--- /dev/null
+/** @file\r
+\r
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _EDKII_STORAGE_SECURITY_COMMAND_PPI_H_\r
+#define _EDKII_STORAGE_SECURITY_COMMAND_PPI_H_\r
+\r
+#include <Protocol/DevicePath.h>\r
+\r
+///\r
+/// Global ID for the EDKII_PEI_STORAGE_SECURITY_CMD_PPI.\r
+///\r
+#define EDKII_PEI_STORAGE_SECURITY_CMD_PPI_GUID \\r
+ { \\r
+ 0x35de0b4e, 0x30fb, 0x46c3, { 0xbd, 0x84, 0x1f, 0xdb, 0xa1, 0x58, 0xbb, 0x56 } \\r
+ }\r
+\r
+//\r
+// Forward declaration for the EDKII_PEI_STORAGE_SECURITY_CMD_PPI.\r
+//\r
+typedef struct _EDKII_PEI_STORAGE_SECURITY_CMD_PPI EDKII_PEI_STORAGE_SECURITY_CMD_PPI;\r
+\r
+//\r
+// Revision The revision to which the Storage Security Command interface adheres.\r
+// All future revisions must be backwards compatible.\r
+// If a future version is not back wards compatible it is not the same GUID.\r
+//\r
+#define EDKII_STORAGE_SECURITY_PPI_REVISION 0x00010000\r
+\r
+\r
+/**\r
+ Gets the count of storage security devices that one specific driver detects.\r
+\r
+ @param[in] This The PPI instance pointer.\r
+ @param[out] NumberofDevices The number of storage security devices discovered.\r
+\r
+ @retval EFI_SUCCESS The operation performed successfully.\r
+ @retval EFI_INVALID_PARAMETER The parameters are invalid.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EDKII_PEI_STORAGE_SECURITY_GET_NUMBER_DEVICES) (\r
+ IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *This,\r
+ OUT UINTN *NumberofDevices\r
+ );\r
+\r
+/**\r
+ Gets the device path of a specific storage security device.\r
+\r
+ @param[in] This The PPI instance pointer.\r
+ @param[in] DeviceIndex Specifies the storage security device to which\r
+ the function wants to talk. Because the driver\r
+ that implements Storage Security Command PPIs\r
+ will manage multiple storage devices, the PPIs\r
+ that want to talk to a single device must specify\r
+ the device index that was assigned during the\r
+ enumeration process. This index is a number from\r
+ one to NumberofDevices.\r
+ @param[out] DevicePathLength The length of the device path in bytes specified\r
+ by DevicePath.\r
+ @param[out] DevicePath The device path of storage security device.\r
+ This field re-uses EFI Device Path Protocol as\r
+ defined by Section 10.2 EFI Device Path Protocol\r
+ of UEFI 2.7 Specification.\r
+\r
+ @retval EFI_SUCCESS The operation succeeds.\r
+ @retval EFI_INVALID_PARAMETER DevicePathLength or DevicePath is NULL.\r
+ @retval EFI_NOT_FOUND The specified storage security device not found.\r
+ @retval EFI_OUT_OF_RESOURCES The operation fails due to lack of resources.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EDKII_PEI_STORAGE_SECURITY_GET_DEVICE_PATH) (\r
+ IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *This,\r
+ IN UINTN DeviceIndex,\r
+ OUT UINTN *DevicePathLength,\r
+ OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath\r
+ );\r
+\r
+/**\r
+ Send a security protocol command to a device that receives data and/or the result\r
+ of one or more commands sent by SendData.\r
+\r
+ The ReceiveData function sends a security protocol command to the given DeviceIndex.\r
+ The security protocol command sent is defined by SecurityProtocolId and contains\r
+ the security protocol specific data SecurityProtocolSpecificData. The function\r
+ returns the data from the security protocol command in PayloadBuffer.\r
+\r
+ For devices supporting the SCSI command set, the security protocol command is sent\r
+ using the SECURITY PROTOCOL IN command defined in SPC-4.\r
+\r
+ For devices supporting the ATA command set, the security protocol command is sent\r
+ using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize\r
+ is non-zero.\r
+\r
+ If the PayloadBufferSize is zero, the security protocol command is sent using the\r
+ Trusted Non-Data command defined in ATA8-ACS.\r
+\r
+ If PayloadBufferSize is too small to store the available data from the security\r
+ protocol command, the function shall copy PayloadBufferSize bytes into the\r
+ PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.\r
+\r
+ If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero,\r
+ the function shall return EFI_INVALID_PARAMETER.\r
+\r
+ If the given DeviceIndex does not support security protocol commands, the function\r
+ shall return EFI_UNSUPPORTED.\r
+\r
+ If the security protocol fails to complete within the Timeout period, the function\r
+ shall return EFI_TIMEOUT.\r
+\r
+ If the security protocol command completes without an error, the function shall\r
+ return EFI_SUCCESS. If the security protocol command completes with an error, the\r
+ function shall return EFI_DEVICE_ERROR.\r
+\r
+ @param[in] This The PPI instance pointer.\r
+ @param[in] DeviceIndex Specifies the storage security device to which the\r
+ function wants to talk. Because the driver that\r
+ implements Storage Security Command PPIs will manage\r
+ multiple storage devices, the PPIs that want to talk\r
+ to a single device must specify the device index\r
+ that was assigned during the enumeration process.\r
+ This index is a number from one to NumberofDevices.\r
+ @param[in] Timeout The timeout, in 100ns units, to use for the execution\r
+ of the security protocol command. A Timeout value\r
+ of 0 means that this function will wait indefinitely\r
+ for the security protocol command to execute. If\r
+ Timeout is greater than zero, then this function\r
+ will return EFI_TIMEOUT if the time required to\r
+ execute the receive data command is greater than\r
+ Timeout.\r
+ @param[in] SecurityProtocolId\r
+ The value of the "Security Protocol" parameter of\r
+ the security protocol command to be sent.\r
+ @param[in] SecurityProtocolSpecificData\r
+ The value of the "Security Protocol Specific"\r
+ parameter of the security protocol command to be\r
+ sent.\r
+ @param[in] PayloadBufferSize\r
+ Size in bytes of the payload data buffer.\r
+ @param[out] PayloadBuffer A pointer to a destination buffer to store the\r
+ security protocol command specific payload data\r
+ for the security protocol command. The caller is\r
+ responsible for having either implicit or explicit\r
+ ownership of the buffer.\r
+ @param[out] PayloadTransferSize\r
+ A pointer to a buffer to store the size in bytes\r
+ of the data written to the payload data buffer.\r
+\r
+ @retval EFI_SUCCESS The security protocol command completed\r
+ successfully.\r
+ @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to\r
+ store the available data from the device.\r
+ The PayloadBuffer contains the truncated\r
+ data.\r
+ @retval EFI_UNSUPPORTED The given DeviceIndex does not support\r
+ security protocol commands.\r
+ @retval EFI_DEVICE_ERROR The security protocol command completed\r
+ with an error.\r
+ @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize\r
+ is NULL and PayloadBufferSize is non-zero.\r
+ @retval EFI_TIMEOUT A timeout occurred while waiting for the\r
+ security protocol command to execute.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EDKII_PEI_STORAGE_SECURITY_RECEIVE_DATA) (\r
+ IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *This,\r
+ IN UINTN DeviceIndex,\r
+ IN UINT64 Timeout,\r
+ IN UINT8 SecurityProtocolId,\r
+ IN UINT16 SecurityProtocolSpecificData,\r
+ IN UINTN PayloadBufferSize,\r
+ OUT VOID *PayloadBuffer,\r
+ OUT UINTN *PayloadTransferSize\r
+ );\r
+\r
+/**\r
+ Send a security protocol command to a device.\r
+\r
+ The SendData function sends a security protocol command containing the payload\r
+ PayloadBuffer to the given DeviceIndex. The security protocol command sent is\r
+ defined by SecurityProtocolId and contains the security protocol specific data\r
+ SecurityProtocolSpecificData. If the underlying protocol command requires a\r
+ specific padding for the command payload, the SendData function shall add padding\r
+ bytes to the command payload to satisfy the padding requirements.\r
+\r
+ For devices supporting the SCSI command set, the security protocol command is\r
+ sent using the SECURITY PROTOCOL OUT command defined in SPC-4.\r
+\r
+ For devices supporting the ATA command set, the security protocol command is\r
+ sent using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize\r
+ is non-zero. If the PayloadBufferSize is zero, the security protocol command\r
+ is sent using the Trusted Non-Data command defined in ATA8-ACS.\r
+\r
+ If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall\r
+ return EFI_INVALID_PARAMETER.\r
+\r
+ If the given DeviceIndex does not support security protocol commands, the function\r
+ shall return EFI_UNSUPPORTED.\r
+\r
+ If the security protocol fails to complete within the Timeout period, the function\r
+ shall return EFI_TIMEOUT.\r
+\r
+ If the security protocol command completes without an error, the function shall\r
+ return EFI_SUCCESS. If the security protocol command completes with an error,\r
+ the functio shall return EFI_DEVICE_ERROR.\r
+\r
+ @param[in] This The PPI instance pointer.\r
+ @param[in] DeviceIndex The ID of the device.\r
+ @param[in] Timeout The timeout, in 100ns units, to use for the execution\r
+ of the security protocol command. A Timeout value\r
+ of 0 means that this function will wait indefinitely\r
+ for the security protocol command to execute. If\r
+ Timeout is greater than zero, then this function\r
+ will return EFI_TIMEOUT if the time required to\r
+ execute the receive data command is greater than\r
+ Timeout.\r
+ @param[in] SecurityProtocolId\r
+ The value of the "Security Protocol" parameter of\r
+ the security protocol command to be sent.\r
+ @param[in] SecurityProtocolSpecificData\r
+ The value of the "Security Protocol Specific"\r
+ parameter of the security protocol command to be\r
+ sent.\r
+ @param[in] PayloadBufferSize Size in bytes of the payload data buffer.\r
+ @param[in] PayloadBuffer A pointer to a destination buffer to store the\r
+ security protocol command specific payload data\r
+ for the security protocol command.\r
+\r
+ @retval EFI_SUCCESS The security protocol command completed successfully.\r
+ @retval EFI_UNSUPPORTED The given DeviceIndex does not support security\r
+ protocol commands.\r
+ @retval EFI_DEVICE_ERROR The security protocol command completed with\r
+ an error.\r
+ @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize\r
+ is non-zero.\r
+ @retval EFI_TIMEOUT A timeout occurred while waiting for the security\r
+ protocol command to execute.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EDKII_PEI_STORAGE_SECURITY_SEND_DATA) (\r
+ IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *This,\r
+ IN UINTN DeviceIndex,\r
+ IN UINT64 Timeout,\r
+ IN UINT8 SecurityProtocolId,\r
+ IN UINT16 SecurityProtocolSpecificData,\r
+ IN UINTN PayloadBufferSize,\r
+ IN VOID *PayloadBuffer\r
+ );\r
+\r
+//\r
+// EDKII_PEI_STORAGE_SECURITY_CMD_PPI contains a set of services to send security\r
+// protocol commands to a mass storage device. Two types of security protocol\r
+// commands are supported. SendData sends a command with data to a device.\r
+// ReceiveData sends a command that receives data and/or the result of one or\r
+// more commands sent by SendData.\r
+//\r
+struct _EDKII_PEI_STORAGE_SECURITY_CMD_PPI {\r
+ UINT64 Revision;\r
+ EDKII_PEI_STORAGE_SECURITY_GET_NUMBER_DEVICES GetNumberofDevices;\r
+ EDKII_PEI_STORAGE_SECURITY_GET_DEVICE_PATH GetDevicePath;\r
+ EDKII_PEI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData;\r
+ EDKII_PEI_STORAGE_SECURITY_SEND_DATA SendData;\r
+};\r
+\r
+extern EFI_GUID gEdkiiPeiStorageSecurityCommandPpiGuid;\r
+\r
+#endif\r