]>
Commit | Line | Data |
---|---|---|
9dd05dde ED |
1 | /** @file\r |
2 | Public API for Opal Core library.\r | |
3 | \r | |
4b806739 | 4 | (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,\r |
4b8552d7 | 5 | https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/\r |
4b806739 | 6 | \r |
d2aefa0a ED |
7 | Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00,\r |
8 | https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/\r | |
4b806739 ED |
9 | \r |
10 | Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00,\r | |
4b8552d7 | 11 | https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/\r |
4b806739 ED |
12 | \r |
13 | TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00,\r | |
4b8552d7 | 14 | https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/\r |
4b806739 ED |
15 | \r |
16 | TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00,\r | |
4b8552d7 | 17 | https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/\r |
4b806739 ED |
18 | \r |
19 | TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00,\r | |
4b8552d7 | 20 | https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/)\r |
4b806739 ED |
21 | \r |
22 | Check http://trustedcomputinggroup.org for latest specification updates.\r | |
23 | \r | |
24 | Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
289b714b | 25 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
9dd05dde ED |
26 | \r |
27 | **/\r | |
28 | \r | |
29 | #ifndef _OPAL_CORE_H_\r | |
30 | #define _OPAL_CORE_H_\r | |
31 | \r | |
32 | #include <IndustryStandard/TcgStorageOpal.h>\r | |
33 | \r | |
34 | #include <Library/TcgStorageCoreLib.h>\r | |
35 | #include <Protocol/StorageSecurityCommand.h>\r | |
36 | \r | |
37 | #pragma pack(1)\r | |
38 | \r | |
39 | typedef struct {\r | |
40 | //\r | |
41 | // Opal SSC 1 support (0 - not supported, 1 - supported)\r | |
42 | //\r | |
43 | UINT32 OpalSsc1 : 1;\r | |
44 | \r | |
45 | //\r | |
46 | // Opal SSC 2support (0 - not supported, 1 - supported)\r | |
47 | //\r | |
48 | UINT32 OpalSsc2 : 1;\r | |
49 | \r | |
50 | //\r | |
51 | // Opal SSC Lite support (0 - not supported, 1 - supported)\r | |
52 | //\r | |
53 | UINT32 OpalSscLite : 1;\r | |
54 | \r | |
55 | //\r | |
56 | // Pyrite SSC support (0 - not supported, 1 - supported)\r | |
57 | //\r | |
58 | UINT32 PyriteSsc : 1;\r | |
59 | \r | |
60 | //\r | |
61 | // Security protocol 1 support (0 - not supported, 1 - supported)\r | |
62 | //\r | |
63 | UINT32 Sp1 : 1;\r | |
64 | \r | |
65 | //\r | |
66 | // Security protocol 2 support (0 - not supported, 1 - supported)\r | |
67 | //\r | |
68 | UINT32 Sp2 : 1;\r | |
69 | \r | |
70 | //\r | |
71 | // Security protocol IEEE1667 support (0 - not supported, 1 - supported)\r | |
72 | //\r | |
73 | UINT32 SpIeee1667 : 1;\r | |
74 | \r | |
75 | //\r | |
76 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
77 | //\r | |
78 | UINT32 MediaEncryption : 1;\r | |
79 | \r | |
80 | //\r | |
81 | // Initial C_PIN_SID PIN Indicator\r | |
82 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
83 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
84 | //\r | |
85 | UINT32 InitCpinIndicator : 1;\r | |
86 | \r | |
87 | //\r | |
88 | // Behavior of C_PIN_SID PIN upon TPer Revert\r | |
89 | // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value\r | |
90 | // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value\r | |
91 | //\r | |
92 | UINT32 CpinUponRevert : 1;\r | |
b20e0d29 ED |
93 | \r |
94 | //\r | |
95 | // Media encryption supported (0 - not supported, 1 - supported)\r | |
96 | //\r | |
97 | UINT32 BlockSid : 1;\r | |
98 | \r | |
a3068f06 ED |
99 | //\r |
100 | // Pyrite SSC V2 support (0 - not supported, 1 - supported)\r | |
101 | //\r | |
102 | UINT32 PyriteSscV2 : 1;\r | |
103 | \r | |
104 | //\r | |
105 | // Supported Data Removal Mechanism support (0 - not supported, 1 - supported)\r | |
106 | //\r | |
107 | UINT32 DataRemoval : 1;\r | |
9dd05dde ED |
108 | } OPAL_DISK_SUPPORT_ATTRIBUTE;\r |
109 | \r | |
110 | //\r | |
111 | // Opal device ownership type\r | |
112 | // The type indicates who was the determined owner of the device.\r | |
113 | //\r | |
114 | typedef enum {\r | |
115 | //\r | |
116 | // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP\r | |
117 | //was unsuccessful with the provided PIN\r | |
118 | //\r | |
119 | OpalOwnershipUnknown,\r | |
120 | \r | |
121 | //\r | |
122 | // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN\r | |
123 | //\r | |
124 | OpalOwnershipNobody,\r | |
125 | } OPAL_OWNER_SHIP;\r | |
126 | \r | |
127 | //\r | |
128 | // Structure that is used to represent an Opal session.\r | |
129 | // The structure must be initialized by calling OpalStartSession before being used as a parameter\r | |
130 | // for any other Opal function.\r | |
131 | // This structure should NOT be directly modified by the client of this library.\r | |
132 | //\r | |
133 | //\r | |
134 | typedef struct {\r | |
135 | UINT32 HostSessionId;\r | |
136 | UINT32 TperSessionId;\r | |
137 | UINT16 ComIdExtension;\r | |
138 | \r | |
139 | UINT16 OpalBaseComId;\r | |
140 | \r | |
141 | EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;\r | |
142 | UINT32 MediaId;\r | |
143 | } OPAL_SESSION;\r | |
144 | #pragma pack()\r | |
145 | \r | |
146 | /**\r | |
147 | \r | |
148 | The function fills in the provided Buffer with the supported protocol list\r | |
149 | of the device specified.\r | |
150 | \r | |
151 | @param[in] Session OPAL_SESSION data.\r | |
152 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
153 | @param[in] BuffAddress Buffer address to fill with security protocol list\r | |
154 | \r | |
155 | **/\r | |
156 | TCG_RESULT\r | |
157 | EFIAPI\r | |
158 | OpalRetrieveSupportedProtocolList(\r | |
159 | OPAL_SESSION *Session,\r | |
160 | UINTN BufferSize,\r | |
161 | VOID *BuffAddress\r | |
162 | );\r | |
163 | \r | |
164 | /**\r | |
165 | \r | |
166 | The function fills in the provided Buffer with the level 0 discovery Header\r | |
167 | of the device specified.\r | |
168 | \r | |
169 | @param[in] Session OPAL_SESSION data.\r | |
170 | @param[in] BufferSize Size of Buffer provided (in bytes)\r | |
171 | @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response\r | |
172 | \r | |
173 | **/\r | |
174 | TCG_RESULT\r | |
175 | EFIAPI\r | |
176 | OpalRetrieveLevel0DiscoveryHeader(\r | |
177 | OPAL_SESSION *Session,\r | |
178 | UINTN BufferSize,\r | |
179 | VOID *BuffAddress\r | |
180 | );\r | |
181 | \r | |
182 | /**\r | |
183 | Starts a session with a security provider (SP).\r | |
184 | \r | |
185 | If a session is started successfully, the caller must end the session with OpalEndSession when finished\r | |
186 | performing Opal actions.\r | |
187 | \r | |
188 | @param[in/out] Session OPAL_SESSION to initialize.\r | |
189 | @param[in] SpId Security provider ID to start the session with.\r | |
190 | @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).\r | |
191 | @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL\r | |
192 | @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.\r | |
193 | @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.\r | |
194 | @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.\r | |
195 | \r | |
196 | @return TcgResultSuccess indicates that the function completed without any internal errors.\r | |
197 | The caller must inspect the MethodStatus field to determine whether the method completed successfully.\r | |
198 | \r | |
199 | **/\r | |
200 | TCG_RESULT\r | |
201 | EFIAPI\r | |
202 | OpalStartSession(\r | |
203 | OPAL_SESSION *Session,\r | |
204 | TCG_UID SpId,\r | |
205 | BOOLEAN Write,\r | |
206 | UINT32 HostChallengeLength,\r | |
207 | const VOID *HostChallenge,\r | |
208 | TCG_UID HostSigningAuthority,\r | |
209 | UINT8 *MethodStatus\r | |
210 | );\r | |
211 | \r | |
212 | /**\r | |
213 | Close a session opened with OpalStartSession.\r | |
214 | \r | |
215 | @param[in/out] Session OPAL_SESSION to end.\r | |
216 | \r | |
217 | **/\r | |
218 | TCG_RESULT\r | |
219 | EFIAPI\r | |
220 | OpalEndSession(\r | |
221 | OPAL_SESSION *Session\r | |
222 | );\r | |
223 | \r | |
224 | /**\r | |
225 | \r | |
226 | Reverts device using Admin SP Revert method.\r | |
227 | \r | |
228 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
229 | \r | |
230 | **/\r | |
231 | TCG_RESULT\r | |
232 | EFIAPI\r | |
233 | OpalPsidRevert(\r | |
234 | OPAL_SESSION *AdminSpSession\r | |
235 | );\r | |
236 | \r | |
237 | \r | |
238 | /**\r | |
239 | \r | |
240 | The function retrieves the MSID from the device specified\r | |
241 | \r | |
242 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.\r | |
243 | @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller\r | |
244 | @param[in] Msid Variable length byte sequence representing MSID of device\r | |
245 | @param[in] MsidLength Actual length of MSID retrieved from device\r | |
246 | \r | |
247 | **/\r | |
248 | TCG_RESULT\r | |
249 | EFIAPI\r | |
250 | OpalGetMsid(\r | |
251 | OPAL_SESSION *AdminSpSession,\r | |
252 | UINT32 MsidBufferSize,\r | |
253 | UINT8 *Msid,\r | |
254 | UINT32 *MsidLength\r | |
255 | );\r | |
256 | \r | |
257 | /**\r | |
258 | \r | |
259 | The function activates the Locking SP.\r | |
260 | Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.\r | |
261 | If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.\r | |
262 | \r | |
263 | @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP\r | |
264 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
265 | \r | |
266 | **/\r | |
267 | TCG_RESULT\r | |
268 | EFIAPI\r | |
269 | OpalActivateLockingSp(\r | |
270 | OPAL_SESSION *AdminSpSession,\r | |
271 | UINT8 *MethodStatus\r | |
272 | );\r | |
273 | \r | |
274 | \r | |
275 | /**\r | |
276 | \r | |
277 | The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.\r | |
278 | \r | |
279 | @param[in/out] Session OPAL_SESSION to set password\r | |
280 | @param[in] CpinRowUid UID of row (authority) to update PIN column\r | |
281 | @param[in] NewPin New Pin to set for cpinRowUid specified\r | |
282 | @param[in] NewPinLength Length in bytes of newPin\r | |
283 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
284 | \r | |
285 | **/\r | |
286 | TCG_RESULT\r | |
287 | EFIAPI\r | |
288 | OpalSetPassword(\r | |
289 | OPAL_SESSION *Session,\r | |
290 | TCG_UID CpinRowUid,\r | |
291 | const VOID *NewPin,\r | |
292 | UINT32 NewPinLength,\r | |
293 | UINT8 *MethodStatus\r | |
294 | );\r | |
295 | \r | |
296 | /**\r | |
297 | \r | |
298 | The function retrieves the active key of the global locking range\r | |
299 | and calls the GenKey method on the active key retrieved.\r | |
300 | \r | |
301 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
302 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
303 | \r | |
304 | **/\r | |
305 | TCG_RESULT\r | |
306 | EFIAPI\r | |
307 | OpalGlobalLockingRangeGenKey(\r | |
308 | OPAL_SESSION *LockingSpSession,\r | |
309 | UINT8 *MethodStatus\r | |
310 | );\r | |
311 | \r | |
312 | \r | |
313 | /**\r | |
314 | \r | |
315 | The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.\r | |
0ab475c9 | 316 | This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns\r |
9dd05dde ED |
317 | (not ReadLockEnabled and WriteLockEnabled columns).\r |
318 | \r | |
319 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
320 | @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range\r | |
321 | @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range\r | |
322 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
323 | \r | |
324 | **/\r | |
325 | TCG_RESULT\r | |
326 | EFIAPI\r | |
327 | OpalUpdateGlobalLockingRange(\r | |
328 | OPAL_SESSION *LockingSpSession,\r | |
329 | BOOLEAN ReadLocked,\r | |
330 | BOOLEAN WriteLocked,\r | |
331 | UINT8 *MethodStatus\r | |
332 | );\r | |
333 | \r | |
334 | \r | |
335 | /**\r | |
336 | \r | |
337 | The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns\r | |
338 | of the specified Locking Range. This function requires admin authority of a locking SP session.\r | |
339 | \r | |
340 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key\r | |
341 | @param[in] LockingRangeUid Locking range UID to set values\r | |
342 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
343 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
344 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
345 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
346 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
347 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
348 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
349 | \r | |
350 | **/\r | |
351 | TCG_RESULT\r | |
352 | EFIAPI\r | |
353 | OpalSetLockingRange(\r | |
354 | OPAL_SESSION *LockingSpSession,\r | |
355 | TCG_UID LockingRangeUid,\r | |
356 | UINT64 RangeStart,\r | |
357 | UINT64 RangeLength,\r | |
358 | BOOLEAN ReadLockEnabled,\r | |
359 | BOOLEAN WriteLockEnabled,\r | |
360 | BOOLEAN ReadLocked,\r | |
361 | BOOLEAN WriteLocked,\r | |
362 | UINT8 *MethodStatus\r | |
363 | );\r | |
364 | \r | |
365 | /**\r | |
366 | \r | |
367 | The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided\r | |
368 | using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.\r | |
369 | \r | |
370 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update\r | |
371 | @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN\r | |
372 | @param[in] AuthorityUid UID of Locking SP authority to update Pin column with\r | |
373 | @param[in] NewPin New Password used to set Pin column\r | |
374 | @param[in] NewPinLength Length in bytes of new password\r | |
375 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
376 | \r | |
377 | **/\r | |
378 | TCG_RESULT\r | |
379 | EFIAPI\r | |
380 | OpalSetLockingSpAuthorityEnabledAndPin(\r | |
381 | OPAL_SESSION *LockingSpSession,\r | |
382 | TCG_UID CpinRowUid,\r | |
383 | TCG_UID AuthorityUid,\r | |
384 | const VOID *NewPin,\r | |
385 | UINT32 NewPinLength,\r | |
386 | UINT8 *MethodStatus\r | |
387 | );\r | |
388 | \r | |
389 | \r | |
390 | /**\r | |
391 | \r | |
392 | The function sets the Enabled column to FALSE for the USER1 authority.\r | |
393 | \r | |
394 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1\r | |
395 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
396 | \r | |
397 | **/\r | |
398 | TCG_RESULT\r | |
399 | EFIAPI\r | |
400 | OpalDisableUser(\r | |
401 | OPAL_SESSION *LockingSpSession,\r | |
402 | UINT8 *MethodStatus\r | |
403 | );\r | |
404 | \r | |
405 | \r | |
406 | /**\r | |
407 | \r | |
408 | The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter\r | |
409 | to keep the user data is set to True, otherwise the optional parameter is not provided.\r | |
410 | \r | |
411 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP\r | |
412 | @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.\r | |
413 | @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.\r | |
414 | \r | |
415 | **/\r | |
416 | TCG_RESULT\r | |
417 | EFIAPI\r | |
418 | OpalAdminRevert(\r | |
419 | OPAL_SESSION *LockingSpSession,\r | |
420 | BOOLEAN KeepUserData,\r | |
421 | UINT8 *MethodStatus\r | |
422 | );\r | |
423 | \r | |
424 | \r | |
425 | /**\r | |
426 | \r | |
427 | The function retrieves the TryLimit column for the specified rowUid (authority).\r | |
428 | \r | |
429 | @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit\r | |
430 | @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column\r | |
431 | @param[in/out] TryLimit Value from TryLimit column\r | |
432 | \r | |
433 | **/\r | |
434 | TCG_RESULT\r | |
435 | EFIAPI\r | |
436 | OpalGetTryLimit(\r | |
437 | OPAL_SESSION *LockingSpSession,\r | |
438 | TCG_UID RowUid,\r | |
439 | UINT32 *TryLimit\r | |
440 | );\r | |
441 | \r | |
442 | \r | |
443 | /**\r | |
444 | \r | |
445 | The function populates the CreateStruct with a payload that will retrieve the global locking range active key.\r | |
446 | It is intended to be called with a session that is already started with a valid credential.\r | |
447 | The function does not send the payload.\r | |
448 | \r | |
449 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
450 | @param[in/out] CreateStruct Structure to populate with encoded TCG command\r | |
451 | @param[in/out] Size Size in bytes of the command created.\r | |
452 | \r | |
453 | **/\r | |
454 | TCG_RESULT\r | |
455 | EFIAPI\r | |
456 | OpalCreateRetrieveGlobalLockingRangeActiveKey(\r | |
457 | const OPAL_SESSION *Session,\r | |
458 | TCG_CREATE_STRUCT *CreateStruct,\r | |
459 | UINT32 *Size\r | |
460 | );\r | |
461 | \r | |
462 | \r | |
463 | /**\r | |
464 | \r | |
465 | The function acquires the activeKey specified for the Global Locking Range from the parseStruct.\r | |
466 | \r | |
467 | @param[in] ParseStruct Structure that contains the device's response with the activekey\r | |
468 | @param[in/out] ActiveKey The UID of the active key retrieved\r | |
469 | \r | |
470 | **/\r | |
471 | TCG_RESULT\r | |
472 | EFIAPI\r | |
473 | OpalParseRetrieveGlobalLockingRangeActiveKey(\r | |
474 | TCG_PARSE_STRUCT *ParseStruct,\r | |
475 | TCG_UID *ActiveKey\r | |
476 | );\r | |
477 | \r | |
478 | /**\r | |
479 | \r | |
480 | Get the support attribute info.\r | |
481 | \r | |
482 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
483 | @param[in/out] LockingFeature Return the Locking info.\r | |
484 | \r | |
485 | **/\r | |
486 | TCG_RESULT\r | |
487 | EFIAPI\r | |
488 | OpalGetLockingInfo(\r | |
489 | OPAL_SESSION *Session,\r | |
490 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
491 | );\r | |
492 | \r | |
493 | /**\r | |
494 | \r | |
495 | The function determines whether or not all of the requirements for the Opal Feature (not full specification)\r | |
496 | are met by the specified device.\r | |
497 | \r | |
498 | @param[in] SupportedAttributes Opal device attribute.\r | |
499 | \r | |
500 | **/\r | |
501 | BOOLEAN\r | |
502 | EFIAPI\r | |
503 | OpalFeatureSupported(\r | |
504 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes\r | |
505 | );\r | |
506 | \r | |
507 | /**\r | |
508 | \r | |
509 | The function returns whether or not the device is Opal Enabled.\r | |
510 | TRUE means that the device is partially or fully locked.\r | |
511 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
512 | \r | |
513 | @param[in] SupportedAttributes Opal device attribute.\r | |
514 | @param[in] LockingFeature Opal device locking status.\r | |
515 | \r | |
516 | \r | |
517 | **/\r | |
518 | BOOLEAN\r | |
519 | EFIAPI\r | |
520 | OpalFeatureEnabled(\r | |
521 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
522 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
523 | );\r | |
524 | \r | |
525 | /**\r | |
526 | \r | |
527 | The function returns whether or not the device is Opal Locked.\r | |
528 | TRUE means that the device is partially or fully locked.\r | |
529 | This will perform a Level 0 Discovery and parse the locking feature descriptor\r | |
530 | \r | |
531 | @param[in] SupportedAttributes Opal device attribute.\r | |
532 | @param[in] LockingFeature Opal device locking status.\r | |
533 | \r | |
534 | **/\r | |
535 | BOOLEAN\r | |
536 | OpalDeviceLocked(\r | |
537 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
538 | TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
539 | );\r | |
540 | \r | |
541 | /**\r | |
542 | Trig the block sid action.\r | |
543 | \r | |
544 | @param[in] Session OPAL_SESSION to populate command for, needs comId\r | |
545 | @param[in] HardwareReset Whether need to do hardware reset.\r | |
546 | \r | |
547 | **/\r | |
548 | TCG_RESULT\r | |
549 | EFIAPI\r | |
550 | OpalBlockSid(\r | |
551 | OPAL_SESSION *Session,\r | |
552 | BOOLEAN HardwareReset\r | |
553 | );\r | |
554 | \r | |
555 | /**\r | |
556 | \r | |
557 | Get the support attribute info.\r | |
558 | \r | |
559 | @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.\r | |
560 | @param[in/out] SupportedAttributes Return the support attribute info.\r | |
561 | @param[out] OpalBaseComId Return the base com id info.\r | |
562 | \r | |
563 | **/\r | |
564 | TCG_RESULT\r | |
565 | EFIAPI\r | |
566 | OpalGetSupportedAttributesInfo(\r | |
567 | OPAL_SESSION *Session,\r | |
568 | OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,\r | |
569 | UINT16 *OpalBaseComId\r | |
570 | );\r | |
571 | \r | |
572 | /**\r | |
573 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
574 | \r | |
575 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
576 | @param[in] Psid PSID of device to revert.\r | |
577 | @param[in] PsidLength Length of PSID in bytes.\r | |
578 | \r | |
579 | **/\r | |
580 | TCG_RESULT\r | |
581 | EFIAPI\r | |
582 | OpalUtilPsidRevert(\r | |
583 | OPAL_SESSION *AdminSpSession,\r | |
584 | const VOID *Psid,\r | |
585 | UINT32 PsidLength\r | |
586 | );\r | |
587 | \r | |
588 | /**\r | |
589 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
590 | sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r | |
591 | and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.\r | |
592 | \r | |
593 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
594 | @param[in] GeneratedSid Generated SID of disk\r | |
595 | @param[in] SidLength Length of generatedSid in bytes\r | |
596 | @param[in] Password New admin password to set\r | |
597 | @param[in] PassLength Length of password in bytes\r | |
598 | \r | |
599 | **/\r | |
600 | TCG_RESULT\r | |
601 | EFIAPI\r | |
602 | OpalUtilSetAdminPasswordAsSid(\r | |
603 | OPAL_SESSION *AdminSpSession,\r | |
604 | const VOID *GeneratedSid,\r | |
605 | UINT32 SidLength,\r | |
606 | const VOID *Password,\r | |
607 | UINT32 PassLength\r | |
608 | );\r | |
609 | \r | |
610 | /**\r | |
611 | \r | |
612 | Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
613 | and updates the specified locking range with the provided column values.\r | |
614 | \r | |
615 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
616 | @param[in] Password New admin password to set\r | |
617 | @param[in] PassLength Length of password in bytes\r | |
618 | @param[in] LockingRangeUid Locking range UID to set values\r | |
619 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
620 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
621 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
622 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
623 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
624 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
625 | \r | |
626 | **/\r | |
627 | TCG_RESULT\r | |
628 | EFIAPI\r | |
629 | OpalUtilSetOpalLockingRange(\r | |
630 | OPAL_SESSION *LockingSpSession,\r | |
631 | const VOID *Password,\r | |
632 | UINT32 PassLength,\r | |
633 | TCG_UID LockingRangeUid,\r | |
634 | UINT64 RangeStart,\r | |
635 | UINT64 RangeLength,\r | |
636 | BOOLEAN ReadLockEnabled,\r | |
637 | BOOLEAN WriteLockEnabled,\r | |
638 | BOOLEAN ReadLocked,\r | |
639 | BOOLEAN WriteLocked\r | |
640 | );\r | |
641 | \r | |
642 | /**\r | |
643 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
644 | sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r | |
645 | and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r | |
646 | \r | |
647 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
648 | @param[in] OldPassword Current admin password\r | |
649 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
650 | @param[in] NewPassword New admin password to set\r | |
651 | @param[in] NewPasswordLength Length of new password in bytes\r | |
652 | \r | |
653 | **/\r | |
654 | TCG_RESULT\r | |
655 | EFIAPI\r | |
656 | OpalUtilSetAdminPassword(\r | |
657 | OPAL_SESSION *AdminSpSession,\r | |
658 | const VOID *OldPassword,\r | |
659 | UINT32 OldPasswordLength,\r | |
660 | const VOID *NewPassword,\r | |
661 | UINT32 NewPasswordLength\r | |
662 | );\r | |
663 | \r | |
664 | /**\r | |
665 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
666 | and sets the User1 SP authority to enabled and sets the User1 password.\r | |
667 | \r | |
668 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
669 | @param[in] OldPassword Current admin password\r | |
670 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
671 | @param[in] NewPassword New admin password to set\r | |
672 | @param[in] NewPasswordLength Length of new password in bytes\r | |
673 | \r | |
674 | **/\r | |
675 | TCG_RESULT\r | |
676 | EFIAPI\r | |
677 | OpalUtilSetUserPassword(\r | |
678 | OPAL_SESSION *LockingSpSession,\r | |
679 | const VOID *OldPassword,\r | |
680 | UINT32 OldPasswordLength,\r | |
681 | const VOID *NewPassword,\r | |
682 | UINT32 NewPasswordLength\r | |
683 | );\r | |
684 | \r | |
685 | /**\r | |
686 | Verify whether user input the correct password.\r | |
687 | \r | |
688 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
689 | @param[in] Password Admin password\r | |
690 | @param[in] PasswordLength Length of password in bytes\r | |
691 | @param[in/out] HostSigningAuthority Use the Host signing authority type.\r | |
692 | \r | |
693 | **/\r | |
694 | TCG_RESULT\r | |
695 | EFIAPI\r | |
696 | OpalUtilVerifyPassword (\r | |
697 | OPAL_SESSION *LockingSpSession,\r | |
698 | const VOID *Password,\r | |
699 | UINT32 PasswordLength,\r | |
700 | TCG_UID HostSigningAuthority\r | |
701 | );\r | |
702 | \r | |
703 | /**\r | |
704 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
705 | and generates a new global locking range key to erase the Data.\r | |
706 | \r | |
707 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
708 | @param[in] Password Admin or user password\r | |
709 | @param[in] PasswordLength Length of password in bytes\r | |
710 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
711 | \r | |
712 | **/\r | |
713 | TCG_RESULT\r | |
714 | EFIAPI\r | |
715 | OpalUtilSecureErase(\r | |
716 | OPAL_SESSION *LockingSpSession,\r | |
717 | const VOID *Password,\r | |
718 | UINT32 PasswordLength,\r | |
719 | BOOLEAN *PasswordFailed\r | |
720 | );\r | |
721 | \r | |
722 | /**\r | |
723 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
724 | \r | |
725 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
726 | @param[in] Password Admin password\r | |
727 | @param[in] PasswordLength Length of password in bytes\r | |
728 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
729 | \r | |
730 | **/\r | |
731 | TCG_RESULT\r | |
732 | EFIAPI\r | |
733 | OpalUtilDisableUser(\r | |
734 | OPAL_SESSION *LockingSpSession,\r | |
735 | const VOID *Password,\r | |
736 | UINT32 PasswordLength,\r | |
737 | BOOLEAN *PasswordFailed\r | |
738 | );\r | |
739 | \r | |
740 | /**\r | |
741 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
742 | \r | |
743 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
744 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
745 | @param[in] Password Admin password\r | |
746 | @param[in] PasswordLength Length of password in bytes\r | |
747 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
748 | @param[in] Msid Input Msid info.\r | |
749 | @param[in] MsidLength Input Msid info length.\r | |
750 | \r | |
751 | **/\r | |
752 | TCG_RESULT\r | |
753 | EFIAPI\r | |
754 | OpalUtilRevert(\r | |
755 | OPAL_SESSION *LockingSpSession,\r | |
756 | BOOLEAN KeepUserData,\r | |
757 | const VOID *Password,\r | |
758 | UINT32 PasswordLength,\r | |
759 | BOOLEAN *PasswordFailed,\r | |
760 | UINT8 *Msid,\r | |
761 | UINT32 MsidLength\r | |
762 | );\r | |
763 | \r | |
764 | /**\r | |
765 | After revert success, set SID to MSID.\r | |
766 | \r | |
767 | @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId\r | |
768 | @param Password, Input password info.\r | |
769 | @param PasswordLength, Input password length.\r | |
770 | @param[in] Msid Input Msid info.\r | |
771 | @param[in] MsidLength Input Msid info length.\r | |
772 | \r | |
773 | **/\r | |
774 | TCG_RESULT\r | |
775 | EFIAPI\r | |
776 | OpalUtilSetSIDtoMSID (\r | |
777 | OPAL_SESSION *AdminSpSession,\r | |
778 | const VOID *Password,\r | |
779 | UINT32 PasswordLength,\r | |
780 | UINT8 *Msid,\r | |
781 | UINT32 MsidLength\r | |
782 | );\r | |
783 | \r | |
784 | /**\r | |
785 | Update global locking range.\r | |
786 | \r | |
787 | @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId\r | |
788 | @param Password, Input password info.\r | |
789 | @param PasswordLength, Input password length.\r | |
790 | @param ReadLocked, Read lock info.\r | |
791 | @param WriteLocked write lock info.\r | |
792 | \r | |
793 | **/\r | |
794 | TCG_RESULT\r | |
795 | EFIAPI\r | |
796 | OpalUtilUpdateGlobalLockingRange(\r | |
797 | OPAL_SESSION *LockingSpSession,\r | |
798 | const VOID *Password,\r | |
799 | UINT32 PasswordLength,\r | |
800 | BOOLEAN ReadLocked,\r | |
801 | BOOLEAN WriteLocked\r | |
802 | );\r | |
803 | \r | |
804 | /**\r | |
805 | Update global locking range.\r | |
806 | \r | |
807 | @param Session, The session info for one opal device.\r | |
808 | @param Msid, The data buffer to save Msid info.\r | |
809 | @param MsidBufferLength, The data buffer length for Msid.\r | |
810 | @param MsidLength, The actual data length for Msid.\r | |
811 | \r | |
812 | **/\r | |
813 | TCG_RESULT\r | |
814 | EFIAPI\r | |
815 | OpalUtilGetMsid(\r | |
816 | OPAL_SESSION *Session,\r | |
817 | UINT8 *Msid,\r | |
818 | UINT32 MsidBufferLength,\r | |
819 | UINT32 *MsidLength\r | |
820 | );\r | |
821 | \r | |
822 | /**\r | |
823 | \r | |
824 | The function determines who owns the device by attempting to start a session with different credentials.\r | |
825 | If the SID PIN matches the MSID PIN, the no one owns the device.\r | |
826 | If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.\r | |
827 | \r | |
828 | \r | |
829 | @param[in] Session The session info for one opal device.\r | |
830 | @param Msid, The Msid info.\r | |
831 | @param MsidLength, The data length for Msid.\r | |
832 | \r | |
833 | **/\r | |
834 | OPAL_OWNER_SHIP\r | |
835 | EFIAPI\r | |
836 | OpalUtilDetermineOwnership(\r | |
837 | OPAL_SESSION *Session,\r | |
838 | UINT8 *Msid,\r | |
839 | UINT32 MsidLength\r | |
840 | );\r | |
841 | \r | |
842 | /**\r | |
843 | \r | |
844 | The function returns if admin password exists.\r | |
845 | \r | |
846 | @param[in] OwnerShip The owner ship of the opal device.\r | |
847 | @param[in] LockingFeature The locking info of the opal device.\r | |
848 | \r | |
849 | @retval TRUE Admin password existed.\r | |
850 | @retval FALSE Admin password not existed.\r | |
851 | \r | |
852 | **/\r | |
853 | BOOLEAN\r | |
854 | EFIAPI\r | |
855 | OpalUtilAdminPasswordExists(\r | |
856 | IN UINT16 OwnerShip,\r | |
857 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
858 | );\r | |
859 | \r | |
a3068f06 ED |
860 | /**\r |
861 | Get Active Data Removal Mechanism Value.\r | |
862 | \r | |
863 | @param[in] Session, The session info for one opal device.\r | |
864 | @param[in] GeneratedSid Generated SID of disk\r | |
865 | @param[in] SidLength Length of generatedSid in bytes\r | |
866 | @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.\r | |
867 | \r | |
868 | **/\r | |
869 | TCG_RESULT\r | |
870 | EFIAPI\r | |
871 | OpalUtilGetActiveDataRemovalMechanism (\r | |
872 | OPAL_SESSION *Session,\r | |
873 | const VOID *GeneratedSid,\r | |
874 | UINT32 SidLength,\r | |
875 | UINT8 *ActiveDataRemovalMechanism\r | |
876 | );\r | |
877 | \r | |
878 | /**\r | |
879 | Get the supported Data Removal Mechanism list.\r | |
880 | \r | |
881 | @param[in] Session, The session info for one opal device.\r | |
882 | @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.\r | |
883 | \r | |
884 | **/\r | |
885 | TCG_RESULT\r | |
886 | EFIAPI\r | |
887 | OpalUtilGetDataRemovalMechanismLists (\r | |
888 | IN OPAL_SESSION *Session,\r | |
889 | OUT UINT32 *RemovalMechanismLists\r | |
890 | );\r | |
891 | \r | |
9dd05dde | 892 | #endif // _OPAL_CORE_H_\r |