]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic.
[mirror_edk2.git] / SecurityPkg / Tcg / Opal / OpalPasswordSmm / OpalPasswordSmm.c
CommitLineData
cb274a27
ED		 1/** @file\r
2 Opal password smm driver which is used to support Opal security feature at s3 path.\r
3\r
4Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include "OpalPasswordSmm.h"\r
16\r
17#define SMM_SIZE_ALLOC_BYTES (512)\r
18#define RESPONSE_SIZE (200)\r
19\r
20#define PCI_CLASS_MASS_STORAGE_AHCI (0x06)\r
21\r
22#define OPAL_PCIE_ROOTPORT_SAVESIZE (0x40)\r
23#define STORE_INVALID_ROOTPORT_INDEX ((UINT8) -1)\r
24#define OPAL_DEVICE_TYPE_SATA 0x1\r
25#define OPAL_DEVICE_TYPE_NVME 0x2\r
26#define OPAL_DEVICE_TYPE_UNKNOWN 0xFF\r
27\r
28//\r
29// To unlock the Intel SATA controller at S3 Resume, restored the following registers.\r
30//\r
31const OPAL_HC_PCI_REGISTER_SAVE mSataHcRegisterSaveTemplate[] = {\r
32 {0x9, S3BootScriptWidthUint8},\r
33 {0x10, S3BootScriptWidthUint32},\r
34 {0x14, S3BootScriptWidthUint32},\r
35 {0x18, S3BootScriptWidthUint32},\r
36 {0x1C, S3BootScriptWidthUint32},\r
37 {0x20, S3BootScriptWidthUint32},\r
38 {0x24, S3BootScriptWidthUint32},\r
39 {0x3c, S3BootScriptWidthUint8},\r
40 {0x3d, S3BootScriptWidthUint8},\r
41 {0x40, S3BootScriptWidthUint16},\r
42 {0x42, S3BootScriptWidthUint16},\r
43 {0x92, S3BootScriptWidthUint16},\r
44 {0x94, S3BootScriptWidthUint32},\r
45 {0x9C, S3BootScriptWidthUint32},\r
46 {0x4, S3BootScriptWidthUint16},\r
47};\r
48\r
49\r
50UINT8 mSwSmiValue;\r
51LIST_ENTRY *mOpalDeviceList;\r
52LIST_ENTRY mSmmDeviceList = INITIALIZE_LIST_HEAD_VARIABLE (mSmmDeviceList);\r
53\r
54BOOLEAN mSendBlockSID = FALSE;\r
55\r
56// AHCI\r
57UINT32 mAhciBar = 0;\r
58EFI_AHCI_REGISTERS mAhciRegisters;\r
59VOID *mBuffer = NULL; // DMA can not read/write Data to smram, so we pre-allocates Buffer from AcpiNVS.\r
60//\r
61// NVME\r
62NVME_CONTEXT mNvmeContext;\r
63\r
009264f5
ED		 64EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL;\r
65UINTN mNumberOfDescriptors = 0;\r
66\r
cb274a27
ED		 67/**\r
68 Add new bridge node or nvme device info to the device list.\r
69\r
70 @param[in] BusNum The bus number.\r
71 @param[in] DevNum The device number.\r
72 @param[in] FuncNum The function number.\r
73 @param[in] Dev The device which need to add device node info.\r
74\r
75**/\r
76VOID\r
77AddPciDeviceNode (\r
78 UINT32 BusNum,\r
79 UINT32 DevNum,\r
80 UINT32 FuncNum,\r
81 OPAL_SMM_DEVICE *Dev\r
82 )\r
83{\r
84 UINT8 *DevList;\r
85 PCI_DEVICE *DeviceNode;\r
86\r
87 DevList = AllocateZeroPool (sizeof (PCI_DEVICE) + Dev->Length);\r
88 ASSERT (DevList != NULL);\r
89\r
90 if (Dev->Length != 0) {\r
91 CopyMem (DevList, Dev->PciBridgeNode, Dev->Length);\r
92 FreePool (Dev->PciBridgeNode);\r
93 }\r
94\r
95 DeviceNode = (PCI_DEVICE *) (DevList + Dev->Length);\r
96\r
97 DeviceNode->BusNum = BusNum;\r
98 DeviceNode->DevNum = DevNum;\r
99 DeviceNode->FuncNum = FuncNum;\r
100\r
101 Dev->Length += sizeof (PCI_DEVICE);\r
102 Dev->PciBridgeNode = (PCI_DEVICE *)DevList;\r
103}\r
104\r
105/**\r
106 Extract device info from the input device path.\r
107\r
108 @param[in] DevicePath Device path info for the device.\r
109 @param[in,out] Dev The device which new inputed.\r
110\r
111**/\r
112VOID\r
113ExtractDeviceInfoFromDevicePath (\r
114 IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r
115 IN OUT OPAL_SMM_DEVICE *Dev\r
116 )\r
117{\r
118 EFI_DEVICE_PATH_PROTOCOL *TmpDevPath;\r
119 EFI_DEVICE_PATH_PROTOCOL *TmpDevPath2;\r
120 PCI_DEVICE_PATH *PciDevPath;\r
121 SATA_DEVICE_PATH *SataDevPath;\r
122 NVME_NAMESPACE_DEVICE_PATH *NvmeDevPath;\r
123 UINTN BusNum;\r
124\r
125 TmpDevPath = DevicePath;\r
126 Dev->DeviceType = OPAL_DEVICE_TYPE_UNKNOWN;\r
127\r
128 while (!IsDevicePathEnd(TmpDevPath)) {\r
129 if (TmpDevPath->Type == MESSAGING_DEVICE_PATH && TmpDevPath->SubType == MSG_SATA_DP) {\r
130 //\r
131 // SATA\r
132 //\r
133 SataDevPath = ( SATA_DEVICE_PATH* )TmpDevPath;\r
134 Dev->SataPort = SataDevPath->HBAPortNumber;\r
135 Dev->SataPortMultiplierPort = SataDevPath->PortMultiplierPortNumber;\r
136 Dev->DeviceType = OPAL_DEVICE_TYPE_SATA;\r
137 break;\r
138 } else if (TmpDevPath->Type == MESSAGING_DEVICE_PATH && TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP) {\r
139 //\r
140 // NVMe\r
141 //\r
142 NvmeDevPath = ( NVME_NAMESPACE_DEVICE_PATH* )TmpDevPath;\r
143 Dev->NvmeNamespaceId = NvmeDevPath->NamespaceId;\r
144 Dev->DeviceType = OPAL_DEVICE_TYPE_NVME;\r
145 break;\r
146 }\r
147 TmpDevPath = NextDevicePathNode (TmpDevPath);\r
148 }\r
149\r
150 //\r
151 // Get bridge node info for the nvme device.\r
152 //\r
153 BusNum = 0;\r
154 TmpDevPath = DevicePath;\r
155 TmpDevPath2 = NextDevicePathNode (DevicePath);\r
156 while (!IsDevicePathEnd(TmpDevPath2)) {\r
157 if (TmpDevPath->Type == HARDWARE_DEVICE_PATH && TmpDevPath->SubType == HW_PCI_DP) {\r
158 PciDevPath = (PCI_DEVICE_PATH *) TmpDevPath;\r
159 if ((TmpDevPath2->Type == MESSAGING_DEVICE_PATH && TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)||\r
160 (TmpDevPath2->Type == MESSAGING_DEVICE_PATH && TmpDevPath2->SubType == MSG_SATA_DP)) {\r
161 Dev->BusNum = (UINT32)BusNum;\r
162 Dev->DevNum = PciDevPath->Device;\r
163 Dev->FuncNum = PciDevPath->Function;\r
164 } else {\r
165 AddPciDeviceNode((UINT32)BusNum, PciDevPath->Device, PciDevPath->Function, Dev);\r
166 if (TmpDevPath2->Type == HARDWARE_DEVICE_PATH && TmpDevPath2->SubType == HW_PCI_DP) {\r
167 BusNum = PciRead8 (PCI_LIB_ADDRESS (BusNum, PciDevPath->Device, PciDevPath->Function, NVME_PCIE_SEC_BNUM));\r
168 }\r
169 }\r
170 }\r
171\r
172 TmpDevPath = NextDevicePathNode (TmpDevPath);\r
173 TmpDevPath2 = NextDevicePathNode (TmpDevPath2);\r
174 }\r
175}\r
176\r
177/**\r
178\r
179 The function returns whether or not the device is Opal Locked.\r
180 TRUE means that the device is partially or fully locked.\r
181 This will perform a Level 0 Discovery and parse the locking feature descriptor\r
182\r
69cd1294
ED		 183 @param[in] OpalDev Opal object to determine if locked\r
184 @param[out] BlockSidSupported Whether device support BlockSid feature.\r
cb274a27
ED		 185\r
186**/\r
187BOOLEAN\r
188IsOpalDeviceLocked(\r
69cd1294
ED		 189 OPAL_SMM_DEVICE *OpalDev,\r
190 BOOLEAN *BlockSidSupported\r
cb274a27
ED		 191 )\r
192{\r
193 OPAL_SESSION Session;\r
194 OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;\r
195 TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature;\r
196 UINT16 OpalBaseComId;\r
197 TCG_RESULT Ret;\r
198\r
199 Session.Sscp = &OpalDev->Sscp;\r
200 Session.MediaId = 0;\r
201\r
202 Ret = OpalGetSupportedAttributesInfo (&Session, &SupportedAttributes, &OpalBaseComId);\r
203 if (Ret != TcgResultSuccess) {\r
204 return FALSE;\r
205 }\r
206\r
207 OpalDev->OpalBaseComId = OpalBaseComId;\r
69cd1294
ED		 208 Session.OpalBaseComId = OpalBaseComId;\r
209 *BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE;\r
cb274a27
ED		 210\r
211 Ret = OpalGetLockingInfo(&Session, &LockingFeature);\r
212 if (Ret != TcgResultSuccess) {\r
213 return FALSE;\r
214 }\r
215\r
216 return OpalDeviceLocked (&SupportedAttributes, &LockingFeature);\r
217}\r
218\r
219/**\r
220 Save/Restore RootPort configuration space.\r
221\r
222 @param[in] DeviceNode - The device node.\r
223 @param[in] SaveAction - TRUE: Save, FALSE: Restore\r
224 @param[in,out] PcieConfBufferList - Configuration space data buffer for save/restore\r
225\r
226 @retval - PCIE base address of this RootPort\r
227**/\r
228UINTN\r
229SaveRestoreRootportConfSpace (\r
230 IN OPAL_SMM_DEVICE *DeviceNode,\r
231 IN BOOLEAN SaveAction,\r
232 IN OUT UINT8 **PcieConfBufferList\r
233 )\r
234{\r
235 UINTN RpBase;\r
236 UINTN Length;\r
237 PCI_DEVICE *DevNode;\r
238 UINT8 *StorePcieConfData;\r
239 UINTN Index;\r
240\r
241 Length = 0;\r
242 Index = 0;\r
243 RpBase = 0;\r
244\r
245 while (Length < DeviceNode->Length) {\r
246 DevNode = (PCI_DEVICE *)((UINT8*)DeviceNode->PciBridgeNode + Length);\r
247 RpBase = PCI_LIB_ADDRESS (DevNode->BusNum, DevNode->DevNum, DevNode->FuncNum, 0x0);\r
248\r
249 if (PcieConfBufferList != NULL) {\r
250 if (SaveAction) {\r
251 StorePcieConfData = (UINT8 *) AllocateZeroPool (OPAL_PCIE_ROOTPORT_SAVESIZE);\r
252 ASSERT (StorePcieConfData != NULL);\r
253 OpalPciRead (StorePcieConfData, RpBase, OPAL_PCIE_ROOTPORT_SAVESIZE);\r
254 PcieConfBufferList[Index] = StorePcieConfData;\r
255 } else {\r
256 // Skip PCIe Command & Status registers\r
257 StorePcieConfData = PcieConfBufferList[Index];\r
258 OpalPciWrite (RpBase, StorePcieConfData, 4);\r
259 OpalPciWrite (RpBase + 8, StorePcieConfData + 8, OPAL_PCIE_ROOTPORT_SAVESIZE - 8);\r
260\r
261 FreePool (StorePcieConfData);\r
262 }\r
263 }\r
264\r
265 Length += sizeof (PCI_DEVICE);\r
266 Index ++;\r
267 }\r
268\r
269 return RpBase;\r
270}\r
271\r
272/**\r
273 Configure RootPort for downstream PCIe NAND devices.\r
274\r
275 @param[in] RpBase - PCIe configuration space address of this RootPort\r
276 @param[in] BusNumber - Bus number\r
277 @param[in] MemoryBase - Memory base address\r
278 @param[in] MemoryLength - Memory size\r
279\r
280**/\r
281VOID\r
282ConfigureRootPortForPcieNand (\r
283 IN UINTN RpBase,\r
284 IN UINTN BusNumber,\r
285 IN UINT32 MemoryBase,\r
286 IN UINT32 MemoryLength\r
287 )\r
288{\r
289 UINT32 MemoryLimit;\r
290\r
291 DEBUG ((DEBUG_INFO, "ConfigureRootPortForPcieNand, BusNumber: %x, MemoryBase: %x, MemoryLength: %x\n",\r
292 BusNumber, MemoryBase, MemoryLength));\r
293\r
294 if (MemoryLength == 0) {\r
295 MemoryLimit = MemoryBase;\r
296 } else {\r
297 MemoryLimit = MemoryBase + MemoryLength + 0xFFFFF; // 1M\r
298 }\r
299\r
300 ///\r
301 /// Configue PCIE configuration space for RootPort\r
302 ///\r
303 PciWrite8 (RpBase + NVME_PCIE_BNUM + 1, (UINT8) BusNumber); // Secondary Bus Number registers\r
304 PciWrite8 (RpBase + NVME_PCIE_BNUM + 2, (UINT8) BusNumber); // Subordinate Bus Number registers\r
305 PciWrite8 (RpBase + NVME_PCIE_IOBL, 0xFF); // I/O Base registers\r
306 PciWrite8 (RpBase + NVME_PCIE_IOBL + 1, 0x00); // I/O Limit registers\r
307 PciWrite16 (RpBase + NVME_PCIE_MBL, (UINT16) RShiftU64 ((UINTN)MemoryBase, 16)); // Memory Base register\r
308 PciWrite16 (RpBase + NVME_PCIE_MBL + 2, (UINT16) RShiftU64 ((UINTN)MemoryLimit, 16)); // Memory Limit register\r
309 PciWrite16 (RpBase + NVME_PCIE_PMBL, 0xFFFF); // Prefetchable Memory Base registers\r
310 PciWrite16 (RpBase + NVME_PCIE_PMBL + 2, 0x0000); // Prefetchable Memory Limit registers\r
311 PciWrite32 (RpBase + NVME_PCIE_PMBU32, 0xFFFFFFFF); // Prefetchable Memory Upper Base registers\r
312 PciWrite32 (RpBase + NVME_PCIE_PMLU32, 0x00000000); // Prefetchable Memory Upper Limit registers\r
313}\r
314\r
315\r
316/**\r
317 Dispatch function for a Software SMI handler.\r
318\r
319 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
320 @param[in] RegisterContext Points to an optional handler context which was specified when the\r
321 handler was registered.\r
322 @param[in, out] CommBuffer A pointer to a collection of Data in memory that will\r
323 be conveyed from a non-SMM environment into an SMM environment.\r
324 @param[in, out] CommBufferSize The Size of the CommBuffer.\r
325\r
326 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers\r
327 should still be called.\r
328 @retval Others Other execution results.\r
329**/\r
330EFI_STATUS\r
331EFIAPI\r
332SmmUnlockOpalPassword (\r
333 IN EFI_HANDLE DispatchHandle,\r
334 IN CONST VOID *RegisterContext,\r
335 IN OUT VOID *CommBuffer,\r
336 IN OUT UINTN *CommBufferSize\r
337 )\r
338{\r
339 EFI_STATUS Status;\r
340 OPAL_SMM_DEVICE *OpalDev;\r
341 LIST_ENTRY *Entry;\r
342 UINT8 BaseClassCode;\r
343 UINT8 SubClassCode;\r
344 UINT8 ProgInt;\r
345 TCG_RESULT Result;\r
346 UINT8 SataCmdSt;\r
347 UINT8 *StorePcieConfDataList[16];\r
348 UINTN RpBase;\r
349 UINTN MemoryBase;\r
350 UINTN MemoryLength;\r
351 OPAL_SESSION Session;\r
69cd1294 352 BOOLEAN BlockSidSupport;\r
cb274a27
ED		 353\r
354 ZeroMem (StorePcieConfDataList, sizeof (StorePcieConfDataList));\r
355 Status = EFI_DEVICE_ERROR;\r
356\r
357 //\r
358 // try to unlock all locked hdd disks.\r
359 //\r
360 for (Entry = mSmmDeviceList.ForwardLink; Entry != &mSmmDeviceList; Entry = Entry->ForwardLink) {\r
361 OpalDev = BASE_CR(Entry, OPAL_SMM_DEVICE, Link);\r
362\r
363 RpBase = 0;\r
364 SataCmdSt = 0;\r
365\r
366 ///\r
367 /// Configure RootPort for PCIe AHCI/NVME devices.\r
368 ///\r
369 if (OpalDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {\r
370 ///\r
371 /// Save original RootPort configuration space to heap\r
372 ///\r
373 RpBase = SaveRestoreRootportConfSpace (\r
374 OpalDev,\r
375 TRUE,\r
376 StorePcieConfDataList\r
377 );\r
378 MemoryBase = mNvmeContext.Nbar;\r
379 MemoryLength = 0;\r
380 ConfigureRootPortForPcieNand (RpBase, OpalDev->BusNum, (UINT32) MemoryBase, (UINT32) MemoryLength);\r
381\r
382 ///\r
383 /// Enable PCIE decode for RootPort\r
384 ///\r
385 SataCmdSt = PciRead8 (RpBase + NVME_PCIE_PCICMD);\r
386 PciWrite8 (RpBase + NVME_PCIE_PCICMD, 0x6);\r
387 } else {\r
388 SataCmdSt = PciRead8 (PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, NVME_PCIE_PCICMD));\r
389 PciWrite8 (PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, NVME_PCIE_PCICMD), 0x6);\r
390 }\r
391\r
392 BaseClassCode = PciRead8 (PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, 0x0B));\r
393 SubClassCode = PciRead8 (PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, 0x0A));\r
394 ProgInt = PciRead8 (PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, 0x09));\r
395 if (BaseClassCode != PCI_CLASS_MASS_STORAGE) {\r
396 Status = EFI_INVALID_PARAMETER;\r
397 break;\r
398 }\r
399\r
400 Status = EFI_DEVICE_ERROR;\r
401 if (OpalDev->DeviceType == OPAL_DEVICE_TYPE_SATA) {\r
402 if ((SubClassCode == PCI_CLASS_MASS_STORAGE_AHCI) || (SubClassCode == PCI_CLASS_MASS_STORAGE_RAID)) {\r
403 Status = GetAhciBaseAddress (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum);\r
404 if (EFI_ERROR (Status)) {\r
405 DEBUG ((DEBUG_ERROR, "GetAhciBaseAddress error, Status: %r\n", Status));\r
406 goto done;\r
407 }\r
408 Status = AhciModeInitialize ((UINT8)OpalDev->SataPort);\r
409 ASSERT_EFI_ERROR (Status);\r
410 if (EFI_ERROR (Status)) {\r
411 DEBUG ((DEBUG_ERROR, "AhciModeInitialize error, Status: %r\n", Status));\r
412 goto done;\r
413 }\r
414 } else {\r
415 DEBUG ((DEBUG_ERROR, "SubClassCode not support for SATA device\n"));\r
416 }\r
417 } else if (OpalDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {\r
418 if (SubClassCode == PCI_CLASS_MASS_STORAGE_NVM) {\r
419 if (ProgInt != PCI_IF_NVMHCI) {\r
420 DEBUG ((DEBUG_ERROR, "PI not support, skipped\n"));\r
421 Status = EFI_NOT_FOUND;\r
422 goto done;\r
423 }\r
424\r
425 mNvmeContext.PciBase = PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, 0x0);\r
426 mNvmeContext.NvmeInitWaitTime = 0;\r
427 mNvmeContext.Nsid = OpalDev->NvmeNamespaceId;\r
428 Status = NvmeControllerInit (&mNvmeContext);\r
429 } else {\r
430 DEBUG ((DEBUG_ERROR, "SubClassCode not support for NVME device\n"));\r
431 }\r
432 } else {\r
433 DEBUG ((DEBUG_ERROR, "Invalid Devicetype\n"));\r
434 goto done;\r
435 }\r
436\r
437 Status = EFI_DEVICE_ERROR;\r
69cd1294
ED		 438 BlockSidSupport = FALSE;\r
439 if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) {\r
cb274a27
ED		 440 ZeroMem(&Session, sizeof(Session));\r
441 Session.Sscp = &OpalDev->Sscp;\r
442 Session.MediaId = 0;\r
443 Session.OpalBaseComId = OpalDev->OpalBaseComId;\r
444\r
69cd1294 445 if (mSendBlockSID && BlockSidSupport) {\r
cb274a27
ED		 446 Result = OpalBlockSid (&Session, TRUE);\r
447 if (Result != TcgResultSuccess) {\r
448 break;\r
449 }\r
450 }\r
451\r
452 Result = OpalSupportUnlock (&Session, OpalDev->Password, OpalDev->PasswordLength, NULL);\r
453 if (Result == TcgResultSuccess) {\r
454 Status = EFI_SUCCESS;\r
455 }\r
456 }\r
457\r
458 if (OpalDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {\r
459 if (SubClassCode == PCI_CLASS_MASS_STORAGE_NVM) {\r
460 Status = NvmeControllerExit (&mNvmeContext);\r
461 }\r
462 }\r
463\r
464done:\r
465 if (OpalDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {\r
466 ASSERT (RpBase != 0);\r
467 PciWrite8 (RpBase + NVME_PCIE_PCICMD, 0);\r
468 RpBase = SaveRestoreRootportConfSpace (\r
469 OpalDev,\r
470 FALSE, // restore\r
471 StorePcieConfDataList\r
472 );\r
473 PciWrite8 (RpBase + NVME_PCIE_PCICMD, SataCmdSt);\r
474 } else {\r
475 PciWrite8 (PCI_LIB_ADDRESS (OpalDev->BusNum, OpalDev->DevNum, OpalDev->FuncNum, NVME_PCIE_PCICMD), SataCmdSt);\r
476 }\r
477\r
478 if (EFI_ERROR (Status)) {\r
479 break;\r
480 }\r
481 }\r
482\r
483 return Status;\r
484}\r
485\r
486\r
487/**\r
488 Main entry point for an SMM handler dispatch or communicate-based callback.\r
489\r
490 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
491 @param[in] Context Points to an optional handler context which was specified when the\r
492 handler was registered.\r
493 @param[in,out] CommBuffer A pointer to a collection of Data in memory that will\r
494 be conveyed from a non-SMM environment into an SMM environment.\r
495 @param[in,out] CommBufferSize The Size of the CommBuffer.\r
496\r
497 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers\r
498 should still be called.\r
499 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should\r
500 still be called.\r
501 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still\r
502 be called.\r
503 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
504**/\r
505EFI_STATUS\r
506EFIAPI\r
507S3SleepEntryCallBack (\r
508 IN EFI_HANDLE DispatchHandle,\r
509 IN CONST VOID *Context OPTIONAL,\r
510 IN OUT VOID *CommBuffer OPTIONAL,\r
511 IN OUT UINTN *CommBufferSize OPTIONAL\r
512 )\r
513{\r
514 UINTN Bus;\r
515 UINTN Device;\r
516 UINTN Function;\r
517 UINTN Index;\r
518 EFI_STATUS Status;\r
519 LIST_ENTRY *Entry;\r
520 UINTN Offset;\r
521 UINT64 Address;\r
522 S3_BOOT_SCRIPT_LIB_WIDTH Width;\r
523 UINT32 Data;\r
524 OPAL_DISK_AND_PASSWORD_INFO *PciDev;\r
525 OPAL_HC_PCI_REGISTER_SAVE *HcRegisterSaveListPtr;\r
526 UINTN Count;\r
527 OPAL_SMM_DEVICE *SmmDev;\r
528\r
529 Data = 0;\r
530 Status = EFI_SUCCESS;\r
531\r
532 mOpalDeviceList = OpalSupportGetOpalDeviceList();\r
533\r
534 for (Entry = mOpalDeviceList->ForwardLink; Entry != mOpalDeviceList; Entry = Entry->ForwardLink) {\r
535 PciDev = BASE_CR (Entry, OPAL_DISK_AND_PASSWORD_INFO, Link);\r
536\r
537 SmmDev = AllocateZeroPool (sizeof (OPAL_SMM_DEVICE));\r
538 if (SmmDev == NULL) {\r
539 return EFI_OUT_OF_RESOURCES;\r
540 }\r
541 SmmDev->Signature = OPAL_SMM_DEVICE_SIGNATURE;\r
542\r
543 ExtractDeviceInfoFromDevicePath(&PciDev->OpalDevicePath, SmmDev);\r
544\r
545 SmmDev->PasswordLength = PciDev->PasswordLength;\r
546 CopyMem(&(SmmDev->Password), PciDev->Password, OPAL_PASSWORD_MAX_LENGTH);\r
547\r
548 SmmDev->Sscp.ReceiveData = SecurityReceiveData;\r
549 SmmDev->Sscp.SendData = SecuritySendData;\r
550\r
551 InsertHeadList (&mSmmDeviceList, &SmmDev->Link);\r
552\r
553 if (SmmDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {\r
554 continue;\r
555 }\r
556\r
557 //\r
558 // Save register Data for S3. Sata controller only.\r
559 //\r
560 Bus = SmmDev->BusNum;\r
561 Device = SmmDev->DevNum;\r
562 Function = SmmDev->FuncNum;\r
563\r
564 ASSERT (SmmDev->DeviceType == OPAL_DEVICE_TYPE_SATA);\r
565 HcRegisterSaveListPtr = (OPAL_HC_PCI_REGISTER_SAVE *) mSataHcRegisterSaveTemplate;\r
566 Count = sizeof (mSataHcRegisterSaveTemplate) / sizeof (OPAL_HC_PCI_REGISTER_SAVE);\r
567\r
568 for (Index = 0; Index < Count; Index += 1) {\r
569 Offset = HcRegisterSaveListPtr[Index].Address;\r
570 Width = HcRegisterSaveListPtr[Index].Width;\r
571\r
572 switch (Width) {\r
573 case S3BootScriptWidthUint8:\r
574 Data = (UINT32)PciRead8 (PCI_LIB_ADDRESS(Bus,Device,Function,Offset));\r
575 break;\r
576 case S3BootScriptWidthUint16:\r
577 Data = (UINT32)PciRead16 (PCI_LIB_ADDRESS(Bus,Device,Function,Offset));\r
578 break;\r
579 case S3BootScriptWidthUint32:\r
580 Data = PciRead32 (PCI_LIB_ADDRESS(Bus,Device,Function,Offset));\r
581 break;\r
582 default:\r
583 ASSERT (FALSE);\r
584 break;\r
585 }\r
586\r
587 Address = S3_BOOT_SCRIPT_LIB_PCI_ADDRESS (Bus, Device, Function, Offset);\r
588 Status = S3BootScriptSavePciCfgWrite (Width, Address, 1, &Data);\r
589 if (EFI_ERROR (Status)) {\r
590 return Status;\r
591 }\r
592 }\r
593 }\r
594\r
595 if (!IsListEmpty (mOpalDeviceList)) {\r
596 Status = S3BootScriptSaveIoWrite (S3BootScriptWidthUint8, 0xB2, 1, &mSwSmiValue);\r
597 ASSERT_EFI_ERROR (Status);\r
598 }\r
599\r
600 return Status;\r
601}\r
602\r
009264f5
ED		 603/**\r
604 OpalPassword Notification for SMM EndOfDxe protocol.\r
605\r
606 @param[in] Protocol Points to the protocol's unique identifier.\r
607 @param[in] Interface Points to the interface instance.\r
608 @param[in] Handle The handle on which the interface was installed.\r
609\r
610 @retval EFI_SUCCESS Notification runs successfully.\r
611**/\r
612EFI_STATUS\r
613EFIAPI\r
614OpalPasswordEndOfDxeNotification (\r
615 IN CONST EFI_GUID *Protocol,\r
616 IN VOID *Interface,\r
617 IN EFI_HANDLE Handle\r
618 )\r
619{\r
620 UINTN NumberOfDescriptors;\r
621 EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;\r
622 EFI_STATUS Status;\r
623\r
624 Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);\r
625 if (EFI_ERROR (Status)) {\r
626 return Status;\r
627 }\r
628\r
629 mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);\r
630 if (EFI_ERROR (Status)) {\r
631 gBS->FreePool (MemSpaceMap);\r
632 return Status;\r
633 }\r
634\r
635 mNumberOfDescriptors = NumberOfDescriptors;\r
636 gBS->FreePool (MemSpaceMap);\r
637\r
638 return EFI_SUCCESS;\r
639}\r
640\r
cb274a27
ED		 641/**\r
642 Main entry for this driver.\r
643\r
644 @param ImageHandle Image handle this driver.\r
645 @param SystemTable Pointer to SystemTable.\r
646\r
647 @retval EFI_SUCESS This function always complete successfully.\r
648\r
649**/\r
650EFI_STATUS\r
651EFIAPI\r
652OpalPasswordSmmInit (\r
653 IN EFI_HANDLE ImageHandle,\r
654 IN EFI_SYSTEM_TABLE *SystemTable\r
655 )\r
656{\r
657 EFI_STATUS Status;\r
658 EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch;\r
659 EFI_SMM_SX_DISPATCH2_PROTOCOL *SxDispatch;\r
660 EFI_HANDLE SwHandle;\r
661 EFI_SMM_SW_REGISTER_CONTEXT Context;\r
662 EFI_HANDLE S3SleepEntryHandle;\r
663 EFI_SMM_SX_REGISTER_CONTEXT EntryRegisterContext;\r
664 EFI_SMM_VARIABLE_PROTOCOL *SmmVariable;\r
665 OPAL_EXTRA_INFO_VAR OpalExtraInfo;\r
666 UINTN DataSize;\r
009264f5 667 EFI_EVENT EndOfDxeEvent;\r
cb274a27
ED		 668 EFI_PHYSICAL_ADDRESS Address;\r
669\r
670 mBuffer = NULL;\r
671 SwHandle = NULL;\r
672 S3SleepEntryHandle = NULL;\r
673 ZeroMem (&mNvmeContext, sizeof (NVME_CONTEXT));\r
674\r
675 Status = gSmst->SmmLocateProtocol (\r
676 &gEfiSmmSwDispatch2ProtocolGuid,\r
677 NULL,\r
678 (VOID **)&SwDispatch\r
679 );\r
680 ASSERT_EFI_ERROR (Status);\r
681 if (EFI_ERROR (Status)) {\r
682 DEBUG((DEBUG_ERROR, " SmmLocateProtocol gEfiSmmSwDispatch2ProtocolGuid fail, Status: %r\n", Status));\r
683 return Status;\r
684 }\r
685\r
686 Status = gSmst->SmmLocateProtocol (\r
687 &gEfiSmmSxDispatch2ProtocolGuid,\r
688 NULL,\r
689 (VOID **)&SxDispatch\r
690 );\r
691 ASSERT_EFI_ERROR (Status);\r
692 if (EFI_ERROR (Status)) {\r
693 DEBUG((DEBUG_ERROR, " SmmLocateProtocol gEfiSmmSxDispatch2ProtocolGuid fail, Status: %r\n", Status));\r
694 return Status;\r
695 }\r
696\r
697 //\r
698 // Preallocate a 512 bytes Buffer to perform trusted I/O.\r
699 // Assume this is big enough for unlock commands\r
700 // It's because DMA can not access smmram stack at the cmd execution.\r
701 //\r
702 Address = 0xFFFFFFFF;\r
703 Status = gBS->AllocatePages (\r
704 AllocateMaxAddress,\r
705 EfiACPIMemoryNVS,\r
706 EFI_SIZE_TO_PAGES (SMM_SIZE_ALLOC_BYTES),\r
707 &Address\r
708 );\r
709 if (EFI_ERROR (Status)) {\r
710 DEBUG((DEBUG_ERROR, " AllocatePages for SATA DAM fail, Status: %r\n", Status));\r
711 return EFI_OUT_OF_RESOURCES;\r
712 }\r
713\r
714 mBuffer = (VOID *)(UINTN)Address;\r
715 ZeroMem ((VOID *)(UINTN)mBuffer, SMM_SIZE_ALLOC_BYTES);\r
716\r
717 //\r
718 // Preallocate resource for AHCI transfer descriptor.\r
719 //\r
720 Status = AhciAllocateResource ();\r
721 if (EFI_ERROR (Status)) {\r
722 DEBUG((DEBUG_ERROR, " AhciAllocateResource fail, Status: %r\n", Status));\r
723 Status = EFI_OUT_OF_RESOURCES;\r
724 goto EXIT;\r
725 }\r
726\r
727 //\r
728 // Preallocate resource for NVMe configuration space.\r
729 //\r
730 Status = NvmeAllocateResource (ImageHandle, &mNvmeContext);\r
731 if (EFI_ERROR (Status)) {\r
732 DEBUG((DEBUG_ERROR, " NvmeAllocateResource fail, Status: %r\n", Status));\r
733 Status = EFI_OUT_OF_RESOURCES;\r
734 goto EXIT;\r
735 }\r
736\r
737 //\r
738 // Register a S3 entry callback function to store ATA host controller context to boot script.\r
739 // These boot scripts would be invoked at S3 path to recovery ATA host controller h/w context\r
740 // for executing HDD unlock cmd.\r
741 //\r
742 EntryRegisterContext.Type = SxS3;\r
743 EntryRegisterContext.Phase = SxEntry;\r
744 Status = SxDispatch->Register (\r
745 SxDispatch,\r
746 S3SleepEntryCallBack,\r
747 &EntryRegisterContext,\r
748 &S3SleepEntryHandle\r
749 );\r
750 ASSERT_EFI_ERROR (Status);\r
751 if (EFI_ERROR (Status)) {\r
752 goto EXIT;\r
753 }\r
754\r
755 //\r
756 // Register Opal password smm unlock handler\r
757 //\r
758 Context.SwSmiInputValue = (UINTN) -1;\r
759 Status = SwDispatch->Register (\r
760 SwDispatch,\r
761 SmmUnlockOpalPassword,\r
762 &Context,\r
763 &SwHandle\r
764 );\r
765 ASSERT_EFI_ERROR (Status);\r
766 if (EFI_ERROR (Status)) {\r
767 DEBUG((DEBUG_ERROR, " SwDispatch->Register fail, Status: %r\n", Status));\r
768 goto EXIT;\r
769 }\r
770\r
771 //\r
772 // trigger smi to unlock hdd if it's locked.\r
773 //\r
774 mSwSmiValue = (UINT8) Context.SwSmiInputValue;\r
775\r
009264f5
ED		 776 //\r
777 // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar\r
778 // is in MMIO space to avoid attack.\r
779 //\r
780 Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent);\r
781 if (EFI_ERROR (Status)) {\r
782 DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status));\r
783 goto EXIT;\r
784 }\r
cb274a27
ED		 785 Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);\r
786 if (!EFI_ERROR (Status)) {\r
787 DataSize = sizeof (OPAL_EXTRA_INFO_VAR);\r
788 Status = SmmVariable->SmmGetVariable (\r
789 OPAL_EXTRA_INFO_VAR_NAME,\r
790 &gOpalExtraInfoVariableGuid,\r
791 NULL,\r
792 &DataSize,\r
793 &OpalExtraInfo\r
794 );\r
795 if (!EFI_ERROR (Status)) {\r
796 mSendBlockSID = OpalExtraInfo.EnableBlockSid;\r
797 }\r
798 }\r
799\r
800 return EFI_SUCCESS;\r
801\r
802EXIT:\r
803 if (S3SleepEntryHandle != NULL) {\r
804 SxDispatch->UnRegister (SxDispatch, S3SleepEntryHandle);\r
805 }\r
806\r
807 AhciFreeResource ();\r
808\r
809 NvmeFreeResource (&mNvmeContext);\r
810\r
811 if (mBuffer != NULL) {\r
812 gBS->FreePages ((EFI_PHYSICAL_ADDRESS)(UINTN) mBuffer, EFI_SIZE_TO_PAGES (SMM_SIZE_ALLOC_BYTES));\r
813 }\r
814\r
815 return Status;\r
816}\r
817\r
818/**\r
819 Provide Io action support.\r
820\r
821 @param[in] SmmDev the opal device need to perform trust io.\r
822 @param[in] IoType OPAL_IO_TYPE indicating whether to perform a Trusted Send or Trusted Receive.\r
823 @param[in] SecurityProtocol Security Protocol\r
824 @param[in] SpSpecific Security Protocol Specific\r
825 @param[in] TransferLength Transfer Length of Buffer (in bytes) - always a multiple of 512\r
826 @param[in] Buffer Address of Data to transfer\r
827\r
828 @retval TcgResultSuccess Perform the io action success.\r
829 @retval TcgResultFailure Perform the io action failed.\r
830\r
831**/\r
832EFI_STATUS\r
833PerformTrustedIo (\r
834 OPAL_SMM_DEVICE *SmmDev,\r
835 OPAL_IO_TYPE IoType,\r
836 UINT8 SecurityProtocol,\r
837 UINT16 SpSpecific,\r
838 UINTN TransferLength,\r
839 VOID *Buffer\r
840 )\r
841{\r
842 EFI_STATUS Status;\r
843 UINTN BufferSizeBlocks;\r
844 EFI_ATA_COMMAND_BLOCK AtaCommandBlock;\r
845\r
846 Status = EFI_DEVICE_ERROR;\r
847 if (SmmDev->DeviceType == OPAL_DEVICE_TYPE_SATA) {\r
848 BufferSizeBlocks = TransferLength / 512;\r
849\r
850 ZeroMem( &AtaCommandBlock, sizeof( EFI_ATA_COMMAND_BLOCK ) );\r
851 AtaCommandBlock.AtaCommand = ( IoType == OpalSend ) ? ATA_COMMAND_TRUSTED_SEND : ATA_COMMAND_TRUSTED_RECEIVE;\r
852 AtaCommandBlock.AtaSectorCount = ( UINT8 )BufferSizeBlocks;\r
853 AtaCommandBlock.AtaSectorNumber = ( UINT8 )( BufferSizeBlocks >> 8 );\r
854 AtaCommandBlock.AtaFeatures = SecurityProtocol;\r
855 AtaCommandBlock.AtaCylinderLow = ( UINT8 )( SpSpecific >> 8 );\r
856 AtaCommandBlock.AtaCylinderHigh = ( UINT8 )( SpSpecific );\r
857 AtaCommandBlock.AtaDeviceHead = ATA_DEVICE_LBA;\r
858\r
859\r
860 ZeroMem( mBuffer, HDD_PAYLOAD );\r
861 ASSERT( TransferLength <= HDD_PAYLOAD );\r
862\r
863 if (IoType == OpalSend) {\r
864 CopyMem( mBuffer, Buffer, TransferLength );\r
865 }\r
866\r
867 Status = AhciPioTransfer(\r
868 &mAhciRegisters,\r
869 (UINT8) SmmDev->SataPort,\r
870 (UINT8) SmmDev->SataPortMultiplierPort,\r
871 NULL,\r
872 0,\r
873 ( IoType == OpalSend ) ? FALSE : TRUE, // i/o direction\r
874 &AtaCommandBlock,\r
875 NULL,\r
876 mBuffer,\r
877 (UINT32)TransferLength,\r
878 ATA_TIMEOUT\r
879 );\r
880\r
881 if (IoType == OpalRecv) {\r
882 CopyMem( Buffer, mBuffer, TransferLength );\r
883 }\r
884 } else if (SmmDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {\r
885 Status = NvmeSecuritySendReceive (\r
886 &mNvmeContext,\r
887 IoType == OpalSend,\r
888 SecurityProtocol,\r
889 SwapBytes16(SpSpecific),\r
890 TransferLength,\r
891 Buffer\r
892 );\r
893 } else {\r
894 DEBUG((DEBUG_ERROR, "DeviceType(%x) not support.\n", SmmDev->DeviceType));\r
895 }\r
896\r
897 return Status;\r
898}\r
899\r
900/**\r
901 Send a security protocol command to a device that receives data and/or the result\r
902 of one or more commands sent by SendData.\r
903\r
904 The ReceiveData function sends a security protocol command to the given MediaId.\r
905 The security protocol command sent is defined by SecurityProtocolId and contains\r
906 the security protocol specific data SecurityProtocolSpecificData. The function\r
907 returns the data from the security protocol command in PayloadBuffer.\r
908\r
909 For devices supporting the SCSI command set, the security protocol command is sent\r
910 using the SECURITY PROTOCOL IN command defined in SPC-4.\r
911\r
912 For devices supporting the ATA command set, the security protocol command is sent\r
913 using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize\r
914 is non-zero.\r
915\r
916 If the PayloadBufferSize is zero, the security protocol command is sent using the\r
917 Trusted Non-Data command defined in ATA8-ACS.\r
918\r
919 If PayloadBufferSize is too small to store the available data from the security\r
920 protocol command, the function shall copy PayloadBufferSize bytes into the\r
921 PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.\r
922\r
923 If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero,\r
924 the function shall return EFI_INVALID_PARAMETER.\r
925\r
926 If the given MediaId does not support security protocol commands, the function shall\r
927 return EFI_UNSUPPORTED. If there is no media in the device, the function returns\r
928 EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device,\r
929 the function returns EFI_MEDIA_CHANGED.\r
930\r
931 If the security protocol fails to complete within the Timeout period, the function\r
932 shall return EFI_TIMEOUT.\r
933\r
934 If the security protocol command completes without an error, the function shall\r
935 return EFI_SUCCESS. If the security protocol command completes with an error, the\r
936 function shall return EFI_DEVICE_ERROR.\r
937\r
938 @param This Indicates a pointer to the calling context.\r
939 @param MediaId ID of the medium to receive data from.\r
940 @param Timeout The timeout, in 100ns units, to use for the execution\r
941 of the security protocol command. A Timeout value of 0\r
942 means that this function will wait indefinitely for the\r
943 security protocol command to execute. If Timeout is greater\r
944 than zero, then this function will return EFI_TIMEOUT\r
945 if the time required to execute the receive data command\r
946 is greater than Timeout.\r
947 @param SecurityProtocolId The value of the "Security Protocol" parameter of\r
948 the security protocol command to be sent.\r
949 @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter\r
950 of the security protocol command to be sent.\r
951 @param PayloadBufferSize Size in bytes of the payload data buffer.\r
952 @param PayloadBuffer A pointer to a destination buffer to store the security\r
953 protocol command specific payload data for the security\r
954 protocol command. The caller is responsible for having\r
955 either implicit or explicit ownership of the buffer.\r
956 @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the\r
957 data written to the payload data buffer.\r
958\r
959 @retval EFI_SUCCESS The security protocol command completed successfully.\r
960 @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available\r
961 data from the device. The PayloadBuffer contains the truncated data.\r
962 @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.\r
963 @retval EFI_DEVICE_ERROR The security protocol command completed with an error.\r
964 @retval EFI_NO_MEDIA There is no media in the device.\r
965 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
966 @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and\r
967 PayloadBufferSize is non-zero.\r
968 @retval EFI_TIMEOUT A timeout occurred while waiting for the security\r
969 protocol command to execute.\r
970\r
971**/\r
972EFI_STATUS\r
973EFIAPI\r
974SecurityReceiveData (\r
975 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,\r
976 IN UINT32 MediaId,\r
977 IN UINT64 Timeout,\r
978 IN UINT8 SecurityProtocolId,\r
979 IN UINT16 SecurityProtocolSpecificData,\r
980 IN UINTN PayloadBufferSize,\r
981 OUT VOID *PayloadBuffer,\r
982 OUT UINTN *PayloadTransferSize\r
983 )\r
984{\r
985 OPAL_SMM_DEVICE *SmmDev;\r
986\r
987 SmmDev = OPAL_SMM_DEVICE_FROM_THIS (This);\r
988 if (SmmDev == NULL) {\r
989 return EFI_DEVICE_ERROR;\r
990 }\r
991\r
992 return PerformTrustedIo (\r
993 SmmDev,\r
994 OpalRecv,\r
995 SecurityProtocolId,\r
996 SecurityProtocolSpecificData,\r
997 PayloadBufferSize,\r
998 PayloadBuffer\r
999 );\r
1000}\r
1001\r
1002/**\r
1003 Send a security protocol command to a device.\r
1004\r
1005 The SendData function sends a security protocol command containing the payload\r
1006 PayloadBuffer to the given MediaId. The security protocol command sent is\r
1007 defined by SecurityProtocolId and contains the security protocol specific data\r
1008 SecurityProtocolSpecificData. If the underlying protocol command requires a\r
1009 specific padding for the command payload, the SendData function shall add padding\r
1010 bytes to the command payload to satisfy the padding requirements.\r
1011\r
1012 For devices supporting the SCSI command set, the security protocol command is sent\r
1013 using the SECURITY PROTOCOL OUT command defined in SPC-4.\r
1014\r
1015 For devices supporting the ATA command set, the security protocol command is sent\r
1016 using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize\r
1017 is non-zero. If the PayloadBufferSize is zero, the security protocol command is\r
1018 sent using the Trusted Non-Data command defined in ATA8-ACS.\r
1019\r
1020 If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall\r
1021 return EFI_INVALID_PARAMETER.\r
1022\r
1023 If the given MediaId does not support security protocol commands, the function\r
1024 shall return EFI_UNSUPPORTED. If there is no media in the device, the function\r
1025 returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the\r
1026 device, the function returns EFI_MEDIA_CHANGED.\r
1027\r
1028 If the security protocol fails to complete within the Timeout period, the function\r
1029 shall return EFI_TIMEOUT.\r
1030\r
1031 If the security protocol command completes without an error, the function shall return\r
1032 EFI_SUCCESS. If the security protocol command completes with an error, the function\r
1033 shall return EFI_DEVICE_ERROR.\r
1034\r
1035 @param This Indicates a pointer to the calling context.\r
1036 @param MediaId ID of the medium to receive data from.\r
1037 @param Timeout The timeout, in 100ns units, to use for the execution\r
1038 of the security protocol command. A Timeout value of 0\r
1039 means that this function will wait indefinitely for the\r
1040 security protocol command to execute. If Timeout is greater\r
1041 than zero, then this function will return EFI_TIMEOUT\r
1042 if the time required to execute the send data command\r
1043 is greater than Timeout.\r
1044 @param SecurityProtocolId The value of the "Security Protocol" parameter of\r
1045 the security protocol command to be sent.\r
1046 @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter\r
1047 of the security protocol command to be sent.\r
1048 @param PayloadBufferSize Size in bytes of the payload data buffer.\r
1049 @param PayloadBuffer A pointer to a destination buffer to store the security\r
1050 protocol command specific payload data for the security\r
1051 protocol command.\r
1052\r
1053 @retval EFI_SUCCESS The security protocol command completed successfully.\r
1054 @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.\r
1055 @retval EFI_DEVICE_ERROR The security protocol command completed with an error.\r
1056 @retval EFI_NO_MEDIA There is no media in the device.\r
1057 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
1058 @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero.\r
1059 @retval EFI_TIMEOUT A timeout occurred while waiting for the security\r
1060 protocol command to execute.\r
1061\r
1062**/\r
1063EFI_STATUS\r
1064EFIAPI\r
1065SecuritySendData (\r
1066 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,\r
1067 IN UINT32 MediaId,\r
1068 IN UINT64 Timeout,\r
1069 IN UINT8 SecurityProtocolId,\r
1070 IN UINT16 SecurityProtocolSpecificData,\r
1071 IN UINTN PayloadBufferSize,\r
1072 IN VOID *PayloadBuffer\r
1073 )\r
1074{\r
1075 OPAL_SMM_DEVICE *SmmDev;\r
1076\r
1077 SmmDev = OPAL_SMM_DEVICE_FROM_THIS (This);\r
1078 if (SmmDev == NULL) {\r
1079 return EFI_DEVICE_ERROR;\r
1080 }\r
1081\r
1082 return PerformTrustedIo (\r
1083 SmmDev,\r
1084 OpalSend,\r
1085 SecurityProtocolId,\r
1086 SecurityProtocolSpecificData,\r
1087 PayloadBufferSize,\r
1088 PayloadBuffer\r
1089 );\r
1090\r
1091}\r
1092\r
EFI Development Kit II mirror for PVE