2 Public API for Opal Core library.
4 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
9 #include <Library/BaseLib.h>
10 #include <Library/DebugLib.h>
11 #include <Library/TcgStorageOpalLib.h>
12 #include "TcgStorageOpalLibInternal.h"
14 #define OPAL_MSID_LENGTH 128
17 Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
19 @param[in] Session, The session info for one opal device.
20 @param[in] Psid PSID of device to revert.
21 @param[in] PsidLength Length of PSID in bytes.
27 OPAL_SESSION
*Session
,
34 UINT32 RemovalTimeOut
;
39 RemovalTimeOut
= GetRevertTimeOut (Session
);
40 DEBUG ((DEBUG_INFO
, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut
));
42 Ret
= OpalStartSession (
48 OPAL_ADMIN_SP_PSID_AUTHORITY
,
51 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
52 Ret
= OpalPyrite2PsidRevert (Session
, RemovalTimeOut
);
53 if (Ret
!= TcgResultSuccess
) {
55 // If revert was successful, session was already ended by TPer, so only end session on failure
57 OpalEndSession (Session
);
61 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
62 Ret
= TcgResultFailure
;
69 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
70 sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password,
71 and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN
73 @param[in] Session, The session info for one opal device.
74 @param[in] GeneratedSid Generated SID of disk
75 @param[in] SidLength Length of generatedSid in bytes
76 @param[in] Password New admin password to set
77 @param[in] PassLength Length of password in bytes
82 OpalUtilSetAdminPasswordAsSid (
83 OPAL_SESSION
*Session
,
84 const VOID
*GeneratedSid
,
94 NULL_CHECK (GeneratedSid
);
95 NULL_CHECK (Password
);
97 Ret
= OpalStartSession (
103 OPAL_ADMIN_SP_SID_AUTHORITY
,
106 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
107 DEBUG ((DEBUG_INFO
, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
112 // 1. Update SID = new Password
114 Ret
= OpalSetPassword (
116 OPAL_UID_ADMIN_SP_C_PIN_SID
,
122 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
123 OpalEndSession (Session
);
124 DEBUG ((DEBUG_INFO
, "set Password failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
129 // 2. Activate locking SP
131 Ret
= OpalActivateLockingSp (Session
, &MethodStatus
);
132 OpalEndSession (Session
);
133 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
134 DEBUG ((DEBUG_INFO
, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
139 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
140 Ret
= TcgResultFailure
;
148 Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
149 and updates the specified locking range with the provided column values
151 @param[in] Session, The session info for one opal device.
152 @param[in] Password New admin password to set
153 @param[in] PassLength Length of password in bytes
154 @param[in] LockingRangeUid Locking range UID to set values
155 @param[in] RangeStart Value to set RangeStart column for Locking Range
156 @param[in] RangeLength Value to set RangeLength column for Locking Range
157 @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range
158 @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range
159 @param[in] ReadLocked Value to set ReadLocked column for Locking Range
160 @param[in] WriteLocked Value to set WriteLocked column for Locking Range
165 OpalUtilSetOpalLockingRange (
166 OPAL_SESSION
*Session
,
167 const VOID
*Password
,
169 TCG_UID LockingRangeUid
,
172 BOOLEAN ReadLockEnabled
,
173 BOOLEAN WriteLockEnabled
,
181 NULL_CHECK (Session
);
182 NULL_CHECK (Password
);
185 // Start session with Locking SP using current admin Password
187 Ret
= OpalStartSession (
193 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
196 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
197 DEBUG ((DEBUG_INFO
, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
202 // Enable locking range
204 Ret
= OpalSetLockingRange (
216 OpalEndSession (Session
);
217 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
218 DEBUG ((DEBUG_INFO
, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret
, MethodStatus
));
222 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
223 Ret
= TcgResultFailure
;
230 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY,
231 sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password,
232 and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password.
234 @param[in] Session, The session info for one opal device.
235 @param[in] OldPassword Current admin password
236 @param[in] OldPasswordLength Length of current admin password in bytes
237 @param[in] NewPassword New admin password to set
238 @param[in] NewPasswordLength Length of new password in bytes
243 OpalUtilSetAdminPassword (
244 OPAL_SESSION
*Session
,
245 const VOID
*OldPassword
,
246 UINT32 OldPasswordLength
,
247 const VOID
*NewPassword
,
248 UINT32 NewPasswordLength
254 NULL_CHECK (Session
);
255 NULL_CHECK (OldPassword
);
256 NULL_CHECK (NewPassword
);
261 Ret
= OpalStartSession (
267 OPAL_ADMIN_SP_SID_AUTHORITY
,
270 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
271 DEBUG ((DEBUG_INFO
, "start session with admin SP using old Password failed\n"));
276 // Update SID = new pw
278 Ret
= OpalSetPassword (Session
, OPAL_UID_ADMIN_SP_C_PIN_SID
, NewPassword
, NewPasswordLength
, &MethodStatus
);
279 OpalEndSession (Session
);
280 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
281 DEBUG ((DEBUG_INFO
, "set new admin SP Password failed\n"));
285 Ret
= OpalStartSession (
291 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
294 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
295 DEBUG ((DEBUG_INFO
, "start session with locking SP using old Password failed\n"));
300 // Update admin locking SP to new pw
302 Ret
= OpalSetPassword (Session
, OPAL_LOCKING_SP_C_PIN_ADMIN1
, NewPassword
, NewPasswordLength
, &MethodStatus
);
303 OpalEndSession (Session
);
304 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
305 DEBUG ((DEBUG_INFO
, "set new locking SP Password failed\n"));
310 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
311 Ret
= TcgResultFailure
;
318 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
319 and sets the User1 SP authority to enabled and sets the User1 password.
321 @param[in] Session, The session info for one opal device.
322 @param[in] OldPassword Current admin password
323 @param[in] OldPasswordLength Length of current admin password in bytes
324 @param[in] NewPassword New admin password to set
325 @param[in] NewPasswordLength Length of new password in bytes
330 OpalUtilSetUserPassword (
331 OPAL_SESSION
*Session
,
332 const VOID
*OldPassword
,
333 UINT32 OldPasswordLength
,
334 const VOID
*NewPassword
,
335 UINT32 NewPasswordLength
341 NULL_CHECK (Session
);
342 NULL_CHECK (OldPassword
);
343 NULL_CHECK (NewPassword
);
346 // See if updating user1 authority
348 Ret
= OpalStartSession (
354 OPAL_LOCKING_SP_USER1_AUTHORITY
,
357 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
358 Ret
= OpalSetPassword (
360 OPAL_LOCKING_SP_C_PIN_USER1
,
365 OpalEndSession (Session
);
366 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
372 // Setting Password for first time or setting Password as admin
376 // Start session with Locking SP using current admin Password
378 Ret
= OpalStartSession (
384 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
387 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
388 DEBUG ((DEBUG_INFO
, "StartSession with locking SP as admin1 authority failed\n"));
393 // Enable User1 and set its PIN
395 Ret
= OpalSetLockingSpAuthorityEnabledAndPin (
397 OPAL_LOCKING_SP_C_PIN_USER1
,
398 OPAL_LOCKING_SP_USER1_AUTHORITY
,
403 OpalEndSession (Session
);
404 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
405 DEBUG ((DEBUG_INFO
, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
410 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
411 Ret
= TcgResultFailure
;
418 Verify whether user input the correct password.
420 @param[in] Session, The session info for one opal device.
421 @param[in] Password Admin password
422 @param[in] PasswordLength Length of password in bytes
423 @param[in/out] HostSigningAuthority Use the Host signing authority type.
428 OpalUtilVerifyPassword (
429 OPAL_SESSION
*Session
,
430 const VOID
*Password
,
431 UINT32 PasswordLength
,
432 TCG_UID HostSigningAuthority
438 NULL_CHECK (Session
);
439 NULL_CHECK (Password
);
441 Ret
= OpalStartSession (
447 HostSigningAuthority
,
450 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
451 OpalEndSession (Session
);
452 return TcgResultSuccess
;
455 return TcgResultFailure
;
459 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
460 and generates a new global locking range key to erase the Data.
462 @param[in] Session, The session info for one opal device.
463 @param[in] Password Admin or user password
464 @param[in] PasswordLength Length of password in bytes
465 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
470 OpalUtilSecureErase (
471 OPAL_SESSION
*Session
,
472 const VOID
*Password
,
473 UINT32 PasswordLength
,
474 BOOLEAN
*PasswordFailed
480 NULL_CHECK (Session
);
481 NULL_CHECK (Password
);
482 NULL_CHECK (PasswordFailed
);
485 // Try to generate a new key with admin1
487 Ret
= OpalStartSession (
493 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
497 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
498 Ret
= OpalGlobalLockingRangeGenKey (Session
, &MethodStatus
);
499 *PasswordFailed
= FALSE
;
500 OpalEndSession (Session
);
503 // Try to generate a new key with user1
505 Ret
= OpalStartSession (
511 OPAL_LOCKING_SP_USER1_AUTHORITY
,
515 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
516 Ret
= OpalGlobalLockingRangeGenKey (Session
, &MethodStatus
);
517 *PasswordFailed
= FALSE
;
518 OpalEndSession (Session
);
520 *PasswordFailed
= TRUE
;
524 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
525 Ret
= TcgResultFailure
;
532 Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
534 @param[in] Session, The session info for one opal device.
535 @param[in] Password Admin password
536 @param[in] PasswordLength Length of password in bytes
537 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
542 OpalUtilDisableUser (
543 OPAL_SESSION
*Session
,
544 const VOID
*Password
,
545 UINT32 PasswordLength
,
546 BOOLEAN
*PasswordFailed
552 NULL_CHECK (Session
);
553 NULL_CHECK (Password
);
554 NULL_CHECK (PasswordFailed
);
557 // Start session with Locking SP using current admin Password
559 Ret
= OpalStartSession (
565 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
568 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
569 DEBUG ((DEBUG_INFO
, "StartSession with Locking SP as Admin1 failed\n"));
570 *PasswordFailed
= TRUE
;
574 *PasswordFailed
= FALSE
;
575 Ret
= OpalDisableUser (Session
, &MethodStatus
);
576 OpalEndSession (Session
);
579 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
580 Ret
= TcgResultFailure
;
587 Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
589 @param[in] Session, The session info for one opal device.
590 @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it
591 @param[in] Password Admin password
592 @param[in] PasswordLength Length of password in bytes
593 @param[in/out] PasswordFailed indicates if password failed (start session didn't work)
594 @param[in] Msid Msid info.
595 @param[in] MsidLength Msid data length.
601 OPAL_SESSION
*Session
,
602 BOOLEAN KeepUserData
,
603 const VOID
*Password
,
604 UINT32 PasswordLength
,
605 BOOLEAN
*PasswordFailed
,
612 UINT32 RemovalTimeOut
;
614 NULL_CHECK (Session
);
616 NULL_CHECK (Password
);
617 NULL_CHECK (PasswordFailed
);
619 RemovalTimeOut
= GetRevertTimeOut (Session
);
620 DEBUG ((DEBUG_INFO
, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut
));
622 Ret
= OpalStartSession (
628 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
632 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
633 DEBUG ((DEBUG_INFO
, "error starting session: Ret=%d, MethodStatus=%u\n", Ret
, MethodStatus
));
634 *PasswordFailed
= TRUE
;
638 *PasswordFailed
= FALSE
;
640 // Try to revert with admin1
642 Ret
= OpalPyrite2AdminRevert (Session
, KeepUserData
, &MethodStatus
, RemovalTimeOut
);
643 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
645 // Device ends the session on successful revert, so only call OpalEndSession when fail.
647 DEBUG ((DEBUG_INFO
, "OpalAdminRevert as admin failed\n"));
648 OpalEndSession (Session
);
651 Ret
= OpalUtilSetSIDtoMSID (Session
, Password
, PasswordLength
, Msid
, MsidLength
);
654 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
655 Ret
= TcgResultFailure
;
662 After revert success, set SID to MSID.
664 @param Session, The session info for one opal device.
665 @param Password, Input password info.
666 @param PasswordLength, Input password length.
667 @param Msid Msid info.
668 @param MsidLength Msid data length.
673 OpalUtilSetSIDtoMSID (
674 OPAL_SESSION
*Session
,
675 const VOID
*Password
,
676 UINT32 PasswordLength
,
684 NULL_CHECK (Session
);
686 NULL_CHECK (Password
);
689 // Start session with admin sp to update SID to MSID
691 Ret
= OpalStartSession (
697 OPAL_ADMIN_SP_SID_AUTHORITY
,
700 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
707 Ret
= OpalSetPassword (Session
, OPAL_UID_ADMIN_SP_C_PIN_SID
, Msid
, MsidLength
, &MethodStatus
);
708 OpalEndSession (Session
);
711 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
712 Ret
= TcgResultFailure
;
719 Update global locking range.
721 @param Session, The session info for one opal device.
722 @param Password, Input password info.
723 @param PasswordLength, Input password length.
724 @param ReadLocked, Read lock info.
725 @param WriteLocked write lock info.
730 OpalUtilUpdateGlobalLockingRange (
731 OPAL_SESSION
*Session
,
732 const VOID
*Password
,
733 UINT32 PasswordLength
,
741 NULL_CHECK (Session
);
742 NULL_CHECK (Password
);
745 // Try to start session with Locking SP as admin1 authority
747 Ret
= OpalStartSession (
753 OPAL_LOCKING_SP_ADMIN1_AUTHORITY
,
756 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
757 Ret
= OpalUpdateGlobalLockingRange (
763 OpalEndSession (Session
);
764 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
769 if (MethodStatus
== TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT
) {
770 DEBUG ((DEBUG_INFO
, "unlock as admin failed with AUTHORITY_LOCKED_OUT\n"));
774 // Try user1 authority
776 Ret
= OpalStartSession (
782 OPAL_LOCKING_SP_USER1_AUTHORITY
,
785 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
786 DEBUG ((DEBUG_INFO
, "StartSession with Locking SP as User1 failed\n"));
790 Ret
= OpalUpdateGlobalLockingRange (Session
, ReadLocked
, WriteLocked
, &MethodStatus
);
791 OpalEndSession (Session
);
794 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
795 if (MethodStatus
== TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT
) {
797 // Caller need to know this special error, but return status not has type for it.
798 // so here use TcgResultFailureInvalidType as an replacement.
800 Ret
= TcgResultFailureInvalidType
;
802 Ret
= TcgResultFailure
;
810 Update global locking range.
812 @param Session, The session info for one opal device.
813 @param Msid, The data buffer to save Msid info.
814 @param MsidBufferLength, The data buffer length for Msid.
815 @param MsidLength, The actual data length for Msid.
821 OPAL_SESSION
*Session
,
823 UINT32 MsidBufferLength
,
830 NULL_CHECK (Session
);
832 NULL_CHECK (MsidLength
);
834 Ret
= OpalStartSession (
843 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
844 Ret
= OpalGetMsid (Session
, MsidBufferLength
, Msid
, MsidLength
);
845 OpalEndSession (Session
);
848 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
849 Ret
= TcgResultFailure
;
857 The function determines who owns the device by attempting to start a session with different credentials.
858 If the SID PIN matches the MSID PIN, the no one owns the device.
859 If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown.
862 @param[in] Session The session info for one opal device.
863 @param Msid, The Msid info.
864 @param MsidLength, The data length for Msid.
869 OpalUtilDetermineOwnership (
870 OPAL_SESSION
*Session
,
877 OPAL_OWNER_SHIP Owner
;
879 if ((Session
== NULL
) || (Msid
== NULL
)) {
880 return OpalOwnershipUnknown
;
883 Owner
= OpalOwnershipUnknown
;
885 // Start Session as SID_UID with ADMIN_SP using MSID PIN
887 Ret
= OpalStartSession (
893 OPAL_ADMIN_SP_SID_AUTHORITY
,
896 if ((Ret
== TcgResultSuccess
) && (MethodStatus
== TCG_METHOD_STATUS_CODE_SUCCESS
)) {
898 // now we know that SID PIN == MSID PIN
900 Owner
= OpalOwnershipNobody
;
902 OpalEndSession (Session
);
910 The function returns if admin password exists.
912 @param[in] OwnerShip The owner ship of the opal device.
913 @param[in] LockingFeature The locking info of the opal device.
915 @retval TRUE Admin password existed.
916 @retval FALSE Admin password not existed.
921 OpalUtilAdminPasswordExists (
923 IN TCG_LOCKING_FEATURE_DESCRIPTOR
*LockingFeature
926 NULL_CHECK (LockingFeature
);
928 // if it is Unknown who owns the device
929 // then someone has set password previously through our UI
930 // because the SID would no longer match the generated SID (ownership us)
931 // or someone has set password using 3rd party software
934 // Locking sp enabled is checked b/c it must be enabled to change the PIN of the Admin1.
936 return (OwnerShip
== OpalOwnershipUnknown
&& LockingFeature
->LockingEnabled
);
940 Get Active Data Removal Mechanism Value.
942 @param[in] Session The session info for one opal device.
943 @param[in] GeneratedSid Generated SID of disk
944 @param[in] SidLength Length of generatedSid in bytes
945 @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism.
950 OpalUtilGetActiveDataRemovalMechanism (
951 OPAL_SESSION
*Session
,
952 const VOID
*GeneratedSid
,
954 UINT8
*ActiveDataRemovalMechanism
960 NULL_CHECK (Session
);
961 NULL_CHECK (GeneratedSid
);
962 NULL_CHECK (ActiveDataRemovalMechanism
);
964 Ret
= OpalStartSession (
970 OPAL_ADMIN_SP_ANYBODY_AUTHORITY
,
973 if ((Ret
!= TcgResultSuccess
) || (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
)) {
974 DEBUG ((DEBUG_INFO
, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret
, MethodStatus
));
975 if (MethodStatus
!= TCG_METHOD_STATUS_CODE_SUCCESS
) {
976 Ret
= TcgResultFailure
;
982 Ret
= OpalPyrite2GetActiveDataRemovalMechanism (
984 ActiveDataRemovalMechanism
987 if (Ret
!= TcgResultSuccess
) {
988 DEBUG ((DEBUG_INFO
, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret
));
991 OpalEndSession (Session
);
997 Calculate the estimated time.
999 @param[in] IsMinute Whether the input time value is minute type or second type.
1000 @param[in] Time The input time value.
1004 CalculateDataRemovalTime (
1005 IN BOOLEAN IsMinute
,
1010 return Time
* 2 * 60;
1017 Return the estimated time for specific type.
1019 @param[in] Index The input data removal type.
1020 @param[in] Descriptor DATA_REMOVAL_FEATURE_DESCRIPTOR
1024 GetDataRemovalTime (
1026 IN DATA_REMOVAL_FEATURE_DESCRIPTOR
*Descriptor
1030 case OverwriteDataErase
:
1031 return CalculateDataRemovalTime (Descriptor
->FormatBit0
, SwapBytes16 (Descriptor
->TimeBit0
));
1034 return CalculateDataRemovalTime (Descriptor
->FormatBit1
, SwapBytes16 (Descriptor
->TimeBit1
));
1037 return CalculateDataRemovalTime (Descriptor
->FormatBit2
, SwapBytes16 (Descriptor
->TimeBit2
));
1040 return CalculateDataRemovalTime (Descriptor
->FormatBit3
, SwapBytes16 (Descriptor
->TimeBit3
));
1042 case ResetWritePointers
:
1043 return CalculateDataRemovalTime (Descriptor
->FormatBit4
, SwapBytes16 (Descriptor
->TimeBit4
));
1045 case VendorSpecificErase
:
1046 return CalculateDataRemovalTime (Descriptor
->FormatBit5
, SwapBytes16 (Descriptor
->TimeBit5
));
1054 Get the supported Data Removal Mechanism list.
1056 @param[in] Session The session info for one opal device.
1057 @param[out] RemovalMechanismLists Return the supported data removal mechanism lists.
1062 OpalUtilGetDataRemovalMechanismLists (
1063 IN OPAL_SESSION
*Session
,
1064 OUT UINT32
*RemovalMechanismLists
1069 DATA_REMOVAL_FEATURE_DESCRIPTOR Descriptor
;
1073 NULL_CHECK (Session
);
1074 NULL_CHECK (RemovalMechanismLists
);
1076 DataSize
= sizeof (Descriptor
);
1077 Ret
= OpalGetFeatureDescriptor (Session
, TCG_FEATURE_DATA_REMOVAL
, &DataSize
, &Descriptor
);
1078 if (Ret
!= TcgResultSuccess
) {
1079 return TcgResultFailure
;
1082 ASSERT (Descriptor
.RemovalMechanism
!= 0);
1084 for (Index
= 0; Index
< ResearvedMechanism
; Index
++) {
1085 BitValue
= (BOOLEAN
)BitFieldRead8 (Descriptor
.RemovalMechanism
, Index
, Index
);
1087 if (BitValue
== 0) {
1088 RemovalMechanismLists
[Index
] = 0;
1090 RemovalMechanismLists
[Index
] = GetDataRemovalTime (Index
, &Descriptor
);
1094 return TcgResultSuccess
;
1098 Get revert timeout value.
1100 @param[in] Session The session info for one opal device.
1105 IN OPAL_SESSION
*Session
1108 TCG_RESULT TcgResult
;
1109 OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes
;
1112 UINT8 Msid
[OPAL_MSID_LENGTH
];
1113 UINT32 RemovalMechanishLists
[ResearvedMechanism
];
1114 UINT8 ActiveDataRemovalMechanism
;
1116 TcgResult
= OpalGetSupportedAttributesInfo (Session
, &SupportedAttributes
, &BaseComId
);
1117 if ((TcgResult
!= TcgResultSuccess
) || (SupportedAttributes
.DataRemoval
== 0)) {
1121 TcgResult
= OpalUtilGetMsid (Session
, Msid
, OPAL_MSID_LENGTH
, &MsidLength
);
1122 if (TcgResult
!= TcgResultSuccess
) {
1126 TcgResult
= OpalUtilGetDataRemovalMechanismLists (Session
, RemovalMechanishLists
);
1127 if (TcgResult
!= TcgResultSuccess
) {
1131 TcgResult
= OpalUtilGetActiveDataRemovalMechanism (Session
, Msid
, MsidLength
, &ActiveDataRemovalMechanism
);
1132 if (TcgResult
!= TcgResultSuccess
) {
1136 return RemovalMechanishLists
[ActiveDataRemovalMechanism
];