]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
projects / mirror_edk2.git / blob
? search:


ab31a6bfe7bc59b8b2dc0a34468047f8861961da
[mirror_edk2.git] / SecurityPkg / Tcg / Opal / OpalPasswordSmm / OpalPasswordSmm.h
1 /** @file
2 Opal password smm driver which is used to support Opal security feature at s3 path.
3
4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #ifndef _OPAL_PASSWORD_SMM_H_
16 #define _OPAL_PASSWORD_SMM_H_
17
18 #include <PiSmm.h>
19 #include <IndustryStandard/Atapi.h>
20
21 #include <Protocol/SmmSwDispatch2.h>
22 #include <Protocol/SmmSxDispatch2.h>
23 #include <Protocol/AtaPassThru.h>
24 #include <Protocol/PciIo.h>
25 #include <Protocol/SmmReadyToLock.h>
26 #include <Protocol/SmmVariable.h>
27 #include <Protocol/VariableLock.h>
28 #include <Protocol/SmmEndOfDxe.h>
29 #include <Protocol/StorageSecurityCommand.h>
30
31 #include <Library/OpalPasswordSupportLib.h>
32 #include <Library/DebugLib.h>
33 #include <Library/PcdLib.h>
34 #include <Library/IoLib.h>
35 #include <Library/TimerLib.h>
36 #include <Library/PciLib.h>
37 #include <Library/BaseLib.h>
38 #include <Library/BaseMemoryLib.h>
39 #include <Library/SmmServicesTableLib.h>
40 #include <Library/MemoryAllocationLib.h>
41 #include <Library/UefiDriverEntryPoint.h>
42 #include <Library/UefiBootServicesTableLib.h>
43 #include <Library/UefiRuntimeServicesTableLib.h>
44 #include <Library/UefiLib.h>
45 #include <Library/S3BootScriptLib.h>
46 #include <Library/DevicePathLib.h>
47 #include <Library/DxeServicesTableLib.h>
48
49 #include <IndustryStandard/Pci22.h>
50
51 #include <Guid/OpalPasswordExtraInfoVariable.h>
52
53 #include "OpalAhciMode.h"
54 #include "OpalIdeMode.h"
55 #include "OpalNvmeMode.h"
56
57 //
58 // Time out Value for ATA pass through protocol
59 //
60 #define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3)
61
62 //
63 // The payload Length of HDD related ATA commands
64 //
65 #define HDD_PAYLOAD 512
66 //
67 // According to ATA spec, the max Length of hdd password is 32 bytes
68 //
69 #define OPAL_PASSWORD_MAX_LENGTH 32
70
71 extern VOID *mBuffer;
72
73 extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace;
74 extern UINTN mNumberOfDescriptors;
75 #pragma pack(1)
76
77 typedef struct {
78 UINT32 Address;
79 S3_BOOT_SCRIPT_LIB_WIDTH Width;
80 } OPAL_HC_PCI_REGISTER_SAVE;
81
82
83 typedef struct {
84 UINT32 SegNum;
85 UINT32 BusNum;
86 UINT32 DevNum;
87 UINT32 FuncNum;
88 } PCI_DEVICE;
89
90 /**
91 * Opal I/O Type utilized by the Trusted IO callback
92 *
93 * The type indicates if the I/O is a send or receive
94 */
95 typedef enum {
96 //
97 // I/O is a TCG Trusted Send command
98 //
99 OpalSend,
100
101 //
102 // I/O is a TCG Trusted Receive command
103 //
104 OpalRecv
105 } OPAL_IO_TYPE;
106
107
108 #define OPAL_SMM_DEVICE_SIGNATURE SIGNATURE_32 ('o', 's', 'd', 's')
109
110 typedef struct {
111 UINTN Signature;
112 LIST_ENTRY Link;
113
114 EFI_STORAGE_SECURITY_COMMAND_PROTOCOL Sscp;
115
116 UINT32 SegNum;
117 UINT32 BusNum;
118 UINT32 DevNum;
119 UINT32 FuncNum;
120
121 UINT8 DeviceType;
122
123 UINT32 SataPort;
124 UINT32 SataPortMultiplierPort;
125
126 UINT32 NvmeNamespaceId;
127
128 UINT8 Password[32];
129 UINT8 PasswordLength;
130
131 UINT32 Length;
132 PCI_DEVICE *PciBridgeNode;
133
134 UINT16 OpalBaseComId;
135 } OPAL_SMM_DEVICE;
136
137 #define OPAL_SMM_DEVICE_FROM_THIS(a) CR (a, OPAL_SMM_DEVICE, Sscp, OPAL_SMM_DEVICE_SIGNATURE)
138
139 #pragma pack()
140
141 /**
142 Send a security protocol command to a device that receives data and/or the result
143 of one or more commands sent by SendData.
144
145 The ReceiveData function sends a security protocol command to the given MediaId.
146 The security protocol command sent is defined by SecurityProtocolId and contains
147 the security protocol specific data SecurityProtocolSpecificData. The function
148 returns the data from the security protocol command in PayloadBuffer.
149
150 For devices supporting the SCSI command set, the security protocol command is sent
151 using the SECURITY PROTOCOL IN command defined in SPC-4.
152
153 For devices supporting the ATA command set, the security protocol command is sent
154 using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize
155 is non-zero.
156
157 If the PayloadBufferSize is zero, the security protocol command is sent using the
158 Trusted Non-Data command defined in ATA8-ACS.
159
160 If PayloadBufferSize is too small to store the available data from the security
161 protocol command, the function shall copy PayloadBufferSize bytes into the
162 PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
163
164 If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero,
165 the function shall return EFI_INVALID_PARAMETER.
166
167 If the given MediaId does not support security protocol commands, the function shall
168 return EFI_UNSUPPORTED. If there is no media in the device, the function returns
169 EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device,
170 the function returns EFI_MEDIA_CHANGED.
171
172 If the security protocol fails to complete within the Timeout period, the function
173 shall return EFI_TIMEOUT.
174
175 If the security protocol command completes without an error, the function shall
176 return EFI_SUCCESS. If the security protocol command completes with an error, the
177 function shall return EFI_DEVICE_ERROR.
178
179 @param This Indicates a pointer to the calling context.
180 @param MediaId ID of the medium to receive data from.
181 @param Timeout The timeout, in 100ns units, to use for the execution
182 of the security protocol command. A Timeout value of 0
183 means that this function will wait indefinitely for the
184 security protocol command to execute. If Timeout is greater
185 than zero, then this function will return EFI_TIMEOUT
186 if the time required to execute the receive data command
187 is greater than Timeout.
188 @param SecurityProtocolId The value of the "Security Protocol" parameter of
189 the security protocol command to be sent.
190 @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter
191 of the security protocol command to be sent.
192 @param PayloadBufferSize Size in bytes of the payload data buffer.
193 @param PayloadBuffer A pointer to a destination buffer to store the security
194 protocol command specific payload data for the security
195 protocol command. The caller is responsible for having
196 either implicit or explicit ownership of the buffer.
197 @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the
198 data written to the payload data buffer.
199
200 @retval EFI_SUCCESS The security protocol command completed successfully.
201 @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available
202 data from the device. The PayloadBuffer contains the truncated data.
203 @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.
204 @retval EFI_DEVICE_ERROR The security protocol command completed with an error.
205 @retval EFI_NO_MEDIA There is no media in the device.
206 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
207 @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and
208 PayloadBufferSize is non-zero.
209 @retval EFI_TIMEOUT A timeout occurred while waiting for the security
210 protocol command to execute.
211
212 **/
213 EFI_STATUS
214 EFIAPI
215 SecurityReceiveData (
216 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
217 IN UINT32 MediaId,
218 IN UINT64 Timeout,
219 IN UINT8 SecurityProtocolId,
220 IN UINT16 SecurityProtocolSpecificData,
221 IN UINTN PayloadBufferSize,
222 OUT VOID *PayloadBuffer,
223 OUT UINTN *PayloadTransferSize
224 );
225
226 /**
227 Send a security protocol command to a device.
228
229 The SendData function sends a security protocol command containing the payload
230 PayloadBuffer to the given MediaId. The security protocol command sent is
231 defined by SecurityProtocolId and contains the security protocol specific data
232 SecurityProtocolSpecificData. If the underlying protocol command requires a
233 specific padding for the command payload, the SendData function shall add padding
234 bytes to the command payload to satisfy the padding requirements.
235
236 For devices supporting the SCSI command set, the security protocol command is sent
237 using the SECURITY PROTOCOL OUT command defined in SPC-4.
238
239 For devices supporting the ATA command set, the security protocol command is sent
240 using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize
241 is non-zero. If the PayloadBufferSize is zero, the security protocol command is
242 sent using the Trusted Non-Data command defined in ATA8-ACS.
243
244 If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall
245 return EFI_INVALID_PARAMETER.
246
247 If the given MediaId does not support security protocol commands, the function
248 shall return EFI_UNSUPPORTED. If there is no media in the device, the function
249 returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the
250 device, the function returns EFI_MEDIA_CHANGED.
251
252 If the security protocol fails to complete within the Timeout period, the function
253 shall return EFI_TIMEOUT.
254
255 If the security protocol command completes without an error, the function shall return
256 EFI_SUCCESS. If the security protocol command completes with an error, the function
257 shall return EFI_DEVICE_ERROR.
258
259 @param This Indicates a pointer to the calling context.
260 @param MediaId ID of the medium to receive data from.
261 @param Timeout The timeout, in 100ns units, to use for the execution
262 of the security protocol command. A Timeout value of 0
263 means that this function will wait indefinitely for the
264 security protocol command to execute. If Timeout is greater
265 than zero, then this function will return EFI_TIMEOUT
266 if the time required to execute the receive data command
267 is greater than Timeout.
268 @param SecurityProtocolId The value of the "Security Protocol" parameter of
269 the security protocol command to be sent.
270 @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter
271 of the security protocol command to be sent.
272 @param PayloadBufferSize Size in bytes of the payload data buffer.
273 @param PayloadBuffer A pointer to a destination buffer to store the security
274 protocol command specific payload data for the security
275 protocol command.
276
277 @retval EFI_SUCCESS The security protocol command completed successfully.
278 @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.
279 @retval EFI_DEVICE_ERROR The security protocol command completed with an error.
280 @retval EFI_NO_MEDIA There is no media in the device.
281 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
282 @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero.
283 @retval EFI_TIMEOUT A timeout occurred while waiting for the security
284 protocol command to execute.
285
286 **/
287 EFI_STATUS
288 EFIAPI
289 SecuritySendData (
290 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
291 IN UINT32 MediaId,
292 IN UINT64 Timeout,
293 IN UINT8 SecurityProtocolId,
294 IN UINT16 SecurityProtocolSpecificData,
295 IN UINTN PayloadBufferSize,
296 IN VOID *PayloadBuffer
297 );
298
299 #endif // _OPAL_PASSWORD_SMM_H_
300
EFI Development Kit II mirror for PVE