X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FTcg%2FOpal%2FOpalPassword%2FOpalDriver.c;h=e3f5056953bb21809354364bb14ac11a37116cbb;hp=1b55bbe4ecb840f12c32cd2002cfe42b753e087b;hb=e4e314b1b6b74c46da3c0493e7a807df28cb9aed;hpb=fbe1328a51136538ec985ce7b9ef7cf97ba999e9 diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index 1b55bbe4ec..e3f5056953 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -27,7 +27,7 @@ EFI_GUID mOpalDeviceNvmeGuid = OPAL_DEVICE_NVME_GUID; BOOLEAN mOpalEndOfDxe = FALSE; OPAL_REQUEST_VARIABLE *mOpalRequestVariable = NULL; UINTN mOpalRequestVariableSize = 0; -CHAR16 mPopUpString[256]; +CHAR16 mPopUpString[100]; typedef struct { UINT32 Address; @@ -105,13 +105,12 @@ OpalSupportGetAvailableActions( } // - // Psid revert is available for any device with media encryption support - // Revert is allowed for any device with media encryption support, however it requires + // Psid revert is available for any device with media encryption support or pyrite 2.0 type support. // - if (SupportedAttributes->MediaEncryption) { + if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) { // - // Only allow psid revert if media encryption is enabled. + // Only allow psid revert if media encryption is enabled or pyrite 2.0 type support.. // Otherwise, someone who steals a disk can psid revert the disk and the user Data is still // intact and accessible // @@ -657,15 +656,18 @@ OpalEndOfDxeEventNotify ( @param[in] Dev The device which need Psid to process Psid Revert OPAL request. @param[in] PopUpString Pop up string. + @param[in] PopUpString2 Pop up string in line 2. + @param[out] PressEsc Whether user escape function through Press ESC. - @retval Password string if success. NULL if failed. + @retval Psid string if success. NULL if failed. **/ CHAR8 * OpalDriverPopUpPsidInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString, + IN CHAR16 *PopUpString2, OUT BOOLEAN *PressEsc ) { @@ -685,14 +687,26 @@ OpalDriverPopUpPsidInput ( InputLength = 0; while (TRUE) { Mask[InputLength] = L'_'; - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &InputKey, - PopUpString, - L"---------------------", - Mask, - NULL - ); + if (PopUpString2 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + L"---------------------", + Mask, + NULL + ); + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + L"---------------------", + Mask, + NULL + ); + } // // Check key. @@ -908,11 +922,13 @@ OpalDriverPopUpPasswordInput ( } /** - Check if disk is locked, show popup window and ask for password if it is. + Get pop up string. - @param[in] Dev The device which need to be unlocked. + @param[in] Dev The OPAL device. @param[in] RequestString Request string. + @return Pop up string. + **/ CHAR16 * OpalGetPopUpString ( @@ -920,15 +936,10 @@ OpalGetPopUpString ( IN CHAR16 *RequestString ) { - UINTN StrLength; - - StrLength = StrLen (RequestString) + 1 + MAX (StrLen (Dev->Name16), StrLen (L"Disk")); - ASSERT (StrLength < sizeof (mPopUpString) / sizeof (CHAR16)); - if (Dev->Name16 == NULL) { - UnicodeSPrint (mPopUpString, StrLength + 1, L"%s Disk", RequestString); + UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s Disk", RequestString); } else { - UnicodeSPrint (mPopUpString, StrLength + 1, L"%s %s", RequestString, Dev->Name16); + UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s %s", RequestString, Dev->Name16); } return mPopUpString; @@ -1065,6 +1076,15 @@ OpalDriverRequestPassword ( break; } + // + // Check whether opal device's Tries value has reach the TryLimit value, if yes, force a shutdown + // before accept new password. + // + if (Ret == TcgResultFailureInvalidType) { + Count = MAX_PASSWORD_TRY_COUNT; + break; + } + Count++; do { @@ -1372,6 +1392,8 @@ ProcessOpalRequestPsidRevert ( EFI_INPUT_KEY Key; TCG_RESULT Ret; CHAR16 *PopUpString; + CHAR16 *PopUpString2; + UINTN BufferSize; if (Dev == NULL) { return; @@ -1381,6 +1403,20 @@ ProcessOpalRequestPsidRevert ( PopUpString = OpalGetPopUpString (Dev, RequestString); + if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds, DO NOT power off system during the revert action!"); + PopUpString2 = AllocateZeroPool (BufferSize); + ASSERT (PopUpString2 != NULL); + UnicodeSPrint ( + PopUpString2, + BufferSize, + L"WARNING: Revert action will take about %d seconds, DO NOT power off system during the revert action!", + Dev->OpalDisk.EstimateTimeCost + ); + } else { + PopUpString2 = NULL; + } + Count = 0; ZeroMem(&Session, sizeof(Session)); @@ -1389,7 +1425,7 @@ ProcessOpalRequestPsidRevert ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PSID_TRY_COUNT) { - Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, &PressEsc); + Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, PopUpString2, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1403,7 +1439,7 @@ ProcessOpalRequestPsidRevert ( if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { gST->ConOut->ClearScreen(gST->ConOut); - return; + goto Done; } else { // // Let user input Psid again. @@ -1459,6 +1495,11 @@ ProcessOpalRequestPsidRevert ( } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); gST->ConOut->ClearScreen(gST->ConOut); } + +Done: + if (PopUpString2 != NULL) { + FreePool (PopUpString2); + } } /** @@ -1485,6 +1526,8 @@ ProcessOpalRequestRevert ( TCG_RESULT Ret; BOOLEAN PasswordFailed; CHAR16 *PopUpString; + CHAR16 *PopUpString2; + UINTN BufferSize; if (Dev == NULL) { return; @@ -1494,6 +1537,20 @@ ProcessOpalRequestRevert ( PopUpString = OpalGetPopUpString (Dev, RequestString); + if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds, DO NOT power off system during the revert action!"); + PopUpString2 = AllocateZeroPool (BufferSize); + ASSERT (PopUpString2 != NULL); + UnicodeSPrint ( + PopUpString2, + BufferSize, + L"WARNING: Revert action will take about %d seconds, DO NOT power off system during the revert action!", + Dev->OpalDisk.EstimateTimeCost + ); + } else { + PopUpString2 = NULL; + } + Count = 0; ZeroMem(&Session, sizeof(Session)); @@ -1502,7 +1559,7 @@ ProcessOpalRequestRevert ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1516,7 +1573,7 @@ ProcessOpalRequestRevert ( if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { gST->ConOut->ClearScreen(gST->ConOut); - return; + goto Done; } else { // // Let user input password again. @@ -1599,6 +1656,11 @@ ProcessOpalRequestRevert ( } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); gST->ConOut->ClearScreen(gST->ConOut); } + +Done: + if (PopUpString2 != NULL) { + FreePool (PopUpString2); + } } /** @@ -2340,6 +2402,7 @@ ReadyToBootCallback ( Session.MediaId = Itr->OpalDisk.MediaId; Session.OpalBaseComId = Itr->OpalDisk.OpalBaseComId; + DEBUG ((DEBUG_INFO, "OpalPassword: ReadyToBoot point, send BlockSid command to device!\n")); Result = OpalBlockSid (&Session, TRUE); // HardwareReset must always be TRUE if (Result != TcgResultSuccess) { DEBUG ((DEBUG_ERROR, "OpalBlockSid fail\n"));