]>
Commit | Line | Data |
---|---|---|
9dd05dde ED |
1 | /** @file\r |
2 | Public API for Opal Core library.\r | |
3 | \r | |
4 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #ifndef _OPAL_CORE_H_\r | |
16 | #define _OPAL_CORE_H_\r | |
17 | \r | |
18 | #include <IndustryStandard/TcgStorageOpal.h>\r | |
19 | \r | |
20 | #include <Library/TcgStorageCoreLib.h>\r | |
21 | #include <Protocol/StorageSecurityCommand.h>\r | |
22 | \r | |
23 | #pragma pack(1)\r | |
24 | \r | |
25 | typedef struct {\r | |
26 | //\r | |
27 | // Opal SSC 1 support (0 - not supported, 1 - supported)\r | |
28 | //\r | |
29 | UINT32 OpalSsc1 : 1;\r | |
30 | \r | |
31 | //\r | |
32 | // Opal SSC 2support (0 - not supported, 1 - supported)\r | |
33 | //\r | |
34 | UINT32 OpalSsc2 : 1;\r | |
35 | \r | |
36 | //\r | |
37 | // Opal SSC Lite support (0 - not supported, 1 - supported)\r | |
38 | //\r | |
39 | UINT32 OpalSscLite : 1;\r | |
40 | \r | |
41 | //\r | |
42 | // Pyrite SSC support (0 - not supported, 1 - supported)\r | |
43 | //\r | |
44 | UINT32 PyriteSsc : 1;\r | |
45 | \r | |
46 | //\r | |
47 | // Security protocol 1 support (0 - not supported, 1 - supported)\r | |
48 | //\r | |
49 | UINT32 Sp1 : 1;\r | |
50 | \r | |
51 | //\r | |
52 | // Security protocol 2 support (0 - not supported, 1 - supported)\r | |
53 | //\r | |
54 | UINT32 Sp2 : 1;\r | |
55 | \r | |
56 | //\r | |
57 | // Security protocol IEEE1667 support (0 - not supported, 1 - supported)\r | |
58 | //\r | |
59 | UINT32 SpIeee1667 : 1;\r | |
60 | \r | |
61 | //\r | |
62 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
63 | //\r | |
64 | UINT32 MediaEncryption : 1;\r | |
65 | \r | |
66 | //\r | |
67 | // Initial C_PIN_SID PIN Indicator\r | |
68 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
69 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
70 | //\r | |
71 | UINT32 InitCpinIndicator : 1;\r | |
72 | \r | |
73 | //\r | |
74 | // Behavior of C_PIN_SID PIN upon TPer Revert\r | |
75 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
76 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
77 | //\r | |
78 | UINT32 CpinUponRevert : 1;\r | |
b20e0d29 ED |
79 | \r |
80 | //\r | |
81 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
82 | //\r | |
83 | UINT32 BlockSid : 1;\r | |
84 | \r | |
9dd05dde ED |
85 | } OPAL_DISK_SUPPORT_ATTRIBUTE;\r |
86 | \r | |
87 | //\r | |
88 | // Opal device ownership type\r | |
89 | // The type indicates who was the determined owner of the device.\r | |
90 | //\r | |
91 | typedef enum {\r | |
92 | //\r | |
93 | // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP\r | |
94 | //was unsuccessful with the provided PIN\r | |
95 | //\r | |
96 | OpalOwnershipUnknown,\r | |
97 | \r | |
98 | //\r | |
99 | // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN\r | |
100 | //\r | |
101 | OpalOwnershipNobody,\r | |
102 | } OPAL_OWNER_SHIP;\r | |
103 | \r | |
104 | //\r | |
105 | // Structure that is used to represent an Opal session.\r | |
106 | // The structure must be initialized by calling OpalStartSession before being used as a parameter\r | |
107 | // for any other Opal function.\r | |
108 | // This structure should NOT be directly modified by the client of this library.\r | |
109 | //\r | |
110 | //\r | |
111 | typedef struct {\r | |
112 | UINT32 HostSessionId;\r | |
113 | UINT32 TperSessionId;\r | |
114 | UINT16 ComIdExtension;\r | |
115 | \r | |
116 | UINT16 OpalBaseComId;\r | |
117 | \r | |
118 | EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;\r | |
119 | UINT32 MediaId;\r | |
120 | } OPAL_SESSION;\r | |
121 | #pragma pack()\r | |
122 | \r | |
123 | /**\r | |
124 | \r | |
125 | The function fills in the provided Buffer with the supported protocol list\r | |
126 | of the device specified.\r | |
127 | \r | |
128 | @param[in] Session OPAL_SESSION data.\r | |
129 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
130 | @param[in] BuffAddress Buffer address to fill with security protocol list\r | |
131 | \r | |
132 | **/\r | |
133 | TCG_RESULT\r | |
134 | EFIAPI\r | |
135 | OpalRetrieveSupportedProtocolList(\r | |
136 | OPAL_SESSION *Session,\r | |
137 | UINTN BufferSize,\r | |
138 | VOID *BuffAddress\r | |
139 | );\r | |
140 | \r | |
141 | /**\r | |
142 | \r | |
143 | The function fills in the provided Buffer with the level 0 discovery Header\r | |
144 | of the device specified.\r | |
145 | \r | |
146 | @param[in] Session OPAL_SESSION data.\r | |
147 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
148 | @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response\r | |
149 | \r | |
150 | **/\r | |
151 | TCG_RESULT\r | |
152 | EFIAPI\r | |
153 | OpalRetrieveLevel0DiscoveryHeader(\r | |
154 | OPAL_SESSION *Session,\r | |
155 | UINTN BufferSize,\r | |
156 | VOID *BuffAddress\r | |
157 | );\r | |
158 | \r | |
159 | /**\r | |
160 | Starts a session with a security provider (SP).\r | |
161 | \r | |
162 | If a session is started successfully, the caller must end the session with OpalEndSession when finished\r | |
163 | performing Opal actions.\r | |
164 | \r | |
165 | @param[in/out] Session OPAL_SESSION to initialize.\r | |
166 | @param[in] SpId Security provider ID to start the session with.\r | |
167 | @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).\r | |
168 | @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL\r | |
169 | @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.\r | |
170 | @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.\r | |
171 | @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.\r | |
172 | \r | |
173 | @return TcgResultSuccess indicates that the function completed without any internal errors.\r | |
174 | The caller must inspect the MethodStatus field to determine whether the method completed successfully.\r | |
175 | \r | |
176 | **/\r | |
177 | TCG_RESULT\r | |
178 | EFIAPI\r | |
179 | OpalStartSession(\r | |
180 | OPAL_SESSION *Session,\r | |
181 | TCG_UID SpId,\r | |
182 | BOOLEAN Write,\r | |
183 | UINT32 HostChallengeLength,\r | |
184 | const VOID *HostChallenge,\r | |
185 | TCG_UID HostSigningAuthority,\r | |
186 | UINT8 *MethodStatus\r | |
187 | );\r | |
188 | \r | |
189 | /**\r | |
190 | Close a session opened with OpalStartSession.\r | |
191 | \r | |
192 | @param[in/out] Session OPAL_SESSION to end.\r | |
193 | \r | |
194 | **/\r | |
195 | TCG_RESULT\r | |
196 | EFIAPI\r | |
197 | OpalEndSession(\r | |
198 | OPAL_SESSION *Session\r | |
199 | );\r | |
200 | \r | |
201 | /**\r | |
202 | \r | |
203 | Reverts device using Admin SP Revert method.\r | |
204 | \r | |
205 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
206 | \r | |
207 | **/\r | |
208 | TCG_RESULT\r | |
209 | EFIAPI\r | |
210 | OpalPsidRevert(\r | |
211 | OPAL_SESSION *AdminSpSession\r | |
212 | );\r | |
213 | \r | |
214 | \r | |
215 | /**\r | |
216 | \r | |
217 | The function retrieves the MSID from the device specified\r | |
218 | \r | |
219 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
220 | @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller\r | |
221 | @param[in] Msid Variable length byte sequence representing MSID of device\r | |
222 | @param[in] MsidLength Actual length of MSID retrieved from device\r | |
223 | \r | |
224 | **/\r | |
225 | TCG_RESULT\r | |
226 | EFIAPI\r | |
227 | OpalGetMsid(\r | |
228 | OPAL_SESSION *AdminSpSession,\r | |
229 | UINT32 MsidBufferSize,\r | |
230 | UINT8 *Msid,\r | |
231 | UINT32 *MsidLength\r | |
232 | );\r | |
233 | \r | |
234 | /**\r | |
235 | \r | |
236 | The function activates the Locking SP.\r | |
237 | Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.\r | |
238 | If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.\r | |
239 | \r | |
240 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP\r | |
241 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
242 | \r | |
243 | **/\r | |
244 | TCG_RESULT\r | |
245 | EFIAPI\r | |
246 | OpalActivateLockingSp(\r | |
247 | OPAL_SESSION *AdminSpSession,\r | |
248 | UINT8 *MethodStatus\r | |
249 | );\r | |
250 | \r | |
251 | \r | |
252 | /**\r | |
253 | \r | |
254 | The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.\r | |
255 | \r | |
256 | @param[in/out] Session OPAL_SESSION to set password\r | |
257 | @param[in] CpinRowUid UID of row (authority) to update PIN column\r | |
258 | @param[in] NewPin New Pin to set for cpinRowUid specified\r | |
259 | @param[in] NewPinLength Length in bytes of newPin\r | |
260 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
261 | \r | |
262 | **/\r | |
263 | TCG_RESULT\r | |
264 | EFIAPI\r | |
265 | OpalSetPassword(\r | |
266 | OPAL_SESSION *Session,\r | |
267 | TCG_UID CpinRowUid,\r | |
268 | const VOID *NewPin,\r | |
269 | UINT32 NewPinLength,\r | |
270 | UINT8 *MethodStatus\r | |
271 | );\r | |
272 | \r | |
273 | /**\r | |
274 | \r | |
275 | The function retrieves the active key of the global locking range\r | |
276 | and calls the GenKey method on the active key retrieved.\r | |
277 | \r | |
278 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
279 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
280 | \r | |
281 | **/\r | |
282 | TCG_RESULT\r | |
283 | EFIAPI\r | |
284 | OpalGlobalLockingRangeGenKey(\r | |
285 | OPAL_SESSION *LockingSpSession,\r | |
286 | UINT8 *MethodStatus\r | |
287 | );\r | |
288 | \r | |
289 | \r | |
290 | /**\r | |
291 | \r | |
292 | The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r | |
0ab475c9 | 293 | This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r |
9dd05dde ED |
294 | (not ReadLockEnabled and WriteLockEnabled columns).\r |
295 | \r | |
296 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
297 | @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range\r | |
298 | @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range\r | |
299 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
300 | \r | |
301 | **/\r | |
302 | TCG_RESULT\r | |
303 | EFIAPI\r | |
304 | OpalUpdateGlobalLockingRange(\r | |
305 | OPAL_SESSION *LockingSpSession,\r | |
306 | BOOLEAN ReadLocked,\r | |
307 | BOOLEAN WriteLocked,\r | |
308 | UINT8 *MethodStatus\r | |
309 | );\r | |
310 | \r | |
311 | \r | |
312 | /**\r | |
313 | \r | |
314 | The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns\r | |
315 | of the specified Locking Range. This function requires admin authority of a locking SP session.\r | |
316 | \r | |
317 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
318 | @param[in] LockingRangeUid Locking range UID to set values\r | |
319 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
320 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
321 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
322 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
323 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
324 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
325 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
326 | \r | |
327 | **/\r | |
328 | TCG_RESULT\r | |
329 | EFIAPI\r | |
330 | OpalSetLockingRange(\r | |
331 | OPAL_SESSION *LockingSpSession,\r | |
332 | TCG_UID LockingRangeUid,\r | |
333 | UINT64 RangeStart,\r | |
334 | UINT64 RangeLength,\r | |
335 | BOOLEAN ReadLockEnabled,\r | |
336 | BOOLEAN WriteLockEnabled,\r | |
337 | BOOLEAN ReadLocked,\r | |
338 | BOOLEAN WriteLocked,\r | |
339 | UINT8 *MethodStatus\r | |
340 | );\r | |
341 | \r | |
342 | /**\r | |
343 | \r | |
344 | The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided\r | |
345 | using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.\r | |
346 | \r | |
347 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update\r | |
348 | @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN\r | |
349 | @param[in] AuthorityUid UID of Locking SP authority to update Pin column with\r | |
350 | @param[in] NewPin New Password used to set Pin column\r | |
351 | @param[in] NewPinLength Length in bytes of new password\r | |
352 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
353 | \r | |
354 | **/\r | |
355 | TCG_RESULT\r | |
356 | EFIAPI\r | |
357 | OpalSetLockingSpAuthorityEnabledAndPin(\r | |
358 | OPAL_SESSION *LockingSpSession,\r | |
359 | TCG_UID CpinRowUid,\r | |
360 | TCG_UID AuthorityUid,\r | |
361 | const VOID *NewPin,\r | |
362 | UINT32 NewPinLength,\r | |
363 | UINT8 *MethodStatus\r | |
364 | );\r | |
365 | \r | |
366 | \r | |
367 | /**\r | |
368 | \r | |
369 | The function sets the Enabled column to FALSE for the USER1 authority.\r | |
370 | \r | |
371 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1\r | |
372 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
373 | \r | |
374 | **/\r | |
375 | TCG_RESULT\r | |
376 | EFIAPI\r | |
377 | OpalDisableUser(\r | |
378 | OPAL_SESSION *LockingSpSession,\r | |
379 | UINT8 *MethodStatus\r | |
380 | );\r | |
381 | \r | |
382 | \r | |
383 | /**\r | |
384 | \r | |
385 | The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter\r | |
386 | to keep the user data is set to True, otherwise the optional parameter is not provided.\r | |
387 | \r | |
388 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP\r | |
389 | @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.\r | |
390 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
391 | \r | |
392 | **/\r | |
393 | TCG_RESULT\r | |
394 | EFIAPI\r | |
395 | OpalAdminRevert(\r | |
396 | OPAL_SESSION *LockingSpSession,\r | |
397 | BOOLEAN KeepUserData,\r | |
398 | UINT8 *MethodStatus\r | |
399 | );\r | |
400 | \r | |
401 | \r | |
402 | /**\r | |
403 | \r | |
404 | The function retrieves the TryLimit column for the specified rowUid (authority).\r | |
405 | \r | |
406 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit\r | |
407 | @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column\r | |
408 | @param[in/out] TryLimit Value from TryLimit column\r | |
409 | \r | |
410 | **/\r | |
411 | TCG_RESULT\r | |
412 | EFIAPI\r | |
413 | OpalGetTryLimit(\r | |
414 | OPAL_SESSION *LockingSpSession,\r | |
415 | TCG_UID RowUid,\r | |
416 | UINT32 *TryLimit\r | |
417 | );\r | |
418 | \r | |
419 | \r | |
420 | /**\r | |
421 | \r | |
422 | The function populates the CreateStruct with a payload that will retrieve the global locking range active key.\r | |
423 | It is intended to be called with a session that is already started with a valid credential.\r | |
424 | The function does not send the payload.\r | |
425 | \r | |
426 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
427 | @param[in/out] CreateStruct Structure to populate with encoded TCG command\r | |
428 | @param[in/out] Size Size in bytes of the command created.\r | |
429 | \r | |
430 | **/\r | |
431 | TCG_RESULT\r | |
432 | EFIAPI\r | |
433 | OpalCreateRetrieveGlobalLockingRangeActiveKey(\r | |
434 | const OPAL_SESSION *Session,\r | |
435 | TCG_CREATE_STRUCT *CreateStruct,\r | |
436 | UINT32 *Size\r | |
437 | );\r | |
438 | \r | |
439 | \r | |
440 | /**\r | |
441 | \r | |
442 | The function acquires the activeKey specified for the Global Locking Range from the parseStruct.\r | |
443 | \r | |
444 | @param[in] ParseStruct Structure that contains the device's response with the activekey\r | |
445 | @param[in/out] ActiveKey The UID of the active key retrieved\r | |
446 | \r | |
447 | **/\r | |
448 | TCG_RESULT\r | |
449 | EFIAPI\r | |
450 | OpalParseRetrieveGlobalLockingRangeActiveKey(\r | |
451 | TCG_PARSE_STRUCT *ParseStruct,\r | |
452 | TCG_UID *ActiveKey\r | |
453 | );\r | |
454 | \r | |
455 | /**\r | |
456 | \r | |
457 | Get the support attribute info.\r | |
458 | \r | |
459 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
460 | @param[in/out] LockingFeature Return the Locking info.\r | |
461 | \r | |
462 | **/\r | |
463 | TCG_RESULT\r | |
464 | EFIAPI\r | |
465 | OpalGetLockingInfo(\r | |
466 | OPAL_SESSION *Session,\r | |
467 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
468 | );\r | |
469 | \r | |
470 | /**\r | |
471 | \r | |
472 | The function determines whether or not all of the requirements for the Opal Feature (not full specification)\r | |
473 | are met by the specified device.\r | |
474 | \r | |
475 | @param[in] SupportedAttributes Opal device attribute.\r | |
476 | \r | |
477 | **/\r | |
478 | BOOLEAN\r | |
479 | EFIAPI\r | |
480 | OpalFeatureSupported(\r | |
481 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes\r | |
482 | );\r | |
483 | \r | |
484 | /**\r | |
485 | \r | |
486 | The function returns whether or not the device is Opal Enabled.\r | |
487 | TRUE means that the device is partially or fully locked.\r | |
488 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
489 | \r | |
490 | @param[in] SupportedAttributes Opal device attribute.\r | |
491 | @param[in] LockingFeature Opal device locking status.\r | |
492 | \r | |
493 | \r | |
494 | **/\r | |
495 | BOOLEAN\r | |
496 | EFIAPI\r | |
497 | OpalFeatureEnabled(\r | |
498 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
499 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
500 | );\r | |
501 | \r | |
502 | /**\r | |
503 | \r | |
504 | The function returns whether or not the device is Opal Locked.\r | |
505 | TRUE means that the device is partially or fully locked.\r | |
506 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
507 | \r | |
508 | @param[in] SupportedAttributes Opal device attribute.\r | |
509 | @param[in] LockingFeature Opal device locking status.\r | |
510 | \r | |
511 | **/\r | |
512 | BOOLEAN\r | |
513 | OpalDeviceLocked(\r | |
514 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
515 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
516 | );\r | |
517 | \r | |
518 | /**\r | |
519 | Trig the block sid action.\r | |
520 | \r | |
521 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
522 | @param[in] HardwareReset Whether need to do hardware reset.\r | |
523 | \r | |
524 | **/\r | |
525 | TCG_RESULT\r | |
526 | EFIAPI\r | |
527 | OpalBlockSid(\r | |
528 | OPAL_SESSION *Session,\r | |
529 | BOOLEAN HardwareReset\r | |
530 | );\r | |
531 | \r | |
532 | /**\r | |
533 | \r | |
534 | Get the support attribute info.\r | |
535 | \r | |
536 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
537 | @param[in/out] SupportedAttributes Return the support attribute info.\r | |
538 | @param[out] OpalBaseComId Return the base com id info.\r | |
539 | \r | |
540 | **/\r | |
541 | TCG_RESULT\r | |
542 | EFIAPI\r | |
543 | OpalGetSupportedAttributesInfo(\r | |
544 | OPAL_SESSION *Session,\r | |
545 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
546 | UINT16 *OpalBaseComId\r | |
547 | );\r | |
548 | \r | |
549 | /**\r | |
550 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
551 | \r | |
552 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
553 | @param[in] Psid PSID of device to revert.\r | |
554 | @param[in] PsidLength Length of PSID in bytes.\r | |
555 | \r | |
556 | **/\r | |
557 | TCG_RESULT\r | |
558 | EFIAPI\r | |
559 | OpalUtilPsidRevert(\r | |
560 | OPAL_SESSION *AdminSpSession,\r | |
561 | const VOID *Psid,\r | |
562 | UINT32 PsidLength\r | |
563 | );\r | |
564 | \r | |
565 | /**\r | |
566 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
567 | sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r | |
568 | and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.\r | |
569 | \r | |
570 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
571 | @param[in] GeneratedSid Generated SID of disk\r | |
572 | @param[in] SidLength Length of generatedSid in bytes\r | |
573 | @param[in] Password New admin password to set\r | |
574 | @param[in] PassLength Length of password in bytes\r | |
575 | \r | |
576 | **/\r | |
577 | TCG_RESULT\r | |
578 | EFIAPI\r | |
579 | OpalUtilSetAdminPasswordAsSid(\r | |
580 | OPAL_SESSION *AdminSpSession,\r | |
581 | const VOID *GeneratedSid,\r | |
582 | UINT32 SidLength,\r | |
583 | const VOID *Password,\r | |
584 | UINT32 PassLength\r | |
585 | );\r | |
586 | \r | |
587 | /**\r | |
588 | \r | |
589 | Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
590 | and updates the specified locking range with the provided column values.\r | |
591 | \r | |
592 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
593 | @param[in] Password New admin password to set\r | |
594 | @param[in] PassLength Length of password in bytes\r | |
595 | @param[in] LockingRangeUid Locking range UID to set values\r | |
596 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
597 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
598 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
599 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
600 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
601 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
602 | \r | |
603 | **/\r | |
604 | TCG_RESULT\r | |
605 | EFIAPI\r | |
606 | OpalUtilSetOpalLockingRange(\r | |
607 | OPAL_SESSION *LockingSpSession,\r | |
608 | const VOID *Password,\r | |
609 | UINT32 PassLength,\r | |
610 | TCG_UID LockingRangeUid,\r | |
611 | UINT64 RangeStart,\r | |
612 | UINT64 RangeLength,\r | |
613 | BOOLEAN ReadLockEnabled,\r | |
614 | BOOLEAN WriteLockEnabled,\r | |
615 | BOOLEAN ReadLocked,\r | |
616 | BOOLEAN WriteLocked\r | |
617 | );\r | |
618 | \r | |
619 | /**\r | |
620 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
621 | sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r | |
622 | and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r | |
623 | \r | |
624 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
625 | @param[in] OldPassword Current admin password\r | |
626 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
627 | @param[in] NewPassword New admin password to set\r | |
628 | @param[in] NewPasswordLength Length of new password in bytes\r | |
629 | \r | |
630 | **/\r | |
631 | TCG_RESULT\r | |
632 | EFIAPI\r | |
633 | OpalUtilSetAdminPassword(\r | |
634 | OPAL_SESSION *AdminSpSession,\r | |
635 | const VOID *OldPassword,\r | |
636 | UINT32 OldPasswordLength,\r | |
637 | const VOID *NewPassword,\r | |
638 | UINT32 NewPasswordLength\r | |
639 | );\r | |
640 | \r | |
641 | /**\r | |
642 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
643 | and sets the User1 SP authority to enabled and sets the User1 password.\r | |
644 | \r | |
645 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
646 | @param[in] OldPassword Current admin password\r | |
647 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
648 | @param[in] NewPassword New admin password to set\r | |
649 | @param[in] NewPasswordLength Length of new password in bytes\r | |
650 | \r | |
651 | **/\r | |
652 | TCG_RESULT\r | |
653 | EFIAPI\r | |
654 | OpalUtilSetUserPassword(\r | |
655 | OPAL_SESSION *LockingSpSession,\r | |
656 | const VOID *OldPassword,\r | |
657 | UINT32 OldPasswordLength,\r | |
658 | const VOID *NewPassword,\r | |
659 | UINT32 NewPasswordLength\r | |
660 | );\r | |
661 | \r | |
662 | /**\r | |
663 | Verify whether user input the correct password.\r | |
664 | \r | |
665 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
666 | @param[in] Password Admin password\r | |
667 | @param[in] PasswordLength Length of password in bytes\r | |
668 | @param[in/out] HostSigningAuthority Use the Host signing authority type.\r | |
669 | \r | |
670 | **/\r | |
671 | TCG_RESULT\r | |
672 | EFIAPI\r | |
673 | OpalUtilVerifyPassword (\r | |
674 | OPAL_SESSION *LockingSpSession,\r | |
675 | const VOID *Password,\r | |
676 | UINT32 PasswordLength,\r | |
677 | TCG_UID HostSigningAuthority\r | |
678 | );\r | |
679 | \r | |
680 | /**\r | |
681 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
682 | and generates a new global locking range key to erase the Data.\r | |
683 | \r | |
684 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
685 | @param[in] Password Admin or user password\r | |
686 | @param[in] PasswordLength Length of password in bytes\r | |
687 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
688 | \r | |
689 | **/\r | |
690 | TCG_RESULT\r | |
691 | EFIAPI\r | |
692 | OpalUtilSecureErase(\r | |
693 | OPAL_SESSION *LockingSpSession,\r | |
694 | const VOID *Password,\r | |
695 | UINT32 PasswordLength,\r | |
696 | BOOLEAN *PasswordFailed\r | |
697 | );\r | |
698 | \r | |
699 | /**\r | |
700 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
701 | \r | |
702 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
703 | @param[in] Password Admin password\r | |
704 | @param[in] PasswordLength Length of password in bytes\r | |
705 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
706 | \r | |
707 | **/\r | |
708 | TCG_RESULT\r | |
709 | EFIAPI\r | |
710 | OpalUtilDisableUser(\r | |
711 | OPAL_SESSION *LockingSpSession,\r | |
712 | const VOID *Password,\r | |
713 | UINT32 PasswordLength,\r | |
714 | BOOLEAN *PasswordFailed\r | |
715 | );\r | |
716 | \r | |
717 | /**\r | |
718 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
719 | \r | |
720 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
721 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
722 | @param[in] Password Admin password\r | |
723 | @param[in] PasswordLength Length of password in bytes\r | |
724 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
725 | @param[in] Msid Input Msid info.\r | |
726 | @param[in] MsidLength Input Msid info length.\r | |
727 | \r | |
728 | **/\r | |
729 | TCG_RESULT\r | |
730 | EFIAPI\r | |
731 | OpalUtilRevert(\r | |
732 | OPAL_SESSION *LockingSpSession,\r | |
733 | BOOLEAN KeepUserData,\r | |
734 | const VOID *Password,\r | |
735 | UINT32 PasswordLength,\r | |
736 | BOOLEAN *PasswordFailed,\r | |
737 | UINT8 *Msid,\r | |
738 | UINT32 MsidLength\r | |
739 | );\r | |
740 | \r | |
741 | /**\r | |
742 | After revert success, set SID to MSID.\r | |
743 | \r | |
744 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
745 | @param Password, Input password info.\r | |
746 | @param PasswordLength, Input password length.\r | |
747 | @param[in] Msid Input Msid info.\r | |
748 | @param[in] MsidLength Input Msid info length.\r | |
749 | \r | |
750 | **/\r | |
751 | TCG_RESULT\r | |
752 | EFIAPI\r | |
753 | OpalUtilSetSIDtoMSID (\r | |
754 | OPAL_SESSION *AdminSpSession,\r | |
755 | const VOID *Password,\r | |
756 | UINT32 PasswordLength,\r | |
757 | UINT8 *Msid,\r | |
758 | UINT32 MsidLength\r | |
759 | );\r | |
760 | \r | |
761 | /**\r | |
762 | Update global locking range.\r | |
763 | \r | |
764 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
765 | @param Password, Input password info.\r | |
766 | @param PasswordLength, Input password length.\r | |
767 | @param ReadLocked, Read lock info.\r | |
768 | @param WriteLocked write lock info.\r | |
769 | \r | |
770 | **/\r | |
771 | TCG_RESULT\r | |
772 | EFIAPI\r | |
773 | OpalUtilUpdateGlobalLockingRange(\r | |
774 | OPAL_SESSION *LockingSpSession,\r | |
775 | const VOID *Password,\r | |
776 | UINT32 PasswordLength,\r | |
777 | BOOLEAN ReadLocked,\r | |
778 | BOOLEAN WriteLocked\r | |
779 | );\r | |
780 | \r | |
781 | /**\r | |
782 | Update global locking range.\r | |
783 | \r | |
784 | @param Session, The session info for one opal device.\r | |
785 | @param Msid, The data buffer to save Msid info.\r | |
786 | @param MsidBufferLength, The data buffer length for Msid.\r | |
787 | @param MsidLength, The actual data length for Msid.\r | |
788 | \r | |
789 | **/\r | |
790 | TCG_RESULT\r | |
791 | EFIAPI\r | |
792 | OpalUtilGetMsid(\r | |
793 | OPAL_SESSION *Session,\r | |
794 | UINT8 *Msid,\r | |
795 | UINT32 MsidBufferLength,\r | |
796 | UINT32 *MsidLength\r | |
797 | );\r | |
798 | \r | |
799 | /**\r | |
800 | \r | |
801 | The function determines who owns the device by attempting to start a session with different credentials.\r | |
802 | If the SID PIN matches the MSID PIN, the no one owns the device.\r | |
803 | If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.\r | |
804 | \r | |
805 | \r | |
806 | @param[in] Session The session info for one opal device.\r | |
807 | @param Msid, The Msid info.\r | |
808 | @param MsidLength, The data length for Msid.\r | |
809 | \r | |
810 | **/\r | |
811 | OPAL_OWNER_SHIP\r | |
812 | EFIAPI\r | |
813 | OpalUtilDetermineOwnership(\r | |
814 | OPAL_SESSION *Session,\r | |
815 | UINT8 *Msid,\r | |
816 | UINT32 MsidLength\r | |
817 | );\r | |
818 | \r | |
819 | /**\r | |
820 | \r | |
821 | The function returns if admin password exists.\r | |
822 | \r | |
823 | @param[in] OwnerShip The owner ship of the opal device.\r | |
824 | @param[in] LockingFeature The locking info of the opal device.\r | |
825 | \r | |
826 | @retval TRUE Admin password existed.\r | |
827 | @retval FALSE Admin password not existed.\r | |
828 | \r | |
829 | **/\r | |
830 | BOOLEAN\r | |
831 | EFIAPI\r | |
832 | OpalUtilAdminPasswordExists(\r | |
833 | IN UINT16 OwnerShip,\r | |
834 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
835 | );\r | |
836 | \r | |
837 | #endif // _OPAL_CORE_H_\r |