]>
Commit | Line | Data |
---|---|---|
21bd4958 FT |
1 | /** @file\r |
2 | The UEFI Inline Cryptographic Interface protocol provides services to abstract\r | |
3 | access to inline cryptographic capabilities.\r | |
4 | \r | |
497a5fb1 | 5 | Copyright (c) 2015-2018, Intel Corporation. All rights reserved.<BR>\r |
9344f092 | 6 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
21bd4958 | 7 | \r |
497a5fb1 SZ |
8 | @par Revision Reference:\r |
9 | This Protocol was introduced in UEFI Specification 2.5.\r | |
10 | \r | |
21bd4958 FT |
11 | **/\r |
12 | \r | |
13 | #ifndef __BLOCK_IO_CRYPTO_H__\r | |
14 | #define __BLOCK_IO_CRYPTO_H__\r | |
15 | \r | |
16 | #include <Protocol/BlockIo.h>\r | |
17 | \r | |
18 | #define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \\r | |
19 | { \\r | |
20 | 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8} \\r | |
21 | }\r | |
22 | \r | |
23 | typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL;\r | |
24 | \r | |
25 | ///\r | |
26 | /// The struct of Block I/O Crypto Token.\r | |
27 | ///\r | |
28 | typedef struct {\r | |
29 | //\r | |
30 | // If Event is NULL, then blocking I/O is performed. If Event is not NULL and\r | |
31 | // non-blocking I/O is supported, then non-blocking I/O is performed, and\r | |
32 | // Event will be signaled when the read request is completed and data was\r | |
33 | // decrypted (when Index was specified).\r | |
34 | //\r | |
35 | EFI_EVENT Event;\r | |
36 | //\r | |
37 | // Defines whether or not the signaled event encountered an error.\r | |
38 | //\r | |
39 | EFI_STATUS TransactionStatus;\r | |
40 | } EFI_BLOCK_IO_CRYPTO_TOKEN;\r | |
41 | \r | |
e9d6470b FT |
42 | typedef struct {\r |
43 | //\r | |
44 | // GUID of the algorithm.\r | |
45 | //\r | |
46 | EFI_GUID Algorithm;\r | |
47 | //\r | |
48 | // Specifies KeySizein bits used with this Algorithm.\r | |
49 | //\r | |
50 | UINT64 KeySize;\r | |
51 | //\r | |
52 | // Specifies bitmask of block sizes supported by this algorithm.\r | |
53 | // Bit j being set means that 2^j bytes crypto block size is supported.\r | |
54 | //\r | |
55 | UINT64 CryptoBlockSizeBitMask;\r | |
56 | } EFI_BLOCK_IO_CRYPTO_CAPABILITY;\r | |
57 | \r | |
58 | ///\r | |
59 | /// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in CryptoIvInput\r | |
60 | /// parameters passed to the ReadExtended and WriteExtended methods for Inline\r | |
61 | /// Cryptographic Interface.\r | |
62 | /// Its purpose is to pass size of the entire CryptoIvInputparameter memory buffer to\r | |
63 | /// the Inline Cryptographic Interface.\r | |
64 | ///\r | |
65 | typedef struct {\r | |
66 | UINT64 InputSize;\r | |
67 | } EFI_BLOCK_IO_CRYPTO_IV_INPUT;\r | |
68 | \r | |
69 | #define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \\r | |
70 | { \\r | |
71 | 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b, 0xec} \\r | |
72 | }\r | |
73 | \r | |
74 | extern EFI_GUID gEfiBlockIoCryptoAlgoAesXtsGuid;\r | |
75 | \r | |
76 | typedef struct {\r | |
77 | EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r | |
78 | UINT64 CryptoBlockNumber;\r | |
79 | UINT64 CryptoBlockByteSize;\r | |
80 | } EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS;\r | |
81 | \r | |
82 | #define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \\r | |
83 | { \\r | |
84 | 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86, 0x70} \\r | |
85 | }\r | |
86 | \r | |
87 | extern EFI_GUID gEfiBlockIoCryptoAlgoAesCbcMsBitlockerGuid;\r | |
88 | \r | |
89 | typedef struct {\r | |
90 | EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r | |
91 | UINT64 CryptoBlockByteOffset;\r | |
92 | UINT64 CryptoBlockByteSize;\r | |
93 | } EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER;\r | |
94 | \r | |
95 | #define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF\r | |
96 | \r | |
97 | typedef struct {\r | |
98 | //\r | |
99 | // Is inline cryptographic capability supported on this device.\r | |
100 | //\r | |
101 | BOOLEAN Supported;\r | |
102 | //\r | |
103 | // Maximum number of keys that can be configured at the same time.\r | |
104 | //\r | |
105 | UINT64 KeyCount;\r | |
106 | //\r | |
107 | // Number of supported capabilities.\r | |
108 | //\r | |
109 | UINT64 CapabilityCount;\r | |
110 | //\r | |
111 | // Array of supported capabilities.\r | |
112 | //\r | |
113 | EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1];\r | |
114 | } EFI_BLOCK_IO_CRYPTO_CAPABILITIES;\r | |
115 | \r | |
116 | typedef struct {\r | |
117 | //\r | |
118 | // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be\r | |
119 | // used to set any available entry in the configuration table.\r | |
120 | //\r | |
121 | UINT64 Index;\r | |
122 | //\r | |
123 | // Identifies the owner of the configuration table entry. Entry can also be used\r | |
124 | // with the Nil value to clear key from the configuration table index.\r | |
125 | //\r | |
126 | EFI_GUID KeyOwnerGuid;\r | |
127 | //\r | |
128 | // A supported capability to be used. The CryptoBlockSizeBitMask field of the\r | |
129 | // structure should have only one bit set from the supported mask.\r | |
130 | //\r | |
131 | EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r | |
132 | //\r | |
133 | // Pointer to the key. The size of the key is defined by the KeySize field of\r | |
134 | // the capability specified by the Capability parameter.\r | |
135 | //\r | |
136 | VOID *CryptoKey;\r | |
137 | } EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY;\r | |
138 | \r | |
139 | typedef struct {\r | |
140 | //\r | |
141 | // Configuration table index.\r | |
142 | //\r | |
143 | UINT64 Index;\r | |
144 | //\r | |
145 | // Identifies the current owner of the entry.\r | |
146 | //\r | |
147 | EFI_GUID KeyOwnerGuid;\r | |
148 | //\r | |
149 | // The capability to be used. The CryptoBlockSizeBitMask field of the structure\r | |
150 | // has only one bit set from the supported mask.\r | |
151 | //\r | |
152 | EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r | |
153 | } EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY;\r | |
21bd4958 FT |
154 | \r |
155 | /**\r | |
156 | Reset the block device hardware.\r | |
157 | \r | |
158 | The Reset() function resets the block device hardware.\r | |
159 | \r | |
160 | As part of the initialization process, the firmware/device will make a quick but\r | |
161 | reasonable attempt to verify that the device is functioning.\r | |
162 | \r | |
163 | If the ExtendedVerificationflag is TRUE the firmware may take an extended amount\r | |
164 | of time to verify the device is operating on reset. Otherwise the reset operation\r | |
165 | is to occur as quickly as possible.\r | |
166 | \r | |
167 | The hardware verification process is not defined by this specification and is left\r | |
168 | up to the platform firmware or driver to implement.\r | |
169 | \r | |
170 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
171 | @param[in] ExtendedVerification Indicates that the driver may perform a more exhausive\r | |
00b7cc0f | 172 | verification operation of the device during reset.\r |
21bd4958 FT |
173 | \r |
174 | @retval EFI_SUCCESS The block device was reset.\r | |
175 | @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could\r | |
176 | not be reset.\r | |
177 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
178 | \r | |
179 | **/\r | |
180 | typedef\r | |
181 | EFI_STATUS\r | |
182 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) (\r | |
183 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
184 | IN BOOLEAN ExtendedVerification\r | |
185 | );\r | |
186 | \r | |
187 | /**\r | |
188 | Get the capabilities of the underlying inline cryptographic interface.\r | |
189 | \r | |
190 | The GetCapabilities() function determines whether pre-OS controllable inline crypto\r | |
191 | is supported by the system for the current disk and, if so, returns the capabilities\r | |
192 | of the crypto engine.\r | |
193 | \r | |
194 | The caller is responsible for providing the Capabilities structure with a sufficient\r | |
195 | number of entries.\r | |
196 | \r | |
197 | If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is returned and the\r | |
198 | CapabilityCount field contains the number of entries needed to contain the capabilities.\r | |
199 | \r | |
200 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
201 | @param[out] Capabilities Pointer to the EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure.\r | |
202 | \r | |
203 | @retval EFI_SUCCESS The ICI is ready for use.\r | |
204 | @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The number of\r | |
205 | entries needed is returned in the CapabilityCount field\r | |
206 | of the structure.\r | |
207 | @retval EFI_NO_RESPONSE No response was received from the ICI.\r | |
208 | @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r | |
209 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
210 | @retval EFI_INVALID_PARAMETER Capabilities is NULL.\r | |
211 | \r | |
212 | **/\r | |
213 | typedef\r | |
214 | EFI_STATUS\r | |
215 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) (\r | |
216 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
217 | OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities\r | |
218 | );\r | |
219 | \r | |
220 | /**\r | |
221 | Set the configuration of the underlying inline cryptographic interface.\r | |
222 | \r | |
223 | The SetConfiguration() function allows the user to set the current configuration of the\r | |
224 | inline cryptographic interface and should be called before attempting any crypto operations.\r | |
225 | \r | |
226 | This configures the configuration table entries with algorithms, key sizes and keys. Each\r | |
227 | configured entry can later be referred to by index at the time of storage transaction.\r | |
228 | \r | |
229 | The configuration table index will refer to the combination ofKeyOwnerGuid, Algorithm, and\r | |
230 | CryptoKey.\r | |
231 | \r | |
232 | KeyOwnerGuid identifies the component taking ownership of the entry. It helps components to\r | |
233 | identify their own entries, cooperate with other owner components, and avoid conflicts. This\r | |
234 | Guid identifier is there to help coordination between cooperating components and not a security\r | |
235 | or synchronization feature. The Nil GUID can be used by a component to release use of entry\r | |
236 | owned. It is also used to identify potentially available entries (see GetConfiguration).\r | |
237 | \r | |
238 | CryptoKey specifies algorithm-specific key material to use within parameters of selected crypto\r | |
239 | capability.\r | |
240 | \r | |
241 | This function is called infrequently typically once, on device start, before IO starts. It\r | |
242 | can be called at later times in cases the number of keysused on the drive is higher than what\r | |
243 | can be configured at a time or a new key has to be added.\r | |
244 | \r | |
245 | Components setting or changing an entry or entries for a given index or indices must ensure\r | |
246 | that IO referencing affected indices is temporarily blocked (run-down) at the time of change.\r | |
247 | \r | |
248 | Indices parameters in each parameter table entry allow to set only a portion of the available\r | |
249 | table entries in the crypto module anywhere from single entry to entire table supported.\r | |
250 | \r | |
251 | If corresponding table entry or entries being set are already in use by another owner the call\r | |
252 | should be failed and none of the entries should be modified. The interface implementation must\r | |
253 | enforce atomicity of this operation (should either succeed fully or fail completely without\r | |
254 | modifying state).\r | |
255 | \r | |
256 | Note that components using GetConfiguration command to discover available entries should be\r | |
257 | prepared that by the time of calling SetConfiguration the previously available entry may have\r | |
258 | become occupied. Such components should be prepared to re-try the sequence of operations.\r | |
259 | \r | |
260 | Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the implementation discover\r | |
261 | and allocate available,if any, indices atomically.\r | |
262 | \r | |
263 | An optional ResultingTable pointer can be provided by the caller to receive the newly configured\r | |
264 | entries. The array provided by the caller must have at least ConfigurationCount of entries.\r | |
265 | \r | |
266 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
267 | @param[in] ConfigurationCount Number of entries being configured with this call.\r | |
268 | @param[in] ConfigurationTable Pointer to a table used to populate the configuration table.\r | |
269 | @param[out] ResultingTable Optional pointer to a table that receives the newly configured\r | |
270 | entries.\r | |
271 | \r | |
272 | @retval EFI_SUCCESS The ICI is ready for use.\r | |
273 | @retval EFI_NO_RESPONSE No response was received from the ICI.\r | |
274 | @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r | |
275 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
276 | @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL.\r | |
277 | @retval EFI_INVALID_PARAMETER ConfigurationCount is 0.\r | |
278 | @retval EFI_OUT_OF_RESOURCES Could not find the requested number of available entries in the\r | |
279 | configuration table.\r | |
280 | \r | |
281 | **/\r | |
282 | typedef\r | |
283 | EFI_STATUS\r | |
284 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) (\r | |
285 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
286 | IN UINT64 ConfigurationCount,\r | |
287 | IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable,\r | |
288 | OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable OPTIONAL\r | |
289 | );\r | |
290 | \r | |
21bd4958 FT |
291 | /**\r |
292 | Get the configuration of the underlying inline cryptographic interface.\r | |
293 | \r | |
294 | The GetConfiguration() function allows the user to get the configuration of the inline\r | |
295 | cryptographic interface.\r | |
296 | \r | |
297 | Retrieves, entirely or partially, the currently configured key table. Note that the keys\r | |
298 | themselves are not retrieved, but rather just indices, owner GUIDs and capabilities.\r | |
299 | \r | |
300 | If fewer entries than specified by ConfigurationCount are returned, the Index field of the\r | |
301 | unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY.\r | |
302 | \r | |
303 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
304 | @param[in] StartIndex Configuration table index at which to start the configuration\r | |
305 | query.\r | |
306 | @param[in] ConfigurationCount Number of entries to return in the response table.\r | |
307 | @param[in] KeyOwnerGuid Optional parameter to filter response down to entries with a\r | |
308 | given owner. A pointer to the Nil value can be used to return\r | |
309 | available entries. Set to NULL when no owner filtering is required.\r | |
310 | @param[out] ConfigurationTable Table of configured configuration table entries (with no CryptoKey\r | |
311 | returned): configuration table index, KeyOwnerGuid, Capability.\r | |
312 | Should have sufficient space to store up to ConfigurationCount\r | |
313 | entries.\r | |
314 | \r | |
315 | @retval EFI_SUCCESS The ICI is ready for use.\r | |
316 | @retval EFI_NO_RESPONSE No response was received from the ICI.\r | |
317 | @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r | |
318 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
319 | @retval EFI_INVALID_PARAMETER Configuration table is NULL.\r | |
320 | @retval EFI_INVALID_PARAMETER StartIndex is out of bounds.\r | |
321 | \r | |
322 | **/\r | |
323 | typedef\r | |
324 | EFI_STATUS\r | |
325 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) (\r | |
326 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
327 | IN UINT64 StartIndex,\r | |
328 | IN UINT64 ConfigurationCount,\r | |
329 | IN EFI_GUID *KeyOwnerGuid OPTIONAL,\r | |
330 | OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable\r | |
331 | );\r | |
332 | \r | |
333 | /**\r | |
334 | Reads the requested number of blocks from the device and optionally decrypts\r | |
335 | them inline.\r | |
336 | \r | |
337 | TheReadExtended() function allows the caller to perform a storage device read\r | |
338 | operation. The function reads the requested number of blocks from the device\r | |
339 | and then if Index is specified decrypts them inline. All the blocks are read\r | |
340 | and decrypted (if decryption requested), or an error is returned.\r | |
341 | \r | |
342 | If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r | |
343 | MediaId is not the ID for the current media in the device, the function returns\r | |
344 | EFI_MEDIA_CHANGED.\r | |
345 | \r | |
346 | If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r | |
347 | I/O is being used, the Event associated with this request will not be signaled.\r | |
348 | \r | |
349 | In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r | |
350 | this command will also specify a configuration table Index and CryptoIvInput\r | |
351 | when data has to be decrypted inline by the controller after being read from\r | |
352 | the storage device. If an Index parameter is not specified, no decryption is\r | |
353 | performed.\r | |
354 | \r | |
355 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
356 | @param[in] MediaId The media ID that the read request is for.\r | |
357 | @param[in] LBA The starting logical block address to read from on\r | |
358 | the device.\r | |
359 | @param[in, out] Token A pointer to the token associated with the transaction.\r | |
360 | @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r | |
361 | of the intrinsic block size of the device.\r | |
362 | @param[out] Buffer A pointer to the destination buffer for the data. The\r | |
363 | caller is responsible for either having implicit or\r | |
364 | explicit ownership of the buffer.\r | |
365 | @param[in] Index A pointer to the configuration table index. This is\r | |
366 | optional.\r | |
367 | @param[in] CryptoIvInput A pointer to a buffer that contains additional\r | |
368 | cryptographic parameters as required by the capability\r | |
369 | referenced by the configuration table index, such as\r | |
370 | cryptographic initialization vector.\r | |
371 | \r | |
372 | @retval EFI_SUCCESS The read request was queued if Token-> Event is not NULL.\r | |
373 | The data was read correctly from the device if the\r | |
374 | Token->Event is NULL.\r | |
375 | @retval EFI_DEVICE_ERROR The device reported an error while attempting to perform\r | |
376 | the read operation and/or decryption operation.\r | |
377 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
378 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
379 | @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r | |
380 | block size of the device.\r | |
381 | @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains LBAs that are\r | |
382 | not valid, or the buffer is not on proper alignment.\r | |
383 | @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r | |
384 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r | |
385 | resources.\r | |
386 | \r | |
387 | **/\r | |
388 | typedef\r | |
389 | EFI_STATUS\r | |
390 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) (\r | |
391 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
392 | IN UINT32 MediaId,\r | |
393 | IN EFI_LBA LBA,\r | |
394 | IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r | |
395 | IN UINT64 BufferSize,\r | |
396 | OUT VOID *Buffer,\r | |
397 | IN UINT64 *Index OPTIONAL,\r | |
398 | IN VOID *CryptoIvInput OPTIONAL\r | |
399 | );\r | |
400 | \r | |
401 | /**\r | |
402 | Optionally encrypts a specified number of blocks inline and then writes to the\r | |
403 | device.\r | |
404 | \r | |
405 | The WriteExtended() function allows the caller to perform a storage device write\r | |
406 | operation. The function encrypts the requested number of blocks inline if Index\r | |
407 | is specified and then writes them to the device. All the blocks are encrypted\r | |
408 | (if encryption requested) and written, or an error is returned.\r | |
409 | \r | |
410 | If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r | |
411 | MediaId is not the ID for the current media in the device, the function returns\r | |
412 | EFI_MEDIA_CHANGED.\r | |
413 | \r | |
414 | If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r | |
415 | I/O is being used, the Event associated with this request will not be signaled.\r | |
416 | \r | |
417 | In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r | |
418 | this command will also specify a configuration table Index and a CryptoIvInput\r | |
419 | when data has to be decrypted inline by the controller before being written to\r | |
420 | the storage device. If no Index parameter is specified, no encryption is performed.\r | |
421 | \r | |
422 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
423 | @param[in] MediaId The media ID that the read request is for.\r | |
424 | @param[in] LBA The starting logical block address to read from on\r | |
425 | the device.\r | |
426 | @param[in, out] Token A pointer to the token associated with the transaction.\r | |
427 | @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r | |
428 | of the intrinsic block size of the device.\r | |
429 | @param[in] Buffer A pointer to the source buffer for the data.\r | |
430 | @param[in] Index A pointer to the configuration table index. This is\r | |
431 | optional.\r | |
432 | @param[in] CryptoIvInput A pointer to a buffer that contains additional\r | |
433 | cryptographic parameters as required by the capability\r | |
434 | referenced by the configuration table index, such as\r | |
435 | cryptographic initialization vector.\r | |
436 | \r | |
437 | @retval EFI_SUCCESS The request to encrypt (optionally) and write was queued\r | |
438 | if Event is not NULL. The data was encrypted (optionally)\r | |
439 | and written correctly to the device if the Event is NULL.\r | |
440 | @retval EFI_WRITE_PROTECTED The device cannot be written to.\r | |
441 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
442 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
443 | @retval EFI_DEVICE_ERROR The device reported an error while attempting to encrypt\r | |
444 | blocks or to perform the write operation.\r | |
445 | @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r | |
446 | block size of the device.\r | |
447 | @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains LBAs that are\r | |
448 | not valid, or the buffer is not on proper alignment.\r | |
449 | @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r | |
450 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r | |
451 | resources.\r | |
452 | \r | |
453 | **/\r | |
454 | typedef\r | |
455 | EFI_STATUS\r | |
456 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) (\r | |
457 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
458 | IN UINT32 MediaId,\r | |
459 | IN EFI_LBA LBA,\r | |
460 | IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r | |
461 | IN UINT64 BufferSize,\r | |
462 | IN VOID *Buffer,\r | |
463 | IN UINT64 *Index OPTIONAL,\r | |
464 | IN VOID *CryptoIvInput OPTIONAL\r | |
465 | );\r | |
466 | \r | |
467 | /**\r | |
468 | Flushes all modified data toa physical block device.\r | |
469 | \r | |
470 | The FlushBlocks() function flushes all modified data to the physical block device.\r | |
471 | Any modified data that has to be encrypted must have been already encrypted as a\r | |
472 | part of WriteExtended() operation - inline crypto operation cannot be a part of\r | |
473 | flush operation.\r | |
474 | \r | |
475 | All data written to the device prior to the flush must be physically written before\r | |
476 | returning EFI_SUCCESS from this function. This would include any cached data the\r | |
477 | driver may have cached, and cached data the device may have cached. A flush may\r | |
478 | cause a read request following the flush to force a device access.\r | |
479 | \r | |
480 | If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED is\r | |
481 | returned and non-blocking I/O is being used, the Event associated with this request\r | |
482 | will not be signaled.\r | |
483 | \r | |
484 | @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r | |
485 | @param[in, out] Token A pointer to the token associated with the transaction.\r | |
486 | \r | |
487 | @retval EFI_SUCCESS The flush request was queued if Event is not NULL. All\r | |
488 | outstanding data was written correctly to the device if\r | |
489 | the Event is NULL.\r | |
490 | @retval EFI_DEVICE_ERROR The device reported an error while attempting to write data.\r | |
491 | @retval EFI_WRITE_PROTECTED The device cannot be written to.\r | |
492 | @retval EFI_NO_MEDIA There is no media in the device.\r | |
493 | @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r | |
494 | @retval EFI_INVALID_PARAMETER This is NULL.\r | |
495 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r | |
496 | resources.\r | |
497 | \r | |
498 | **/\r | |
499 | typedef\r | |
500 | EFI_STATUS\r | |
501 | (EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) (\r | |
502 | IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r | |
503 | IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token\r | |
504 | );\r | |
505 | \r | |
21bd4958 FT |
506 | ///\r |
507 | /// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI\r | |
508 | /// drivers and applications to perform block encryption on a storage device, such as UFS.\r | |
509 | ///\r | |
510 | struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL {\r | |
511 | EFI_BLOCK_IO_MEDIA *Media;\r | |
512 | EFI_BLOCK_IO_CRYPTO_RESET Reset;\r | |
513 | EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities;\r | |
514 | EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration;\r | |
515 | EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration;\r | |
516 | EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended;\r | |
517 | EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended;\r | |
518 | EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks;\r | |
519 | };\r | |
520 | \r | |
521 | extern EFI_GUID gEfiBlockIoCryptoProtocolGuid;\r | |
522 | \r | |
523 | #endif\r | |
524 | \r |