2 Opal password smm driver which is used to support Opal security feature at s3 path.
4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #ifndef _OPAL_PASSWORD_SMM_H_
16 #define _OPAL_PASSWORD_SMM_H_
19 #include <IndustryStandard/Atapi.h>
21 #include <Protocol/SmmSwDispatch2.h>
22 #include <Protocol/SmmSxDispatch2.h>
23 #include <Protocol/AtaPassThru.h>
24 #include <Protocol/PciIo.h>
25 #include <Protocol/SmmReadyToLock.h>
26 #include <Protocol/SmmVariable.h>
27 #include <Protocol/VariableLock.h>
28 #include <Protocol/SmmEndOfDxe.h>
29 #include <Protocol/StorageSecurityCommand.h>
31 #include <Library/OpalPasswordSupportLib.h>
32 #include <Library/DebugLib.h>
33 #include <Library/PcdLib.h>
34 #include <Library/IoLib.h>
35 #include <Library/TimerLib.h>
36 #include <Library/PciLib.h>
37 #include <Library/BaseLib.h>
38 #include <Library/BaseMemoryLib.h>
39 #include <Library/SmmServicesTableLib.h>
40 #include <Library/MemoryAllocationLib.h>
41 #include <Library/UefiDriverEntryPoint.h>
42 #include <Library/UefiBootServicesTableLib.h>
43 #include <Library/UefiRuntimeServicesTableLib.h>
44 #include <Library/UefiLib.h>
45 #include <Library/S3BootScriptLib.h>
46 #include <Library/DevicePathLib.h>
47 #include <Library/DxeServicesTableLib.h>
49 #include <IndustryStandard/Pci22.h>
51 #include <Guid/OpalPasswordExtraInfoVariable.h>
53 #include "OpalAhciMode.h"
54 #include "OpalIdeMode.h"
55 #include "OpalNvmeMode.h"
58 // Time out Value for ATA pass through protocol
60 #define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3)
63 // The payload Length of HDD related ATA commands
65 #define HDD_PAYLOAD 512
67 // According to ATA spec, the max Length of hdd password is 32 bytes
69 #define OPAL_PASSWORD_MAX_LENGTH 32
73 extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR
*mGcdMemSpace
;
74 extern UINTN mNumberOfDescriptors
;
79 S3_BOOT_SCRIPT_LIB_WIDTH Width
;
80 } OPAL_HC_PCI_REGISTER_SAVE
;
91 * Opal I/O Type utilized by the Trusted IO callback
93 * The type indicates if the I/O is a send or receive
97 // I/O is a TCG Trusted Send command
102 // I/O is a TCG Trusted Receive command
108 #define OPAL_SMM_DEVICE_SIGNATURE SIGNATURE_32 ('o', 's', 'd', 's')
114 EFI_STORAGE_SECURITY_COMMAND_PROTOCOL Sscp
;
124 UINT32 SataPortMultiplierPort
;
126 UINT32 NvmeNamespaceId
;
129 UINT8 PasswordLength
;
132 PCI_DEVICE
*PciBridgeNode
;
134 UINT16 OpalBaseComId
;
137 #define OPAL_SMM_DEVICE_FROM_THIS(a) CR (a, OPAL_SMM_DEVICE, Sscp, OPAL_SMM_DEVICE_SIGNATURE)
142 Send a security protocol command to a device that receives data and/or the result
143 of one or more commands sent by SendData.
145 The ReceiveData function sends a security protocol command to the given MediaId.
146 The security protocol command sent is defined by SecurityProtocolId and contains
147 the security protocol specific data SecurityProtocolSpecificData. The function
148 returns the data from the security protocol command in PayloadBuffer.
150 For devices supporting the SCSI command set, the security protocol command is sent
151 using the SECURITY PROTOCOL IN command defined in SPC-4.
153 For devices supporting the ATA command set, the security protocol command is sent
154 using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize
157 If the PayloadBufferSize is zero, the security protocol command is sent using the
158 Trusted Non-Data command defined in ATA8-ACS.
160 If PayloadBufferSize is too small to store the available data from the security
161 protocol command, the function shall copy PayloadBufferSize bytes into the
162 PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
164 If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero,
165 the function shall return EFI_INVALID_PARAMETER.
167 If the given MediaId does not support security protocol commands, the function shall
168 return EFI_UNSUPPORTED. If there is no media in the device, the function returns
169 EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device,
170 the function returns EFI_MEDIA_CHANGED.
172 If the security protocol fails to complete within the Timeout period, the function
173 shall return EFI_TIMEOUT.
175 If the security protocol command completes without an error, the function shall
176 return EFI_SUCCESS. If the security protocol command completes with an error, the
177 function shall return EFI_DEVICE_ERROR.
179 @param This Indicates a pointer to the calling context.
180 @param MediaId ID of the medium to receive data from.
181 @param Timeout The timeout, in 100ns units, to use for the execution
182 of the security protocol command. A Timeout value of 0
183 means that this function will wait indefinitely for the
184 security protocol command to execute. If Timeout is greater
185 than zero, then this function will return EFI_TIMEOUT
186 if the time required to execute the receive data command
187 is greater than Timeout.
188 @param SecurityProtocolId The value of the "Security Protocol" parameter of
189 the security protocol command to be sent.
190 @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter
191 of the security protocol command to be sent.
192 @param PayloadBufferSize Size in bytes of the payload data buffer.
193 @param PayloadBuffer A pointer to a destination buffer to store the security
194 protocol command specific payload data for the security
195 protocol command. The caller is responsible for having
196 either implicit or explicit ownership of the buffer.
197 @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the
198 data written to the payload data buffer.
200 @retval EFI_SUCCESS The security protocol command completed successfully.
201 @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available
202 data from the device. The PayloadBuffer contains the truncated data.
203 @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.
204 @retval EFI_DEVICE_ERROR The security protocol command completed with an error.
205 @retval EFI_NO_MEDIA There is no media in the device.
206 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
207 @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and
208 PayloadBufferSize is non-zero.
209 @retval EFI_TIMEOUT A timeout occurred while waiting for the security
210 protocol command to execute.
215 SecurityReceiveData (
216 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
*This
,
219 IN UINT8 SecurityProtocolId
,
220 IN UINT16 SecurityProtocolSpecificData
,
221 IN UINTN PayloadBufferSize
,
222 OUT VOID
*PayloadBuffer
,
223 OUT UINTN
*PayloadTransferSize
227 Send a security protocol command to a device.
229 The SendData function sends a security protocol command containing the payload
230 PayloadBuffer to the given MediaId. The security protocol command sent is
231 defined by SecurityProtocolId and contains the security protocol specific data
232 SecurityProtocolSpecificData. If the underlying protocol command requires a
233 specific padding for the command payload, the SendData function shall add padding
234 bytes to the command payload to satisfy the padding requirements.
236 For devices supporting the SCSI command set, the security protocol command is sent
237 using the SECURITY PROTOCOL OUT command defined in SPC-4.
239 For devices supporting the ATA command set, the security protocol command is sent
240 using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize
241 is non-zero. If the PayloadBufferSize is zero, the security protocol command is
242 sent using the Trusted Non-Data command defined in ATA8-ACS.
244 If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall
245 return EFI_INVALID_PARAMETER.
247 If the given MediaId does not support security protocol commands, the function
248 shall return EFI_UNSUPPORTED. If there is no media in the device, the function
249 returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the
250 device, the function returns EFI_MEDIA_CHANGED.
252 If the security protocol fails to complete within the Timeout period, the function
253 shall return EFI_TIMEOUT.
255 If the security protocol command completes without an error, the function shall return
256 EFI_SUCCESS. If the security protocol command completes with an error, the function
257 shall return EFI_DEVICE_ERROR.
259 @param This Indicates a pointer to the calling context.
260 @param MediaId ID of the medium to receive data from.
261 @param Timeout The timeout, in 100ns units, to use for the execution
262 of the security protocol command. A Timeout value of 0
263 means that this function will wait indefinitely for the
264 security protocol command to execute. If Timeout is greater
265 than zero, then this function will return EFI_TIMEOUT
266 if the time required to execute the receive data command
267 is greater than Timeout.
268 @param SecurityProtocolId The value of the "Security Protocol" parameter of
269 the security protocol command to be sent.
270 @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter
271 of the security protocol command to be sent.
272 @param PayloadBufferSize Size in bytes of the payload data buffer.
273 @param PayloadBuffer A pointer to a destination buffer to store the security
274 protocol command specific payload data for the security
277 @retval EFI_SUCCESS The security protocol command completed successfully.
278 @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.
279 @retval EFI_DEVICE_ERROR The security protocol command completed with an error.
280 @retval EFI_NO_MEDIA There is no media in the device.
281 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
282 @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero.
283 @retval EFI_TIMEOUT A timeout occurred while waiting for the security
284 protocol command to execute.
290 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
*This
,
293 IN UINT8 SecurityProtocolId
,
294 IN UINT16 SecurityProtocolSpecificData
,
295 IN UINTN PayloadBufferSize
,
296 IN VOID
*PayloadBuffer
299 #endif // _OPAL_PASSWORD_SMM_H_