]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Include/Library/TcgStorageOpalLib.h
projects / mirror_edk2.git / blob
? search:


a28cebe738ac0151862c7e3e92a97c145bd3200d
[mirror_edk2.git] / SecurityPkg / Include / Library / TcgStorageOpalLib.h
1 /** @file
2 Public API for Opal Core library.
3
4 (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00,
5 https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/
6
7 Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00,
8 https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/
9
10 Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00,
11 https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/
12
13 TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00,
14 https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/
15
16 TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00,
17 https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/
18
19 TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00,
20 https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/)
21
22 Check http://trustedcomputinggroup.org for latest specification updates.
23
24 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
25 SPDX-License-Identifier: BSD-2-Clause-Patent
26
27 **/
28
29 #ifndef _OPAL_CORE_H_
30 #define _OPAL_CORE_H_
31
32 #include <IndustryStandard/TcgStorageOpal.h>
33
34 #include <Library/TcgStorageCoreLib.h>
35 #include <Protocol/StorageSecurityCommand.h>
36
37 #pragma pack(1)
38
39 typedef struct {
40 //
41 // Opal SSC 1 support (0 - not supported, 1 - supported)
42 //
43 UINT32 OpalSsc1 : 1;
44
45 //
46 // Opal SSC 2support (0 - not supported, 1 - supported)
47 //
48 UINT32 OpalSsc2 : 1;
49
50 //
51 // Opal SSC Lite support (0 - not supported, 1 - supported)
52 //
53 UINT32 OpalSscLite : 1;
54
55 //
56 // Pyrite SSC support (0 - not supported, 1 - supported)
57 //
58 UINT32 PyriteSsc : 1;
59
60 //
61 // Security protocol 1 support (0 - not supported, 1 - supported)
62 //
63 UINT32 Sp1 : 1;
64
65 //
66 // Security protocol 2 support (0 - not supported, 1 - supported)
67 //
68 UINT32 Sp2 : 1;
69
70 //
71 // Security protocol IEEE1667 support (0 - not supported, 1 - supported)
72 //
73 UINT32 SpIeee1667 : 1;
74
75 //
76 // Media encryption supported (0 - not supported, 1 - supported)
77 //
78 UINT32 MediaEncryption : 1;
79
80 //
81 // Initial C_PIN_SID PIN Indicator
82 // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value
83 // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value
84 //
85 UINT32 InitCpinIndicator : 1;
86
87 //
88 // Behavior of C_PIN_SID PIN upon TPer Revert
89 // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value
90 // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value
91 //
92 UINT32 CpinUponRevert : 1;
93
94 //
95 // Media encryption supported (0 - not supported, 1 - supported)
96 //
97 UINT32 BlockSid : 1;
98
99 //
100 // Pyrite SSC V2 support (0 - not supported, 1 - supported)
101 //
102 UINT32 PyriteSscV2 : 1;
103
104 //
105 // Supported Data Removal Mechanism support (0 - not supported, 1 - supported)
106 //
107 UINT32 DataRemoval : 1;
108 } OPAL_DISK_SUPPORT_ATTRIBUTE;
109
110 //
111 // Opal device ownership type
112 // The type indicates who was the determined owner of the device.
113 //
114 typedef enum {
115 //
116 // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP
117 //was unsuccessful with the provided PIN
118 //
119 OpalOwnershipUnknown,
120
121 //
122 // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN
123 //
124 OpalOwnershipNobody,
125 } OPAL_OWNER_SHIP;
126
127 //
128 // Structure that is used to represent an Opal session.
129 // The structure must be initialized by calling OpalStartSession before being used as a parameter
130 // for any other Opal function.
131 // This structure should NOT be directly modified by the client of this library.
132 //
133 //
134 typedef struct {
135 UINT32 HostSessionId;
136 UINT32 TperSessionId;
137 UINT16 ComIdExtension;
138
139 UINT16 OpalBaseComId;
140
141 EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;
142 UINT32 MediaId;
143 } OPAL_SESSION;
144 #pragma pack()
145
146 /**
147
148 The function fills in the provided Buffer with the supported protocol list
149 of the device specified.
150
151 @param[in] Session OPAL_SESSION data.
152 @param[in] BufferSize Size of Buffer provided (in bytes)
153 @param[in] BuffAddress Buffer address to fill with security protocol list
154
155 **/
156 TCG_RESULT
157 EFIAPI
158 OpalRetrieveSupportedProtocolList(
159 OPAL_SESSION *Session,
160 UINTN BufferSize,
161 VOID *BuffAddress
162 );
163
164 /**
165
166 The function fills in the provided Buffer with the level 0 discovery Header
167 of the device specified.
168
169 @param[in] Session OPAL_SESSION data.
170 @param[in] BufferSize Size of Buffer provided (in bytes)
171 @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response
172
173 **/
174 TCG_RESULT
175 EFIAPI
176 OpalRetrieveLevel0DiscoveryHeader(
177 OPAL_SESSION *Session,
178 UINTN BufferSize,
179 VOID *BuffAddress
180 );
181
182 /**
183 Starts a session with a security provider (SP).
184
185 If a session is started successfully, the caller must end the session with OpalEndSession when finished
186 performing Opal actions.
187
188 @param[in/out] Session OPAL_SESSION to initialize.
189 @param[in] SpId Security provider ID to start the session with.
190 @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE).
191 @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL
192 @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent.
193 @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent.
194 @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned.
195
196 @return TcgResultSuccess indicates that the function completed without any internal errors.
197 The caller must inspect the MethodStatus field to determine whether the method completed successfully.
198
199 **/
200 TCG_RESULT
201 EFIAPI
202 OpalStartSession(
203 OPAL_SESSION *Session,
204 TCG_UID SpId,
205 BOOLEAN Write,
206 UINT32 HostChallengeLength,
207 const VOID *HostChallenge,
208 TCG_UID HostSigningAuthority,
209 UINT8 *MethodStatus
210 );
211
212 /**
213 Close a session opened with OpalStartSession.
214
215 @param[in/out] Session OPAL_SESSION to end.
216
217 **/
218 TCG_RESULT
219 EFIAPI
220 OpalEndSession(
221 OPAL_SESSION *Session
222 );
223
224 /**
225
226 Reverts device using Admin SP Revert method.
227
228 @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.
229
230 **/
231 TCG_RESULT
232 EFIAPI
233 OpalPsidRevert(
234 OPAL_SESSION *AdminSpSession
235 );
236
237
238 /**
239
240 The function retrieves the MSID from the device specified
241
242 @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert.
243 @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller
244 @param[in] Msid Variable length byte sequence representing MSID of device
245 @param[in] MsidLength Actual length of MSID retrieved from device
246
247 **/
248 TCG_RESULT
249 EFIAPI
250 OpalGetMsid(
251 OPAL_SESSION *AdminSpSession,
252 UINT32 MsidBufferSize,
253 UINT8 *Msid,
254 UINT32 *MsidLength
255 );
256
257 /**
258
259 The function activates the Locking SP.
260 Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN.
261 If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs.
262
263 @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP
264 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
265
266 **/
267 TCG_RESULT
268 EFIAPI
269 OpalActivateLockingSp(
270 OPAL_SESSION *AdminSpSession,
271 UINT8 *MethodStatus
272 );
273
274
275 /**
276
277 The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value.
278
279 @param[in/out] Session OPAL_SESSION to set password
280 @param[in] CpinRowUid UID of row (authority) to update PIN column
281 @param[in] NewPin New Pin to set for cpinRowUid specified
282 @param[in] NewPinLength Length in bytes of newPin
283 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
284
285 **/
286 TCG_RESULT
287 EFIAPI
288 OpalSetPassword(
289 OPAL_SESSION *Session,
290 TCG_UID CpinRowUid,
291 const VOID *NewPin,
292 UINT32 NewPinLength,
293 UINT8 *MethodStatus
294 );
295
296 /**
297
298 The function retrieves the active key of the global locking range
299 and calls the GenKey method on the active key retrieved.
300
301 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key
302 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
303
304 **/
305 TCG_RESULT
306 EFIAPI
307 OpalGlobalLockingRangeGenKey(
308 OPAL_SESSION *LockingSpSession,
309 UINT8 *MethodStatus
310 );
311
312
313 /**
314
315 The function updates the ReadLocked and WriteLocked columns of the Global Locking Range.
316 This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns
317 (not ReadLockEnabled and WriteLockEnabled columns).
318
319 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key
320 @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range
321 @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range
322 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
323
324 **/
325 TCG_RESULT
326 EFIAPI
327 OpalUpdateGlobalLockingRange(
328 OPAL_SESSION *LockingSpSession,
329 BOOLEAN ReadLocked,
330 BOOLEAN WriteLocked,
331 UINT8 *MethodStatus
332 );
333
334
335 /**
336
337 The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns
338 of the specified Locking Range. This function requires admin authority of a locking SP session.
339
340 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key
341 @param[in] LockingRangeUid Locking range UID to set values
342 @param[in] RangeStart Value to set RangeStart column for Locking Range
343 @param[in] RangeLength Value to set RangeLength column for Locking Range
344 @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range
345 @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range
346 @param[in] ReadLocked Value to set ReadLocked column for Locking Range
347 @param[in] WriteLocked Value to set WriteLocked column for Locking Range
348 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
349
350 **/
351 TCG_RESULT
352 EFIAPI
353 OpalSetLockingRange(
354 OPAL_SESSION *LockingSpSession,
355 TCG_UID LockingRangeUid,
356 UINT64 RangeStart,
357 UINT64 RangeLength,
358 BOOLEAN ReadLockEnabled,
359 BOOLEAN WriteLockEnabled,
360 BOOLEAN ReadLocked,
361 BOOLEAN WriteLocked,
362 UINT8 *MethodStatus
363 );
364
365 /**
366
367 The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided
368 using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority.
369
370 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update
371 @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN
372 @param[in] AuthorityUid UID of Locking SP authority to update Pin column with
373 @param[in] NewPin New Password used to set Pin column
374 @param[in] NewPinLength Length in bytes of new password
375 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
376
377 **/
378 TCG_RESULT
379 EFIAPI
380 OpalSetLockingSpAuthorityEnabledAndPin(
381 OPAL_SESSION *LockingSpSession,
382 TCG_UID CpinRowUid,
383 TCG_UID AuthorityUid,
384 const VOID *NewPin,
385 UINT32 NewPinLength,
386 UINT8 *MethodStatus
387 );
388
389
390 /**
391
392 The function sets the Enabled column to FALSE for the USER1 authority.
393
394 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1
395 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
396
397 **/
398 TCG_RESULT
399 EFIAPI
400 OpalDisableUser(
401 OPAL_SESSION *LockingSpSession,
402 UINT8 *MethodStatus
403 );
404
405
406 /**
407
408 The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter
409 to keep the user data is set to True, otherwise the optional parameter is not provided.
410
411 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP
412 @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data.
413 @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS.
414
415 **/
416 TCG_RESULT
417 EFIAPI
418 OpalAdminRevert(
419 OPAL_SESSION *LockingSpSession,
420 BOOLEAN KeepUserData,
421 UINT8 *MethodStatus
422 );
423
424
425 /**
426
427 The function retrieves the TryLimit column for the specified rowUid (authority).
428
429 @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit
430 @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column
431 @param[in/out] TryLimit Value from TryLimit column
432
433 **/
434 TCG_RESULT
435 EFIAPI
436 OpalGetTryLimit(
437 OPAL_SESSION *LockingSpSession,
438 TCG_UID RowUid,
439 UINT32 *TryLimit
440 );
441
442
443 /**
444
445 The function populates the CreateStruct with a payload that will retrieve the global locking range active key.
446 It is intended to be called with a session that is already started with a valid credential.
447 The function does not send the payload.
448
449 @param[in] Session OPAL_SESSION to populate command for, needs comId
450 @param[in/out] CreateStruct Structure to populate with encoded TCG command
451 @param[in/out] Size Size in bytes of the command created.
452
453 **/
454 TCG_RESULT
455 EFIAPI
456 OpalCreateRetrieveGlobalLockingRangeActiveKey(
457 const OPAL_SESSION *Session,
458 TCG_CREATE_STRUCT *CreateStruct,
459 UINT32 *Size
460 );
461
462
463 /**
464
465 The function acquires the activeKey specified for the Global Locking Range from the parseStruct.
466
467 @param[in] ParseStruct Structure that contains the device's response with the activekey
468 @param[in/out] ActiveKey The UID of the active key retrieved
469
470 **/
471 TCG_RESULT
472 EFIAPI
473 OpalParseRetrieveGlobalLockingRangeActiveKey(
474 TCG_PARSE_STRUCT *ParseStruct,
475 TCG_UID *ActiveKey
476 );
477
478 /**
479
480 Get the support attribute info.
481
482 @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.
483 @param[in/out] LockingFeature Return the Locking info.
484
485 **/
486 TCG_RESULT
487 EFIAPI
488 OpalGetLockingInfo(
489 OPAL_SESSION *Session,
490 TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
491 );
492
493 /**
494
495 The function determines whether or not all of the requirements for the Opal Feature (not full specification)
496 are met by the specified device.
497
498 @param[in] SupportedAttributes Opal device attribute.
499
500 **/
501 BOOLEAN
502 EFIAPI
503 OpalFeatureSupported(
504 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes
505 );
506
507 /**
508
509 The function returns whether or not the device is Opal Enabled.
510 TRUE means that the device is partially or fully locked.
511 This will perform a Level 0 Discovery and parse the locking feature descriptor
512
513 @param[in] SupportedAttributes Opal device attribute.
514 @param[in] LockingFeature Opal device locking status.
515
516
517 **/
518 BOOLEAN
519 EFIAPI
520 OpalFeatureEnabled(
521 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
522 TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
523 );
524
525 /**
526
527 The function returns whether or not the device is Opal Locked.
528 TRUE means that the device is partially or fully locked.
529 This will perform a Level 0 Discovery and parse the locking feature descriptor
530
531 @param[in] SupportedAttributes Opal device attribute.
532 @param[in] LockingFeature Opal device locking status.
533
534 **/
535 BOOLEAN
536 OpalDeviceLocked(
537 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
538 TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
539 );
540
541 /**
542 Trig the block sid action.
543
544 @param[in] Session OPAL_SESSION to populate command for, needs comId
545 @param[in] HardwareReset Whether need to do hardware reset.
546
547 **/
548 TCG_RESULT
549 EFIAPI
550 OpalBlockSid(
551 OPAL_SESSION *Session,
552 BOOLEAN HardwareReset
553 );
554
555 /**
556
557 Get the support attribute info.
558
559 @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info.
560 @param[in/out] SupportedAttributes Return the support attribute info.
561 @param[out] OpalBaseComId Return the base com id info.
562
563 **/
564 TCG_RESULT
565 EFIAPI
566 OpalGetSupportedAttributesInfo(
567 OPAL_SESSION *Session,
568 OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
569 UINT16 *OpalBaseComId
570 );
571
572 /**
573 Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
574
575 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
576 @param[in] Psid PSID of device to revert.
577 @param[in] PsidLength Length of PSID in bytes.
578
579 **/
580 TCG_RESULT
581 EFIAPI
582 OpalUtilPsidRevert(
583 OPAL_SESSION *AdminSpSession,
584 const VOID *Psid,
585 UINT32 PsidLength
586 );
587
588 /**
589 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
590 sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,
591 and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN.
592
593 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
594 @param[in] GeneratedSid Generated SID of disk
595 @param[in] SidLength Length of generatedSid in bytes
596 @param[in] Password New admin password to set
597 @param[in] PassLength Length of password in bytes
598
599 **/
600 TCG_RESULT
601 EFIAPI
602 OpalUtilSetAdminPasswordAsSid(
603 OPAL_SESSION *AdminSpSession,
604 const VOID *GeneratedSid,
605 UINT32 SidLength,
606 const VOID *Password,
607 UINT32 PassLength
608 );
609
610 /**
611
612 Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
613 and updates the specified locking range with the provided column values.
614
615 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
616 @param[in] Password New admin password to set
617 @param[in] PassLength Length of password in bytes
618 @param[in] LockingRangeUid Locking range UID to set values
619 @param[in] RangeStart Value to set RangeStart column for Locking Range
620 @param[in] RangeLength Value to set RangeLength column for Locking Range
621 @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range
622 @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range
623 @param[in] ReadLocked Value to set ReadLocked column for Locking Range
624 @param[in] WriteLocked Value to set WriteLocked column for Locking Range
625
626 **/
627 TCG_RESULT
628 EFIAPI
629 OpalUtilSetOpalLockingRange(
630 OPAL_SESSION *LockingSpSession,
631 const VOID *Password,
632 UINT32 PassLength,
633 TCG_UID LockingRangeUid,
634 UINT64 RangeStart,
635 UINT64 RangeLength,
636 BOOLEAN ReadLockEnabled,
637 BOOLEAN WriteLockEnabled,
638 BOOLEAN ReadLocked,
639 BOOLEAN WriteLocked
640 );
641
642 /**
643 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
644 sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,
645 and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.
646
647 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
648 @param[in] OldPassword Current admin password
649 @param[in] OldPasswordLength Length of current admin password in bytes
650 @param[in] NewPassword New admin password to set
651 @param[in] NewPasswordLength Length of new password in bytes
652
653 **/
654 TCG_RESULT
655 EFIAPI
656 OpalUtilSetAdminPassword(
657 OPAL_SESSION *AdminSpSession,
658 const VOID *OldPassword,
659 UINT32 OldPasswordLength,
660 const VOID *NewPassword,
661 UINT32 NewPasswordLength
662 );
663
664 /**
665 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
666 and sets the User1 SP authority to enabled and sets the User1 password.
667
668 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
669 @param[in] OldPassword Current admin password
670 @param[in] OldPasswordLength Length of current admin password in bytes
671 @param[in] NewPassword New admin password to set
672 @param[in] NewPasswordLength Length of new password in bytes
673
674 **/
675 TCG_RESULT
676 EFIAPI
677 OpalUtilSetUserPassword(
678 OPAL_SESSION *LockingSpSession,
679 const VOID *OldPassword,
680 UINT32 OldPasswordLength,
681 const VOID *NewPassword,
682 UINT32 NewPasswordLength
683 );
684
685 /**
686 Verify whether user input the correct password.
687
688 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
689 @param[in] Password Admin password
690 @param[in] PasswordLength Length of password in bytes
691 @param[in/out] HostSigningAuthority Use the Host signing authority type.
692
693 **/
694 TCG_RESULT
695 EFIAPI
696 OpalUtilVerifyPassword (
697 OPAL_SESSION *LockingSpSession,
698 const VOID *Password,
699 UINT32 PasswordLength,
700 TCG_UID HostSigningAuthority
701 );
702
703 /**
704 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
705 and generates a new global locking range key to erase the Data.
706
707 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
708 @param[in] Password Admin or user password
709 @param[in] PasswordLength Length of password in bytes
710 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
711
712 **/
713 TCG_RESULT
714 EFIAPI
715 OpalUtilSecureErase(
716 OPAL_SESSION *LockingSpSession,
717 const VOID *Password,
718 UINT32 PasswordLength,
719 BOOLEAN *PasswordFailed
720 );
721
722 /**
723 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
724
725 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
726 @param[in] Password Admin password
727 @param[in] PasswordLength Length of password in bytes
728 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
729
730 **/
731 TCG_RESULT
732 EFIAPI
733 OpalUtilDisableUser(
734 OPAL_SESSION *LockingSpSession,
735 const VOID *Password,
736 UINT32 PasswordLength,
737 BOOLEAN *PasswordFailed
738 );
739
740 /**
741 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
742
743 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
744 @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it
745 @param[in] Password Admin password
746 @param[in] PasswordLength Length of password in bytes
747 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
748 @param[in] Msid Input Msid info.
749 @param[in] MsidLength Input Msid info length.
750
751 **/
752 TCG_RESULT
753 EFIAPI
754 OpalUtilRevert(
755 OPAL_SESSION *LockingSpSession,
756 BOOLEAN KeepUserData,
757 const VOID *Password,
758 UINT32 PasswordLength,
759 BOOLEAN *PasswordFailed,
760 UINT8 *Msid,
761 UINT32 MsidLength
762 );
763
764 /**
765 After revert success, set SID to MSID.
766
767 @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId
768 @param Password, Input password info.
769 @param PasswordLength, Input password length.
770 @param[in] Msid Input Msid info.
771 @param[in] MsidLength Input Msid info length.
772
773 **/
774 TCG_RESULT
775 EFIAPI
776 OpalUtilSetSIDtoMSID (
777 OPAL_SESSION *AdminSpSession,
778 const VOID *Password,
779 UINT32 PasswordLength,
780 UINT8 *Msid,
781 UINT32 MsidLength
782 );
783
784 /**
785 Update global locking range.
786
787 @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId
788 @param Password, Input password info.
789 @param PasswordLength, Input password length.
790 @param ReadLocked, Read lock info.
791 @param WriteLocked write lock info.
792
793 **/
794 TCG_RESULT
795 EFIAPI
796 OpalUtilUpdateGlobalLockingRange(
797 OPAL_SESSION *LockingSpSession,
798 const VOID *Password,
799 UINT32 PasswordLength,
800 BOOLEAN ReadLocked,
801 BOOLEAN WriteLocked
802 );
803
804 /**
805 Update global locking range.
806
807 @param Session, The session info for one opal device.
808 @param Msid, The data buffer to save Msid info.
809 @param MsidBufferLength, The data buffer length for Msid.
810 @param MsidLength, The actual data length for Msid.
811
812 **/
813 TCG_RESULT
814 EFIAPI
815 OpalUtilGetMsid(
816 OPAL_SESSION *Session,
817 UINT8 *Msid,
818 UINT32 MsidBufferLength,
819 UINT32 *MsidLength
820 );
821
822 /**
823
824 The function determines who owns the device by attempting to start a session with different credentials.
825 If the SID PIN matches the MSID PIN, the no one owns the device.
826 If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.
827
828
829 @param[in] Session The session info for one opal device.
830 @param Msid, The Msid info.
831 @param MsidLength, The data length for Msid.
832
833 **/
834 OPAL_OWNER_SHIP
835 EFIAPI
836 OpalUtilDetermineOwnership(
837 OPAL_SESSION *Session,
838 UINT8 *Msid,
839 UINT32 MsidLength
840 );
841
842 /**
843
844 The function returns if admin password exists.
845
846 @param[in] OwnerShip The owner ship of the opal device.
847 @param[in] LockingFeature The locking info of the opal device.
848
849 @retval TRUE Admin password existed.
850 @retval FALSE Admin password not existed.
851
852 **/
853 BOOLEAN
854 EFIAPI
855 OpalUtilAdminPasswordExists(
856 IN UINT16 OwnerShip,
857 IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
858 );
859
860 /**
861 Get Active Data Removal Mechanism Value.
862
863 @param[in] Session, The session info for one opal device.
864 @param[in] GeneratedSid Generated SID of disk
865 @param[in] SidLength Length of generatedSid in bytes
866 @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.
867
868 **/
869 TCG_RESULT
870 EFIAPI
871 OpalUtilGetActiveDataRemovalMechanism (
872 OPAL_SESSION *Session,
873 const VOID *GeneratedSid,
874 UINT32 SidLength,
875 UINT8 *ActiveDataRemovalMechanism
876 );
877
878 /**
879 Get the supported Data Removal Mechanism list.
880
881 @param[in] Session, The session info for one opal device.
882 @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.
883
884 **/
885 TCG_RESULT
886 EFIAPI
887 OpalUtilGetDataRemovalMechanismLists (
888 IN OPAL_SESSION *Session,
889 OUT UINT32 *RemovalMechanismLists
890 );
891
892 #endif // _OPAL_CORE_H_
EFI Development Kit II mirror for PVE