]>
Commit | Line | Data |
---|---|---|
1 | /** @file\r | |
2 | Public API for Opal Core library.\r | |
3 | \r | |
4 | Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r | |
5 | This program and the accompanying materials\r | |
6 | are licensed and made available under the terms and conditions of the BSD License\r | |
7 | which accompanies this distribution. The full text of the license may be found at\r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | #include <Uefi.h>\r | |
15 | #include <Library/BaseLib.h>\r | |
16 | #include <Library/DebugLib.h>\r | |
17 | #include <Library/TcgStorageOpalLib.h>\r | |
18 | #include "TcgStorageOpalLibInternal.h"\r | |
19 | \r | |
20 | #define OPAL_MSID_LENGHT 128\r | |
21 | \r | |
22 | /**\r | |
23 | Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.\r | |
24 | \r | |
25 | @param[in] Session, The session info for one opal device.\r | |
26 | @param[in] Psid PSID of device to revert.\r | |
27 | @param[in] PsidLength Length of PSID in bytes.\r | |
28 | \r | |
29 | **/\r | |
30 | TCG_RESULT\r | |
31 | EFIAPI\r | |
32 | OpalUtilPsidRevert(\r | |
33 | OPAL_SESSION *Session,\r | |
34 | const VOID *Psid,\r | |
35 | UINT32 PsidLength\r | |
36 | )\r | |
37 | {\r | |
38 | UINT8 MethodStatus;\r | |
39 | TCG_RESULT Ret;\r | |
40 | UINT32 RemovalTimeOut;\r | |
41 | \r | |
42 | NULL_CHECK(Session);\r | |
43 | NULL_CHECK(Psid);\r | |
44 | \r | |
45 | RemovalTimeOut = GetRevertTimeOut (Session);\r | |
46 | DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut));\r | |
47 | \r | |
48 | Ret = OpalStartSession(\r | |
49 | Session,\r | |
50 | OPAL_UID_ADMIN_SP,\r | |
51 | TRUE,\r | |
52 | PsidLength,\r | |
53 | Psid,\r | |
54 | OPAL_ADMIN_SP_PSID_AUTHORITY,\r | |
55 | &MethodStatus);\r | |
56 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
57 | Ret = OpalPyrite2PsidRevert(Session, RemovalTimeOut);\r | |
58 | if (Ret != TcgResultSuccess) {\r | |
59 | //\r | |
60 | // If revert was successful, session was already ended by TPer, so only end session on failure\r | |
61 | //\r | |
62 | OpalEndSession(Session);\r | |
63 | }\r | |
64 | }\r | |
65 | \r | |
66 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
67 | Ret = TcgResultFailure;\r | |
68 | }\r | |
69 | \r | |
70 | return Ret;\r | |
71 | }\r | |
72 | \r | |
73 | /**\r | |
74 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
75 | sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,\r | |
76 | and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN\r | |
77 | \r | |
78 | @param[in] Session, The session info for one opal device.\r | |
79 | @param[in] GeneratedSid Generated SID of disk\r | |
80 | @param[in] SidLength Length of generatedSid in bytes\r | |
81 | @param[in] Password New admin password to set\r | |
82 | @param[in] PassLength Length of password in bytes\r | |
83 | \r | |
84 | **/\r | |
85 | TCG_RESULT\r | |
86 | EFIAPI\r | |
87 | OpalUtilSetAdminPasswordAsSid(\r | |
88 | OPAL_SESSION *Session,\r | |
89 | const VOID *GeneratedSid,\r | |
90 | UINT32 SidLength,\r | |
91 | const VOID *Password,\r | |
92 | UINT32 PassLength\r | |
93 | )\r | |
94 | {\r | |
95 | UINT8 MethodStatus;\r | |
96 | TCG_RESULT Ret;\r | |
97 | \r | |
98 | NULL_CHECK(Session);\r | |
99 | NULL_CHECK(GeneratedSid);\r | |
100 | NULL_CHECK(Password);\r | |
101 | \r | |
102 | Ret = OpalStartSession(\r | |
103 | Session,\r | |
104 | OPAL_UID_ADMIN_SP,\r | |
105 | TRUE,\r | |
106 | SidLength,\r | |
107 | GeneratedSid,\r | |
108 | OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
109 | &MethodStatus\r | |
110 | );\r | |
111 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
112 | DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));\r | |
113 | goto done;\r | |
114 | }\r | |
115 | \r | |
116 | //\r | |
117 | // 1. Update SID = new Password\r | |
118 | //\r | |
119 | Ret = OpalSetPassword(\r | |
120 | Session,\r | |
121 | OPAL_UID_ADMIN_SP_C_PIN_SID,\r | |
122 | Password,\r | |
123 | PassLength,\r | |
124 | &MethodStatus\r | |
125 | );\r | |
126 | \r | |
127 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
128 | OpalEndSession(Session);\r | |
129 | DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));\r | |
130 | goto done;\r | |
131 | }\r | |
132 | \r | |
133 | //\r | |
134 | // 2. Activate locking SP\r | |
135 | //\r | |
136 | Ret = OpalActivateLockingSp(Session, &MethodStatus);\r | |
137 | OpalEndSession(Session);\r | |
138 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
139 | DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));\r | |
140 | goto done;\r | |
141 | }\r | |
142 | \r | |
143 | done:\r | |
144 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
145 | Ret = TcgResultFailure;\r | |
146 | }\r | |
147 | return Ret;\r | |
148 | }\r | |
149 | \r | |
150 | /**\r | |
151 | \r | |
152 | Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
153 | and updates the specified locking range with the provided column values\r | |
154 | \r | |
155 | @param[in] Session, The session info for one opal device.\r | |
156 | @param[in] Password New admin password to set\r | |
157 | @param[in] PassLength Length of password in bytes\r | |
158 | @param[in] LockingRangeUid Locking range UID to set values\r | |
159 | @param[in] RangeStart Value to set RangeStart column for Locking Range\r | |
160 | @param[in] RangeLength Value to set RangeLength column for Locking Range\r | |
161 | @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range\r | |
162 | @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range\r | |
163 | @param[in] ReadLocked Value to set ReadLocked column for Locking Range\r | |
164 | @param[in] WriteLocked Value to set WriteLocked column for Locking Range\r | |
165 | \r | |
166 | **/\r | |
167 | TCG_RESULT\r | |
168 | EFIAPI\r | |
169 | OpalUtilSetOpalLockingRange(\r | |
170 | OPAL_SESSION *Session,\r | |
171 | const VOID *Password,\r | |
172 | UINT32 PassLength,\r | |
173 | TCG_UID LockingRangeUid,\r | |
174 | UINT64 RangeStart,\r | |
175 | UINT64 RangeLength,\r | |
176 | BOOLEAN ReadLockEnabled,\r | |
177 | BOOLEAN WriteLockEnabled,\r | |
178 | BOOLEAN ReadLocked,\r | |
179 | BOOLEAN WriteLocked\r | |
180 | )\r | |
181 | {\r | |
182 | UINT8 MethodStatus;\r | |
183 | TCG_RESULT Ret;\r | |
184 | \r | |
185 | NULL_CHECK(Session);\r | |
186 | NULL_CHECK(Password);\r | |
187 | \r | |
188 | //\r | |
189 | // Start session with Locking SP using current admin Password\r | |
190 | //\r | |
191 | Ret = OpalStartSession(\r | |
192 | Session,\r | |
193 | OPAL_UID_LOCKING_SP,\r | |
194 | TRUE,\r | |
195 | PassLength,\r | |
196 | Password,\r | |
197 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
198 | &MethodStatus);\r | |
199 | if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {\r | |
200 | DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));\r | |
201 | goto done;\r | |
202 | }\r | |
203 | \r | |
204 | //\r | |
205 | // Enable locking range\r | |
206 | //\r | |
207 | Ret = OpalSetLockingRange(\r | |
208 | Session,\r | |
209 | LockingRangeUid,\r | |
210 | RangeStart,\r | |
211 | RangeLength,\r | |
212 | ReadLockEnabled,\r | |
213 | WriteLockEnabled,\r | |
214 | ReadLocked,\r | |
215 | WriteLocked,\r | |
216 | &MethodStatus);\r | |
217 | \r | |
218 | OpalEndSession(Session);\r | |
219 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
220 | DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus));\r | |
221 | }\r | |
222 | \r | |
223 | done:\r | |
224 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
225 | Ret = TcgResultFailure;\r | |
226 | }\r | |
227 | return Ret;\r | |
228 | }\r | |
229 | \r | |
230 | /**\r | |
231 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
232 | sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,\r | |
233 | and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.\r | |
234 | \r | |
235 | @param[in] Session, The session info for one opal device.\r | |
236 | @param[in] OldPassword Current admin password\r | |
237 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
238 | @param[in] NewPassword New admin password to set\r | |
239 | @param[in] NewPasswordLength Length of new password in bytes\r | |
240 | \r | |
241 | **/\r | |
242 | TCG_RESULT\r | |
243 | EFIAPI\r | |
244 | OpalUtilSetAdminPassword(\r | |
245 | OPAL_SESSION *Session,\r | |
246 | const VOID *OldPassword,\r | |
247 | UINT32 OldPasswordLength,\r | |
248 | const VOID *NewPassword,\r | |
249 | UINT32 NewPasswordLength\r | |
250 | )\r | |
251 | {\r | |
252 | TCG_RESULT Ret;\r | |
253 | UINT8 MethodStatus;\r | |
254 | \r | |
255 | NULL_CHECK(Session);\r | |
256 | NULL_CHECK(OldPassword);\r | |
257 | NULL_CHECK(NewPassword);\r | |
258 | \r | |
259 | //\r | |
260 | // Unknown ownership\r | |
261 | //\r | |
262 | Ret = OpalStartSession(\r | |
263 | Session,\r | |
264 | OPAL_UID_ADMIN_SP,\r | |
265 | TRUE,\r | |
266 | OldPasswordLength,\r | |
267 | OldPassword,\r | |
268 | OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
269 | &MethodStatus\r | |
270 | );\r | |
271 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
272 | DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n"));\r | |
273 | goto done;\r | |
274 | }\r | |
275 | \r | |
276 | //\r | |
277 | // Update SID = new pw\r | |
278 | //\r | |
279 | Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);\r | |
280 | OpalEndSession(Session);\r | |
281 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
282 | DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n"));\r | |
283 | goto done;\r | |
284 | }\r | |
285 | \r | |
286 | Ret = OpalStartSession(\r | |
287 | Session,\r | |
288 | OPAL_UID_LOCKING_SP,\r | |
289 | TRUE,\r | |
290 | OldPasswordLength,\r | |
291 | OldPassword,\r | |
292 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
293 | &MethodStatus\r | |
294 | );\r | |
295 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
296 | DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n"));\r | |
297 | goto done;\r | |
298 | }\r | |
299 | \r | |
300 | //\r | |
301 | // Update admin locking SP to new pw\r | |
302 | //\r | |
303 | Ret = OpalSetPassword(Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);\r | |
304 | OpalEndSession(Session);\r | |
305 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
306 | DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n"));\r | |
307 | goto done;\r | |
308 | }\r | |
309 | \r | |
310 | done:\r | |
311 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
312 | Ret = TcgResultFailure;\r | |
313 | }\r | |
314 | return Ret;\r | |
315 | }\r | |
316 | \r | |
317 | /**\r | |
318 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
319 | and sets the User1 SP authority to enabled and sets the User1 password.\r | |
320 | \r | |
321 | @param[in] Session, The session info for one opal device.\r | |
322 | @param[in] OldPassword Current admin password\r | |
323 | @param[in] OldPasswordLength Length of current admin password in bytes\r | |
324 | @param[in] NewPassword New admin password to set\r | |
325 | @param[in] NewPasswordLength Length of new password in bytes\r | |
326 | \r | |
327 | **/\r | |
328 | TCG_RESULT\r | |
329 | EFIAPI\r | |
330 | OpalUtilSetUserPassword(\r | |
331 | OPAL_SESSION *Session,\r | |
332 | const VOID *OldPassword,\r | |
333 | UINT32 OldPasswordLength,\r | |
334 | const VOID *NewPassword,\r | |
335 | UINT32 NewPasswordLength\r | |
336 | )\r | |
337 | {\r | |
338 | UINT8 MethodStatus;\r | |
339 | TCG_RESULT Ret;\r | |
340 | \r | |
341 | NULL_CHECK(Session);\r | |
342 | NULL_CHECK(OldPassword);\r | |
343 | NULL_CHECK(NewPassword);\r | |
344 | \r | |
345 | //\r | |
346 | // See if updating user1 authority\r | |
347 | //\r | |
348 | Ret = OpalStartSession(\r | |
349 | Session,\r | |
350 | OPAL_UID_LOCKING_SP,\r | |
351 | TRUE,\r | |
352 | OldPasswordLength,\r | |
353 | OldPassword,\r | |
354 | OPAL_LOCKING_SP_USER1_AUTHORITY,\r | |
355 | &MethodStatus\r | |
356 | );\r | |
357 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
358 | Ret = OpalSetPassword(\r | |
359 | Session,\r | |
360 | OPAL_LOCKING_SP_C_PIN_USER1,\r | |
361 | NewPassword,\r | |
362 | NewPasswordLength,\r | |
363 | &MethodStatus\r | |
364 | );\r | |
365 | OpalEndSession(Session);\r | |
366 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
367 | return Ret;\r | |
368 | }\r | |
369 | }\r | |
370 | \r | |
371 | //\r | |
372 | // Setting Password for first time or setting Password as admin\r | |
373 | //\r | |
374 | \r | |
375 | //\r | |
376 | // Start session with Locking SP using current admin Password\r | |
377 | //\r | |
378 | Ret = OpalStartSession(\r | |
379 | Session,\r | |
380 | OPAL_UID_LOCKING_SP,\r | |
381 | TRUE,\r | |
382 | OldPasswordLength,\r | |
383 | OldPassword,\r | |
384 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
385 | &MethodStatus\r | |
386 | );\r | |
387 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
388 | DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n"));\r | |
389 | goto done;\r | |
390 | }\r | |
391 | \r | |
392 | //\r | |
393 | // Enable User1 and set its PIN\r | |
394 | //\r | |
395 | Ret = OpalSetLockingSpAuthorityEnabledAndPin(\r | |
396 | Session,\r | |
397 | OPAL_LOCKING_SP_C_PIN_USER1,\r | |
398 | OPAL_LOCKING_SP_USER1_AUTHORITY,\r | |
399 | NewPassword,\r | |
400 | NewPasswordLength,\r | |
401 | &MethodStatus\r | |
402 | );\r | |
403 | OpalEndSession(Session);\r | |
404 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
405 | DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));\r | |
406 | goto done;\r | |
407 | }\r | |
408 | \r | |
409 | done:\r | |
410 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
411 | Ret = TcgResultFailure;\r | |
412 | }\r | |
413 | return Ret;\r | |
414 | }\r | |
415 | \r | |
416 | /**\r | |
417 | Verify whether user input the correct password.\r | |
418 | \r | |
419 | @param[in] Session, The session info for one opal device.\r | |
420 | @param[in] Password Admin password\r | |
421 | @param[in] PasswordLength Length of password in bytes\r | |
422 | @param[in/out] HostSigningAuthority Use the Host signing authority type.\r | |
423 | \r | |
424 | **/\r | |
425 | TCG_RESULT\r | |
426 | EFIAPI\r | |
427 | OpalUtilVerifyPassword (\r | |
428 | OPAL_SESSION *Session,\r | |
429 | const VOID *Password,\r | |
430 | UINT32 PasswordLength,\r | |
431 | TCG_UID HostSigningAuthority\r | |
432 | )\r | |
433 | {\r | |
434 | TCG_RESULT Ret;\r | |
435 | UINT8 MethodStatus;\r | |
436 | \r | |
437 | NULL_CHECK(Session);\r | |
438 | NULL_CHECK(Password);\r | |
439 | \r | |
440 | Ret = OpalStartSession(\r | |
441 | Session,\r | |
442 | OPAL_UID_LOCKING_SP,\r | |
443 | TRUE,\r | |
444 | PasswordLength,\r | |
445 | Password,\r | |
446 | HostSigningAuthority,\r | |
447 | &MethodStatus);\r | |
448 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
449 | OpalEndSession(Session);\r | |
450 | return TcgResultSuccess;\r | |
451 | }\r | |
452 | \r | |
453 | return TcgResultFailure;\r | |
454 | }\r | |
455 | \r | |
456 | /**\r | |
457 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY\r | |
458 | and generates a new global locking range key to erase the Data.\r | |
459 | \r | |
460 | @param[in] Session, The session info for one opal device.\r | |
461 | @param[in] Password Admin or user password\r | |
462 | @param[in] PasswordLength Length of password in bytes\r | |
463 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
464 | \r | |
465 | **/\r | |
466 | TCG_RESULT\r | |
467 | EFIAPI\r | |
468 | OpalUtilSecureErase(\r | |
469 | OPAL_SESSION *Session,\r | |
470 | const VOID *Password,\r | |
471 | UINT32 PasswordLength,\r | |
472 | BOOLEAN *PasswordFailed\r | |
473 | )\r | |
474 | {\r | |
475 | UINT8 MethodStatus;\r | |
476 | TCG_RESULT Ret;\r | |
477 | \r | |
478 | NULL_CHECK(Session);\r | |
479 | NULL_CHECK(Password);\r | |
480 | NULL_CHECK(PasswordFailed);\r | |
481 | \r | |
482 | //\r | |
483 | // Try to generate a new key with admin1\r | |
484 | //\r | |
485 | Ret = OpalStartSession(\r | |
486 | Session,\r | |
487 | OPAL_UID_LOCKING_SP,\r | |
488 | TRUE,\r | |
489 | PasswordLength,\r | |
490 | Password,\r | |
491 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
492 | &MethodStatus\r | |
493 | );\r | |
494 | \r | |
495 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
496 | Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus);\r | |
497 | *PasswordFailed = FALSE;\r | |
498 | OpalEndSession(Session);\r | |
499 | } else {\r | |
500 | //\r | |
501 | // Try to generate a new key with user1\r | |
502 | //\r | |
503 | Ret = OpalStartSession(\r | |
504 | Session,\r | |
505 | OPAL_UID_LOCKING_SP,\r | |
506 | TRUE,\r | |
507 | PasswordLength,\r | |
508 | Password,\r | |
509 | OPAL_LOCKING_SP_USER1_AUTHORITY,\r | |
510 | &MethodStatus\r | |
511 | );\r | |
512 | \r | |
513 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
514 | Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus);\r | |
515 | *PasswordFailed = FALSE;\r | |
516 | OpalEndSession(Session);\r | |
517 | } else {\r | |
518 | *PasswordFailed = TRUE;\r | |
519 | }\r | |
520 | }\r | |
521 | \r | |
522 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
523 | Ret = TcgResultFailure;\r | |
524 | }\r | |
525 | return Ret;\r | |
526 | }\r | |
527 | \r | |
528 | /**\r | |
529 | Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.\r | |
530 | \r | |
531 | @param[in] Session, The session info for one opal device.\r | |
532 | @param[in] Password Admin password\r | |
533 | @param[in] PasswordLength Length of password in bytes\r | |
534 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
535 | \r | |
536 | **/\r | |
537 | TCG_RESULT\r | |
538 | EFIAPI\r | |
539 | OpalUtilDisableUser(\r | |
540 | OPAL_SESSION *Session,\r | |
541 | const VOID *Password,\r | |
542 | UINT32 PasswordLength,\r | |
543 | BOOLEAN *PasswordFailed\r | |
544 | )\r | |
545 | {\r | |
546 | UINT8 MethodStatus;\r | |
547 | TCG_RESULT Ret;\r | |
548 | \r | |
549 | NULL_CHECK(Session);\r | |
550 | NULL_CHECK(Password);\r | |
551 | NULL_CHECK(PasswordFailed);\r | |
552 | \r | |
553 | //\r | |
554 | // Start session with Locking SP using current admin Password\r | |
555 | //\r | |
556 | Ret = OpalStartSession(\r | |
557 | Session,\r | |
558 | OPAL_UID_LOCKING_SP,\r | |
559 | TRUE,\r | |
560 | PasswordLength,\r | |
561 | Password,\r | |
562 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
563 | &MethodStatus\r | |
564 | );\r | |
565 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
566 | DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n"));\r | |
567 | *PasswordFailed = TRUE;\r | |
568 | goto done;\r | |
569 | }\r | |
570 | \r | |
571 | *PasswordFailed = FALSE;\r | |
572 | Ret = OpalDisableUser(Session, &MethodStatus);\r | |
573 | OpalEndSession(Session);\r | |
574 | \r | |
575 | done:\r | |
576 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
577 | Ret = TcgResultFailure;\r | |
578 | }\r | |
579 | return Ret;\r | |
580 | }\r | |
581 | \r | |
582 | /**\r | |
583 | Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.\r | |
584 | \r | |
585 | @param[in] Session, The session info for one opal device.\r | |
586 | @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it\r | |
587 | @param[in] Password Admin password\r | |
588 | @param[in] PasswordLength Length of password in bytes\r | |
589 | @param[in/out] PasswordFailed indicates if password failed (start session didn't work)\r | |
590 | @param[in] Msid Msid info.\r | |
591 | @param[in] MsidLength Msid data length.\r | |
592 | \r | |
593 | **/\r | |
594 | TCG_RESULT\r | |
595 | EFIAPI\r | |
596 | OpalUtilRevert(\r | |
597 | OPAL_SESSION *Session,\r | |
598 | BOOLEAN KeepUserData,\r | |
599 | const VOID *Password,\r | |
600 | UINT32 PasswordLength,\r | |
601 | BOOLEAN *PasswordFailed,\r | |
602 | UINT8 *Msid,\r | |
603 | UINT32 MsidLength\r | |
604 | )\r | |
605 | {\r | |
606 | UINT8 MethodStatus;\r | |
607 | TCG_RESULT Ret;\r | |
608 | UINT32 RemovalTimeOut;\r | |
609 | \r | |
610 | NULL_CHECK(Session);\r | |
611 | NULL_CHECK(Msid);\r | |
612 | NULL_CHECK(Password);\r | |
613 | NULL_CHECK(PasswordFailed);\r | |
614 | \r | |
615 | RemovalTimeOut = GetRevertTimeOut (Session);\r | |
616 | DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut));\r | |
617 | \r | |
618 | Ret = OpalStartSession(\r | |
619 | Session,\r | |
620 | OPAL_UID_LOCKING_SP,\r | |
621 | TRUE,\r | |
622 | PasswordLength,\r | |
623 | Password,\r | |
624 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
625 | &MethodStatus\r | |
626 | );\r | |
627 | \r | |
628 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
629 | DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus));\r | |
630 | *PasswordFailed = TRUE;\r | |
631 | goto done;\r | |
632 | }\r | |
633 | \r | |
634 | *PasswordFailed = FALSE;\r | |
635 | //\r | |
636 | // Try to revert with admin1\r | |
637 | //\r | |
638 | Ret = OpalPyrite2AdminRevert(Session, KeepUserData, &MethodStatus, RemovalTimeOut);\r | |
639 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
640 | //\r | |
641 | // Device ends the session on successful revert, so only call OpalEndSession when fail.\r | |
642 | //\r | |
643 | DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n"));\r | |
644 | OpalEndSession(Session);\r | |
645 | }\r | |
646 | \r | |
647 | Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength);\r | |
648 | \r | |
649 | done:\r | |
650 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
651 | Ret = TcgResultFailure;\r | |
652 | }\r | |
653 | return Ret;\r | |
654 | }\r | |
655 | \r | |
656 | /**\r | |
657 | After revert success, set SID to MSID.\r | |
658 | \r | |
659 | @param Session, The session info for one opal device.\r | |
660 | @param Password, Input password info.\r | |
661 | @param PasswordLength, Input password length.\r | |
662 | @param Msid Msid info.\r | |
663 | @param MsidLength Msid data length.\r | |
664 | \r | |
665 | **/\r | |
666 | TCG_RESULT\r | |
667 | EFIAPI\r | |
668 | OpalUtilSetSIDtoMSID (\r | |
669 | OPAL_SESSION *Session,\r | |
670 | const VOID *Password,\r | |
671 | UINT32 PasswordLength,\r | |
672 | UINT8 *Msid,\r | |
673 | UINT32 MsidLength\r | |
674 | )\r | |
675 | {\r | |
676 | TCG_RESULT Ret;\r | |
677 | UINT8 MethodStatus;\r | |
678 | \r | |
679 | NULL_CHECK(Session);\r | |
680 | NULL_CHECK(Msid);\r | |
681 | NULL_CHECK(Password);\r | |
682 | \r | |
683 | //\r | |
684 | // Start session with admin sp to update SID to MSID\r | |
685 | //\r | |
686 | Ret = OpalStartSession(\r | |
687 | Session,\r | |
688 | OPAL_UID_ADMIN_SP,\r | |
689 | TRUE,\r | |
690 | PasswordLength,\r | |
691 | Password,\r | |
692 | OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
693 | &MethodStatus\r | |
694 | );\r | |
695 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
696 | goto done;\r | |
697 | }\r | |
698 | \r | |
699 | //\r | |
700 | // Update SID pin\r | |
701 | //\r | |
702 | Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus);\r | |
703 | OpalEndSession(Session);\r | |
704 | \r | |
705 | done:\r | |
706 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
707 | Ret = TcgResultFailure;\r | |
708 | }\r | |
709 | \r | |
710 | return Ret;\r | |
711 | }\r | |
712 | \r | |
713 | /**\r | |
714 | Update global locking range.\r | |
715 | \r | |
716 | @param Session, The session info for one opal device.\r | |
717 | @param Password, Input password info.\r | |
718 | @param PasswordLength, Input password length.\r | |
719 | @param ReadLocked, Read lock info.\r | |
720 | @param WriteLocked write lock info.\r | |
721 | \r | |
722 | **/\r | |
723 | TCG_RESULT\r | |
724 | EFIAPI\r | |
725 | OpalUtilUpdateGlobalLockingRange(\r | |
726 | OPAL_SESSION *Session,\r | |
727 | const VOID *Password,\r | |
728 | UINT32 PasswordLength,\r | |
729 | BOOLEAN ReadLocked,\r | |
730 | BOOLEAN WriteLocked\r | |
731 | )\r | |
732 | {\r | |
733 | UINT8 MethodStatus;\r | |
734 | TCG_RESULT Ret;\r | |
735 | \r | |
736 | NULL_CHECK(Session);\r | |
737 | NULL_CHECK(Password);\r | |
738 | \r | |
739 | //\r | |
740 | // Try to start session with Locking SP as admin1 authority\r | |
741 | //\r | |
742 | Ret = OpalStartSession(\r | |
743 | Session,\r | |
744 | OPAL_UID_LOCKING_SP,\r | |
745 | TRUE,\r | |
746 | PasswordLength,\r | |
747 | Password,\r | |
748 | OPAL_LOCKING_SP_ADMIN1_AUTHORITY,\r | |
749 | &MethodStatus\r | |
750 | );\r | |
751 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
752 | Ret = OpalUpdateGlobalLockingRange(\r | |
753 | Session,\r | |
754 | ReadLocked,\r | |
755 | WriteLocked,\r | |
756 | &MethodStatus\r | |
757 | );\r | |
758 | OpalEndSession(Session);\r | |
759 | if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
760 | goto done;\r | |
761 | }\r | |
762 | }\r | |
763 | \r | |
764 | if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) {\r | |
765 | DEBUG ((DEBUG_INFO, "unlock as admin failed with AUTHORITY_LOCKED_OUT\n"));\r | |
766 | goto done;\r | |
767 | }\r | |
768 | \r | |
769 | //\r | |
770 | // Try user1 authority\r | |
771 | //\r | |
772 | Ret = OpalStartSession(\r | |
773 | Session,\r | |
774 | OPAL_UID_LOCKING_SP,\r | |
775 | TRUE,\r | |
776 | PasswordLength,\r | |
777 | Password,\r | |
778 | OPAL_LOCKING_SP_USER1_AUTHORITY,\r | |
779 | &MethodStatus\r | |
780 | );\r | |
781 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
782 | DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n"));\r | |
783 | goto done;\r | |
784 | }\r | |
785 | \r | |
786 | Ret = OpalUpdateGlobalLockingRange(Session, ReadLocked, WriteLocked, &MethodStatus);\r | |
787 | OpalEndSession(Session);\r | |
788 | \r | |
789 | done:\r | |
790 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
791 | if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) {\r | |
792 | //\r | |
793 | // Caller need to know this special error, but return status not has type for it.\r | |
794 | // so here use TcgResultFailureInvalidType as an replacement.\r | |
795 | //\r | |
796 | Ret = TcgResultFailureInvalidType;\r | |
797 | } else {\r | |
798 | Ret = TcgResultFailure;\r | |
799 | }\r | |
800 | }\r | |
801 | return Ret;\r | |
802 | }\r | |
803 | \r | |
804 | /**\r | |
805 | Update global locking range.\r | |
806 | \r | |
807 | @param Session, The session info for one opal device.\r | |
808 | @param Msid, The data buffer to save Msid info.\r | |
809 | @param MsidBufferLength, The data buffer length for Msid.\r | |
810 | @param MsidLength, The actual data length for Msid.\r | |
811 | \r | |
812 | **/\r | |
813 | TCG_RESULT\r | |
814 | EFIAPI\r | |
815 | OpalUtilGetMsid(\r | |
816 | OPAL_SESSION *Session,\r | |
817 | UINT8 *Msid,\r | |
818 | UINT32 MsidBufferLength,\r | |
819 | UINT32 *MsidLength\r | |
820 | )\r | |
821 | {\r | |
822 | UINT8 MethodStatus;\r | |
823 | TCG_RESULT Ret;\r | |
824 | \r | |
825 | NULL_CHECK(Session);\r | |
826 | NULL_CHECK(Msid);\r | |
827 | NULL_CHECK(MsidLength);\r | |
828 | \r | |
829 | Ret = OpalStartSession(\r | |
830 | Session,\r | |
831 | OPAL_UID_ADMIN_SP,\r | |
832 | TRUE,\r | |
833 | 0,\r | |
834 | NULL,\r | |
835 | TCG_UID_NULL,\r | |
836 | &MethodStatus\r | |
837 | );\r | |
838 | if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {\r | |
839 | Ret = OpalGetMsid (Session, MsidBufferLength, Msid, MsidLength);\r | |
840 | OpalEndSession (Session);\r | |
841 | }\r | |
842 | \r | |
843 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
844 | Ret = TcgResultFailure;\r | |
845 | }\r | |
846 | \r | |
847 | return Ret;\r | |
848 | }\r | |
849 | \r | |
850 | /**\r | |
851 | \r | |
852 | The function determines who owns the device by attempting to start a session with different credentials.\r | |
853 | If the SID PIN matches the MSID PIN, the no one owns the device.\r | |
854 | If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.\r | |
855 | \r | |
856 | \r | |
857 | @param[in] Session The session info for one opal device.\r | |
858 | @param Msid, The Msid info.\r | |
859 | @param MsidLength, The data length for Msid.\r | |
860 | \r | |
861 | **/\r | |
862 | OPAL_OWNER_SHIP\r | |
863 | EFIAPI\r | |
864 | OpalUtilDetermineOwnership(\r | |
865 | OPAL_SESSION *Session,\r | |
866 | UINT8 *Msid,\r | |
867 | UINT32 MsidLength\r | |
868 | )\r | |
869 | {\r | |
870 | UINT8 MethodStatus;\r | |
871 | TCG_RESULT Ret;\r | |
872 | OPAL_OWNER_SHIP Owner;\r | |
873 | \r | |
874 | if ((Session == NULL) || (Msid == NULL)) {\r | |
875 | return OpalOwnershipUnknown;\r | |
876 | }\r | |
877 | \r | |
878 | Owner = OpalOwnershipUnknown;\r | |
879 | //\r | |
880 | // Start Session as SID_UID with ADMIN_SP using MSID PIN\r | |
881 | //\r | |
882 | Ret = OpalStartSession(\r | |
883 | Session,\r | |
884 | OPAL_UID_ADMIN_SP,\r | |
885 | TRUE,\r | |
886 | MsidLength,\r | |
887 | Msid,\r | |
888 | OPAL_ADMIN_SP_SID_AUTHORITY,\r | |
889 | &MethodStatus);\r | |
890 | if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {\r | |
891 | //\r | |
892 | // now we know that SID PIN == MSID PIN\r | |
893 | //\r | |
894 | Owner = OpalOwnershipNobody;\r | |
895 | \r | |
896 | OpalEndSession(Session);\r | |
897 | }\r | |
898 | \r | |
899 | return Owner;\r | |
900 | }\r | |
901 | \r | |
902 | /**\r | |
903 | \r | |
904 | The function returns if admin password exists.\r | |
905 | \r | |
906 | @param[in] OwnerShip The owner ship of the opal device.\r | |
907 | @param[in] LockingFeature The locking info of the opal device.\r | |
908 | \r | |
909 | @retval TRUE Admin password existed.\r | |
910 | @retval FALSE Admin password not existed.\r | |
911 | \r | |
912 | **/\r | |
913 | BOOLEAN\r | |
914 | EFIAPI\r | |
915 | OpalUtilAdminPasswordExists(\r | |
916 | IN UINT16 OwnerShip,\r | |
917 | IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature\r | |
918 | )\r | |
919 | {\r | |
920 | NULL_CHECK(LockingFeature);\r | |
921 | \r | |
922 | // if it is Unknown who owns the device\r | |
923 | // then someone has set password previously through our UI\r | |
924 | // because the SID would no longer match the generated SID (ownership us)\r | |
925 | // or someone has set password using 3rd party software\r | |
926 | \r | |
927 | //\r | |
928 | // Locking sp enabled is checked b/c it must be enabled to change the PIN of the Admin1.\r | |
929 | //\r | |
930 | return (OwnerShip == OpalOwnershipUnknown && LockingFeature->LockingEnabled);\r | |
931 | }\r | |
932 | \r | |
933 | /**\r | |
934 | Get Active Data Removal Mechanism Value.\r | |
935 | \r | |
936 | @param[in] Session The session info for one opal device.\r | |
937 | @param[in] GeneratedSid Generated SID of disk\r | |
938 | @param[in] SidLength Length of generatedSid in bytes\r | |
939 | @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.\r | |
940 | \r | |
941 | **/\r | |
942 | TCG_RESULT\r | |
943 | EFIAPI\r | |
944 | OpalUtilGetActiveDataRemovalMechanism (\r | |
945 | OPAL_SESSION *Session,\r | |
946 | const VOID *GeneratedSid,\r | |
947 | UINT32 SidLength,\r | |
948 | UINT8 *ActiveDataRemovalMechanism\r | |
949 | )\r | |
950 | {\r | |
951 | TCG_RESULT Ret;\r | |
952 | UINT8 MethodStatus;\r | |
953 | \r | |
954 | NULL_CHECK(Session);\r | |
955 | NULL_CHECK(GeneratedSid);\r | |
956 | NULL_CHECK(ActiveDataRemovalMechanism);\r | |
957 | \r | |
958 | Ret = OpalStartSession(\r | |
959 | Session,\r | |
960 | OPAL_UID_ADMIN_SP,\r | |
961 | TRUE,\r | |
962 | SidLength,\r | |
963 | GeneratedSid,\r | |
964 | OPAL_ADMIN_SP_ANYBODY_AUTHORITY,\r | |
965 | &MethodStatus\r | |
966 | );\r | |
967 | if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
968 | DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));\r | |
969 | if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {\r | |
970 | Ret = TcgResultFailure;\r | |
971 | }\r | |
972 | return Ret;\r | |
973 | }\r | |
974 | \r | |
975 | Ret = OpalPyrite2GetActiveDataRemovalMechanism (\r | |
976 | Session,\r | |
977 | ActiveDataRemovalMechanism\r | |
978 | );\r | |
979 | \r | |
980 | if (Ret != TcgResultSuccess) {\r | |
981 | DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret));\r | |
982 | }\r | |
983 | \r | |
984 | OpalEndSession(Session);\r | |
985 | \r | |
986 | return Ret;\r | |
987 | }\r | |
988 | \r | |
989 | /**\r | |
990 | Calculate the estimated time.\r | |
991 | \r | |
992 | @param[in] IsMinute Whether the input time value is minute type or second type.\r | |
993 | @param[in] Time The input time value.\r | |
994 | \r | |
995 | **/\r | |
996 | UINT32\r | |
997 | CalculateDataRemovalTime (\r | |
998 | IN BOOLEAN IsMinute,\r | |
999 | IN UINT16 Time\r | |
1000 | )\r | |
1001 | {\r | |
1002 | if (IsMinute) {\r | |
1003 | return Time * 2 * 60;\r | |
1004 | } else {\r | |
1005 | return Time * 2;\r | |
1006 | }\r | |
1007 | }\r | |
1008 | \r | |
1009 | /**\r | |
1010 | Return the estimated time for specific type.\r | |
1011 | \r | |
1012 | @param[in] Index The input data removal type.\r | |
1013 | @param[in] Descriptor DATA_REMOVAL_FEATURE_DESCRIPTOR\r | |
1014 | \r | |
1015 | **/\r | |
1016 | UINT32\r | |
1017 | GetDataRemovalTime (\r | |
1018 | IN UINT8 Index,\r | |
1019 | IN DATA_REMOVAL_FEATURE_DESCRIPTOR *Descriptor\r | |
1020 | )\r | |
1021 | {\r | |
1022 | switch (Index) {\r | |
1023 | case OverwriteDataErase:\r | |
1024 | return CalculateDataRemovalTime (Descriptor->FormatBit0, SwapBytes16 (Descriptor->TimeBit0));\r | |
1025 | \r | |
1026 | case BlockErase:\r | |
1027 | return CalculateDataRemovalTime (Descriptor->FormatBit1, SwapBytes16 (Descriptor->TimeBit1));\r | |
1028 | \r | |
1029 | case CryptoErase:\r | |
1030 | return CalculateDataRemovalTime (Descriptor->FormatBit2, SwapBytes16 (Descriptor->TimeBit2));\r | |
1031 | \r | |
1032 | case Unmap:\r | |
1033 | return CalculateDataRemovalTime (Descriptor->FormatBit3, SwapBytes16 (Descriptor->TimeBit3));\r | |
1034 | \r | |
1035 | case ResetWritePointers:\r | |
1036 | return CalculateDataRemovalTime (Descriptor->FormatBit4, SwapBytes16 (Descriptor->TimeBit4));\r | |
1037 | \r | |
1038 | case VendorSpecificErase:\r | |
1039 | return CalculateDataRemovalTime (Descriptor->FormatBit5, SwapBytes16 (Descriptor->TimeBit5));\r | |
1040 | \r | |
1041 | default:\r | |
1042 | return 0;\r | |
1043 | }\r | |
1044 | }\r | |
1045 | \r | |
1046 | /**\r | |
1047 | Get the supported Data Removal Mechanism list.\r | |
1048 | \r | |
1049 | @param[in] Session The session info for one opal device.\r | |
1050 | @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.\r | |
1051 | \r | |
1052 | **/\r | |
1053 | TCG_RESULT\r | |
1054 | EFIAPI\r | |
1055 | OpalUtilGetDataRemovalMechanismLists (\r | |
1056 | IN OPAL_SESSION *Session,\r | |
1057 | OUT UINT32 *RemovalMechanismLists\r | |
1058 | )\r | |
1059 | {\r | |
1060 | TCG_RESULT Ret;\r | |
1061 | UINTN DataSize;\r | |
1062 | DATA_REMOVAL_FEATURE_DESCRIPTOR Descriptor;\r | |
1063 | UINT8 Index;\r | |
1064 | UINT8 BitValue;\r | |
1065 | \r | |
1066 | NULL_CHECK(Session);\r | |
1067 | NULL_CHECK(RemovalMechanismLists);\r | |
1068 | \r | |
1069 | DataSize = sizeof (Descriptor);\r | |
1070 | Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor);\r | |
1071 | if (Ret != TcgResultSuccess) {\r | |
1072 | return TcgResultFailure;\r | |
1073 | }\r | |
1074 | \r | |
1075 | ASSERT (Descriptor.RemovalMechanism != 0);\r | |
1076 | \r | |
1077 | for (Index = 0; Index < ResearvedMechanism; Index ++) {\r | |
1078 | BitValue = (BOOLEAN) BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index);\r | |
1079 | \r | |
1080 | if (BitValue == 0) {\r | |
1081 | RemovalMechanismLists[Index] = 0;\r | |
1082 | } else {\r | |
1083 | RemovalMechanismLists[Index] = GetDataRemovalTime (Index, &Descriptor);\r | |
1084 | }\r | |
1085 | }\r | |
1086 | \r | |
1087 | return TcgResultSuccess;\r | |
1088 | }\r | |
1089 | \r | |
1090 | /**\r | |
1091 | Get revert timeout value.\r | |
1092 | \r | |
1093 | @param[in] Session The session info for one opal device.\r | |
1094 | \r | |
1095 | **/\r | |
1096 | UINT32\r | |
1097 | GetRevertTimeOut (\r | |
1098 | IN OPAL_SESSION *Session\r | |
1099 | )\r | |
1100 | {\r | |
1101 | TCG_RESULT TcgResult;\r | |
1102 | OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;\r | |
1103 | UINT16 BaseComId;\r | |
1104 | UINT32 MsidLength;\r | |
1105 | UINT8 Msid[OPAL_MSID_LENGHT];\r | |
1106 | UINT32 RemovalMechanishLists[ResearvedMechanism];\r | |
1107 | UINT8 ActiveDataRemovalMechanism;\r | |
1108 | \r | |
1109 | TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId);\r | |
1110 | if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) {\r | |
1111 | return 0;\r | |
1112 | }\r | |
1113 | \r | |
1114 | TcgResult = OpalUtilGetMsid (Session, Msid, OPAL_MSID_LENGHT, &MsidLength);\r | |
1115 | if (TcgResult != TcgResultSuccess) {\r | |
1116 | return 0;\r | |
1117 | }\r | |
1118 | \r | |
1119 | TcgResult = OpalUtilGetDataRemovalMechanismLists (Session, RemovalMechanishLists);\r | |
1120 | if (TcgResult != TcgResultSuccess) {\r | |
1121 | return 0;\r | |
1122 | }\r | |
1123 | \r | |
1124 | TcgResult = OpalUtilGetActiveDataRemovalMechanism (Session, Msid, MsidLength, &ActiveDataRemovalMechanism);\r | |
1125 | if (TcgResult != TcgResultSuccess) {\r | |
1126 | return 0;\r | |
1127 | }\r | |
1128 | \r | |
1129 | return RemovalMechanishLists[ActiveDataRemovalMechanism];\r | |
1130 | }\r |