined by this specification and is left\r
174 up to the platform firmware or driver to implement.\r
175\r
176 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
177 @param[in] ExtendedVerification Indicates that the driver may perform a more exhausive\r
00b7cc0f 178 verification operation of the device during reset.\r
21bd4958
FT		 179\r
180 @retval EFI_SUCCESS The block device was reset.\r
181 @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could\r
182 not be reset.\r
183 @retval EFI_INVALID_PARAMETER This is NULL.\r
184\r
185**/\r
186typedef\r
187EFI_STATUS\r
188(EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) (\r
189 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
190 IN BOOLEAN ExtendedVerification\r
191 );\r
192\r
193/**\r
194 Get the capabilities of the underlying inline cryptographic interface.\r
195\r
196 The GetCapabilities() function determines whether pre-OS controllable inline crypto\r
197 is supported by the system for the current disk and, if so, returns the capabilities\r
198 of the crypto engine.\r
199\r
200 The caller is responsible for providing the Capabilities structure with a sufficient\r
201 number of entries.\r
202\r
203 If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is returned and the\r
204 CapabilityCount field contains the number of entries needed to contain the capabilities.\r
205\r
206 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
207 @param[out] Capabilities Pointer to the EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure.\r
208\r
209 @retval EFI_SUCCESS The ICI is ready for use.\r
210 @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The number of\r
211 entries needed is returned in the CapabilityCount field\r
212 of the structure.\r
213 @retval EFI_NO_RESPONSE No response was received from the ICI.\r
214 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r
215 @retval EFI_INVALID_PARAMETER This is NULL.\r
216 @retval EFI_INVALID_PARAMETER Capabilities is NULL.\r
217\r
218**/\r
219typedef\r
220EFI_STATUS\r
221(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) (\r
222 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
223 OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities\r
224 );\r
225\r
226/**\r
227 Set the configuration of the underlying inline cryptographic interface.\r
228\r
229 The SetConfiguration() function allows the user to set the current configuration of the\r
230 inline cryptographic interface and should be called before attempting any crypto operations.\r
231\r
232 This configures the configuration table entries with algorithms, key sizes and keys. Each\r
233 configured entry can later be referred to by index at the time of storage transaction.\r
234\r
235 The configuration table index will refer to the combination ofKeyOwnerGuid, Algorithm, and\r
236 CryptoKey.\r
237\r
238 KeyOwnerGuid identifies the component taking ownership of the entry. It helps components to\r
239 identify their own entries, cooperate with other owner components, and avoid conflicts. This\r
240 Guid identifier is there to help coordination between cooperating components and not a security\r
241 or synchronization feature. The Nil GUID can be used by a component to release use of entry\r
242 owned. It is also used to identify potentially available entries (see GetConfiguration).\r
243\r
244 CryptoKey specifies algorithm-specific key material to use within parameters of selected crypto\r
245 capability.\r
246\r
247 This function is called infrequently typically once, on device start, before IO starts. It\r
248 can be called at later times in cases the number of keysused on the drive is higher than what\r
249 can be configured at a time or a new key has to be added.\r
250\r
251 Components setting or changing an entry or entries for a given index or indices must ensure\r
252 that IO referencing affected indices is temporarily blocked (run-down) at the time of change.\r
253\r
254 Indices parameters in each parameter table entry allow to set only a portion of the available\r
255 table entries in the crypto module anywhere from single entry to entire table supported.\r
256\r
257 If corresponding table entry or entries being set are already in use by another owner the call\r
258 should be failed and none of the entries should be modified. The interface implementation must\r
259 enforce atomicity of this operation (should either succeed fully or fail completely without\r
260 modifying state).\r
261\r
262 Note that components using GetConfiguration command to discover available entries should be\r
263 prepared that by the time of calling SetConfiguration the previously available entry may have\r
264 become occupied. Such components should be prepared to re-try the sequence of operations.\r
265\r
266 Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the implementation discover\r
267 and allocate available,if any, indices atomically.\r
268\r
269 An optional ResultingTable pointer can be provided by the caller to receive the newly configured\r
270 entries. The array provided by the caller must have at least ConfigurationCount of entries.\r
271\r
272 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
273 @param[in] ConfigurationCount Number of entries being configured with this call.\r
274 @param[in] ConfigurationTable Pointer to a table used to populate the configuration table.\r
275 @param[out] ResultingTable Optional pointer to a table that receives the newly configured\r
276 entries.\r
277\r
278 @retval EFI_SUCCESS The ICI is ready for use.\r
279 @retval EFI_NO_RESPONSE No response was received from the ICI.\r
280 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r
281 @retval EFI_INVALID_PARAMETER This is NULL.\r
282 @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL.\r
283 @retval EFI_INVALID_PARAMETER ConfigurationCount is 0.\r
284 @retval EFI_OUT_OF_RESOURCES Could not find the requested number of available entries in the\r
285 configuration table.\r
286\r
287**/\r
288typedef\r
289EFI_STATUS\r
290(EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) (\r
291 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
292 IN UINT64 ConfigurationCount,\r
293 IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable,\r
294 OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable OPTIONAL\r
295 );\r
296\r
21bd4958
FT		 297/**\r
298 Get the configuration of the underlying inline cryptographic interface.\r
299\r
300 The GetConfiguration() function allows the user to get the configuration of the inline\r
301 cryptographic interface.\r
302\r
303 Retrieves, entirely or partially, the currently configured key table. Note that the keys\r
304 themselves are not retrieved, but rather just indices, owner GUIDs and capabilities.\r
305\r
306 If fewer entries than specified by ConfigurationCount are returned, the Index field of the\r
307 unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY.\r
308\r
309 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
310 @param[in] StartIndex Configuration table index at which to start the configuration\r
311 query.\r
312 @param[in] ConfigurationCount Number of entries to return in the response table.\r
313 @param[in] KeyOwnerGuid Optional parameter to filter response down to entries with a\r
314 given owner. A pointer to the Nil value can be used to return\r
315 available entries. Set to NULL when no owner filtering is required.\r
316 @param[out] ConfigurationTable Table of configured configuration table entries (with no CryptoKey\r
317 returned): configuration table index, KeyOwnerGuid, Capability.\r
318 Should have sufficient space to store up to ConfigurationCount\r
319 entries.\r
320\r
321 @retval EFI_SUCCESS The ICI is ready for use.\r
322 @retval EFI_NO_RESPONSE No response was received from the ICI.\r
323 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r
324 @retval EFI_INVALID_PARAMETER This is NULL.\r
325 @retval EFI_INVALID_PARAMETER Configuration table is NULL.\r
326 @retval EFI_INVALID_PARAMETER StartIndex is out of bounds.\r
327\r
328**/\r
329typedef\r
330EFI_STATUS\r
331(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) (\r
332 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
333 IN UINT64 StartIndex,\r
334 IN UINT64 ConfigurationCount,\r
335 IN EFI_GUID *KeyOwnerGuid OPTIONAL,\r
336 OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable\r
337);\r
338\r
339/**\r
340 Reads the requested number of blocks from the device and optionally decrypts\r
341 them inline.\r
342\r
343 TheReadExtended() function allows the caller to perform a storage device read\r
344 operation. The function reads the requested number of blocks from the device\r
345 and then if Index is specified decrypts them inline. All the blocks are read\r
346 and decrypted (if decryption requested), or an error is returned.\r
347\r
348 If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r
349 MediaId is not the ID for the current media in the device, the function returns\r
350 EFI_MEDIA_CHANGED.\r
351\r
352 If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r
353 I/O is being used, the Event associated with this request will not be signaled.\r
354\r
355 In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r
356 this command will also specify a configuration table Index and CryptoIvInput\r
357 when data has to be decrypted inline by the controller after being read from\r
358 the storage device. If an Index parameter is not specified, no decryption is\r
359 performed.\r
360\r
361 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
362 @param[in] MediaId The media ID that the read request is for.\r
363 @param[in] LBA The starting logical block address to read from on\r
364 the device.\r
365 @param[in, out] Token A pointer to the token associated with the transaction.\r
366 @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r
367 of the intrinsic block size of the device.\r
368 @param[out] Buffer A pointer to the destination buffer for the data. The\r
369 caller is responsible for either having implicit or\r
370 explicit ownership of the buffer.\r
371 @param[in] Index A pointer to the configuration table index. This is\r
372 optional.\r
373 @param[in] CryptoIvInput A pointer to a buffer that contains additional\r
374 cryptographic parameters as required by the capability\r
375 referenced by the configuration table index, such as\r
376 cryptographic initialization vector.\r
377\r
378 @retval EFI_SUCCESS The read request was queued if Token-> Event is not NULL.\r
379 The data was read correctly from the device if the\r
380 Token->Event is NULL.\r
381 @retval EFI_DEVICE_ERROR The device reported an error while attempting to perform\r
382 the read operation and/or decryption operation.\r
383 @retval EFI_NO_MEDIA There is no media in the device.\r
384 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
385 @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r
386 block size of the device.\r
387 @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains LBAs that are\r
388 not valid, or the buffer is not on proper alignment.\r
389 @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r
390 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r
391 resources.\r
392\r
393**/\r
394typedef\r
395EFI_STATUS\r
396(EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) (\r
397 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
398 IN UINT32 MediaId,\r
399 IN EFI_LBA LBA,\r
400 IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r
401 IN UINT64 BufferSize,\r
402 OUT VOID *Buffer,\r
403 IN UINT64 *Index OPTIONAL,\r
404 IN VOID *CryptoIvInput OPTIONAL\r
405 );\r
406\r
407/**\r
408 Optionally encrypts a specified number of blocks inline and then writes to the\r
409 device.\r
410\r
411 The WriteExtended() function allows the caller to perform a storage device write\r
412 operation. The function encrypts the requested number of blocks inline if Index\r
413 is specified and then writes them to the device. All the blocks are encrypted\r
414 (if encryption requested) and written, or an error is returned.\r
415\r
416 If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r
417 MediaId is not the ID for the current media in the device, the function returns\r
418 EFI_MEDIA_CHANGED.\r
419\r
420 If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r
421 I/O is being used, the Event associated with this request will not be signaled.\r
422\r
423 In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r
424 this command will also specify a configuration table Index and a CryptoIvInput\r
425 when data has to be decrypted inline by the controller before being written to\r
426 the storage device. If no Index parameter is specified, no encryption is performed.\r
427\r
428 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
429 @param[in] MediaId The media ID that the read request is for.\r
430 @param[in] LBA The starting logical block address to read from on\r
431 the device.\r
432 @param[in, out] Token A pointer to the token associated with the transaction.\r
433 @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r
434 of the intrinsic block size of the device.\r
435 @param[in] Buffer A pointer to the source buffer for the data.\r
436 @param[in] Index A pointer to the configuration table index. This is\r
437 optional.\r
438 @param[in] CryptoIvInput A pointer to a buffer that contains additional\r
439 cryptographic parameters as required by the capability\r
440 referenced by the configuration table index, such as\r
441 cryptographic initialization vector.\r
442\r
443 @retval EFI_SUCCESS The request to encrypt (optionally) and write was queued\r
444 if Event is not NULL. The data was encrypted (optionally)\r
445 and written correctly to the device if the Event is NULL.\r
446 @retval EFI_WRITE_PROTECTED The device cannot be written to.\r
447 @retval EFI_NO_MEDIA There is no media in the device.\r
448 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
449 @retval EFI_DEVICE_ERROR The device reported an error while attempting to encrypt\r
450 blocks or to perform the write operation.\r
451 @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r
452 block size of the device.\r
453 @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains LBAs that are\r
454 not valid, or the buffer is not on proper alignment.\r
455 @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r
456 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r
457 resources.\r
458\r
459**/\r
460typedef\r
461EFI_STATUS\r
462(EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) (\r
463 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
464 IN UINT32 MediaId,\r
465 IN EFI_LBA LBA,\r
466 IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r
467 IN UINT64 BufferSize,\r
468 IN VOID *Buffer,\r
469 IN UINT64 *Index OPTIONAL,\r
470 IN VOID *CryptoIvInput OPTIONAL\r
471 );\r
472\r
473/**\r
474 Flushes all modified data toa physical block device.\r
475\r
476 The FlushBlocks() function flushes all modified data to the physical block device.\r
477 Any modified data that has to be encrypted must have been already encrypted as a\r
478 part of WriteExtended() operation - inline crypto operation cannot be a part of\r
479 flush operation.\r
480\r
481 All data written to the device prior to the flush must be physically written before\r
482 returning EFI_SUCCESS from this function. This would include any cached data the\r
483 driver may have cached, and cached data the device may have cached. A flush may\r
484 cause a read request following the flush to force a device access.\r
485\r
486 If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED is\r
487 returned and non-blocking I/O is being used, the Event associated with this request\r
488 will not be signaled.\r
489\r
490 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
491 @param[in, out] Token A pointer to the token associated with the transaction.\r
492\r
493 @retval EFI_SUCCESS The flush request was queued if Event is not NULL. All\r
494 outstanding data was written correctly to the device if\r
495 the Event is NULL.\r
496 @retval EFI_DEVICE_ERROR The device reported an error while attempting to write data.\r
497 @retval EFI_WRITE_PROTECTED The device cannot be written to.\r
498 @retval EFI_NO_MEDIA There is no media in the device.\r
499 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
500 @retval EFI_INVALID_PARAMETER This is NULL.\r
501 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r
502 resources.\r
503\r
504**/\r
505typedef\r
506EFI_STATUS\r
507(EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) (\r
508 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
509 IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token\r
510 );\r
511\r
21bd4958
FT		 512///\r
513/// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI\r
514/// drivers and applications to perform block encryption on a storage device, such as UFS.\r
515///\r
516struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL {\r
517 EFI_BLOCK_IO_MEDIA *Media;\r
518 EFI_BLOCK_IO_CRYPTO_RESET Reset;\r
519 EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities;\r
520 EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration;\r
521 EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration;\r
522 EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended;\r
523 EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended;\r
524 EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks;\r
525};\r
526\r
527extern EFI_GUID gEfiBlockIoCryptoProtocolGuid;\r
528\r
529#endif\r
530\r
EFI Development Kit II mirror for PVE