-/** @file
- The UEFI Inline Cryptographic Interface protocol provides services to abstract
- access to inline cryptographic capabilities.
-
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __BLOCK_IO_CRYPTO_H__
-#define __BLOCK_IO_CRYPTO_H__
-
-#include <Protocol/BlockIo.h>
-
-#define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \
- { \
- 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8} \
- }
-
-typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL;
-
-///
-/// The struct of Block I/O Crypto Token.
-///
-typedef struct {
- //
- // If Event is NULL, then blocking I/O is performed. If Event is not NULL and
- // non-blocking I/O is supported, then non-blocking I/O is performed, and
- // Event will be signaled when the read request is completed and data was
- // decrypted (when Index was specified).
- //
- EFI_EVENT Event;
- //
- // Defines whether or not the signaled event encountered an error.
- //
- EFI_STATUS TransactionStatus;
-} EFI_BLOCK_IO_CRYPTO_TOKEN;
-
-
-/**
- Reset the block device hardware.
-
- The Reset() function resets the block device hardware.
-
- As part of the initialization process, the firmware/device will make a quick but
- reasonable attempt to verify that the device is functioning.
-
- If the ExtendedVerificationflag is TRUE the firmware may take an extended amount
- of time to verify the device is operating on reset. Otherwise the reset operation
- is to occur as quickly as possible.
-
- The hardware verification process is not defined by this specification and is left
- up to the platform firmware or driver to implement.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[in] ExtendedVerification Indicates that the driver may perform a more exhausive
- verfication operation of the device during reset.
-
- @retval EFI_SUCCESS The block device was reset.
- @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could
- not be reset.
- @retval EFI_INVALID_PARAMETER This is NULL.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- IN BOOLEAN ExtendedVerification
- );
-
-/**
- Get the capabilities of the underlying inline cryptographic interface.
-
- The GetCapabilities() function determines whether pre-OS controllable inline crypto
- is supported by the system for the current disk and, if so, returns the capabilities
- of the crypto engine.
-
- The caller is responsible for providing the Capabilities structure with a sufficient
- number of entries.
-
- If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is returned and the
- CapabilityCount field contains the number of entries needed to contain the capabilities.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[out] Capabilities Pointer to the EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure.
-
- @retval EFI_SUCCESS The ICI is ready for use.
- @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The number of
- entries needed is returned in the CapabilityCount field
- of the structure.
- @retval EFI_NO_RESPONSE No response was received from the ICI.
- @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER Capabilities is NULL.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities
- );
-
-/**
- Set the configuration of the underlying inline cryptographic interface.
-
- The SetConfiguration() function allows the user to set the current configuration of the
- inline cryptographic interface and should be called before attempting any crypto operations.
-
- This configures the configuration table entries with algorithms, key sizes and keys. Each
- configured entry can later be referred to by index at the time of storage transaction.
-
- The configuration table index will refer to the combination ofKeyOwnerGuid, Algorithm, and
- CryptoKey.
-
- KeyOwnerGuid identifies the component taking ownership of the entry. It helps components to
- identify their own entries, cooperate with other owner components, and avoid conflicts. This
- Guid identifier is there to help coordination between cooperating components and not a security
- or synchronization feature. The Nil GUID can be used by a component to release use of entry
- owned. It is also used to identify potentially available entries (see GetConfiguration).
-
- CryptoKey specifies algorithm-specific key material to use within parameters of selected crypto
- capability.
-
- This function is called infrequently typically once, on device start, before IO starts. It
- can be called at later times in cases the number of keysused on the drive is higher than what
- can be configured at a time or a new key has to be added.
-
- Components setting or changing an entry or entries for a given index or indices must ensure
- that IO referencing affected indices is temporarily blocked (run-down) at the time of change.
-
- Indices parameters in each parameter table entry allow to set only a portion of the available
- table entries in the crypto module anywhere from single entry to entire table supported.
-
- If corresponding table entry or entries being set are already in use by another owner the call
- should be failed and none of the entries should be modified. The interface implementation must
- enforce atomicity of this operation (should either succeed fully or fail completely without
- modifying state).
-
- Note that components using GetConfiguration command to discover available entries should be
- prepared that by the time of calling SetConfiguration the previously available entry may have
- become occupied. Such components should be prepared to re-try the sequence of operations.
-
- Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the implementation discover
- and allocate available,if any, indices atomically.
-
- An optional ResultingTable pointer can be provided by the caller to receive the newly configured
- entries. The array provided by the caller must have at least ConfigurationCount of entries.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[in] ConfigurationCount Number of entries being configured with this call.
- @param[in] ConfigurationTable Pointer to a table used to populate the configuration table.
- @param[out] ResultingTable Optional pointer to a table that receives the newly configured
- entries.
-
- @retval EFI_SUCCESS The ICI is ready for use.
- @retval EFI_NO_RESPONSE No response was received from the ICI.
- @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL.
- @retval EFI_INVALID_PARAMETER ConfigurationCount is 0.
- @retval EFI_OUT_OF_RESOURCES Could not find the requested number of available entries in the
- configuration table.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- IN UINT64 ConfigurationCount,
- IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable,
- OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable OPTIONAL
- );
-
-
-/**
- Get the configuration of the underlying inline cryptographic interface.
-
- The GetConfiguration() function allows the user to get the configuration of the inline
- cryptographic interface.
-
- Retrieves, entirely or partially, the currently configured key table. Note that the keys
- themselves are not retrieved, but rather just indices, owner GUIDs and capabilities.
-
- If fewer entries than specified by ConfigurationCount are returned, the Index field of the
- unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[in] StartIndex Configuration table index at which to start the configuration
- query.
- @param[in] ConfigurationCount Number of entries to return in the response table.
- @param[in] KeyOwnerGuid Optional parameter to filter response down to entries with a
- given owner. A pointer to the Nil value can be used to return
- available entries. Set to NULL when no owner filtering is required.
- @param[out] ConfigurationTable Table of configured configuration table entries (with no CryptoKey
- returned): configuration table index, KeyOwnerGuid, Capability.
- Should have sufficient space to store up to ConfigurationCount
- entries.
-
- @retval EFI_SUCCESS The ICI is ready for use.
- @retval EFI_NO_RESPONSE No response was received from the ICI.
- @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_INVALID_PARAMETER Configuration table is NULL.
- @retval EFI_INVALID_PARAMETER StartIndex is out of bounds.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- IN UINT64 StartIndex,
- IN UINT64 ConfigurationCount,
- IN EFI_GUID *KeyOwnerGuid OPTIONAL,
- OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable
-);
-
-/**
- Reads the requested number of blocks from the device and optionally decrypts
- them inline.
-
- TheReadExtended() function allows the caller to perform a storage device read
- operation. The function reads the requested number of blocks from the device
- and then if Index is specified decrypts them inline. All the blocks are read
- and decrypted (if decryption requested), or an error is returned.
-
- If there is no media in the device, the function returns EFI_NO_MEDIA. If the
- MediaId is not the ID for the current media in the device, the function returns
- EFI_MEDIA_CHANGED.
-
- If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking
- I/O is being used, the Event associated with this request will not be signaled.
-
- In addition to standard storage transaction parameters (LBA, IO size, and buffer),
- this command will also specify a configuration table Index and CryptoIvInput
- when data has to be decrypted inline by the controller after being read from
- the storage device. If an Index parameter is not specified, no decryption is
- performed.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[in] MediaId The media ID that the read request is for.
- @param[in] LBA The starting logical block address to read from on
- the device.
- @param[in, out] Token A pointer to the token associated with the transaction.
- @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple
- of the intrinsic block size of the device.
- @param[out] Buffer A pointer to the destination buffer for the data. The
- caller is responsible for either having implicit or
- explicit ownership of the buffer.
- @param[in] Index A pointer to the configuration table index. This is
- optional.
- @param[in] CryptoIvInput A pointer to a buffer that contains additional
- cryptographic parameters as required by the capability
- referenced by the configuration table index, such as
- cryptographic initialization vector.
-
- @retval EFI_SUCCESS The read request was queued if Token-> Event is not NULL.
- The data was read correctly from the device if the
- Token->Event is NULL.
- @retval EFI_DEVICE_ERROR The device reported an error while attempting to perform
- the read operation and/or decryption operation.
- @retval EFI_NO_MEDIA There is no media in the device.
- @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
- @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic
- block size of the device.
- @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains LBAs that are
- not valid, or the buffer is not on proper alignment.
- @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.
- @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of
- resources.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- IN UINT32 MediaId,
- IN EFI_LBA LBA,
- IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,
- IN UINT64 BufferSize,
- OUT VOID *Buffer,
- IN UINT64 *Index OPTIONAL,
- IN VOID *CryptoIvInput OPTIONAL
- );
-
-/**
- Optionally encrypts a specified number of blocks inline and then writes to the
- device.
-
- The WriteExtended() function allows the caller to perform a storage device write
- operation. The function encrypts the requested number of blocks inline if Index
- is specified and then writes them to the device. All the blocks are encrypted
- (if encryption requested) and written, or an error is returned.
-
- If there is no media in the device, the function returns EFI_NO_MEDIA. If the
- MediaId is not the ID for the current media in the device, the function returns
- EFI_MEDIA_CHANGED.
-
- If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking
- I/O is being used, the Event associated with this request will not be signaled.
-
- In addition to standard storage transaction parameters (LBA, IO size, and buffer),
- this command will also specify a configuration table Index and a CryptoIvInput
- when data has to be decrypted inline by the controller before being written to
- the storage device. If no Index parameter is specified, no encryption is performed.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[in] MediaId The media ID that the read request is for.
- @param[in] LBA The starting logical block address to read from on
- the device.
- @param[in, out] Token A pointer to the token associated with the transaction.
- @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple
- of the intrinsic block size of the device.
- @param[in] Buffer A pointer to the source buffer for the data.
- @param[in] Index A pointer to the configuration table index. This is
- optional.
- @param[in] CryptoIvInput A pointer to a buffer that contains additional
- cryptographic parameters as required by the capability
- referenced by the configuration table index, such as
- cryptographic initialization vector.
-
- @retval EFI_SUCCESS The request to encrypt (optionally) and write was queued
- if Event is not NULL. The data was encrypted (optionally)
- and written correctly to the device if the Event is NULL.
- @retval EFI_WRITE_PROTECTED The device cannot be written to.
- @retval EFI_NO_MEDIA There is no media in the device.
- @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
- @retval EFI_DEVICE_ERROR The device reported an error while attempting to encrypt
- blocks or to perform the write operation.
- @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic
- block size of the device.
- @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains LBAs that are
- not valid, or the buffer is not on proper alignment.
- @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.
- @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of
- resources.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- IN UINT32 MediaId,
- IN EFI_LBA LBA,
- IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,
- IN UINT64 BufferSize,
- IN VOID *Buffer,
- IN UINT64 *Index OPTIONAL,
- IN VOID *CryptoIvInput OPTIONAL
- );
-
-/**
- Flushes all modified data toa physical block device.
-
- The FlushBlocks() function flushes all modified data to the physical block device.
- Any modified data that has to be encrypted must have been already encrypted as a
- part of WriteExtended() operation - inline crypto operation cannot be a part of
- flush operation.
-
- All data written to the device prior to the flush must be physically written before
- returning EFI_SUCCESS from this function. This would include any cached data the
- driver may have cached, and cached data the device may have cached. A flush may
- cause a read request following the flush to force a device access.
-
- If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED is
- returned and non-blocking I/O is being used, the Event associated with this request
- will not be signaled.
-
- @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.
- @param[in, out] Token A pointer to the token associated with the transaction.
-
- @retval EFI_SUCCESS The flush request was queued if Event is not NULL. All
- outstanding data was written correctly to the device if
- the Event is NULL.
- @retval EFI_DEVICE_ERROR The device reported an error while attempting to write data.
- @retval EFI_WRITE_PROTECTED The device cannot be written to.
- @retval EFI_NO_MEDIA There is no media in the device.
- @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
- @retval EFI_INVALID_PARAMETER This is NULL.
- @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of
- resources.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) (
- IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
- IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token
- );
-
-typedef struct {
- //
- // GUID of the algorithm.
- //
- EFI_GUID Algorithm;
- //
- // Specifies KeySizein bits used with this Algorithm.
- //
- UINT64 KeySize;
- //
- // Specifies bitmask of block sizes supported by this algorithm.
- // Bit j being set means that 2^j bytes crypto block size is supported.
- //
- UINT64 CryptoBlockSizeBitMask;
-} EFI_BLOCK_IO_CRYPTO_CAPABILITY;
-
-///
-/// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in CryptoIvInput
-/// parameters passed to the ReadExtended and WriteExtended methods for Inline
-/// Cryptographic Interface.
-/// Its purpose is to pass size of the entire CryptoIvInputparameter memory buffer to
-/// the Inline Cryptographic Interface.
-///
-typedef struct {
- UINT64 InputSize;
-} EFI_BLOCK_IO_CRYPTO_IV_INPUT;
-
-#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \
- { \
- 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b, 0xec} \
- }
-
-extern EFI_GUID gEfiBlockIoCryptoAlgoAesXtsGuid;
-
-typedef struct {
- EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;
- UINT64 CryptoBlockNumber;
- UINT64 CryptoBlockByteSize;
-} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS;
-
-#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \
- { \
- 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86, 0x70} \
- }
-
-extern EFI_GUID gEfiBlockIoCryptoAlgoAesCbcMsBitlockerGuid;
-
-typedef struct {
- EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;
- UINT64 CryptoBlockByteOffset;
- UINT64 CryptoBlockByteSize;
-} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER;
-
-#define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF
-
-typedef struct {
- //
- // Is inline cryptographic capability supported on this device.
- //
- BOOLEAN Supported;
- //
- // Maximum number of keys that can be configured at the same time.
- //
- UINT64 KeyCount;
- //
- // Number of supported capabilities.
- //
- UINT64 CapabilityCount;
- //
- // Array of supported capabilities.
- //
- EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1];
-} EFI_BLOCK_IO_CRYPTO_CAPABILITIES;
-
-typedef struct {
- //
- // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be
- // used to set any available entry in the configuration table.
- //
- UINT64 Index;
- //
- // Identifies the owner of the configuration table entry. Entry can also be used
- // with the Nil value to clear key from the configuration table index.
- //
- EFI_GUID KeyOwnerGuid;
- //
- // A supported capability to be used. The CryptoBlockSizeBitMask field of the
- // structure should have only one bit set from the supported mask.
- //
- EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;
- //
- // Pointer to the key. The size of the key is defined by the KeySize field of
- // the capability specified by the Capability parameter.
- //
- VOID *CryptoKey;
-} EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY;
-
-typedef struct {
- //
- // Configuration table index.
- //
- UINT64 Index;
- //
- // Identifies the current owner of the entry.
- //
- EFI_GUID KeyOwnerGuid;
- //
- // The capability to be used. The CryptoBlockSizeBitMask field of the structure
- // has only one bit set from the supported mask.
- //
- EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;
-} EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY;
-
-
-///
-/// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI
-/// drivers and applications to perform block encryption on a storage device, such as UFS.
-///
-struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL {
- EFI_BLOCK_IO_MEDIA *Media;
- EFI_BLOCK_IO_CRYPTO_RESET Reset;
- EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities;
- EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration;
- EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration;
- EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended;
- EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended;
- EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks;
-};
-
-extern EFI_GUID gEfiBlockIoCryptoProtocolGuid;
-
-#endif
-
+/** @file\r
+ The UEFI Inline Cryptographic Interface protocol provides services to abstract\r
+ access to inline cryptographic capabilities.\r
+\r
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>\r
+ This program and the accompanying materials\r
+ are licensed and made available under the terms and conditions of the BSD License\r
+ which accompanies this distribution. The full text of the license may be found at\r
+ http://opensource.org/licenses/bsd-license.php\r
+\r
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef __BLOCK_IO_CRYPTO_H__\r
+#define __BLOCK_IO_CRYPTO_H__\r
+\r
+#include <Protocol/BlockIo.h>\r
+\r
+#define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \\r
+ { \\r
+ 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8} \\r
+ }\r
+\r
+typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL;\r
+\r
+///\r
+/// The struct of Block I/O Crypto Token.\r
+///\r
+typedef struct {\r
+ //\r
+ // If Event is NULL, then blocking I/O is performed. If Event is not NULL and\r
+ // non-blocking I/O is supported, then non-blocking I/O is performed, and\r
+ // Event will be signaled when the read request is completed and data was\r
+ // decrypted (when Index was specified).\r
+ //\r
+ EFI_EVENT Event;\r
+ //\r
+ // Defines whether or not the signaled event encountered an error.\r
+ //\r
+ EFI_STATUS TransactionStatus;\r
+} EFI_BLOCK_IO_CRYPTO_TOKEN;\r
+\r
+\r
+/**\r
+ Reset the block device hardware.\r
+\r
+ The Reset() function resets the block device hardware.\r
+\r
+ As part of the initialization process, the firmware/device will make a quick but\r
+ reasonable attempt to verify that the device is functioning.\r
+\r
+ If the ExtendedVerificationflag is TRUE the firmware may take an extended amount\r
+ of time to verify the device is operating on reset. Otherwise the reset operation\r
+ is to occur as quickly as possible.\r
+\r
+ The hardware verification process is not defined by this specification and is left\r
+ up to the platform firmware or driver to implement.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[in] ExtendedVerification Indicates that the driver may perform a more exhausive\r
+ verfication operation of the device during reset.\r
+\r
+ @retval EFI_SUCCESS The block device was reset.\r
+ @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could\r
+ not be reset.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ IN BOOLEAN ExtendedVerification\r
+ );\r
+\r
+/**\r
+ Get the capabilities of the underlying inline cryptographic interface.\r
+\r
+ The GetCapabilities() function determines whether pre-OS controllable inline crypto\r
+ is supported by the system for the current disk and, if so, returns the capabilities\r
+ of the crypto engine.\r
+\r
+ The caller is responsible for providing the Capabilities structure with a sufficient\r
+ number of entries.\r
+\r
+ If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is returned and the\r
+ CapabilityCount field contains the number of entries needed to contain the capabilities.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[out] Capabilities Pointer to the EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure.\r
+\r
+ @retval EFI_SUCCESS The ICI is ready for use.\r
+ @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The number of\r
+ entries needed is returned in the CapabilityCount field\r
+ of the structure.\r
+ @retval EFI_NO_RESPONSE No response was received from the ICI.\r
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER Capabilities is NULL.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities\r
+ );\r
+\r
+/**\r
+ Set the configuration of the underlying inline cryptographic interface.\r
+\r
+ The SetConfiguration() function allows the user to set the current configuration of the\r
+ inline cryptographic interface and should be called before attempting any crypto operations.\r
+\r
+ This configures the configuration table entries with algorithms, key sizes and keys. Each\r
+ configured entry can later be referred to by index at the time of storage transaction.\r
+\r
+ The configuration table index will refer to the combination ofKeyOwnerGuid, Algorithm, and\r
+ CryptoKey.\r
+\r
+ KeyOwnerGuid identifies the component taking ownership of the entry. It helps components to\r
+ identify their own entries, cooperate with other owner components, and avoid conflicts. This\r
+ Guid identifier is there to help coordination between cooperating components and not a security\r
+ or synchronization feature. The Nil GUID can be used by a component to release use of entry\r
+ owned. It is also used to identify potentially available entries (see GetConfiguration).\r
+\r
+ CryptoKey specifies algorithm-specific key material to use within parameters of selected crypto\r
+ capability.\r
+\r
+ This function is called infrequently typically once, on device start, before IO starts. It\r
+ can be called at later times in cases the number of keysused on the drive is higher than what\r
+ can be configured at a time or a new key has to be added.\r
+\r
+ Components setting or changing an entry or entries for a given index or indices must ensure\r
+ that IO referencing affected indices is temporarily blocked (run-down) at the time of change.\r
+\r
+ Indices parameters in each parameter table entry allow to set only a portion of the available\r
+ table entries in the crypto module anywhere from single entry to entire table supported.\r
+\r
+ If corresponding table entry or entries being set are already in use by another owner the call\r
+ should be failed and none of the entries should be modified. The interface implementation must\r
+ enforce atomicity of this operation (should either succeed fully or fail completely without\r
+ modifying state).\r
+\r
+ Note that components using GetConfiguration command to discover available entries should be\r
+ prepared that by the time of calling SetConfiguration the previously available entry may have\r
+ become occupied. Such components should be prepared to re-try the sequence of operations.\r
+\r
+ Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the implementation discover\r
+ and allocate available,if any, indices atomically.\r
+\r
+ An optional ResultingTable pointer can be provided by the caller to receive the newly configured\r
+ entries. The array provided by the caller must have at least ConfigurationCount of entries.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[in] ConfigurationCount Number of entries being configured with this call.\r
+ @param[in] ConfigurationTable Pointer to a table used to populate the configuration table.\r
+ @param[out] ResultingTable Optional pointer to a table that receives the newly configured\r
+ entries.\r
+\r
+ @retval EFI_SUCCESS The ICI is ready for use.\r
+ @retval EFI_NO_RESPONSE No response was received from the ICI.\r
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL.\r
+ @retval EFI_INVALID_PARAMETER ConfigurationCount is 0.\r
+ @retval EFI_OUT_OF_RESOURCES Could not find the requested number of available entries in the\r
+ configuration table.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ IN UINT64 ConfigurationCount,\r
+ IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable,\r
+ OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable OPTIONAL\r
+ );\r
+\r
+\r
+/**\r
+ Get the configuration of the underlying inline cryptographic interface.\r
+\r
+ The GetConfiguration() function allows the user to get the configuration of the inline\r
+ cryptographic interface.\r
+\r
+ Retrieves, entirely or partially, the currently configured key table. Note that the keys\r
+ themselves are not retrieved, but rather just indices, owner GUIDs and capabilities.\r
+\r
+ If fewer entries than specified by ConfigurationCount are returned, the Index field of the\r
+ unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[in] StartIndex Configuration table index at which to start the configuration\r
+ query.\r
+ @param[in] ConfigurationCount Number of entries to return in the response table.\r
+ @param[in] KeyOwnerGuid Optional parameter to filter response down to entries with a\r
+ given owner. A pointer to the Nil value can be used to return\r
+ available entries. Set to NULL when no owner filtering is required.\r
+ @param[out] ConfigurationTable Table of configured configuration table entries (with no CryptoKey\r
+ returned): configuration table index, KeyOwnerGuid, Capability.\r
+ Should have sufficient space to store up to ConfigurationCount\r
+ entries.\r
+\r
+ @retval EFI_SUCCESS The ICI is ready for use.\r
+ @retval EFI_NO_RESPONSE No response was received from the ICI.\r
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_INVALID_PARAMETER Configuration table is NULL.\r
+ @retval EFI_INVALID_PARAMETER StartIndex is out of bounds.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ IN UINT64 StartIndex,\r
+ IN UINT64 ConfigurationCount,\r
+ IN EFI_GUID *KeyOwnerGuid OPTIONAL,\r
+ OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable\r
+);\r
+\r
+/**\r
+ Reads the requested number of blocks from the device and optionally decrypts\r
+ them inline.\r
+\r
+ TheReadExtended() function allows the caller to perform a storage device read\r
+ operation. The function reads the requested number of blocks from the device\r
+ and then if Index is specified decrypts them inline. All the blocks are read\r
+ and decrypted (if decryption requested), or an error is returned.\r
+\r
+ If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r
+ MediaId is not the ID for the current media in the device, the function returns\r
+ EFI_MEDIA_CHANGED.\r
+\r
+ If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r
+ I/O is being used, the Event associated with this request will not be signaled.\r
+\r
+ In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r
+ this command will also specify a configuration table Index and CryptoIvInput\r
+ when data has to be decrypted inline by the controller after being read from\r
+ the storage device. If an Index parameter is not specified, no decryption is\r
+ performed.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[in] MediaId The media ID that the read request is for.\r
+ @param[in] LBA The starting logical block address to read from on\r
+ the device.\r
+ @param[in, out] Token A pointer to the token associated with the transaction.\r
+ @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r
+ of the intrinsic block size of the device.\r
+ @param[out] Buffer A pointer to the destination buffer for the data. The\r
+ caller is responsible for either having implicit or\r
+ explicit ownership of the buffer.\r
+ @param[in] Index A pointer to the configuration table index. This is\r
+ optional.\r
+ @param[in] CryptoIvInput A pointer to a buffer that contains additional\r
+ cryptographic parameters as required by the capability\r
+ referenced by the configuration table index, such as\r
+ cryptographic initialization vector.\r
+\r
+ @retval EFI_SUCCESS The read request was queued if Token-> Event is not NULL.\r
+ The data was read correctly from the device if the\r
+ Token->Event is NULL.\r
+ @retval EFI_DEVICE_ERROR The device reported an error while attempting to perform\r
+ the read operation and/or decryption operation.\r
+ @retval EFI_NO_MEDIA There is no media in the device.\r
+ @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
+ @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r
+ block size of the device.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains LBAs that are\r
+ not valid, or the buffer is not on proper alignment.\r
+ @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r
+ @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r
+ resources.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ IN UINT32 MediaId,\r
+ IN EFI_LBA LBA,\r
+ IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r
+ IN UINT64 BufferSize,\r
+ OUT VOID *Buffer,\r
+ IN UINT64 *Index OPTIONAL,\r
+ IN VOID *CryptoIvInput OPTIONAL\r
+ );\r
+\r
+/**\r
+ Optionally encrypts a specified number of blocks inline and then writes to the\r
+ device.\r
+\r
+ The WriteExtended() function allows the caller to perform a storage device write\r
+ operation. The function encrypts the requested number of blocks inline if Index\r
+ is specified and then writes them to the device. All the blocks are encrypted\r
+ (if encryption requested) and written, or an error is returned.\r
+\r
+ If there is no media in the device, the function returns EFI_NO_MEDIA. If the\r
+ MediaId is not the ID for the current media in the device, the function returns\r
+ EFI_MEDIA_CHANGED.\r
+\r
+ If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking\r
+ I/O is being used, the Event associated with this request will not be signaled.\r
+\r
+ In addition to standard storage transaction parameters (LBA, IO size, and buffer),\r
+ this command will also specify a configuration table Index and a CryptoIvInput\r
+ when data has to be decrypted inline by the controller before being written to\r
+ the storage device. If no Index parameter is specified, no encryption is performed.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[in] MediaId The media ID that the read request is for.\r
+ @param[in] LBA The starting logical block address to read from on\r
+ the device.\r
+ @param[in, out] Token A pointer to the token associated with the transaction.\r
+ @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple\r
+ of the intrinsic block size of the device.\r
+ @param[in] Buffer A pointer to the source buffer for the data.\r
+ @param[in] Index A pointer to the configuration table index. This is\r
+ optional.\r
+ @param[in] CryptoIvInput A pointer to a buffer that contains additional\r
+ cryptographic parameters as required by the capability\r
+ referenced by the configuration table index, such as\r
+ cryptographic initialization vector.\r
+\r
+ @retval EFI_SUCCESS The request to encrypt (optionally) and write was queued\r
+ if Event is not NULL. The data was encrypted (optionally)\r
+ and written correctly to the device if the Event is NULL.\r
+ @retval EFI_WRITE_PROTECTED The device cannot be written to.\r
+ @retval EFI_NO_MEDIA There is no media in the device.\r
+ @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
+ @retval EFI_DEVICE_ERROR The device reported an error while attempting to encrypt\r
+ blocks or to perform the write operation.\r
+ @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic\r
+ block size of the device.\r
+ @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains LBAs that are\r
+ not valid, or the buffer is not on proper alignment.\r
+ @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.\r
+ @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r
+ resources.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ IN UINT32 MediaId,\r
+ IN EFI_LBA LBA,\r
+ IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,\r
+ IN UINT64 BufferSize,\r
+ IN VOID *Buffer,\r
+ IN UINT64 *Index OPTIONAL,\r
+ IN VOID *CryptoIvInput OPTIONAL\r
+ );\r
+\r
+/**\r
+ Flushes all modified data toa physical block device.\r
+\r
+ The FlushBlocks() function flushes all modified data to the physical block device.\r
+ Any modified data that has to be encrypted must have been already encrypted as a\r
+ part of WriteExtended() operation - inline crypto operation cannot be a part of\r
+ flush operation.\r
+\r
+ All data written to the device prior to the flush must be physically written before\r
+ returning EFI_SUCCESS from this function. This would include any cached data the\r
+ driver may have cached, and cached data the device may have cached. A flush may\r
+ cause a read request following the flush to force a device access.\r
+\r
+ If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED is\r
+ returned and non-blocking I/O is being used, the Event associated with this request\r
+ will not be signaled.\r
+\r
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance.\r
+ @param[in, out] Token A pointer to the token associated with the transaction.\r
+\r
+ @retval EFI_SUCCESS The flush request was queued if Event is not NULL. All\r
+ outstanding data was written correctly to the device if\r
+ the Event is NULL.\r
+ @retval EFI_DEVICE_ERROR The device reported an error while attempting to write data.\r
+ @retval EFI_WRITE_PROTECTED The device cannot be written to.\r
+ @retval EFI_NO_MEDIA There is no media in the device.\r
+ @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.\r
+ @retval EFI_INVALID_PARAMETER This is NULL.\r
+ @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of\r
+ resources.\r
+\r
+**/\r
+typedef\r
+EFI_STATUS\r
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) (\r
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,\r
+ IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token\r
+ );\r
+\r
+typedef struct {\r
+ //\r
+ // GUID of the algorithm.\r
+ //\r
+ EFI_GUID Algorithm;\r
+ //\r
+ // Specifies KeySizein bits used with this Algorithm.\r
+ //\r
+ UINT64 KeySize;\r
+ //\r
+ // Specifies bitmask of block sizes supported by this algorithm.\r
+ // Bit j being set means that 2^j bytes crypto block size is supported.\r
+ //\r
+ UINT64 CryptoBlockSizeBitMask;\r
+} EFI_BLOCK_IO_CRYPTO_CAPABILITY;\r
+\r
+///\r
+/// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in CryptoIvInput\r
+/// parameters passed to the ReadExtended and WriteExtended methods for Inline\r
+/// Cryptographic Interface.\r
+/// Its purpose is to pass size of the entire CryptoIvInputparameter memory buffer to\r
+/// the Inline Cryptographic Interface.\r
+///\r
+typedef struct {\r
+ UINT64 InputSize;\r
+} EFI_BLOCK_IO_CRYPTO_IV_INPUT;\r
+\r
+#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \\r
+ { \\r
+ 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b, 0xec} \\r
+ }\r
+\r
+extern EFI_GUID gEfiBlockIoCryptoAlgoAesXtsGuid;\r
+\r
+typedef struct {\r
+ EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r
+ UINT64 CryptoBlockNumber;\r
+ UINT64 CryptoBlockByteSize;\r
+} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS;\r
+\r
+#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \\r
+ { \\r
+ 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86, 0x70} \\r
+ }\r
+\r
+extern EFI_GUID gEfiBlockIoCryptoAlgoAesCbcMsBitlockerGuid;\r
+\r
+typedef struct {\r
+ EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;\r
+ UINT64 CryptoBlockByteOffset;\r
+ UINT64 CryptoBlockByteSize;\r
+} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER;\r
+\r
+#define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF\r
+\r
+typedef struct {\r
+ //\r
+ // Is inline cryptographic capability supported on this device.\r
+ //\r
+ BOOLEAN Supported;\r
+ //\r
+ // Maximum number of keys that can be configured at the same time.\r
+ //\r
+ UINT64 KeyCount;\r
+ //\r
+ // Number of supported capabilities.\r
+ //\r
+ UINT64 CapabilityCount;\r
+ //\r
+ // Array of supported capabilities.\r
+ //\r
+ EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1];\r
+} EFI_BLOCK_IO_CRYPTO_CAPABILITIES;\r
+\r
+typedef struct {\r
+ //\r
+ // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be\r
+ // used to set any available entry in the configuration table.\r
+ //\r
+ UINT64 Index;\r
+ //\r
+ // Identifies the owner of the configuration table entry. Entry can also be used\r
+ // with the Nil value to clear key from the configuration table index.\r
+ //\r
+ EFI_GUID KeyOwnerGuid;\r
+ //\r
+ // A supported capability to be used. The CryptoBlockSizeBitMask field of the\r
+ // structure should have only one bit set from the supported mask.\r
+ //\r
+ EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r
+ //\r
+ // Pointer to the key. The size of the key is defined by the KeySize field of\r
+ // the capability specified by the Capability parameter.\r
+ //\r
+ VOID *CryptoKey;\r
+} EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY;\r
+\r
+typedef struct {\r
+ //\r
+ // Configuration table index.\r
+ //\r
+ UINT64 Index;\r
+ //\r
+ // Identifies the current owner of the entry.\r
+ //\r
+ EFI_GUID KeyOwnerGuid;\r
+ //\r
+ // The capability to be used. The CryptoBlockSizeBitMask field of the structure\r
+ // has only one bit set from the supported mask.\r
+ //\r
+ EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;\r
+} EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY;\r
+\r
+\r
+///\r
+/// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI\r
+/// drivers and applications to perform block encryption on a storage device, such as UFS.\r
+///\r
+struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL {\r
+ EFI_BLOCK_IO_MEDIA *Media;\r
+ EFI_BLOCK_IO_CRYPTO_RESET Reset;\r
+ EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities;\r
+ EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration;\r
+ EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration;\r
+ EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended;\r
+ EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended;\r
+ EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks;\r
+};\r
+\r
+extern EFI_GUID gEfiBlockIoCryptoProtocolGuid;\r
+\r
+#endif\r
+\r
projects / mirror_edk2.git / blobdiff