TianoCore EDK2 master
Loading...
Searching...
No Matches
OpalPasswordPei.c
Go to the documentation of this file.
1
9#include "OpalPasswordPei.h"
10
11EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID;
12
87EFI_STATUS
88EFIAPI
89SecurityReceiveData (
90 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
91 IN UINT32 MediaId,
92 IN UINT64 Timeout,
93 IN UINT8 SecurityProtocolId,
94 IN UINT16 SecurityProtocolSpecificData,
95 IN UINTN PayloadBufferSize,
96 OUT VOID *PayloadBuffer,
97 OUT UINTN *PayloadTransferSize
98 )
99{
100 OPAL_PEI_DEVICE *PeiDev;
101
102 PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This);
103 if (PeiDev == NULL) {
104 return EFI_DEVICE_ERROR;
105 }
106
107 return PeiDev->SscPpi->ReceiveData (
108 PeiDev->SscPpi,
109 PeiDev->DeviceIndex,
110 SSC_PPI_GENERIC_TIMEOUT,
111 SecurityProtocolId,
112 SecurityProtocolSpecificData,
113 PayloadBufferSize,
114 PayloadBuffer,
115 PayloadTransferSize
116 );
117}
118
182EFI_STATUS
183EFIAPI
184SecuritySendData (
185 IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
186 IN UINT32 MediaId,
187 IN UINT64 Timeout,
188 IN UINT8 SecurityProtocolId,
189 IN UINT16 SecurityProtocolSpecificData,
190 IN UINTN PayloadBufferSize,
191 IN VOID *PayloadBuffer
192 )
193{
194 OPAL_PEI_DEVICE *PeiDev;
195
196 PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This);
197 if (PeiDev == NULL) {
198 return EFI_DEVICE_ERROR;
199 }
200
201 return PeiDev->SscPpi->SendData (
202 PeiDev->SscPpi,
203 PeiDev->DeviceIndex,
204 SSC_PPI_GENERIC_TIMEOUT,
205 SecurityProtocolId,
206 SecurityProtocolSpecificData,
207 PayloadBufferSize,
208 PayloadBuffer
209 );
210}
211
222BOOLEAN
223IsOpalDeviceLocked (
224 OPAL_PEI_DEVICE *OpalDev,
225 BOOLEAN *BlockSidSupported
226 )
227{
228 OPAL_SESSION Session;
229 OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;
230 TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature;
231 UINT16 OpalBaseComId;
232 TCG_RESULT Ret;
233
234 Session.Sscp = &OpalDev->Sscp;
235 Session.MediaId = 0;
236
237 Ret = OpalGetSupportedAttributesInfo (&Session, &SupportedAttributes, &OpalBaseComId);
238 if (Ret != TcgResultSuccess) {
239 return FALSE;
240 }
241
242 Session.OpalBaseComId = OpalBaseComId;
243 *BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE;
244
245 Ret = OpalGetLockingInfo (&Session, &LockingFeature);
246 if (Ret != TcgResultSuccess) {
247 return FALSE;
248 }
249
250 return OpalDeviceLocked (&SupportedAttributes, &LockingFeature);
251}
252
259VOID
260UnlockOpalPassword (
261 IN OPAL_PEI_DEVICE *OpalDev
262 )
263{
264 TCG_RESULT Result;
265 OPAL_SESSION Session;
266 BOOLEAN BlockSidSupport;
267 UINT32 PpStorageFlags;
268 BOOLEAN BlockSIDEnabled;
269
270 BlockSidSupport = FALSE;
271 if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) {
272 ZeroMem (&Session, sizeof (Session));
273 Session.Sscp = &OpalDev->Sscp;
274 Session.MediaId = 0;
275 Session.OpalBaseComId = OpalDev->Device->OpalBaseComId;
276
277 Result = OpalUtilUpdateGlobalLockingRange (
278 &Session,
279 OpalDev->Device->Password,
280 OpalDev->Device->PasswordLength,
281 FALSE,
282 FALSE
283 );
284 DEBUG ((
285 DEBUG_INFO,
286 "%a() OpalUtilUpdateGlobalLockingRange() Result = 0x%x\n",
287 __func__,
288 Result
289 ));
290 }
291
292 PpStorageFlags = Tcg2PhysicalPresenceLibGetManagementFlags ();
293 if ((PpStorageFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
294 BlockSIDEnabled = TRUE;
295 } else {
296 BlockSIDEnabled = FALSE;
297 }
298
299 if (BlockSIDEnabled && BlockSidSupport) {
300 DEBUG ((DEBUG_INFO, "OpalPassword: S3 phase send BlockSid command to device!\n"));
301 ZeroMem (&Session, sizeof (Session));
302 Session.Sscp = &OpalDev->Sscp;
303 Session.MediaId = 0;
304 Session.OpalBaseComId = OpalDev->Device->OpalBaseComId;
305 Result = OpalBlockSid (&Session, TRUE);
306 DEBUG ((
307 DEBUG_INFO,
308 "%a() OpalBlockSid() Result = 0x%x\n",
309 __func__,
310 Result
311 ));
312 }
313}
314
321VOID
322UnlockOpalPasswordDevices (
323 IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi
324 )
325{
326 EFI_STATUS Status;
327 UINT8 *DevInfoBuffer;
328 UINT8 DummyData;
329 OPAL_DEVICE_LOCKBOX_DATA *DevInfo;
330 UINTN DevInfoLength;
331 EFI_DEVICE_PATH_PROTOCOL *SscDevicePath;
332 UINTN SscDevicePathLength;
333 UINTN SscDeviceNum;
334 UINTN SscDeviceIndex;
335 OPAL_PEI_DEVICE OpalDev;
336
337 //
338 // Get OPAL devices info from LockBox.
339 //
340 DevInfoBuffer = &DummyData;
341 DevInfoLength = sizeof (DummyData);
342 Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
343 if (Status == EFI_BUFFER_TOO_SMALL) {
344 DevInfoBuffer = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLength));
345 if (DevInfoBuffer != NULL) {
346 Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
347 }
348 }
349
350 if ((DevInfoBuffer == NULL) || (DevInfoBuffer == &DummyData)) {
351 return;
352 } else if (EFI_ERROR (Status)) {
353 FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength));
354 return;
355 }
356
357 //
358 // Go through all the devices managed by the SSC PPI instance.
359 //
360 Status = SscPpi->GetNumberofDevices (SscPpi, &SscDeviceNum);
361 if (EFI_ERROR (Status)) {
362 goto Exit;
363 }
364
365 for (SscDeviceIndex = 1; SscDeviceIndex <= SscDeviceNum; SscDeviceIndex++) {
366 Status = SscPpi->GetDevicePath (
367 SscPpi,
368 SscDeviceIndex,
369 &SscDevicePathLength,
370 &SscDevicePath
371 );
372 if (SscDevicePathLength <= sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
373 //
374 // Device path validity check.
375 //
376 continue;
377 }
378
379 //
380 // Search the device in the restored LockBox.
381 //
382 for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)DevInfoBuffer;
383 (UINTN)DevInfo < ((UINTN)DevInfoBuffer + DevInfoLength);
384 DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)((UINTN)DevInfo + DevInfo->Length))
385 {
386 //
387 // Find the matching device.
388 //
389 if ((DevInfo->DevicePathLength >= SscDevicePathLength) &&
390 (CompareMem (
391 DevInfo->DevicePath,
392 SscDevicePath,
393 SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)
394 ) == 0))
395 {
396 OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE;
397 OpalDev.Sscp.ReceiveData = SecurityReceiveData;
398 OpalDev.Sscp.SendData = SecuritySendData;
399 OpalDev.Device = DevInfo;
400 OpalDev.Context = NULL;
401 OpalDev.SscPpi = SscPpi;
402 OpalDev.DeviceIndex = SscDeviceIndex;
403 UnlockOpalPassword (&OpalDev);
404 break;
405 }
406 }
407 }
408
409Exit:
410 ZeroMem (DevInfoBuffer, DevInfoLength);
411 FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength));
412}
413
426EFI_STATUS
427EFIAPI
428OpalPasswordStorageSecurityPpiNotify (
429 IN EFI_PEI_SERVICES **PeiServices,
430 IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
431 IN VOID *Ppi
432 )
433{
434 DEBUG ((DEBUG_INFO, "%a entered at S3 resume!\n", __func__));
435
436 UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *)Ppi);
437
438 DEBUG ((DEBUG_INFO, "%a exit at S3 resume!\n", __func__));
439
440 return EFI_SUCCESS;
441}
442
443EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = {
444 (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
445 &gEdkiiPeiStorageSecurityCommandPpiGuid,
446 OpalPasswordStorageSecurityPpiNotify
447};
448
458EFI_STATUS
459EFIAPI
460OpalPasswordPeiInit (
461 IN EFI_PEI_FILE_HANDLE FileHandle,
462 IN CONST EFI_PEI_SERVICES **PeiServices
463 )
464{
465 EFI_STATUS Status;
466 EFI_BOOT_MODE BootMode;
467
468 Status = PeiServicesGetBootMode (&BootMode);
469 if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) {
470 return EFI_UNSUPPORTED;
471 }
472
473 DEBUG ((DEBUG_INFO, "%a: Enters in S3 path.\n", __func__));
474
475 Status = PeiServicesNotifyPpi (&mOpalPasswordStorageSecurityPpiNotifyDesc);
476 ASSERT_EFI_ERROR (Status);
477 return Status;
478}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
CompareMem
INTN EFIAPI CompareMem(IN CONST VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CompareMemWrapper.c:45
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38
FreePages
VOID EFIAPI FreePages(IN VOID *Buffer, IN UINTN Pages)
Definition: MemoryAllocationLib.c:172
PeiServicesGetBootMode
EFI_STATUS EFIAPI PeiServicesGetBootMode(OUT EFI_BOOT_MODE *BootMode)
Definition: PeiServicesLib.c:165
PeiServicesNotifyPpi
EFI_STATUS EFIAPI PeiServicesNotifyPpi(IN CONST EFI_PEI_NOTIFY_DESCRIPTOR *NotifyList)
Definition: PeiServicesLib.c:146
RestoreLockBox
RETURN_STATUS EFIAPI RestoreLockBox(IN GUID *Guid, IN VOID *Buffer OPTIONAL, IN OUT UINTN *Length OPTIONAL)
Definition: LockBoxNullLib.c:112
NULL
#define NULL
Definition: Base.h:319
CONST
#define CONST
Definition: Base.h:259
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
ASSERT_EFI_ERROR
#define ASSERT_EFI_ERROR(StatusParameter)
Definition: DebugLib.h:462
DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434
IsOpalDeviceLocked
BOOLEAN IsOpalDeviceLocked(OPAL_PEI_DEVICE *OpalDev, BOOLEAN *BlockSidSupported)
Definition: OpalPasswordPei.c:223
OpalPasswordStorageSecurityPpiNotify
EFI_STATUS EFIAPI OpalPasswordStorageSecurityPpiNotify(IN EFI_PEI_SERVICES **PeiServices, IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, IN VOID *Ppi)
Definition: OpalPasswordPei.c:428
OpalPasswordPeiInit
EFI_STATUS EFIAPI OpalPasswordPeiInit(IN EFI_PEI_FILE_HANDLE FileHandle, IN CONST EFI_PEI_SERVICES **PeiServices)
Definition: OpalPasswordPei.c:460
UnlockOpalPassword
VOID UnlockOpalPassword(IN OPAL_PEI_DEVICE *OpalDev)
Definition: OpalPasswordPei.c:260
SecuritySendData
EFI_STATUS EFIAPI SecuritySendData(IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, IN UINT32 MediaId, IN UINT64 Timeout, IN UINT8 SecurityProtocolId, IN UINT16 SecurityProtocolSpecificData, IN UINTN PayloadBufferSize, IN VOID *PayloadBuffer)
Definition: OpalPasswordPei.c:184
UnlockOpalPasswordDevices
VOID UnlockOpalPasswordDevices(IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi)
Definition: OpalPasswordPei.c:322
SecurityReceiveData
EFI_STATUS EFIAPI SecurityReceiveData(IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, IN UINT32 MediaId, IN UINT64 Timeout, IN UINT8 SecurityProtocolId, IN UINT16 SecurityProtocolSpecificData, IN UINTN PayloadBufferSize, OUT VOID *PayloadBuffer, OUT UINTN *PayloadTransferSize)
Definition: OpalPasswordPei.c:89
EFI_BOOT_MODE
UINT32 EFI_BOOT_MODE
Definition: PiBootMode.h:18
EFI_PEI_FILE_HANDLE
VOID * EFI_PEI_FILE_HANDLE
Definition: PiPeiCis.h:26
AllocatePages
VOID *EFIAPI AllocatePages(IN UINTN Pages)
Definition: MemoryAllocationLib.c:72
Tcg2PhysicalPresenceLibGetManagementFlags
UINT32 EFIAPI Tcg2PhysicalPresenceLibGetManagementFlags(VOID)
Definition: DxeTcg2PhysicalPresenceLib.c:1234
TCG_RESULT
TCG_RESULT
Definition: TcgStorageCoreLib.h:49
OpalGetSupportedAttributesInfo
TCG_RESULT EFIAPI OpalGetSupportedAttributesInfo(OPAL_SESSION *Session, OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, UINT16 *OpalBaseComId)
OpalBlockSid
TCG_RESULT EFIAPI OpalBlockSid(OPAL_SESSION *Session, BOOLEAN HardwareReset)
Definition: TcgStorageOpalCore.c:248
OpalUtilUpdateGlobalLockingRange
TCG_RESULT EFIAPI OpalUtilUpdateGlobalLockingRange(OPAL_SESSION *LockingSpSession, const VOID *Password, UINT32 PasswordLength, BOOLEAN ReadLocked, BOOLEAN WriteLocked)
Definition: TcgStorageOpalUtil.c:730
OpalGetLockingInfo
TCG_RESULT EFIAPI OpalGetLockingInfo(OPAL_SESSION *Session, TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature)
Definition: TcgStorageOpalCore.c:1861
OpalDeviceLocked
BOOLEAN OpalDeviceLocked(OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature)
Definition: TcgStorageOpalCore.c:2021
Exit
VOID EFIAPI Exit(IN EFI_STATUS Status)
Definition: ApplicationEntryPoint.c:83
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_SIZE_TO_PAGES
#define EFI_SIZE_TO_PAGES(Size)
Definition: UefiBaseType.h:200
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
_EDKII_PEI_STORAGE_SECURITY_CMD_PPI
Definition: StorageSecurityCommand.h:266
_EFI_PEI_NOTIFY_DESCRIPTOR
Definition: PiPeiCis.h:110
_EFI_PEI_SERVICES
Definition: PiPeiCis.h:877
_EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
Definition: StorageSecurityCommand.h:203
EFI_DEVICE_PATH_PROTOCOL
Definition: DevicePath.h:43
GUID
Definition: Base.h:213
OPAL_DEVICE_LOCKBOX_DATA
Definition: OpalPasswordCommon.h:26
OPAL_DISK_SUPPORT_ATTRIBUTE
Definition: TcgStorageOpalLib.h:39
OPAL_PEI_DEVICE
Definition: OpalPasswordPei.h:44
OPAL_SESSION
Definition: TcgStorageOpalLib.h:134
TCG_LOCKING_FEATURE_DESCRIPTOR
Definition: TcgStorageCore.h:288