2 Public API for Opal Core library.
4 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include <Library/BaseLib.h>
16 #include <Library/DebugLib.h>
17 #include <Library/TcgStorageOpalLib.h>
18 #include "TcgStorageOpalLibInternal.h"
20 #define OPAL_MSID_LENGHT 128
23 Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
25 @param[in] Session, The session info for one opal device.
26 @param[in] Psid PSID of device to revert.
27 @param[in] PsidLength Length of PSID in bytes.
33 OPAL_SESSION
*Session
,
40 UINT32 RemovalTimeOut
;
45 RemovalTimeOut
= GetRevertTimeOut (Session
);
46 DEBUG ((DEBUG_INFO
, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut
));
48 Ret
= OpalStartSession(
54 OPAL_ADMIN_SP_PSID_AUTHORITY
,
56 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
57 Ret
= OpalPyrite2PsidRevert(Session
, RemovalTimeOut
);
58 if (Ret
!= TcgResultSuccess
) {
60 // If revert was successful, session was already ended by TPer, so only end session on failure
62 OpalEndSession(Session
);
66 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
67 Ret
= TcgResultFailure
;
74 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
75 sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,
76 and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN
78 @param[in] Session, The session info for one opal device.
79 @param[in] GeneratedSid Generated SID of disk
80 @param[in] SidLength Length of generatedSid in bytes
81 @param[in] Password New admin password to set
82 @param[in] PassLength Length of password in bytes
87 OpalUtilSetAdminPasswordAsSid(
88 OPAL_SESSION
*Session
,
89 const VOID
*GeneratedSid
,
99 NULL_CHECK(GeneratedSid
);
100 NULL_CHECK(Password
);
102 Ret
= OpalStartSession(
108 OPAL_ADMIN_SP_SID_AUTHORITY
,
111 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
112 DEBUG ((DEBUG_INFO
, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
117 // 1. Update SID = new Password
119 Ret
= OpalSetPassword(
121 OPAL_UID_ADMIN_SP_C_PIN_SID
,
127 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
128 OpalEndSession(Session
);
129 DEBUG ((DEBUG_INFO
, "set Password failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
134 // 2. Activate locking SP
136 Ret
= OpalActivateLockingSp(Session
, &MethodStatus
);
137 OpalEndSession(Session
);
138 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
139 DEBUG ((DEBUG_INFO
, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
144 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
145 Ret
= TcgResultFailure
;
152 Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
153 and updates the specified locking range with the provided column values
155 @param[in] Session, The session info for one opal device.
156 @param[in] Password New admin password to set
157 @param[in] PassLength Length of password in bytes
158 @param[in] LockingRangeUid Locking range UID to set values
159 @param[in] RangeStart Value to set RangeStart column for Locking Range
160 @param[in] RangeLength Value to set RangeLength column for Locking Range
161 @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range
162 @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range
163 @param[in] ReadLocked Value to set ReadLocked column for Locking Range
164 @param[in] WriteLocked Value to set WriteLocked column for Locking Range
169 OpalUtilSetOpalLockingRange(
170 OPAL_SESSION
*Session
,
171 const VOID
*Password
,
173 TCG_UID LockingRangeUid
,
176 BOOLEAN ReadLockEnabled
,
177 BOOLEAN WriteLockEnabled
,
186 NULL_CHECK(Password
);
189 // Start session with Locking SP using current admin Password
191 Ret
= OpalStartSession(
197 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
199 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
200 DEBUG ((DEBUG_INFO
, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
205 // Enable locking range
207 Ret
= OpalSetLockingRange(
218 OpalEndSession(Session
);
219 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
220 DEBUG ((DEBUG_INFO
, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret
, MethodStatus
));
224 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
225 Ret
= TcgResultFailure
;
231 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
232 sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,
233 and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.
235 @param[in] Session, The session info for one opal device.
236 @param[in] OldPassword Current admin password
237 @param[in] OldPasswordLength Length of current admin password in bytes
238 @param[in] NewPassword New admin password to set
239 @param[in] NewPasswordLength Length of new password in bytes
244 OpalUtilSetAdminPassword(
245 OPAL_SESSION
*Session
,
246 const VOID
*OldPassword
,
247 UINT32 OldPasswordLength
,
248 const VOID
*NewPassword
,
249 UINT32 NewPasswordLength
256 NULL_CHECK(OldPassword
);
257 NULL_CHECK(NewPassword
);
262 Ret
= OpalStartSession(
268 OPAL_ADMIN_SP_SID_AUTHORITY
,
271 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
272 DEBUG ((DEBUG_INFO
, "start session with admin SP using old Password failed\n"));
277 // Update SID = new pw
279 Ret
= OpalSetPassword(Session
, OPAL_UID_ADMIN_SP_C_PIN_SID
, NewPassword
, NewPasswordLength
, &MethodStatus
);
280 OpalEndSession(Session
);
281 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
282 DEBUG ((DEBUG_INFO
, "set new admin SP Password failed\n"));
286 Ret
= OpalStartSession(
292 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
295 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
296 DEBUG ((DEBUG_INFO
, "start session with locking SP using old Password failed\n"));
301 // Update admin locking SP to new pw
303 Ret
= OpalSetPassword(Session
, OPAL_LOCKING_SP_C_PIN_ADMIN1
, NewPassword
, NewPasswordLength
, &MethodStatus
);
304 OpalEndSession(Session
);
305 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
306 DEBUG ((DEBUG_INFO
, "set new locking SP Password failed\n"));
311 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
312 Ret
= TcgResultFailure
;
318 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
319 and sets the User1 SP authority to enabled and sets the User1 password.
321 @param[in] Session, The session info for one opal device.
322 @param[in] OldPassword Current admin password
323 @param[in] OldPasswordLength Length of current admin password in bytes
324 @param[in] NewPassword New admin password to set
325 @param[in] NewPasswordLength Length of new password in bytes
330 OpalUtilSetUserPassword(
331 OPAL_SESSION
*Session
,
332 const VOID
*OldPassword
,
333 UINT32 OldPasswordLength
,
334 const VOID
*NewPassword
,
335 UINT32 NewPasswordLength
342 NULL_CHECK(OldPassword
);
343 NULL_CHECK(NewPassword
);
346 // See if updating user1 authority
348 Ret
= OpalStartSession(
354 OPAL_LOCKING_SP_USER1_AUTHORITY
,
357 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
358 Ret
= OpalSetPassword(
360 OPAL_LOCKING_SP_C_PIN_USER1
,
365 OpalEndSession(Session
);
366 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
372 // Setting Password for first time or setting Password as admin
376 // Start session with Locking SP using current admin Password
378 Ret
= OpalStartSession(
384 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
387 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
388 DEBUG ((DEBUG_INFO
, "StartSession with locking SP as admin1 authority failed\n"));
393 // Enable User1 and set its PIN
395 Ret
= OpalSetLockingSpAuthorityEnabledAndPin(
397 OPAL_LOCKING_SP_C_PIN_USER1
,
398 OPAL_LOCKING_SP_USER1_AUTHORITY
,
403 OpalEndSession(Session
);
404 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
405 DEBUG ((DEBUG_INFO
, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
410 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
411 Ret
= TcgResultFailure
;
417 Verify whether user input the correct password.
419 @param[in] Session, The session info for one opal device.
420 @param[in] Password Admin password
421 @param[in] PasswordLength Length of password in bytes
422 @param[in/out] HostSigningAuthority Use the Host signing authority type.
427 OpalUtilVerifyPassword (
428 OPAL_SESSION
*Session
,
429 const VOID
*Password
,
430 UINT32 PasswordLength
,
431 TCG_UID HostSigningAuthority
438 NULL_CHECK(Password
);
440 Ret
= OpalStartSession(
446 HostSigningAuthority
,
448 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
449 OpalEndSession(Session
);
450 return TcgResultSuccess
;
453 return TcgResultFailure
;
457 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
458 and generates a new global locking range key to erase the Data.
460 @param[in] Session, The session info for one opal device.
461 @param[in] Password Admin or user password
462 @param[in] PasswordLength Length of password in bytes
463 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
469 OPAL_SESSION
*Session
,
470 const VOID
*Password
,
471 UINT32 PasswordLength
,
472 BOOLEAN
*PasswordFailed
479 NULL_CHECK(Password
);
480 NULL_CHECK(PasswordFailed
);
483 // Try to generate a new key with admin1
485 Ret
= OpalStartSession(
491 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
495 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
496 Ret
= OpalGlobalLockingRangeGenKey(Session
, &MethodStatus
);
497 *PasswordFailed
= FALSE
;
498 OpalEndSession(Session
);
501 // Try to generate a new key with user1
503 Ret
= OpalStartSession(
509 OPAL_LOCKING_SP_USER1_AUTHORITY
,
513 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
514 Ret
= OpalGlobalLockingRangeGenKey(Session
, &MethodStatus
);
515 *PasswordFailed
= FALSE
;
516 OpalEndSession(Session
);
518 *PasswordFailed
= TRUE
;
522 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
523 Ret
= TcgResultFailure
;
529 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
531 @param[in] Session, The session info for one opal device.
532 @param[in] Password Admin password
533 @param[in] PasswordLength Length of password in bytes
534 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
540 OPAL_SESSION
*Session
,
541 const VOID
*Password
,
542 UINT32 PasswordLength
,
543 BOOLEAN
*PasswordFailed
550 NULL_CHECK(Password
);
551 NULL_CHECK(PasswordFailed
);
554 // Start session with Locking SP using current admin Password
556 Ret
= OpalStartSession(
562 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
565 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
566 DEBUG ((DEBUG_INFO
, "StartSession with Locking SP as Admin1 failed\n"));
567 *PasswordFailed
= TRUE
;
571 *PasswordFailed
= FALSE
;
572 Ret
= OpalDisableUser(Session
, &MethodStatus
);
573 OpalEndSession(Session
);
576 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
577 Ret
= TcgResultFailure
;
583 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
585 @param[in] Session, The session info for one opal device.
586 @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it
587 @param[in] Password Admin password
588 @param[in] PasswordLength Length of password in bytes
589 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
590 @param[in] Msid Msid info.
591 @param[in] MsidLength Msid data length.
597 OPAL_SESSION
*Session
,
598 BOOLEAN KeepUserData
,
599 const VOID
*Password
,
600 UINT32 PasswordLength
,
601 BOOLEAN
*PasswordFailed
,
608 UINT32 RemovalTimeOut
;
612 NULL_CHECK(Password
);
613 NULL_CHECK(PasswordFailed
);
615 RemovalTimeOut
= GetRevertTimeOut (Session
);
616 DEBUG ((DEBUG_INFO
, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut
));
618 Ret
= OpalStartSession(
624 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
628 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
629 DEBUG ((DEBUG_INFO
, "error starting session: Ret=%d, MethodStatus=%u\n", Ret
, MethodStatus
));
630 *PasswordFailed
= TRUE
;
634 *PasswordFailed
= FALSE
;
636 // Try to revert with admin1
638 Ret
= OpalPyrite2AdminRevert(Session
, KeepUserData
, &MethodStatus
, RemovalTimeOut
);
639 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
641 // Device ends the session on successful revert, so only call OpalEndSession when fail.
643 DEBUG ((DEBUG_INFO
, "OpalAdminRevert as admin failed\n"));
644 OpalEndSession(Session
);
647 Ret
= OpalUtilSetSIDtoMSID (Session
, Password
, PasswordLength
, Msid
, MsidLength
);
650 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
651 Ret
= TcgResultFailure
;
657 After revert success, set SID to MSID.
659 @param Session, The session info for one opal device.
660 @param Password, Input password info.
661 @param PasswordLength, Input password length.
662 @param Msid Msid info.
663 @param MsidLength Msid data length.
668 OpalUtilSetSIDtoMSID (
669 OPAL_SESSION
*Session
,
670 const VOID
*Password
,
671 UINT32 PasswordLength
,
681 NULL_CHECK(Password
);
684 // Start session with admin sp to update SID to MSID
686 Ret
= OpalStartSession(
692 OPAL_ADMIN_SP_SID_AUTHORITY
,
695 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
702 Ret
= OpalSetPassword(Session
, OPAL_UID_ADMIN_SP_C_PIN_SID
, Msid
, MsidLength
, &MethodStatus
);
703 OpalEndSession(Session
);
706 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
707 Ret
= TcgResultFailure
;
714 Update global locking range.
716 @param Session, The session info for one opal device.
717 @param Password, Input password info.
718 @param PasswordLength, Input password length.
719 @param ReadLocked, Read lock info.
720 @param WriteLocked write lock info.
725 OpalUtilUpdateGlobalLockingRange(
726 OPAL_SESSION
*Session
,
727 const VOID
*Password
,
728 UINT32 PasswordLength
,
737 NULL_CHECK(Password
);
740 // Try to start session with Locking SP as admin1 authority
742 Ret
= OpalStartSession(
748 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
751 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
752 Ret
= OpalUpdateGlobalLockingRange(
758 OpalEndSession(Session
);
759 if (Ret
== TcgResultSuccess
&& MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
) {
764 if (MethodStatus
== TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT
) {
765 DEBUG ((DEBUG_INFO
, "unlock as admin failed with AUTHORITY_LOCKED_OUT\n"));
770 // Try user1 authority
772 Ret
= OpalStartSession(
778 OPAL_LOCKING_SP_USER1_AUTHORITY
,
781 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
782 DEBUG ((DEBUG_INFO
, "StartSession with Locking SP as User1 failed\n"));
786 Ret
= OpalUpdateGlobalLockingRange(Session
, ReadLocked
, WriteLocked
, &MethodStatus
);
787 OpalEndSession(Session
);
790 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
791 if (MethodStatus
== TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT
) {
793 // Caller need to know this special error, but return status not has type for it.
794 // so here use TcgResultFailureInvalidType as an replacement.
796 Ret
= TcgResultFailureInvalidType
;
798 Ret
= TcgResultFailure
;
805 Update global locking range.
807 @param Session, The session info for one opal device.
808 @param Msid, The data buffer to save Msid info.
809 @param MsidBufferLength, The data buffer length for Msid.
810 @param MsidLength, The actual data length for Msid.
816 OPAL_SESSION
*Session
,
818 UINT32 MsidBufferLength
,
827 NULL_CHECK(MsidLength
);
829 Ret
= OpalStartSession(
838 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
839 Ret
= OpalGetMsid (Session
, MsidBufferLength
, Msid
, MsidLength
);
840 OpalEndSession (Session
);
843 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
844 Ret
= TcgResultFailure
;
852 The function determines who owns the device by attempting to start a session with different credentials.
853 If the SID PIN matches the MSID PIN, the no one owns the device.
854 If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.
857 @param[in] Session The session info for one opal device.
858 @param Msid, The Msid info.
859 @param MsidLength, The data length for Msid.
864 OpalUtilDetermineOwnership(
865 OPAL_SESSION
*Session
,
872 OPAL_OWNER_SHIP Owner
;
874 if ((Session
== NULL
) || (Msid
== NULL
)) {
875 return OpalOwnershipUnknown
;
878 Owner
= OpalOwnershipUnknown
;
880 // Start Session as SID_UID with ADMIN_SP using MSID PIN
882 Ret
= OpalStartSession(
888 OPAL_ADMIN_SP_SID_AUTHORITY
,
890 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
892 // now we know that SID PIN == MSID PIN
894 Owner
= OpalOwnershipNobody
;
896 OpalEndSession(Session
);
904 The function returns if admin password exists.
906 @param[in] OwnerShip The owner ship of the opal device.
907 @param[in] LockingFeature The locking info of the opal device.
909 @retval TRUE Admin password existed.
910 @retval FALSE Admin password not existed.
915 OpalUtilAdminPasswordExists(
917 IN TCG_LOCKING_FEATURE_DESCRIPTOR
*LockingFeature
920 NULL_CHECK(LockingFeature
);
922 // if it is Unknown who owns the device
923 // then someone has set password previously through our UI
924 // because the SID would no longer match the generated SID (ownership us)
925 // or someone has set password using 3rd party software
928 // Locking sp enabled is checked b/c it must be enabled to change the PIN of the Admin1.
930 return (OwnerShip
== OpalOwnershipUnknown
&& LockingFeature
->LockingEnabled
);
934 Get Active Data Removal Mechanism Value.
936 @param[in] Session The session info for one opal device.
937 @param[in] GeneratedSid Generated SID of disk
938 @param[in] SidLength Length of generatedSid in bytes
939 @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.
944 OpalUtilGetActiveDataRemovalMechanism (
945 OPAL_SESSION
*Session
,
946 const VOID
*GeneratedSid
,
948 UINT8
*ActiveDataRemovalMechanism
955 NULL_CHECK(GeneratedSid
);
956 NULL_CHECK(ActiveDataRemovalMechanism
);
958 Ret
= OpalStartSession(
964 OPAL_ADMIN_SP_ANYBODY_AUTHORITY
,
967 if (Ret
!= TcgResultSuccess
|| MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
968 DEBUG ((DEBUG_INFO
, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
969 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
970 Ret
= TcgResultFailure
;
975 Ret
= OpalPyrite2GetActiveDataRemovalMechanism (
977 ActiveDataRemovalMechanism
980 if (Ret
!= TcgResultSuccess
) {
981 DEBUG ((DEBUG_INFO
, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret
));
984 OpalEndSession(Session
);
990 Calculate the estimated time.
992 @param[in] IsMinute Whether the input time value is minute type or second type.
993 @param[in] Time The input time value.
997 CalculateDataRemovalTime (
1003 return Time
* 2 * 60;
1010 Return the estimated time for specific type.
1012 @param[in] Index The input data removal type.
1013 @param[in] Descriptor DATA_REMOVAL_FEATURE_DESCRIPTOR
1017 GetDataRemovalTime (
1019 IN DATA_REMOVAL_FEATURE_DESCRIPTOR
*Descriptor
1023 case OverwriteDataErase
:
1024 return CalculateDataRemovalTime (Descriptor
->FormatBit0
, SwapBytes16 (Descriptor
->TimeBit0
));
1027 return CalculateDataRemovalTime (Descriptor
->FormatBit1
, SwapBytes16 (Descriptor
->TimeBit1
));
1030 return CalculateDataRemovalTime (Descriptor
->FormatBit2
, SwapBytes16 (Descriptor
->TimeBit2
));
1033 return CalculateDataRemovalTime (Descriptor
->FormatBit3
, SwapBytes16 (Descriptor
->TimeBit3
));
1035 case ResetWritePointers
:
1036 return CalculateDataRemovalTime (Descriptor
->FormatBit4
, SwapBytes16 (Descriptor
->TimeBit4
));
1038 case VendorSpecificErase
:
1039 return CalculateDataRemovalTime (Descriptor
->FormatBit5
, SwapBytes16 (Descriptor
->TimeBit5
));
1047 Get the supported Data Removal Mechanism list.
1049 @param[in] Session The session info for one opal device.
1050 @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.
1055 OpalUtilGetDataRemovalMechanismLists (
1056 IN OPAL_SESSION
*Session
,
1057 OUT UINT32
*RemovalMechanismLists
1062 DATA_REMOVAL_FEATURE_DESCRIPTOR Descriptor
;
1066 NULL_CHECK(Session
);
1067 NULL_CHECK(RemovalMechanismLists
);
1069 DataSize
= sizeof (Descriptor
);
1070 Ret
= OpalGetFeatureDescriptor (Session
, TCG_FEATURE_DATA_REMOVAL
, &DataSize
, &Descriptor
);
1071 if (Ret
!= TcgResultSuccess
) {
1072 return TcgResultFailure
;
1075 ASSERT (Descriptor
.RemovalMechanism
!= 0);
1077 for (Index
= 0; Index
< ResearvedMechanism
; Index
++) {
1078 BitValue
= (BOOLEAN
) BitFieldRead8 (Descriptor
.RemovalMechanism
, Index
, Index
);
1080 if (BitValue
== 0) {
1081 RemovalMechanismLists
[Index
] = 0;
1083 RemovalMechanismLists
[Index
] = GetDataRemovalTime (Index
, &Descriptor
);
1087 return TcgResultSuccess
;
1091 Get revert timeout value.
1093 @param[in] Session The session info for one opal device.
1098 IN OPAL_SESSION
*Session
1101 TCG_RESULT TcgResult
;
1102 OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes
;
1105 UINT8 Msid
[OPAL_MSID_LENGHT
];
1106 UINT32 RemovalMechanishLists
[ResearvedMechanism
];
1107 UINT8 ActiveDataRemovalMechanism
;
1109 TcgResult
= OpalGetSupportedAttributesInfo (Session
, &SupportedAttributes
, &BaseComId
);
1110 if (TcgResult
!= TcgResultSuccess
|| SupportedAttributes
.DataRemoval
== 0) {
1114 TcgResult
= OpalUtilGetMsid (Session
, Msid
, OPAL_MSID_LENGHT
, &MsidLength
);
1115 if (TcgResult
!= TcgResultSuccess
) {
1119 TcgResult
= OpalUtilGetDataRemovalMechanismLists (Session
, RemovalMechanishLists
);
1120 if (TcgResult
!= TcgResultSuccess
) {
1124 TcgResult
= OpalUtilGetActiveDataRemovalMechanism (Session
, Msid
, MsidLength
, &ActiveDataRemovalMechanism
);
1125 if (TcgResult
!= TcgResultSuccess
) {
1129 return RemovalMechanishLists
[ActiveDataRemovalMechanism
];