]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/HddPassword/HddPasswordDxe.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg/HddPassword: Add a PCD to skip Hdd password prompt
[mirror_edk2.git] / SecurityPkg / HddPassword / HddPasswordDxe.c
1 /** @file
2 HDD password driver which is used to support HDD security feature.
3
4 Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
5
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9
10 #include "HddPasswordDxe.h"
11
12 EFI_GUID mHddPasswordVendorGuid = HDD_PASSWORD_CONFIG_GUID;
13 CHAR16 mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG";
14 LIST_ENTRY mHddPasswordConfigFormList;
15 UINT32 mNumberOfHddDevices = 0;
16
17 EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID;
18 BOOLEAN mHddPasswordEndOfDxe = FALSE;
19 HDD_PASSWORD_REQUEST_VARIABLE *mHddPasswordRequestVariable = NULL;
20 UINTN mHddPasswordRequestVariableSize = 0;
21
22 HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = {
23 {
24 {
25 HARDWARE_DEVICE_PATH,
26 HW_VENDOR_DP,
27 {
28 (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
29 (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
30 }
31 },
32 HDD_PASSWORD_CONFIG_GUID
33 },
34 {
35 END_DEVICE_PATH_TYPE,
36 END_ENTIRE_DEVICE_PATH_SUBTYPE,
37 {
38 (UINT8) (END_DEVICE_PATH_LENGTH),
39 (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
40 }
41 }
42 };
43
44
45 /**
46 Check if the password is full zero.
47
48 @param[in] Password Points to the data buffer
49
50 @retval TRUE This password string is full zero.
51 @retval FALSE This password string is not full zero.
52
53 **/
54 BOOLEAN
55 PasswordIsFullZero (
56 IN CHAR8 *Password
57 )
58 {
59 UINTN Index;
60
61 for (Index = 0; Index < HDD_PASSWORD_MAX_LENGTH; Index++) {
62 if (Password[Index] != 0) {
63 return FALSE;
64 }
65 }
66
67 return TRUE;
68 }
69
70 /**
71 Save device info.
72
73 @param[in] ConfigFormEntry Points to HDD_PASSWORD_CONFIG_FORM_ENTRY buffer
74 @param[in,out] TempDevInfo Points to HDD_PASSWORD_DEVICE_INFO buffer
75
76 **/
77 VOID
78 SaveDeviceInfo (
79 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry,
80 IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo
81 )
82 {
83 TempDevInfo->Device.Bus = (UINT8) ConfigFormEntry->Bus;
84 TempDevInfo->Device.Device = (UINT8) ConfigFormEntry->Device;
85 TempDevInfo->Device.Function = (UINT8) ConfigFormEntry->Function;
86 TempDevInfo->Device.Port = ConfigFormEntry->Port;
87 TempDevInfo->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
88 CopyMem (TempDevInfo->Password, ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH);
89 TempDevInfo->DevicePathLength = (UINT32) GetDevicePathSize (ConfigFormEntry->DevicePath);
90 CopyMem (TempDevInfo->DevicePath, ConfigFormEntry->DevicePath, TempDevInfo->DevicePathLength);
91 }
92
93 /**
94 Build HDD password device info and save them to LockBox.
95
96 **/
97 VOID
98 BuildHddPasswordDeviceInfo (
99 VOID
100 )
101 {
102 EFI_STATUS Status;
103 LIST_ENTRY *Entry;
104 HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry;
105 HDD_PASSWORD_DEVICE_INFO *DevInfo;
106 HDD_PASSWORD_DEVICE_INFO *TempDevInfo;
107 UINTN DevInfoLength;
108 UINT8 DummyData;
109 BOOLEAN S3InitDevicesExist;
110 UINTN S3InitDevicesLength;
111 EFI_DEVICE_PATH_PROTOCOL *S3InitDevices;
112 EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak;
113
114 //
115 // Build HDD password device info and save them to LockBox.
116 //
117 DevInfoLength = 0;
118 EFI_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) {
119 ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link);
120
121 //
122 // 1. Handle device which already set password.
123 // 2. When request to send freeze comamnd, driver also needs to handle device
124 // which support security feature.
125 //
126 if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
127 ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
128 (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
129 DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) +
130 GetDevicePathSize (ConfigFormEntry->DevicePath);
131 }
132 }
133
134 if (DevInfoLength == 0) {
135 return;
136 }
137
138 S3InitDevicesLength = sizeof (DummyData);
139 Status = RestoreLockBox (
140 &gS3StorageDeviceInitListGuid,
141 &DummyData,
142 &S3InitDevicesLength
143 );
144 ASSERT ((Status == EFI_NOT_FOUND) || (Status == EFI_BUFFER_TOO_SMALL));
145 if (Status == EFI_NOT_FOUND) {
146 S3InitDevices = NULL;
147 S3InitDevicesExist = FALSE;
148 } else if (Status == EFI_BUFFER_TOO_SMALL) {
149 S3InitDevices = AllocatePool (S3InitDevicesLength);
150 ASSERT (S3InitDevices != NULL);
151
152 Status = RestoreLockBox (
153 &gS3StorageDeviceInitListGuid,
154 S3InitDevices,
155 &S3InitDevicesLength
156 );
157 ASSERT_EFI_ERROR (Status);
158 S3InitDevicesExist = TRUE;
159 } else {
160 return;
161 }
162
163 DevInfo = AllocateZeroPool (DevInfoLength);
164 ASSERT (DevInfo != NULL);
165
166 TempDevInfo = DevInfo;
167 EFI_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) {
168 ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link);
169
170 if ((!PasswordIsFullZero (ConfigFormEntry->Password)) ||
171 ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
172 (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) {
173 SaveDeviceInfo (ConfigFormEntry, TempDevInfo);
174
175 S3InitDevicesBak = S3InitDevices;
176 S3InitDevices = AppendDevicePathInstance (
177 S3InitDevicesBak,
178 ConfigFormEntry->DevicePath
179 );
180 if (S3InitDevicesBak != NULL) {
181 FreePool (S3InitDevicesBak);
182 }
183 ASSERT (S3InitDevices != NULL);
184
185 TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *) ((UINTN)TempDevInfo +
186 sizeof (HDD_PASSWORD_DEVICE_INFO) +
187 TempDevInfo->DevicePathLength);
188 }
189 }
190
191 Status = SaveLockBox (
192 &mHddPasswordDeviceInfoGuid,
193 DevInfo,
194 DevInfoLength
195 );
196 ASSERT_EFI_ERROR (Status);
197
198 Status = SetLockBoxAttributes (
199 &mHddPasswordDeviceInfoGuid,
200 LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY
201 );
202 ASSERT_EFI_ERROR (Status);
203
204 S3InitDevicesLength = GetDevicePathSize (S3InitDevices);
205 if (S3InitDevicesExist) {
206 Status = UpdateLockBox (
207 &gS3StorageDeviceInitListGuid,
208 0,
209 S3InitDevices,
210 S3InitDevicesLength
211 );
212 ASSERT_EFI_ERROR (Status);
213 } else {
214 Status = SaveLockBox (
215 &gS3StorageDeviceInitListGuid,
216 S3InitDevices,
217 S3InitDevicesLength
218 );
219 ASSERT_EFI_ERROR (Status);
220
221 Status = SetLockBoxAttributes (
222 &gS3StorageDeviceInitListGuid,
223 LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY
224 );
225 ASSERT_EFI_ERROR (Status);
226 }
227
228 ZeroMem (DevInfo, DevInfoLength);
229 FreePool (DevInfo);
230 FreePool (S3InitDevices);
231 }
232
233 /**
234 Send freeze lock cmd through Ata Pass Thru Protocol.
235
236 @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol.
237 @param[in] Port The port number of the ATA device to send the command.
238 @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command.
239 If there is no port multiplier, then specify 0xFFFF.
240
241 @retval EFI_SUCCESS Successful to send freeze lock cmd.
242 @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
243 @retval EFI_OUT_OF_RESOURCES Not enough memory to send freeze lock cmd.
244 @retval EFI_DEVICE_ERROR Can not send freeze lock cmd.
245
246 **/
247 EFI_STATUS
248 FreezeLockDevice (
249 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
250 IN UINT16 Port,
251 IN UINT16 PortMultiplierPort
252 )
253 {
254 EFI_STATUS Status;
255 EFI_ATA_COMMAND_BLOCK Acb;
256 EFI_ATA_STATUS_BLOCK *Asb;
257 EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
258
259 if (AtaPassThru == NULL) {
260 return EFI_INVALID_PARAMETER;
261 }
262
263 //
264 // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
265 // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
266 // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
267 // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
268 // may not be aligned when allocated on stack for some compilers. Hence, we
269 // use the API AllocateAlignedPages to ensure this structure is properly
270 // aligned.
271 //
272 Asb = AllocateAlignedPages (
273 EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
274 AtaPassThru->Mode->IoAlign
275 );
276 if (Asb == NULL) {
277 return EFI_OUT_OF_RESOURCES;
278 }
279
280 //
281 // Prepare for ATA command block.
282 //
283 ZeroMem (&Acb, sizeof (Acb));
284 ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
285 Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD;
286 Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
287
288 //
289 // Prepare for ATA pass through packet.
290 //
291 ZeroMem (&Packet, sizeof (Packet));
292 Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_ATA_NON_DATA;
293 Packet.Length = EFI_ATA_PASS_THRU_LENGTH_NO_DATA_TRANSFER;
294 Packet.Asb = Asb;
295 Packet.Acb = &Acb;
296 Packet.Timeout = ATA_TIMEOUT;
297
298 Status = AtaPassThru->PassThru (
299 AtaPassThru,
300 Port,
301 PortMultiplierPort,
302 &Packet,
303 NULL
304 );
305 if (!EFI_ERROR (Status) &&
306 ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
307 ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
308 Status = EFI_DEVICE_ERROR;
309 }
310
311 FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
312
313 DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status));
314 return Status;
315 }
316
317 /**
318 Get attached harddisk identify data through Ata Pass Thru Protocol.
319
320 @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol.
321 @param[in] Port The port number of the ATA device to send the command.
322 @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command.
323 If there is no port multiplier, then specify 0xFFFF.
324 @param[in] IdentifyData The buffer to store identify data.
325
326 @retval EFI_SUCCESS Successful to get identify data.
327 @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
328 @retval EFI_OUT_OF_RESOURCES Not enough memory to get identify data.
329 @retval EFI_DEVICE_ERROR Can not get identify data.
330
331 **/
332 EFI_STATUS
333 GetHddDeviceIdentifyData (
334 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
335 IN UINT16 Port,
336 IN UINT16 PortMultiplierPort,
337 IN ATA_IDENTIFY_DATA *IdentifyData
338 )
339 {
340 EFI_STATUS Status;
341 EFI_ATA_COMMAND_BLOCK Acb;
342 EFI_ATA_STATUS_BLOCK *Asb;
343 EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
344
345 if ((AtaPassThru == NULL) || (IdentifyData == NULL)) {
346 return EFI_INVALID_PARAMETER;
347 }
348
349 //
350 // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
351 // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
352 // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
353 // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
354 // may not be aligned when allocated on stack for some compilers. Hence, we
355 // use the API AllocateAlignedPages to ensure this structure is properly
356 // aligned.
357 //
358 Asb = AllocateAlignedPages (
359 EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
360 AtaPassThru->Mode->IoAlign
361 );
362 if (Asb == NULL) {
363 return EFI_OUT_OF_RESOURCES;
364 }
365
366 //
367 // Prepare for ATA command block.
368 //
369 ZeroMem (&Acb, sizeof (Acb));
370 ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
371 Acb.AtaCommand = ATA_CMD_IDENTIFY_DRIVE;
372 Acb.AtaDeviceHead = (UINT8) (BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)));
373
374 //
375 // Prepare for ATA pass through packet.
376 //
377 ZeroMem (&Packet, sizeof (Packet));
378 Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_IN;
379 Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES | EFI_ATA_PASS_THRU_LENGTH_SECTOR_COUNT;
380 Packet.Asb = Asb;
381 Packet.Acb = &Acb;
382 Packet.InDataBuffer = IdentifyData;
383 Packet.InTransferLength = sizeof (ATA_IDENTIFY_DATA);
384 Packet.Timeout = ATA_TIMEOUT;
385
386 Status = AtaPassThru->PassThru (
387 AtaPassThru,
388 Port,
389 PortMultiplierPort,
390 &Packet,
391 NULL
392 );
393
394 FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
395
396 return Status;
397 }
398
399 /**
400 Parse security status according to identify data.
401
402 @param[in] IdentifyData The buffer to store identify data.
403 @param[in, out] IfrData IFR data to hold security status.
404
405 **/
406 VOID
407 GetHddPasswordSecurityStatus (
408 IN ATA_IDENTIFY_DATA *IdentifyData,
409 IN OUT HDD_PASSWORD_CONFIG *IfrData
410 )
411 {
412 IfrData->SecurityStatus.Supported = (IdentifyData->command_set_supported_82 & BIT1) ? 1 : 0;
413 IfrData->SecurityStatus.Enabled = (IdentifyData->security_status & BIT1) ? 1 : 0;
414 IfrData->SecurityStatus.Locked = (IdentifyData->security_status & BIT2) ? 1 : 0;
415 IfrData->SecurityStatus.Frozen = (IdentifyData->security_status & BIT3) ? 1 : 0;
416 IfrData->SecurityStatus.UserPasswordStatus = IfrData->SecurityStatus.Enabled;
417 IfrData->SecurityStatus.MasterPasswordStatus = IfrData->SecurityStatus.Supported;
418
419 DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Supported = %x\n", IfrData->SecurityStatus.Supported));
420 DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Enabled = %x\n", IfrData->SecurityStatus.Enabled));
421 DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Locked = %x\n", IfrData->SecurityStatus.Locked));
422 DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Frozen = %x\n", IfrData->SecurityStatus.Frozen));
423 DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.UserPasswordStatus = %x\n", IfrData->SecurityStatus.UserPasswordStatus));
424 DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.MasterPasswordStatus = %x\n", IfrData->SecurityStatus.MasterPasswordStatus));
425 }
426
427 /**
428 Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group.
429
430 This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP_GUID event group.
431
432 @param Event Event whose notification function is being invoked.
433 @param Context Pointer to the notification function's context.
434
435 **/
436 VOID
437 EFIAPI
438 HddPasswordEndOfDxeEventNotify (
439 EFI_EVENT Event,
440 VOID *Context
441 )
442 {
443 LIST_ENTRY *Entry;
444 HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry;
445 EFI_STATUS Status;
446 ATA_IDENTIFY_DATA IdentifyData;
447
448 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
449
450 mHddPasswordEndOfDxe = TRUE;
451
452 if (mHddPasswordRequestVariable != NULL) {
453 //
454 // Free the HDD password request variable buffer here
455 // as the HDD password requests should have been processed.
456 //
457 FreePool (mHddPasswordRequestVariable);
458 mHddPasswordRequestVariable = NULL;
459 mHddPasswordRequestVariableSize = 0;
460 }
461
462 //
463 // If no any device, return directly.
464 //
465 if (IsListEmpty (&mHddPasswordConfigFormList)) {
466 gBS->CloseEvent (Event);
467 return;
468 }
469
470 BuildHddPasswordDeviceInfo ();
471
472 //
473 // Zero passsword and freeze lock device.
474 //
475 EFI_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) {
476 ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link);
477
478 ZeroMem (ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH);
479
480 //
481 // Check whether need send freeze lock command.
482 // Below device will be froze:
483 // 1. Device not enable password.
484 // 2. Device enable password and unlocked.
485 //
486 if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) &&
487 (ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) &&
488 (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) {
489 Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort);
490 DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status));
491 Status = GetHddDeviceIdentifyData (
492 ConfigFormEntry->AtaPassThru,
493 ConfigFormEntry->Port,
494 ConfigFormEntry->PortMultiplierPort,
495 &IdentifyData
496 );
497 GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData);
498 }
499 }
500
501 DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
502
503 gBS->CloseEvent (Event);
504 }
505
506 /**
507 Generate Salt value.
508
509 @param[in, out] SaltValue Points to the salt buffer, 32 bytes
510
511 **/
512 VOID
513 GenSalt (
514 IN OUT UINT8 *SaltValue
515 )
516 {
517 RandomSeed (NULL, 0);
518 RandomBytes (SaltValue, PASSWORD_SALT_SIZE);
519 }
520
521 /**
522 Hash the data to get credential.
523
524 @param[in] Buffer Points to the data buffer
525 @param[in] BufferSize Buffer size
526 @param[in] SaltValue Points to the salt buffer, 32 bytes
527 @param[out] Credential Points to the hashed result
528
529 @retval TRUE Hash the data successfully.
530 @retval FALSE Failed to hash the data.
531
532 **/
533 BOOLEAN
534 GenerateCredential (
535 IN UINT8 *Buffer,
536 IN UINTN BufferSize,
537 IN UINT8 *SaltValue,
538 OUT UINT8 *Credential
539 )
540 {
541 BOOLEAN Status;
542 UINTN HashSize;
543 VOID *Hash;
544 VOID *HashData;
545
546 Hash = NULL;
547 HashData = NULL;
548 Status = FALSE;
549
550 HashSize = Sha256GetContextSize ();
551 Hash = AllocateZeroPool (HashSize);
552 ASSERT (Hash != NULL);
553 if (Hash == NULL) {
554 goto Done;
555 }
556
557 Status = Sha256Init (Hash);
558 if (!Status) {
559 goto Done;
560 }
561
562 HashData = AllocateZeroPool (PASSWORD_SALT_SIZE + BufferSize);
563 ASSERT (HashData != NULL);
564 if (HashData == NULL) {
565 goto Done;
566 }
567
568 CopyMem (HashData, SaltValue, PASSWORD_SALT_SIZE);
569 CopyMem ((UINT8 *) HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize);
570
571 Status = Sha256Update (Hash, HashData, PASSWORD_SALT_SIZE + BufferSize);
572 if (!Status) {
573 goto Done;
574 }
575
576 Status = Sha256Final (Hash, Credential);
577
578 Done:
579 if (Hash != NULL) {
580 FreePool (Hash);
581 }
582 if (HashData != NULL) {
583 ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize);
584 FreePool (HashData);
585 }
586 return Status;
587 }
588
589 /**
590 Save HDD password variable that will be used to validate HDD password
591 when the device is at frozen state.
592
593 @param[in] ConfigFormEntry The HDD Password configuration form entry.
594 @param[in] Password The hdd password of attached ATA device.
595
596 **/
597 VOID
598 SaveHddPasswordVariable (
599 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry,
600 IN CHAR8 *Password
601 )
602 {
603 EFI_STATUS Status;
604 HDD_PASSWORD_VARIABLE *TempVariable;
605 UINTN TempVariableSize;
606 HDD_PASSWORD_VARIABLE *NextNode;
607 HDD_PASSWORD_VARIABLE *Variable;
608 UINTN VariableSize;
609 HDD_PASSWORD_VARIABLE *NewVariable;
610 UINTN NewVariableSize;
611 BOOLEAN Delete;
612 BOOLEAN HashOk;
613 UINT8 HashData[SHA256_DIGEST_SIZE];
614 UINT8 SaltData[PASSWORD_SALT_SIZE];
615
616 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
617
618 Delete = FALSE;
619 if (!PasswordIsFullZero (Password)) {
620 //
621 // It is Set/Update HDD Password.
622 //
623 ZeroMem (HashData, sizeof (HashData));
624 ZeroMem (SaltData, sizeof (SaltData));
625 GenSalt (SaltData);
626 HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData);
627 if (!HashOk) {
628 DEBUG ((DEBUG_INFO, "GenerateCredential failed\n"));
629 return;
630 }
631 } else {
632 //
633 // It is Disable HDD Password.
634 // Go to delete the variable node for the HDD password device.
635 //
636 Delete = TRUE;
637 }
638
639 Variable = NULL;
640 VariableSize = 0;
641 NewVariable = NULL;
642 NewVariableSize = 0;
643
644 Status = GetVariable2 (
645 HDD_PASSWORD_VARIABLE_NAME,
646 &mHddPasswordVendorGuid,
647 (VOID **) &Variable,
648 &VariableSize
649 );
650 if (Delete) {
651 if (!EFI_ERROR (Status) && (Variable != NULL)) {
652 TempVariable = Variable;
653 TempVariableSize = VariableSize;
654 while (TempVariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) {
655 if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) &&
656 (TempVariable->Device.Device == ConfigFormEntry->Device) &&
657 (TempVariable->Device.Function == ConfigFormEntry->Function) &&
658 (TempVariable->Device.Port == ConfigFormEntry->Port) &&
659 (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
660 //
661 // Found the node for the HDD password device.
662 // Delete the node.
663 //
664 NextNode = TempVariable + 1;
665 CopyMem (TempVariable, NextNode, (UINTN) Variable + VariableSize - (UINTN) NextNode);
666 NewVariable = Variable;
667 NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE);
668 break;
669 }
670 TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
671 TempVariable += 1;
672 }
673 if (NewVariable == NULL) {
674 DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n"));
675 }
676 } else {
677 DEBUG ((DEBUG_INFO, "HddPassword variable get failed (%r)\n", Status));
678 }
679 } else {
680 if (!EFI_ERROR (Status) && (Variable != NULL)) {
681 TempVariable = Variable;
682 TempVariableSize = VariableSize;
683 while (TempVariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) {
684 if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) &&
685 (TempVariable->Device.Device == ConfigFormEntry->Device) &&
686 (TempVariable->Device.Function == ConfigFormEntry->Function) &&
687 (TempVariable->Device.Port == ConfigFormEntry->Port) &&
688 (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
689 //
690 // Found the node for the HDD password device.
691 // Update the node.
692 //
693 CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData));
694 CopyMem (TempVariable->PasswordSalt, SaltData, sizeof (SaltData));
695 NewVariable = Variable;
696 NewVariableSize = VariableSize;
697 break;
698 }
699 TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
700 TempVariable += 1;
701 }
702 if (NewVariable == NULL) {
703 //
704 // The node for the HDD password device is not found.
705 // Create node for the HDD password device.
706 //
707 NewVariableSize = VariableSize + sizeof (HDD_PASSWORD_VARIABLE);
708 NewVariable = AllocateZeroPool (NewVariableSize);
709 ASSERT (NewVariable != NULL);
710 CopyMem (NewVariable, Variable, VariableSize);
711 TempVariable = (HDD_PASSWORD_VARIABLE *) ((UINTN) NewVariable + VariableSize);
712 TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
713 TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
714 TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
715 TempVariable->Device.Port = ConfigFormEntry->Port;
716 TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
717 CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData));
718 CopyMem (TempVariable->PasswordSalt, SaltData, sizeof (SaltData));
719 }
720 } else {
721 NewVariableSize = sizeof (HDD_PASSWORD_VARIABLE);
722 NewVariable = AllocateZeroPool (NewVariableSize);
723 ASSERT (NewVariable != NULL);
724 NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
725 NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
726 NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
727 NewVariable->Device.Port = ConfigFormEntry->Port;
728 NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
729 CopyMem (NewVariable->PasswordHash, HashData, sizeof (HashData));
730 CopyMem (NewVariable->PasswordSalt, SaltData, sizeof (SaltData));
731 }
732 }
733
734 if (NewVariable != NULL) {
735 Status = gRT->SetVariable (
736 HDD_PASSWORD_VARIABLE_NAME,
737 &mHddPasswordVendorGuid,
738 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
739 NewVariableSize,
740 NewVariable
741 );
742 if (EFI_ERROR (Status)) {
743 DEBUG ((DEBUG_INFO, "HddPassword variable set failed (%r)\n", Status));
744 }
745 }
746
747 if (NewVariable != Variable) {
748 FreePool (NewVariable);
749 }
750 if (Variable != NULL) {
751 FreePool (Variable);
752 }
753
754 DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
755 }
756
757 /**
758 Get saved HDD password variable that will be used to validate HDD password
759 when the device is at frozen state.
760
761 @param[in] ConfigFormEntry The HDD Password configuration form entry.
762 @param[out] HddPasswordVariable The variable node for the HDD password device.
763
764 @retval TRUE The variable node for the HDD password device is found and returned.
765 @retval FALSE The variable node for the HDD password device is not found.
766
767 **/
768 BOOLEAN
769 GetSavedHddPasswordVariable (
770 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry,
771 OUT HDD_PASSWORD_VARIABLE *HddPasswordVariable
772 )
773 {
774 EFI_STATUS Status;
775 HDD_PASSWORD_VARIABLE *TempVariable;
776 HDD_PASSWORD_VARIABLE *Variable;
777 UINTN VariableSize;
778 BOOLEAN Found;
779
780 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
781
782 Variable = NULL;
783 VariableSize = 0;
784
785 Status = GetVariable2 (
786 HDD_PASSWORD_VARIABLE_NAME,
787 &mHddPasswordVendorGuid,
788 (VOID **) &Variable,
789 &VariableSize
790 );
791 if (EFI_ERROR (Status) || (Variable == NULL)) {
792 DEBUG ((DEBUG_INFO, "HddPassword variable get failed (%r)\n", Status));
793 return FALSE;
794 }
795
796 Found = FALSE;
797 TempVariable = Variable;
798 while (VariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) {
799 if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) &&
800 (TempVariable->Device.Device == ConfigFormEntry->Device) &&
801 (TempVariable->Device.Function == ConfigFormEntry->Function) &&
802 (TempVariable->Device.Port == ConfigFormEntry->Port) &&
803 (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
804 //
805 // Found the node for the HDD password device.
806 // Get the node.
807 //
808 CopyMem (HddPasswordVariable, TempVariable, sizeof (HDD_PASSWORD_VARIABLE));
809 Found = TRUE;
810 break;
811 }
812 VariableSize -= sizeof (HDD_PASSWORD_VARIABLE);
813 TempVariable += 1;
814 }
815
816 FreePool (Variable);
817
818 if (!Found) {
819 DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n"));
820 }
821
822 DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
823
824 return Found;
825 }
826
827 /**
828 Use saved HDD password variable to validate HDD password
829 when the device is at frozen state.
830
831 @param[in] ConfigFormEntry The HDD Password configuration form entry.
832 @param[in] Password The hdd password of attached ATA device.
833
834 @retval EFI_SUCCESS Pass to validate the HDD password.
835 @retval EFI_NOT_FOUND The variable node for the HDD password device is not found.
836 @retval EFI_DEVICE_ERROR Failed to generate credential for the HDD password.
837 @retval EFI_INVALID_PARAMETER Failed to validate the HDD password.
838
839 **/
840 EFI_STATUS
841 ValidateHddPassword (
842 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry,
843 IN CHAR8 *Password
844 )
845 {
846 EFI_STATUS Status;
847 HDD_PASSWORD_VARIABLE HddPasswordVariable;
848 BOOLEAN HashOk;
849 UINT8 HashData[SHA256_DIGEST_SIZE];
850
851 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
852
853 if (!GetSavedHddPasswordVariable (ConfigFormEntry, &HddPasswordVariable)) {
854 DEBUG ((DEBUG_INFO, "GetSavedHddPasswordVariable failed\n"));
855 return EFI_NOT_FOUND;
856 }
857
858 ZeroMem (HashData, sizeof (HashData));
859 HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData);
860 if (!HashOk) {
861 DEBUG ((DEBUG_INFO, "GenerateCredential failed\n"));
862 return EFI_DEVICE_ERROR;
863 }
864
865 if (CompareMem (HddPasswordVariable.PasswordHash, HashData, sizeof (HashData)) != 0) {
866 Status = EFI_INVALID_PARAMETER;
867 } else {
868 Status = EFI_SUCCESS;
869 }
870
871 DEBUG ((DEBUG_INFO, "%a() - exit (%r)\n", __FUNCTION__, Status));
872 return Status;
873 }
874
875 /**
876 Send unlock hdd password cmd through Ata Pass Thru Protocol.
877
878 @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol.
879 @param[in] Port The port number of the ATA device to send the command.
880 @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command.
881 If there is no port multiplier, then specify 0xFFFF.
882 @param[in] Identifier The identifier to set user or master password.
883 @param[in] Password The hdd password of attached ATA device.
884
885 @retval EFI_SUCCESS Successful to send unlock hdd password cmd.
886 @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
887 @retval EFI_OUT_OF_RESOURCES Not enough memory to send unlock hdd password cmd.
888 @retval EFI_DEVICE_ERROR Can not send unlock hdd password cmd.
889
890 **/
891 EFI_STATUS
892 UnlockHddPassword (
893 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
894 IN UINT16 Port,
895 IN UINT16 PortMultiplierPort,
896 IN CHAR8 Identifier,
897 IN CHAR8 *Password
898 )
899 {
900 EFI_STATUS Status;
901 EFI_ATA_COMMAND_BLOCK Acb;
902 EFI_ATA_STATUS_BLOCK *Asb;
903 EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
904 UINT8 Buffer[HDD_PAYLOAD];
905
906 if ((AtaPassThru == NULL) || (Password == NULL)) {
907 return EFI_INVALID_PARAMETER;
908 }
909
910 //
911 // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
912 // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
913 // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
914 // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
915 // may not be aligned when allocated on stack for some compilers. Hence, we
916 // use the API AllocateAlignedPages to ensure this structure is properly
917 // aligned.
918 //
919 Asb = AllocateAlignedPages (
920 EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
921 AtaPassThru->Mode->IoAlign
922 );
923 if (Asb == NULL) {
924 return EFI_OUT_OF_RESOURCES;
925 }
926
927 //
928 // Prepare for ATA command block.
929 //
930 ZeroMem (&Acb, sizeof (Acb));
931 ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
932 Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD;
933 Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
934
935 //
936 // Prepare for ATA pass through packet.
937 //
938 ZeroMem (&Packet, sizeof (Packet));
939 Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT;
940 Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES;
941 Packet.Asb = Asb;
942 Packet.Acb = &Acb;
943
944 ((CHAR16 *) Buffer)[0] = Identifier & BIT0;
945 CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
946
947 Packet.OutDataBuffer = Buffer;
948 Packet.OutTransferLength = sizeof (Buffer);
949 Packet.Timeout = ATA_TIMEOUT;
950
951 Status = AtaPassThru->PassThru (
952 AtaPassThru,
953 Port,
954 PortMultiplierPort,
955 &Packet,
956 NULL
957 );
958 if (!EFI_ERROR (Status) &&
959 ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
960 ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
961 Status = EFI_DEVICE_ERROR;
962 }
963
964 FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
965
966 ZeroMem (Buffer, sizeof (Buffer));
967
968 DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status));
969 return Status;
970 }
971
972 /**
973 Send disable hdd password cmd through Ata Pass Thru Protocol.
974
975 @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol.
976 @param[in] Port The port number of the ATA device to send the command.
977 @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command.
978 If there is no port multiplier, then specify 0xFFFF.
979 @param[in] Identifier The identifier to set user or master password.
980 @param[in] Password The hdd password of attached ATA device.
981
982 @retval EFI_SUCCESS Successful to disable hdd password cmd.
983 @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
984 @retval EFI_OUT_OF_RESOURCES Not enough memory to disable hdd password cmd.
985 @retval EFI_DEVICE_ERROR Can not disable hdd password cmd.
986
987 **/
988 EFI_STATUS
989 DisableHddPassword (
990 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
991 IN UINT16 Port,
992 IN UINT16 PortMultiplierPort,
993 IN CHAR8 Identifier,
994 IN CHAR8 *Password
995 )
996 {
997 EFI_STATUS Status;
998 EFI_ATA_COMMAND_BLOCK Acb;
999 EFI_ATA_STATUS_BLOCK *Asb;
1000 EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
1001 UINT8 Buffer[HDD_PAYLOAD];
1002
1003 if ((AtaPassThru == NULL) || (Password == NULL)) {
1004 return EFI_INVALID_PARAMETER;
1005 }
1006
1007 //
1008 // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
1009 // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
1010 // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
1011 // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
1012 // may not be aligned when allocated on stack for some compilers. Hence, we
1013 // use the API AllocateAlignedPages to ensure this structure is properly
1014 // aligned.
1015 //
1016 Asb = AllocateAlignedPages (
1017 EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
1018 AtaPassThru->Mode->IoAlign
1019 );
1020 if (Asb == NULL) {
1021 return EFI_OUT_OF_RESOURCES;
1022 }
1023
1024 //
1025 // Prepare for ATA command block.
1026 //
1027 ZeroMem (&Acb, sizeof (Acb));
1028 ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
1029 Acb.AtaCommand = ATA_SECURITY_DIS_PASSWORD_CMD;
1030 Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
1031
1032 //
1033 // Prepare for ATA pass through packet.
1034 //
1035 ZeroMem (&Packet, sizeof (Packet));
1036 Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT;
1037 Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES;
1038 Packet.Asb = Asb;
1039 Packet.Acb = &Acb;
1040
1041 ((CHAR16 *) Buffer)[0] = Identifier & BIT0;
1042 CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
1043
1044 Packet.OutDataBuffer = Buffer;
1045 Packet.OutTransferLength = sizeof (Buffer);
1046 Packet.Timeout = ATA_TIMEOUT;
1047
1048 Status = AtaPassThru->PassThru (
1049 AtaPassThru,
1050 Port,
1051 PortMultiplierPort,
1052 &Packet,
1053 NULL
1054 );
1055 if (!EFI_ERROR (Status) &&
1056 ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
1057 ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
1058 Status = EFI_DEVICE_ERROR;
1059 }
1060
1061 FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
1062
1063 ZeroMem (Buffer, sizeof (Buffer));
1064
1065 DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status));
1066 return Status;
1067 }
1068
1069 /**
1070 Send set hdd password cmd through Ata Pass Thru Protocol.
1071
1072 @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol.
1073 @param[in] Port The port number of the ATA device to send the command.
1074 @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command.
1075 If there is no port multiplier, then specify 0xFFFF.
1076 @param[in] Identifier The identifier to set user or master password.
1077 @param[in] SecurityLevel The security level to be set to device.
1078 @param[in] MasterPasswordIdentifier The master password identifier to be set to device.
1079 @param[in] Password The hdd password of attached ATA device.
1080
1081 @retval EFI_SUCCESS Successful to set hdd password cmd.
1082 @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
1083 @retval EFI_OUT_OF_RESOURCES Not enough memory to set hdd password cmd.
1084 @retval EFI_DEVICE_ERROR Can not set hdd password cmd.
1085
1086 **/
1087 EFI_STATUS
1088 SetHddPassword (
1089 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
1090 IN UINT16 Port,
1091 IN UINT16 PortMultiplierPort,
1092 IN CHAR8 Identifier,
1093 IN CHAR8 SecurityLevel,
1094 IN CHAR16 MasterPasswordIdentifier,
1095 IN CHAR8 *Password
1096 )
1097 {
1098 EFI_STATUS Status;
1099 EFI_ATA_COMMAND_BLOCK Acb;
1100 EFI_ATA_STATUS_BLOCK *Asb;
1101 EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
1102 UINT8 Buffer[HDD_PAYLOAD];
1103
1104 if ((AtaPassThru == NULL) || (Password == NULL)) {
1105 return EFI_INVALID_PARAMETER;
1106 }
1107
1108 //
1109 // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
1110 // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
1111 // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
1112 // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
1113 // may not be aligned when allocated on stack for some compilers. Hence, we
1114 // use the API AllocateAlignedPages to ensure this structure is properly
1115 // aligned.
1116 //
1117 Asb = AllocateAlignedPages (
1118 EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
1119 AtaPassThru->Mode->IoAlign
1120 );
1121 if (Asb == NULL) {
1122 return EFI_OUT_OF_RESOURCES;
1123 }
1124
1125 //
1126 // Prepare for ATA command block.
1127 //
1128 ZeroMem (&Acb, sizeof (Acb));
1129 ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
1130 Acb.AtaCommand = ATA_SECURITY_SET_PASSWORD_CMD;
1131 Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
1132
1133 //
1134 // Prepare for ATA pass through packet.
1135 //
1136 ZeroMem (&Packet, sizeof (Packet));
1137 Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT;
1138 Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES;
1139 Packet.Asb = Asb;
1140 Packet.Acb = &Acb;
1141
1142 ((CHAR16 *) Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8);
1143 CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
1144 if ((Identifier & BIT0) != 0) {
1145 ((CHAR16 *) Buffer)[17] = MasterPasswordIdentifier;
1146 }
1147
1148 Packet.OutDataBuffer = Buffer;
1149 Packet.OutTransferLength = sizeof (Buffer);
1150 Packet.Timeout = ATA_TIMEOUT;
1151
1152 Status = AtaPassThru->PassThru (
1153 AtaPassThru,
1154 Port,
1155 PortMultiplierPort,
1156 &Packet,
1157 NULL
1158 );
1159 if (!EFI_ERROR (Status) &&
1160 ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
1161 ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
1162 Status = EFI_DEVICE_ERROR;
1163 }
1164
1165 FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
1166
1167 ZeroMem (Buffer, sizeof (Buffer));
1168
1169 DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status));
1170 return Status;
1171 }
1172
1173 /**
1174 Get attached harddisk model number from identify data buffer.
1175
1176 @param[in] IdentifyData Pointer to identify data buffer.
1177 @param[in, out] String The buffer to store harddisk model number.
1178
1179 **/
1180 VOID
1181 GetHddDeviceModelNumber (
1182 IN ATA_IDENTIFY_DATA *IdentifyData,
1183 IN OUT CHAR16 *String
1184 )
1185 {
1186 UINTN Index;
1187
1188 //
1189 // Swap the byte order in the original module name.
1190 // From Ata spec, the maximum length is 40 bytes.
1191 //
1192 for (Index = 0; Index < 40; Index += 2) {
1193 String[Index] = IdentifyData->ModelName[Index + 1];
1194 String[Index + 1] = IdentifyData->ModelName[Index];
1195 }
1196
1197 //
1198 // Chap it off after 20 characters
1199 //
1200 String[20] = L'\0';
1201
1202 return ;
1203 }
1204
1205 /**
1206 Get password input from the popup windows.
1207
1208 @param[in] PopUpString1 Pop up string 1.
1209 @param[in] PopUpString2 Pop up string 2.
1210 @param[in, out] Password The buffer to hold the input password.
1211
1212 @retval EFI_ABORTED It is given up by pressing 'ESC' key.
1213 @retval EFI_SUCCESS Get password input successfully.
1214
1215 **/
1216 EFI_STATUS
1217 PopupHddPasswordInputWindows (
1218 IN CHAR16 *PopUpString1,
1219 IN CHAR16 *PopUpString2,
1220 IN OUT CHAR8 *Password
1221 )
1222 {
1223 EFI_INPUT_KEY Key;
1224 UINTN Length;
1225 CHAR16 Mask[HDD_PASSWORD_MAX_LENGTH + 1];
1226 CHAR16 Unicode[HDD_PASSWORD_MAX_LENGTH + 1];
1227 CHAR8 Ascii[HDD_PASSWORD_MAX_LENGTH + 1];
1228
1229 ZeroMem (Unicode, sizeof (Unicode));
1230 ZeroMem (Ascii, sizeof (Ascii));
1231 ZeroMem (Mask, sizeof (Mask));
1232
1233 gST->ConOut->ClearScreen(gST->ConOut);
1234
1235 Length = 0;
1236 while (TRUE) {
1237 Mask[Length] = L'_';
1238 if (PopUpString2 == NULL) {
1239 CreatePopUp (
1240 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1241 &Key,
1242 PopUpString1,
1243 L"---------------------",
1244 Mask,
1245 NULL
1246 );
1247 } else {
1248 CreatePopUp (
1249 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1250 &Key,
1251 PopUpString1,
1252 PopUpString2,
1253 L"---------------------",
1254 Mask,
1255 NULL
1256 );
1257 }
1258 //
1259 // Check key.
1260 //
1261 if (Key.ScanCode == SCAN_NULL) {
1262 if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
1263 //
1264 // Add the null terminator.
1265 //
1266 Unicode[Length] = 0;
1267 break;
1268 } else if ((Key.UnicodeChar == CHAR_NULL) ||
1269 (Key.UnicodeChar == CHAR_TAB) ||
1270 (Key.UnicodeChar == CHAR_LINEFEED)
1271 ) {
1272 continue;
1273 } else {
1274 if (Key.UnicodeChar == CHAR_BACKSPACE) {
1275 if (Length > 0) {
1276 Unicode[Length] = 0;
1277 Mask[Length] = 0;
1278 Length--;
1279 }
1280 } else {
1281 Unicode[Length] = Key.UnicodeChar;
1282 Mask[Length] = L'*';
1283 Length++;
1284 if (Length == HDD_PASSWORD_MAX_LENGTH) {
1285 //
1286 // Add the null terminator.
1287 //
1288 Unicode[Length] = 0;
1289 Mask[Length] = 0;
1290 break;
1291 }
1292 }
1293 }
1294 }
1295
1296 if (Key.ScanCode == SCAN_ESC) {
1297 ZeroMem (Unicode, sizeof (Unicode));
1298 ZeroMem (Ascii, sizeof (Ascii));
1299 gST->ConOut->ClearScreen(gST->ConOut);
1300 return EFI_ABORTED;
1301 }
1302 }
1303
1304 UnicodeStrToAsciiStrS (Unicode, Ascii, sizeof (Ascii));
1305 CopyMem (Password, Ascii, HDD_PASSWORD_MAX_LENGTH);
1306 ZeroMem (Unicode, sizeof (Unicode));
1307 ZeroMem (Ascii, sizeof (Ascii));
1308
1309 gST->ConOut->ClearScreen(gST->ConOut);
1310 return EFI_SUCCESS;
1311 }
1312
1313 /**
1314 Check if disk is locked, show popup window and ask for password if it is.
1315
1316 @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance.
1317 @param[in] Port The port number of attached ATA device.
1318 @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device.
1319 @param[in] ConfigFormEntry The HDD Password configuration form entry.
1320
1321 **/
1322 VOID
1323 HddPasswordRequestPassword (
1324 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
1325 IN UINT16 Port,
1326 IN UINT16 PortMultiplierPort,
1327 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry
1328 )
1329 {
1330 EFI_STATUS Status;
1331 CHAR16 PopUpString[100];
1332 ATA_IDENTIFY_DATA IdentifyData;
1333 EFI_INPUT_KEY Key;
1334 UINT16 RetryCount;
1335 CHAR8 Password[HDD_PASSWORD_MAX_LENGTH];
1336
1337 RetryCount = 0;
1338
1339 DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__));
1340
1341 UnicodeSPrint (PopUpString, sizeof (PopUpString), L"Unlock: %s", ConfigFormEntry->HddString);
1342
1343 //
1344 // Check the device security status.
1345 //
1346 if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
1347 (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
1348
1349 //
1350 // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt.
1351 // Due to board design, device may not power off during system warm boot, which result in
1352 // security status remain unlocked status, hence we add device security status check here.
1353 //
1354 // If device is in the locked status, device keeps locked and system continues booting.
1355 // If device is in the unlocked status, system is forced shutdown for security concern.
1356 //
1357 if (PcdGetBool (PcdSkipHddPasswordPrompt)) {
1358 if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
1359 return;
1360 } else {
1361 gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
1362 }
1363 }
1364 //
1365 // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd
1366 // no matter it's really in locked or unlocked state.
1367 // This way forces user to enter password every time to provide best safety.
1368 //
1369 while (TRUE) {
1370 Status = PopupHddPasswordInputWindows (PopUpString, NULL, Password);
1371 if (!EFI_ERROR (Status)) {
1372 //
1373 // The HDD is in locked state, unlock it by user input.
1374 //
1375 if (!PasswordIsFullZero (Password)) {
1376 if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
1377 Status = UnlockHddPassword (AtaPassThru, Port, PortMultiplierPort, 0, Password);
1378 } else {
1379 //
1380 // Use saved HDD password variable to validate HDD password
1381 // when the device is at frozen state.
1382 //
1383 Status = ValidateHddPassword (ConfigFormEntry, Password);
1384 }
1385 } else {
1386 Status = EFI_INVALID_PARAMETER;
1387 }
1388 if (!EFI_ERROR (Status)) {
1389 CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
1390 if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
1391 SaveHddPasswordVariable (ConfigFormEntry, Password);
1392 }
1393 ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
1394 Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
1395 ASSERT_EFI_ERROR (Status);
1396
1397 //
1398 // Check the device security status again.
1399 //
1400 GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData);
1401 return;
1402 }
1403
1404 ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
1405
1406 if (EFI_ERROR (Status)) {
1407 RetryCount ++;
1408 if (RetryCount < MAX_HDD_PASSWORD_RETRY_COUNT) {
1409 do {
1410 CreatePopUp (
1411 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1412 &Key,
1413 L"Invalid password.",
1414 L"Press ENTER to retry",
1415 NULL
1416 );
1417 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1418 continue;
1419 } else {
1420 do {
1421 CreatePopUp (
1422 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1423 &Key,
1424 L"Hdd password retry count is expired. Please shutdown the machine.",
1425 L"Press ENTER to shutdown",
1426 NULL
1427 );
1428 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1429 gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
1430 break;
1431 }
1432 }
1433 } else if (Status == EFI_ABORTED) {
1434 if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
1435 //
1436 // Current device in the lock status and
1437 // User not input password and press ESC,
1438 // keep device in lock status and continue boot.
1439 //
1440 do {
1441 CreatePopUp (
1442 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1443 &Key,
1444 L"Press ENTER to skip the request and continue boot,",
1445 L"Press ESC to input password again",
1446 NULL
1447 );
1448 } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
1449
1450 if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
1451 gST->ConOut->ClearScreen(gST->ConOut);
1452 //
1453 // Keep lock and continue boot.
1454 //
1455 return;
1456 } else {
1457 //
1458 // Let user input password again.
1459 //
1460 continue;
1461 }
1462 } else {
1463 //
1464 // Current device in the unlock status and
1465 // User not input password and press ESC,
1466 // Shutdown the device.
1467 //
1468 do {
1469 CreatePopUp (
1470 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1471 &Key,
1472 L"Press ENTER to shutdown, Press ESC to input password again",
1473 NULL
1474 );
1475 } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
1476
1477 if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
1478 gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
1479 } else {
1480 //
1481 // Let user input password again.
1482 //
1483 continue;
1484 }
1485 }
1486 }
1487 }
1488 }
1489 }
1490
1491 /**
1492 Process Set User Pwd HDD password request.
1493
1494 @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance.
1495 @param[in] Port The port number of attached ATA device.
1496 @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device.
1497 @param[in] ConfigFormEntry The HDD Password configuration form entry.
1498
1499 **/
1500 VOID
1501 ProcessHddPasswordRequestSetUserPwd (
1502 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
1503 IN UINT16 Port,
1504 IN UINT16 PortMultiplierPort,
1505 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry
1506 )
1507 {
1508 EFI_STATUS Status;
1509 CHAR16 PopUpString[100];
1510 ATA_IDENTIFY_DATA IdentifyData;
1511 EFI_INPUT_KEY Key;
1512 UINT16 RetryCount;
1513 CHAR8 Password[HDD_PASSWORD_MAX_LENGTH];
1514 CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH];
1515
1516 RetryCount = 0;
1517
1518 DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__));
1519
1520 if (ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
1521 DEBUG ((DEBUG_INFO, "%s is frozen, do nothing\n", ConfigFormEntry->HddString));
1522 return;
1523 }
1524
1525 if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
1526 DEBUG ((DEBUG_INFO, "%s is locked, do nothing\n", ConfigFormEntry->HddString));
1527 return;
1528 }
1529
1530 UnicodeSPrint (PopUpString, sizeof (PopUpString), L"Set User Pwd: %s", ConfigFormEntry->HddString);
1531
1532 //
1533 // Check the device security status.
1534 //
1535 if (ConfigFormEntry->IfrData.SecurityStatus.Supported) {
1536 while (TRUE) {
1537 Status = PopupHddPasswordInputWindows (PopUpString, L"Please type in your new password", Password);
1538 if (!EFI_ERROR (Status)) {
1539 Status = PopupHddPasswordInputWindows (PopUpString, L"Please confirm your new password", PasswordConfirm);
1540 if (!EFI_ERROR (Status)) {
1541 if (CompareMem (Password, PasswordConfirm, HDD_PASSWORD_MAX_LENGTH) == 0) {
1542 if (!PasswordIsFullZero (Password)) {
1543 Status = SetHddPassword (AtaPassThru, Port, PortMultiplierPort, 0, 1, 0, Password);
1544 } else {
1545 if (ConfigFormEntry->IfrData.SecurityStatus.Enabled) {
1546 Status = DisableHddPassword (AtaPassThru, Port, PortMultiplierPort, 0, ConfigFormEntry->Password);
1547 } else {
1548 Status = EFI_INVALID_PARAMETER;
1549 }
1550 }
1551 if (!EFI_ERROR (Status)) {
1552 CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH);
1553 SaveHddPasswordVariable (ConfigFormEntry, Password);
1554 ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
1555 ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
1556 Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
1557 ASSERT_EFI_ERROR (Status);
1558
1559 //
1560 // Check the device security status again.
1561 //
1562 GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData);
1563 return;
1564 } else {
1565 do {
1566 CreatePopUp (
1567 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1568 &Key,
1569 L"Set/Disable User Pwd failed or invalid password.",
1570 L"Press ENTER to retry",
1571 NULL
1572 );
1573 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1574 }
1575 } else {
1576 do {
1577 CreatePopUp (
1578 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1579 &Key,
1580 L"Passwords are not the same.",
1581 L"Press ENTER to retry",
1582 NULL
1583 );
1584 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1585 Status = EFI_INVALID_PARAMETER;
1586 }
1587 }
1588
1589 ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
1590 ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
1591
1592 if (EFI_ERROR (Status)) {
1593 RetryCount ++;
1594 if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) {
1595 do {
1596 CreatePopUp (
1597 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1598 &Key,
1599 L"Hdd password retry count is expired.",
1600 L"Press ENTER to skip the request and continue boot",
1601 NULL
1602 );
1603 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1604 gST->ConOut->ClearScreen(gST->ConOut);
1605 return;
1606 }
1607 }
1608 } else if (Status == EFI_ABORTED) {
1609 do {
1610 CreatePopUp (
1611 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1612 &Key,
1613 L"Press ENTER to skip the request and continue boot,",
1614 L"Press ESC to input password again",
1615 NULL
1616 );
1617 } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
1618
1619 if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
1620 gST->ConOut->ClearScreen(gST->ConOut);
1621 return;
1622 } else {
1623 //
1624 // Let user input password again.
1625 //
1626 continue;
1627 }
1628 }
1629 }
1630 }
1631 }
1632
1633 /**
1634 Process Set Master Pwd HDD password request.
1635
1636 @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance.
1637 @param[in] Port The port number of attached ATA device.
1638 @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device.
1639 @param[in] ConfigFormEntry The HDD Password configuration form entry.
1640
1641 **/
1642 VOID
1643 ProcessHddPasswordRequestSetMasterPwd (
1644 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
1645 IN UINT16 Port,
1646 IN UINT16 PortMultiplierPort,
1647 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry
1648 )
1649 {
1650 EFI_STATUS Status;
1651 CHAR16 PopUpString[100];
1652 EFI_INPUT_KEY Key;
1653 UINT16 RetryCount;
1654 CHAR8 Password[HDD_PASSWORD_MAX_LENGTH];
1655 CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH];
1656
1657 RetryCount = 0;
1658
1659 DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__));
1660
1661 if (ConfigFormEntry->IfrData.SecurityStatus.Frozen) {
1662 DEBUG ((DEBUG_INFO, "%s is frozen, do nothing\n", ConfigFormEntry->HddString));
1663 return;
1664 }
1665
1666 if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
1667 DEBUG ((DEBUG_INFO, "%s is locked, do nothing\n", ConfigFormEntry->HddString));
1668 return;
1669 }
1670
1671 UnicodeSPrint (PopUpString, sizeof (PopUpString), L"Set Master Pwd: %s", ConfigFormEntry->HddString);
1672
1673 //
1674 // Check the device security status.
1675 //
1676 if (ConfigFormEntry->IfrData.SecurityStatus.Supported) {
1677 while (TRUE) {
1678 Status = PopupHddPasswordInputWindows (PopUpString, L"Please type in your new password", Password);
1679 if (!EFI_ERROR (Status)) {
1680 Status = PopupHddPasswordInputWindows (PopUpString, L"Please confirm your new password", PasswordConfirm);
1681 if (!EFI_ERROR (Status)) {
1682 if (CompareMem (Password, PasswordConfirm, HDD_PASSWORD_MAX_LENGTH) == 0) {
1683 if (!PasswordIsFullZero (Password)) {
1684 Status = SetHddPassword (AtaPassThru, Port, PortMultiplierPort, 1, 1, 1, Password);
1685 } else {
1686 Status = EFI_INVALID_PARAMETER;
1687 }
1688 if (!EFI_ERROR (Status)) {
1689 ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
1690 ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
1691 return;
1692 } else {
1693 do {
1694 CreatePopUp (
1695 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1696 &Key,
1697 L"Set Master Pwd failed or invalid password.",
1698 L"Press ENTER to retry",
1699 NULL
1700 );
1701 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1702 }
1703 } else {
1704 do {
1705 CreatePopUp (
1706 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1707 &Key,
1708 L"Passwords are not the same.",
1709 L"Press ENTER to retry",
1710 NULL
1711 );
1712 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1713 Status = EFI_INVALID_PARAMETER;
1714 }
1715 }
1716
1717 ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH);
1718 ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH);
1719
1720 if (EFI_ERROR (Status)) {
1721 RetryCount ++;
1722 if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) {
1723 do {
1724 CreatePopUp (
1725 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1726 &Key,
1727 L"Hdd password retry count is expired.",
1728 L"Press ENTER to skip the request and continue boot",
1729 NULL
1730 );
1731 } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
1732 gST->ConOut->ClearScreen(gST->ConOut);
1733 return;
1734 }
1735 }
1736 } else if (Status == EFI_ABORTED) {
1737 do {
1738 CreatePopUp (
1739 EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
1740 &Key,
1741 L"Press ENTER to skip the request and continue boot,",
1742 L"Press ESC to input password again",
1743 NULL
1744 );
1745 } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN));
1746
1747 if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
1748 gST->ConOut->ClearScreen(gST->ConOut);
1749 return;
1750 } else {
1751 //
1752 // Let user input password again.
1753 //
1754 continue;
1755 }
1756 }
1757 }
1758 }
1759 }
1760
1761 /**
1762 Process HDD password request.
1763
1764 @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance.
1765 @param[in] Port The port number of attached ATA device.
1766 @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device.
1767 @param[in] ConfigFormEntry The HDD Password configuration form entry.
1768
1769 **/
1770 VOID
1771 ProcessHddPasswordRequest (
1772 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
1773 IN UINT16 Port,
1774 IN UINT16 PortMultiplierPort,
1775 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry
1776 )
1777 {
1778 EFI_STATUS Status;
1779 HDD_PASSWORD_REQUEST_VARIABLE *TempVariable;
1780 HDD_PASSWORD_REQUEST_VARIABLE *Variable;
1781 UINTN VariableSize;
1782
1783 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
1784
1785 if (mHddPasswordRequestVariable == NULL) {
1786 Status = GetVariable2 (
1787 HDD_PASSWORD_REQUEST_VARIABLE_NAME,
1788 &mHddPasswordVendorGuid,
1789 (VOID **) &Variable,
1790 &VariableSize
1791 );
1792 if (EFI_ERROR (Status) || (Variable == NULL)) {
1793 return;
1794 }
1795 mHddPasswordRequestVariable = Variable;
1796 mHddPasswordRequestVariableSize = VariableSize;
1797
1798 //
1799 // Delete the HDD password request variable.
1800 //
1801 Status = gRT->SetVariable (
1802 HDD_PASSWORD_REQUEST_VARIABLE_NAME,
1803 &mHddPasswordVendorGuid,
1804 0,
1805 0,
1806 NULL
1807 );
1808 ASSERT_EFI_ERROR (Status);
1809 } else {
1810 Variable = mHddPasswordRequestVariable;
1811 VariableSize = mHddPasswordRequestVariableSize;
1812 }
1813
1814 //
1815 // Process the HDD password requests.
1816 //
1817 TempVariable = Variable;
1818 while (VariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) {
1819 if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) &&
1820 (TempVariable->Device.Device == ConfigFormEntry->Device) &&
1821 (TempVariable->Device.Function == ConfigFormEntry->Function) &&
1822 (TempVariable->Device.Port == ConfigFormEntry->Port) &&
1823 (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
1824 //
1825 // Found the node for the HDD password device.
1826 //
1827 if (TempVariable->Request.UserPassword != 0) {
1828 ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
1829 }
1830 if (TempVariable->Request.MasterPassword != 0) {
1831 ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
1832 }
1833
1834 break;
1835 }
1836
1837 VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
1838 TempVariable += 1;
1839 }
1840
1841 DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
1842 }
1843
1844 /**
1845 Get saved HDD password request.
1846
1847 @param[in, out] ConfigFormEntry The HDD Password configuration form entry.
1848
1849 **/
1850 VOID
1851 GetSavedHddPasswordRequest (
1852 IN OUT HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry
1853 )
1854 {
1855 EFI_STATUS Status;
1856 HDD_PASSWORD_REQUEST_VARIABLE *TempVariable;
1857 HDD_PASSWORD_REQUEST_VARIABLE *Variable;
1858 UINTN VariableSize;
1859
1860 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
1861
1862 Variable = NULL;
1863 VariableSize = 0;
1864
1865 Status = GetVariable2 (
1866 HDD_PASSWORD_REQUEST_VARIABLE_NAME,
1867 &mHddPasswordVendorGuid,
1868 (VOID **) &Variable,
1869 &VariableSize
1870 );
1871 if (EFI_ERROR (Status) || (Variable == NULL)) {
1872 return;
1873 }
1874
1875 TempVariable = Variable;
1876 while (VariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) {
1877 if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) &&
1878 (TempVariable->Device.Device == ConfigFormEntry->Device) &&
1879 (TempVariable->Device.Function == ConfigFormEntry->Function) &&
1880 (TempVariable->Device.Port == ConfigFormEntry->Port) &&
1881 (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
1882 //
1883 // Found the node for the HDD password device.
1884 // Get the HDD password request.
1885 //
1886 CopyMem (&ConfigFormEntry->IfrData.Request, &TempVariable->Request, sizeof (HDD_PASSWORD_REQUEST));
1887 DEBUG ((
1888 DEBUG_INFO,
1889 "HddPasswordRequest got: 0x%x\n",
1890 ConfigFormEntry->IfrData.Request
1891 ));
1892 break;
1893 }
1894 VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
1895 TempVariable += 1;
1896 }
1897
1898 FreePool (Variable);
1899
1900 DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
1901 }
1902
1903 /**
1904 Save HDD password request.
1905
1906 @param[in] ConfigFormEntry The HDD Password configuration form entry.
1907
1908 **/
1909 VOID
1910 SaveHddPasswordRequest (
1911 IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry
1912 )
1913 {
1914 EFI_STATUS Status;
1915 HDD_PASSWORD_REQUEST_VARIABLE *TempVariable;
1916 UINTN TempVariableSize;
1917 HDD_PASSWORD_REQUEST_VARIABLE *Variable;
1918 UINTN VariableSize;
1919 HDD_PASSWORD_REQUEST_VARIABLE *NewVariable;
1920 UINTN NewVariableSize;
1921
1922 DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
1923
1924 DEBUG ((
1925 DEBUG_INFO,
1926 "HddPasswordRequest to save: 0x%x\n",
1927 ConfigFormEntry->IfrData.Request
1928 ));
1929
1930 Variable = NULL;
1931 VariableSize = 0;
1932 NewVariable = NULL;
1933 NewVariableSize = 0;
1934
1935 Status = GetVariable2 (
1936 HDD_PASSWORD_REQUEST_VARIABLE_NAME,
1937 &mHddPasswordVendorGuid,
1938 (VOID **) &Variable,
1939 &VariableSize
1940 );
1941 if (!EFI_ERROR (Status) && (Variable != NULL)) {
1942 TempVariable = Variable;
1943 TempVariableSize = VariableSize;
1944 while (TempVariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) {
1945 if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) &&
1946 (TempVariable->Device.Device == ConfigFormEntry->Device) &&
1947 (TempVariable->Device.Function == ConfigFormEntry->Function) &&
1948 (TempVariable->Device.Port == ConfigFormEntry->Port) &&
1949 (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) {
1950 //
1951 // Found the node for the HDD password device.
1952 // Update the HDD password request.
1953 //
1954 CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
1955 NewVariable = Variable;
1956 NewVariableSize = VariableSize;
1957 break;
1958 }
1959 TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
1960 TempVariable += 1;
1961 }
1962 if (NewVariable == NULL) {
1963 //
1964 // The node for the HDD password device is not found.
1965 // Create node for the HDD password device.
1966 //
1967 NewVariableSize = VariableSize + sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
1968 NewVariable = AllocateZeroPool (NewVariableSize);
1969 ASSERT (NewVariable != NULL);
1970 CopyMem (NewVariable, Variable, VariableSize);
1971 TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize);
1972 TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
1973 TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
1974 TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
1975 TempVariable->Device.Port = ConfigFormEntry->Port;
1976 TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
1977 CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
1978 }
1979 } else {
1980 NewVariableSize = sizeof (HDD_PASSWORD_REQUEST_VARIABLE);
1981 NewVariable = AllocateZeroPool (NewVariableSize);
1982 ASSERT (NewVariable != NULL);
1983 NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus;
1984 NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device;
1985 NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function;
1986 NewVariable->Device.Port = ConfigFormEntry->Port;
1987 NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort;
1988 CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST));
1989 }
1990 Status = gRT->SetVariable (
1991 HDD_PASSWORD_REQUEST_VARIABLE_NAME,
1992 &mHddPasswordVendorGuid,
1993 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
1994 NewVariableSize,
1995 NewVariable
1996 );
1997 if (EFI_ERROR (Status)) {
1998 DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status));
1999 }
2000 if (NewVariable != Variable) {
2001 FreePool (NewVariable);
2002 }
2003 if (Variable != NULL) {
2004 FreePool (Variable);
2005 }
2006
2007 DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
2008 }
2009
2010 /**
2011 Get the HDD Password configuration form entry by the index of the goto opcode actived.
2012
2013 @param[in] Index The 0-based index of the goto opcode actived.
2014
2015 @return The HDD Password configuration form entry found.
2016 **/
2017 HDD_PASSWORD_CONFIG_FORM_ENTRY *
2018 HddPasswordGetConfigFormEntryByIndex (
2019 IN UINT32 Index
2020 )
2021 {
2022 LIST_ENTRY *Entry;
2023 UINT32 CurrentIndex;
2024 HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry;
2025
2026 CurrentIndex = 0;
2027 ConfigFormEntry = NULL;
2028
2029 EFI_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) {
2030 if (CurrentIndex == Index) {
2031 ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link);
2032 break;
2033 }
2034
2035 CurrentIndex++;
2036 }
2037
2038 return ConfigFormEntry;
2039 }
2040
2041 /**
2042 This function allows the caller to request the current
2043 configuration for one or more named elements. The resulting
2044 string is in <ConfigAltResp> format. Any and all alternative
2045 configuration strings shall also be appended to the end of the
2046 current configuration string. If they are, they must appear
2047 after the current configuration. They must contain the same
2048 routing (GUID, NAME, PATH) as the current configuration string.
2049 They must have an additional description indicating the type of
2050 alternative configuration the string represents,
2051 "ALTCFG=<StringToken>". That <StringToken> (when
2052 converted from Hex UNICODE to binary) is a reference to a
2053 string in the associated string pack.
2054
2055 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
2056 @param[in] Request A null-terminated Unicode string in
2057 <ConfigRequest> format. Note that this
2058 includes the routing information as well as
2059 the configurable name / value pairs. It is
2060 invalid for this string to be in
2061 <MultiConfigRequest> format.
2062 @param[out] Progress On return, points to a character in the
2063 Request string. Points to the string's null
2064 terminator if request was successful. Points
2065 to the most recent "&" before the first
2066 failing name / value pair (or the beginning
2067 of the string if the failure is in the first
2068 name / value pair) if the request was not
2069 successful.
2070 @param[out] Results A null-terminated Unicode string in
2071 <ConfigAltResp> format which has all values
2072 filled in for the names in the Request string.
2073 String to be allocated by the called function.
2074
2075 @retval EFI_SUCCESS The Results string is filled with the
2076 values corresponding to all requested
2077 names.
2078 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
2079 parts of the results that must be
2080 stored awaiting possible future
2081 protocols.
2082 @retval EFI_INVALID_PARAMETER For example, passing in a NULL
2083 for the Request parameter
2084 would result in this type of
2085 error. In this case, the
2086 Progress parameter would be
2087 set to NULL.
2088 @retval EFI_NOT_FOUND Routing data doesn't match any
2089 known driver. Progress set to the
2090 first character in the routing header.
2091 Note: There is no requirement that the
2092 driver validate the routing data. It
2093 must skip the <ConfigHdr> in order to
2094 process the names.
2095 @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
2096 to most recent & before the
2097 error or the beginning of the
2098 string.
2099 @retval EFI_INVALID_PARAMETER Unknown name. Progress points
2100 to the & before the name in
2101 question.Currently not implemented.
2102 **/
2103 EFI_STATUS
2104 EFIAPI
2105 HddPasswordFormExtractConfig (
2106 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
2107 IN CONST EFI_STRING Request,
2108 OUT EFI_STRING *Progress,
2109 OUT EFI_STRING *Results
2110 )
2111 {
2112 EFI_STATUS Status;
2113 UINTN BufferSize;
2114 HDD_PASSWORD_CONFIG *IfrData;
2115 HDD_PASSWORD_DXE_PRIVATE_DATA *Private;
2116 EFI_STRING ConfigRequestHdr;
2117 EFI_STRING ConfigRequest;
2118 BOOLEAN AllocatedRequest;
2119 UINTN Size;
2120
2121 if (Progress == NULL || Results == NULL) {
2122 return EFI_INVALID_PARAMETER;
2123 }
2124
2125 *Progress = Request;
2126 if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &mHddPasswordVendorGuid, mHddPasswordVendorStorageName)) {
2127 return EFI_NOT_FOUND;
2128 }
2129
2130 ConfigRequestHdr = NULL;
2131 ConfigRequest = NULL;
2132 AllocatedRequest = FALSE;
2133 Size = 0;
2134
2135 Private = HDD_PASSWORD_DXE_PRIVATE_FROM_THIS (This);
2136 IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG));
2137 ASSERT (IfrData != NULL);
2138 if (Private->Current != NULL) {
2139 CopyMem (IfrData, &Private->Current->IfrData, sizeof (HDD_PASSWORD_CONFIG));
2140 }
2141
2142 //
2143 // Convert buffer data to <ConfigResp> by helper function BlockToConfig()
2144 //
2145 BufferSize = sizeof (HDD_PASSWORD_CONFIG);
2146 ConfigRequest = Request;
2147 if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
2148 //
2149 // Request has no request element, construct full request string.
2150 // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
2151 // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
2152 //
2153 ConfigRequestHdr = HiiConstructConfigHdr (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, Private->DriverHandle);
2154 Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
2155 ConfigRequest = AllocateZeroPool (Size);
2156 ASSERT (ConfigRequest != NULL);
2157 AllocatedRequest = TRUE;
2158 UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
2159 FreePool (ConfigRequestHdr);
2160 }
2161 Status = gHiiConfigRouting->BlockToConfig (
2162 gHiiConfigRouting,
2163 ConfigRequest,
2164 (UINT8 *) IfrData,
2165 BufferSize,
2166 Results,
2167 Progress
2168 );
2169 FreePool (IfrData);
2170 //
2171 // Free the allocated config request string.
2172 //
2173 if (AllocatedRequest) {
2174 FreePool (ConfigRequest);
2175 ConfigRequest = NULL;
2176 }
2177
2178 //
2179 // Set Progress string to the original request string.
2180 //
2181 if (Request == NULL) {
2182 *Progress = NULL;
2183 } else if (StrStr (Request, L"OFFSET") == NULL) {
2184 *Progress = Request + StrLen (Request);
2185 }
2186
2187 return Status;
2188 }
2189
2190 /**
2191 This function applies changes in a driver's configuration.
2192 Input is a Configuration, which has the routing data for this
2193 driver followed by name / value configuration pairs. The driver
2194 must apply those pairs to its configurable storage. If the
2195 driver's configuration is stored in a linear block of data
2196 and the driver's name / value pairs are in <BlockConfig>
2197 format, it may use the ConfigToBlock helper function (above) to
2198 simplify the job. Currently not implemented.
2199
2200 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
2201 @param[in] Configuration A null-terminated Unicode string in
2202 <ConfigString> format.
2203 @param[out] Progress A pointer to a string filled in with the
2204 offset of the most recent '&' before the
2205 first failing name / value pair (or the
2206 beginn ing of the string if the failure
2207 is in the first name / value pair) or
2208 the terminating NULL if all was
2209 successful.
2210
2211 @retval EFI_SUCCESS The results have been distributed or are
2212 awaiting distribution.
2213 @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
2214 parts of the results that must be
2215 stored awaiting possible future
2216 protocols.
2217 @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
2218 Results parameter would result
2219 in this type of error.
2220 @retval EFI_NOT_FOUND Target for the specified routing data
2221 was not found.
2222 **/
2223 EFI_STATUS
2224 EFIAPI
2225 HddPasswordFormRouteConfig (
2226 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
2227 IN CONST EFI_STRING Configuration,
2228 OUT EFI_STRING *Progress
2229 )
2230 {
2231 if (Configuration == NULL || Progress == NULL) {
2232 return EFI_INVALID_PARAMETER;
2233 }
2234
2235 //
2236 // Check routing data in <ConfigHdr>.
2237 // Note: if only one Storage is used, then this checking could be skipped.
2238 //
2239 if (!HiiIsConfigHdrMatch (Configuration, &mHddPasswordVendorGuid, mHddPasswordVendorStorageName)) {
2240 *Progress = Configuration;
2241 return EFI_NOT_FOUND;
2242 }
2243
2244 *Progress = Configuration + StrLen (Configuration);
2245 return EFI_SUCCESS;
2246 }
2247
2248 /**
2249 This function is called to provide results data to the driver.
2250 This data consists of a unique key that is used to identify
2251 which data is either being passed back or being asked for.
2252
2253 @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
2254 @param[in] Action Specifies the type of action taken by the browser.
2255 @param[in] QuestionId A unique value which is sent to the original
2256 exporting driver so that it can identify the type
2257 of data to expect. The format of the data tends to
2258 vary based on the opcode that enerated the callback.
2259 @param[in] Type The type of value for the question.
2260 @param[in] Value A pointer to the data being sent to the original
2261 exporting driver.
2262 @param[out] ActionRequest On return, points to the action requested by the
2263 callback function.
2264
2265 @retval EFI_SUCCESS The callback successfully handled the action.
2266 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
2267 variable and its data.
2268 @retval EFI_DEVICE_ERROR The variable could not be saved.
2269 @retval EFI_UNSUPPORTED The specified Action is not supported by the
2270 callback.Currently not implemented.
2271 @retval EFI_INVALID_PARAMETERS Passing in wrong parameter.
2272 @retval Others Other errors as indicated.
2273 **/
2274 EFI_STATUS
2275 EFIAPI
2276 HddPasswordFormCallback (
2277 IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
2278 IN EFI_BROWSER_ACTION Action,
2279 IN EFI_QUESTION_ID QuestionId,
2280 IN UINT8 Type,
2281 IN EFI_IFR_TYPE_VALUE *Value,
2282 OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
2283 )
2284 {
2285 HDD_PASSWORD_DXE_PRIVATE_DATA *Private;
2286 EFI_STRING_ID DeviceFormTitleToken;
2287 HDD_PASSWORD_CONFIG *IfrData;
2288 HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry;
2289
2290 if (ActionRequest != NULL) {
2291 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
2292 } else {
2293 return EFI_INVALID_PARAMETER;
2294 }
2295
2296 if ((Action != EFI_BROWSER_ACTION_CHANGING) && (Action != EFI_BROWSER_ACTION_CHANGED)) {
2297 //
2298 // Do nothing for other UEFI Action. Only do call back when data is changing or changed.
2299 //
2300 return EFI_UNSUPPORTED;
2301 }
2302
2303 Private = HDD_PASSWORD_DXE_PRIVATE_FROM_THIS (This);
2304
2305 //
2306 // Retrive data from Browser
2307 //
2308 IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG));
2309 ASSERT (IfrData != NULL);
2310 if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData)) {
2311 FreePool (IfrData);
2312 return EFI_NOT_FOUND;
2313 }
2314
2315 switch (QuestionId) {
2316 case KEY_HDD_USER_PASSWORD:
2317 if (Action == EFI_BROWSER_ACTION_CHANGED) {
2318 DEBUG ((DEBUG_INFO, "KEY_HDD_USER_PASSWORD\n"));
2319 ConfigFormEntry = Private->Current;
2320 ConfigFormEntry->IfrData.Request.UserPassword = Value->b;
2321 SaveHddPasswordRequest (ConfigFormEntry);
2322 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
2323 }
2324 break;
2325 case KEY_HDD_MASTER_PASSWORD:
2326 if (Action == EFI_BROWSER_ACTION_CHANGED) {
2327 DEBUG ((DEBUG_INFO, "KEY_HDD_MASTER_PASSWORD\n"));
2328 ConfigFormEntry = Private->Current;
2329 ConfigFormEntry->IfrData.Request.MasterPassword = Value->b;
2330 SaveHddPasswordRequest (ConfigFormEntry);
2331 *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
2332 }
2333 break;
2334
2335 default:
2336 if ((QuestionId >= KEY_HDD_DEVICE_ENTRY_BASE) && (QuestionId < (mNumberOfHddDevices + KEY_HDD_DEVICE_ENTRY_BASE))) {
2337 if (Action == EFI_BROWSER_ACTION_CHANGING) {
2338 //
2339 // In case goto the device configuration form, update the device form title.
2340 //
2341 ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32) (QuestionId - KEY_HDD_DEVICE_ENTRY_BASE));
2342 ASSERT (ConfigFormEntry != NULL);
2343
2344 DeviceFormTitleToken = (EFI_STRING_ID) STR_HDD_SECURITY_HD;
2345 HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL);
2346
2347 Private->Current = ConfigFormEntry;
2348 CopyMem (IfrData, &ConfigFormEntry->IfrData, sizeof (HDD_PASSWORD_CONFIG));
2349 }
2350 }
2351
2352 break;
2353 }
2354
2355 //
2356 // Pass changed uncommitted data back to Form Browser
2357 //
2358 HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData, NULL);
2359
2360 FreePool (IfrData);
2361 return EFI_SUCCESS;
2362 }
2363
2364 /**
2365 Updates the HDD Password configuration form to add an entry for the attached
2366 ata harddisk device specified by the Controller.
2367
2368 @param[in] HiiHandle The HII Handle associated with the registered package list.
2369 @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance.
2370 @param[in] PciIo Pointer to PCI_IO instance.
2371 @param[in] Controller The controller handle of the attached ata controller.
2372 @param[in] Bus The bus number of ATA controller.
2373 @param[in] Device The device number of ATA controller.
2374 @param[in] Function The function number of ATA controller.
2375 @param[in] Port The port number of attached ATA device.
2376 @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device.
2377
2378 @retval EFI_SUCCESS The Hdd Password configuration form is updated.
2379 @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
2380 @retval Others Other errors as indicated.
2381
2382 **/
2383 EFI_STATUS
2384 HddPasswordConfigUpdateForm (
2385 IN EFI_HII_HANDLE HiiHandle,
2386 IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru,
2387 IN EFI_PCI_IO_PROTOCOL *PciIo,
2388 IN EFI_HANDLE Controller,
2389 IN UINTN Bus,
2390 IN UINTN Device,
2391 IN UINTN Function,
2392 IN UINT16 Port,
2393 IN UINT16 PortMultiplierPort
2394 )
2395 {
2396 LIST_ENTRY *Entry;
2397 HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry;
2398 BOOLEAN EntryExisted;
2399 EFI_STATUS Status;
2400 VOID *StartOpCodeHandle;
2401 VOID *EndOpCodeHandle;
2402 EFI_IFR_GUID_LABEL *StartLabel;
2403 EFI_IFR_GUID_LABEL *EndLabel;
2404 CHAR16 HddString[40];
2405 ATA_IDENTIFY_DATA IdentifyData;
2406 EFI_DEVICE_PATH_PROTOCOL *AtaDeviceNode;
2407
2408 ConfigFormEntry = NULL;
2409 EntryExisted = FALSE;
2410
2411 EFI_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) {
2412 ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link);
2413
2414 if ((ConfigFormEntry->Bus == Bus) &&
2415 (ConfigFormEntry->Device == Device) &&
2416 (ConfigFormEntry->Function == Function) &&
2417 (ConfigFormEntry->Port == Port) &&
2418 (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) {
2419 EntryExisted = TRUE;
2420 break;
2421 }
2422 }
2423
2424 if (!EntryExisted) {
2425 //
2426 // Add a new form.
2427 //
2428 ConfigFormEntry = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG_FORM_ENTRY));
2429 if (ConfigFormEntry == NULL) {
2430 return EFI_OUT_OF_RESOURCES;
2431 }
2432
2433 InitializeListHead (&ConfigFormEntry->Link);
2434 ConfigFormEntry->Controller = Controller;
2435 ConfigFormEntry->Bus = Bus;
2436 ConfigFormEntry->Device = Device;
2437 ConfigFormEntry->Function = Function;
2438 ConfigFormEntry->Port = Port;
2439 ConfigFormEntry->PortMultiplierPort = PortMultiplierPort;
2440 ConfigFormEntry->AtaPassThru = AtaPassThru;
2441
2442 DEBUG ((DEBUG_INFO, "HddPasswordDxe: Create new form for device[%d][%d] at Bus 0x%x Dev 0x%x Func 0x%x\n", Port, PortMultiplierPort, Bus, Device, Function));
2443
2444 //
2445 // Construct the device path for the HDD password device
2446 //
2447 Status = AtaPassThru->BuildDevicePath (
2448 AtaPassThru,
2449 Port,
2450 PortMultiplierPort,
2451 &AtaDeviceNode
2452 );
2453 if (EFI_ERROR (Status)) {
2454 return Status;
2455 }
2456 ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode);
2457 FreePool (AtaDeviceNode);
2458 if (ConfigFormEntry->DevicePath == NULL) {
2459 return EFI_OUT_OF_RESOURCES;
2460 }
2461
2462 //
2463 // Get attached harddisk model number
2464 //
2465 Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData);
2466 ASSERT_EFI_ERROR (Status);
2467 if (EFI_ERROR (Status)) {
2468 return Status;
2469 }
2470 GetHddDeviceModelNumber (&IdentifyData, HddString);
2471 //
2472 // Compose the HDD title string and help string of this port and create a new EFI_STRING_ID.
2473 //
2474 UnicodeSPrint (ConfigFormEntry->HddString, sizeof (ConfigFormEntry->HddString), L"HDD %d:%s", mNumberOfHddDevices, HddString);
2475 ConfigFormEntry->TitleToken = HiiSetString (HiiHandle, 0, ConfigFormEntry->HddString, NULL);
2476 ConfigFormEntry->TitleHelpToken = HiiSetString (HiiHandle, 0, L"Request to set HDD Password", NULL);
2477
2478 GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData);
2479
2480 InsertTailList (&mHddPasswordConfigFormList, &ConfigFormEntry->Link);
2481
2482 //
2483 // Init OpCode Handle
2484 //
2485 StartOpCodeHandle = HiiAllocateOpCodeHandle ();
2486 ASSERT (StartOpCodeHandle != NULL);
2487
2488 EndOpCodeHandle = HiiAllocateOpCodeHandle ();
2489 ASSERT (EndOpCodeHandle != NULL);
2490
2491 //
2492 // Create Hii Extend Label OpCode as the start opcode
2493 //
2494 StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
2495 StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
2496 StartLabel->Number = HDD_DEVICE_ENTRY_LABEL;
2497
2498 //
2499 // Create Hii Extend Label OpCode as the end opcode
2500 //
2501 EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL));
2502 EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
2503 EndLabel->Number = HDD_DEVICE_LABEL_END;
2504
2505 mNumberOfHddDevices = 0;
2506 EFI_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) {
2507 ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link);
2508
2509 HiiCreateGotoOpCode (
2510 StartOpCodeHandle, // Container for dynamic created opcodes
2511 FORMID_HDD_DEVICE_FORM, // Target Form ID
2512 ConfigFormEntry->TitleToken, // Prompt text
2513 ConfigFormEntry->TitleHelpToken, // Help text
2514 EFI_IFR_FLAG_CALLBACK, // Question flag
2515 (UINT16) (KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID
2516 );
2517
2518 mNumberOfHddDevices++;
2519 }
2520
2521 HiiUpdateForm (
2522 HiiHandle,
2523 &mHddPasswordVendorGuid,
2524 FORMID_HDD_MAIN_FORM,
2525 StartOpCodeHandle,
2526 EndOpCodeHandle
2527 );
2528
2529 HiiFreeOpCodeHandle (StartOpCodeHandle);
2530 HiiFreeOpCodeHandle (EndOpCodeHandle);
2531
2532 //
2533 // Check if device is locked and prompt for password.
2534 //
2535 HddPasswordRequestPassword (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
2536
2537 //
2538 // Process HDD password request from last boot.
2539 //
2540 ProcessHddPasswordRequest (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry);
2541 }
2542
2543 return EFI_SUCCESS;
2544 }
2545
2546 /**
2547 Ata Pass Thru Protocol notification event handler.
2548
2549 Check attached harddisk status to see if it's locked. If yes, then pop up a password windows to require user input.
2550 It also registers a form for user configuration on Hdd password configuration.
2551
2552 @param[in] Event Event whose notification function is being invoked.
2553 @param[in] Context Pointer to the notification function's context.
2554
2555 **/
2556 VOID
2557 EFIAPI
2558 HddPasswordNotificationEvent (
2559 IN EFI_EVENT Event,
2560 IN VOID *Context
2561 )
2562 {
2563 EFI_STATUS Status;
2564 HDD_PASSWORD_DXE_PRIVATE_DATA *Private;
2565 EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru;
2566 UINT16 Port;
2567 UINT16 PortMultiplierPort;
2568 EFI_HANDLE Controller;
2569 EFI_HANDLE *HandleBuffer;
2570 UINTN HandleCount;
2571 UINTN Index;
2572 EFI_PCI_IO_PROTOCOL *PciIo;
2573 UINTN SegNum;
2574 UINTN BusNum;
2575 UINTN DevNum;
2576 UINTN FuncNum;
2577
2578 if (mHddPasswordEndOfDxe) {
2579 gBS->CloseEvent (Event);
2580 return;
2581 }
2582
2583 Private = (HDD_PASSWORD_DXE_PRIVATE_DATA *)Context;
2584
2585 //
2586 // Locate all handles of AtaPassThru protocol
2587 //
2588 Status = gBS->LocateHandleBuffer (
2589 ByProtocol,
2590 &gEfiAtaPassThruProtocolGuid,
2591 NULL,
2592 &HandleCount,
2593 &HandleBuffer
2594 );
2595 if (EFI_ERROR (Status)) {
2596 return ;
2597 }
2598
2599 //
2600 // Check attached hard disk status to see if it's locked
2601 //
2602 for (Index = 0; Index < HandleCount; Index += 1) {
2603 Controller = HandleBuffer[Index];
2604 Status = gBS->HandleProtocol (
2605 Controller,
2606 &gEfiAtaPassThruProtocolGuid,
2607 (VOID **) &AtaPassThru
2608 );
2609 if (EFI_ERROR (Status)) {
2610 break;
2611 }
2612
2613 //
2614 // Ignore those logical ATA_PASS_THRU instance.
2615 //
2616 if ((AtaPassThru->Mode->Attributes & EFI_ATA_PASS_THRU_ATTRIBUTES_PHYSICAL) == 0) {
2617 continue;
2618 }
2619
2620 Status = gBS->HandleProtocol (
2621 Controller,
2622 &gEfiPciIoProtocolGuid,
2623 (VOID **) &PciIo
2624 );
2625 ASSERT_EFI_ERROR (Status);
2626 if (EFI_ERROR (Status)) {
2627 break;
2628 }
2629
2630 Status = PciIo->GetLocation (
2631 PciIo,
2632 &SegNum,
2633 &BusNum,
2634 &DevNum,
2635 &FuncNum
2636 );
2637 ASSERT_EFI_ERROR (Status);
2638 if (EFI_ERROR (Status)) {
2639 break;
2640 }
2641
2642 //
2643 // Assume and only support Segment == 0.
2644 //
2645 ASSERT (SegNum == 0);
2646
2647 //
2648 // traverse all attached harddisk devices to update form and unlock it
2649 //
2650 Port = 0xFFFF;
2651
2652 while (TRUE) {
2653 Status = AtaPassThru->GetNextPort (AtaPassThru, &Port);
2654 if (EFI_ERROR (Status)) {
2655 //
2656 // We cannot find more legal port then we are done.
2657 //
2658 break;
2659 }
2660
2661 PortMultiplierPort = 0xFFFF;
2662 while (TRUE) {
2663 Status = AtaPassThru->GetNextDevice (AtaPassThru, Port, &PortMultiplierPort);
2664 if (EFI_ERROR (Status)) {
2665 //
2666 // We cannot find more legal port multiplier port number for ATA device
2667 // on the port, then we are done.
2668 //
2669 break;
2670 }
2671 //
2672 // Find out the attached harddisk devices.
2673 // Try to add a HDD Password configuration page for the attached devices.
2674 //
2675 gBS->RestoreTPL (TPL_APPLICATION);
2676 Status = HddPasswordConfigUpdateForm (Private->HiiHandle, AtaPassThru, PciIo, Controller, BusNum, DevNum, FuncNum, Port, PortMultiplierPort);
2677 gBS->RaiseTPL (TPL_CALLBACK);
2678 if (EFI_ERROR (Status)) {
2679 break;
2680 }
2681 }
2682 }
2683 }
2684
2685 FreePool (HandleBuffer);
2686 return ;
2687 }
2688
2689 /**
2690 Initialize the HDD Password configuration form.
2691
2692 @param[out] Instance Pointer to private instance.
2693
2694 @retval EFI_SUCCESS The HDD Password configuration form is initialized.
2695 @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
2696 @retval Others Other errors as indicated.
2697 **/
2698 EFI_STATUS
2699 HddPasswordConfigFormInit (
2700 OUT HDD_PASSWORD_DXE_PRIVATE_DATA **Instance
2701 )
2702 {
2703 EFI_STATUS Status;
2704 HDD_PASSWORD_DXE_PRIVATE_DATA *Private;
2705
2706 InitializeListHead (&mHddPasswordConfigFormList);
2707
2708 Private = AllocateZeroPool (sizeof (HDD_PASSWORD_DXE_PRIVATE_DATA));
2709 if (Private == NULL) {
2710 return EFI_OUT_OF_RESOURCES;
2711 }
2712
2713 Private->Signature = HDD_PASSWORD_DXE_PRIVATE_SIGNATURE;
2714
2715 Private->ConfigAccess.ExtractConfig = HddPasswordFormExtractConfig;
2716 Private->ConfigAccess.RouteConfig = HddPasswordFormRouteConfig;
2717 Private->ConfigAccess.Callback = HddPasswordFormCallback;
2718
2719 //
2720 // Install Device Path Protocol and Config Access protocol to driver handle
2721 //
2722 Status = gBS->InstallMultipleProtocolInterfaces (
2723 &Private->DriverHandle,
2724 &gEfiDevicePathProtocolGuid,
2725 &mHddPasswordHiiVendorDevicePath,
2726 &gEfiHiiConfigAccessProtocolGuid,
2727 &Private->ConfigAccess,
2728 NULL
2729 );
2730 ASSERT_EFI_ERROR (Status);
2731 if (EFI_ERROR (Status)) {
2732 FreePool(Private);
2733 return Status;
2734 }
2735
2736 //
2737 // Publish our HII data
2738 //
2739 Private->HiiHandle = HiiAddPackages (
2740 &mHddPasswordVendorGuid,
2741 Private->DriverHandle,
2742 HddPasswordDxeStrings,
2743 HddPasswordBin,
2744 NULL
2745 );
2746 if (Private->HiiHandle == NULL) {
2747 FreePool(Private);
2748 return EFI_OUT_OF_RESOURCES;
2749 }
2750
2751 *Instance = Private;
2752 return Status;
2753 }
2754
2755 /**
2756 Main entry for this driver.
2757
2758 @param ImageHandle Image handle this driver.
2759 @param SystemTable Pointer to SystemTable.
2760
2761 @retval EFI_SUCESS This function always complete successfully.
2762
2763 **/
2764 EFI_STATUS
2765 EFIAPI
2766 HddPasswordDxeInit (
2767 IN EFI_HANDLE ImageHandle,
2768 IN EFI_SYSTEM_TABLE *SystemTable
2769 )
2770 {
2771 EFI_STATUS Status;
2772 HDD_PASSWORD_DXE_PRIVATE_DATA *Private;
2773 EFI_EVENT Registration;
2774 EFI_EVENT EndOfDxeEvent;
2775 EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock;
2776
2777 Private = NULL;
2778
2779 //
2780 // Initialize the configuration form of HDD Password.
2781 //
2782 Status = HddPasswordConfigFormInit (&Private);
2783 if (EFI_ERROR (Status)) {
2784 return Status;
2785 }
2786
2787 //
2788 // Register HddPasswordNotificationEvent() notify function.
2789 //
2790 EfiCreateProtocolNotifyEvent (
2791 &gEfiAtaPassThruProtocolGuid,
2792 TPL_CALLBACK,
2793 HddPasswordNotificationEvent,
2794 (VOID *)Private,
2795 &Registration
2796 );
2797
2798 Status = gBS->CreateEventEx (
2799 EVT_NOTIFY_SIGNAL,
2800 TPL_CALLBACK,
2801 HddPasswordEndOfDxeEventNotify,
2802 NULL,
2803 &gEfiEndOfDxeEventGroupGuid,
2804 &EndOfDxeEvent
2805 );
2806 ASSERT_EFI_ERROR (Status);
2807
2808 //
2809 // Make HDD_PASSWORD_VARIABLE_NAME varible read-only.
2810 //
2811 Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock);
2812 if (!EFI_ERROR (Status)) {
2813 Status = VariableLock->RequestToLock (
2814 VariableLock,
2815 HDD_PASSWORD_VARIABLE_NAME,
2816 &mHddPasswordVendorGuid
2817 );
2818 DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status));
2819 ASSERT_EFI_ERROR (Status);
2820 }
2821
2822 return Status;
2823 }
EFI Development Kit II mirror for PVE