TianoCore EDK2 master
Loading...
Searching...
No Matches
TcgStorageOpalUtil.c
Go to the documentation of this file.
1
8#include <Uefi.h>
9#include <Library/BaseLib.h>
10#include <Library/DebugLib.h>
11#include <Library/TcgStorageOpalLib.h>
12#include "TcgStorageOpalLibInternal.h"
13
14#define OPAL_MSID_LENGTH 128
15
24TCG_RESULT
25EFIAPI
26OpalUtilPsidRevert (
27 OPAL_SESSION *Session,
28 const VOID *Psid,
29 UINT32 PsidLength
30 )
31{
32 UINT8 MethodStatus;
33 TCG_RESULT Ret;
34 UINT32 RemovalTimeOut;
35
36 NULL_CHECK (Session);
37 NULL_CHECK (Psid);
38
39 RemovalTimeOut = GetRevertTimeOut (Session);
40 DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut));
41
42 Ret = OpalStartSession (
43 Session,
44 OPAL_UID_ADMIN_SP,
45 TRUE,
46 PsidLength,
47 Psid,
48 OPAL_ADMIN_SP_PSID_AUTHORITY,
49 &MethodStatus
50 );
51 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
52 Ret = OpalPyrite2PsidRevert (Session, RemovalTimeOut);
53 if (Ret != TcgResultSuccess) {
54 //
55 // If revert was successful, session was already ended by TPer, so only end session on failure
56 //
57 OpalEndSession (Session);
58 }
59 }
60
61 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
62 Ret = TcgResultFailure;
63 }
64
65 return Ret;
66}
67
80TCG_RESULT
81EFIAPI
82OpalUtilSetAdminPasswordAsSid (
83 OPAL_SESSION *Session,
84 const VOID *GeneratedSid,
85 UINT32 SidLength,
86 const VOID *Password,
87 UINT32 PassLength
88 )
89{
90 UINT8 MethodStatus;
91 TCG_RESULT Ret;
92
93 NULL_CHECK (Session);
94 NULL_CHECK (GeneratedSid);
95 NULL_CHECK (Password);
96
97 Ret = OpalStartSession (
98 Session,
99 OPAL_UID_ADMIN_SP,
100 TRUE,
101 SidLength,
102 GeneratedSid,
103 OPAL_ADMIN_SP_SID_AUTHORITY,
104 &MethodStatus
105 );
106 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
107 DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
108 goto done;
109 }
110
111 //
112 // 1. Update SID = new Password
113 //
114 Ret = OpalSetPassword (
115 Session,
116 OPAL_UID_ADMIN_SP_C_PIN_SID,
117 Password,
118 PassLength,
119 &MethodStatus
120 );
121
122 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
123 OpalEndSession (Session);
124 DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
125 goto done;
126 }
127
128 //
129 // 2. Activate locking SP
130 //
131 Ret = OpalActivateLockingSp (Session, &MethodStatus);
132 OpalEndSession (Session);
133 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
134 DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
135 goto done;
136 }
137
138done:
139 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
140 Ret = TcgResultFailure;
141 }
142
143 return Ret;
144}
145
163TCG_RESULT
164EFIAPI
165OpalUtilSetOpalLockingRange (
166 OPAL_SESSION *Session,
167 const VOID *Password,
168 UINT32 PassLength,
169 TCG_UID LockingRangeUid,
170 UINT64 RangeStart,
171 UINT64 RangeLength,
172 BOOLEAN ReadLockEnabled,
173 BOOLEAN WriteLockEnabled,
174 BOOLEAN ReadLocked,
175 BOOLEAN WriteLocked
176 )
177{
178 UINT8 MethodStatus;
179 TCG_RESULT Ret;
180
181 NULL_CHECK (Session);
182 NULL_CHECK (Password);
183
184 //
185 // Start session with Locking SP using current admin Password
186 //
187 Ret = OpalStartSession (
188 Session,
189 OPAL_UID_LOCKING_SP,
190 TRUE,
191 PassLength,
192 Password,
193 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
194 &MethodStatus
195 );
196 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
197 DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
198 goto done;
199 }
200
201 //
202 // Enable locking range
203 //
204 Ret = OpalSetLockingRange (
205 Session,
206 LockingRangeUid,
207 RangeStart,
208 RangeLength,
209 ReadLockEnabled,
210 WriteLockEnabled,
211 ReadLocked,
212 WriteLocked,
213 &MethodStatus
214 );
215
216 OpalEndSession (Session);
217 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
218 DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus));
219 }
220
221done:
222 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
223 Ret = TcgResultFailure;
224 }
225
226 return Ret;
227}
228
241TCG_RESULT
242EFIAPI
243OpalUtilSetAdminPassword (
244 OPAL_SESSION *Session,
245 const VOID *OldPassword,
246 UINT32 OldPasswordLength,
247 const VOID *NewPassword,
248 UINT32 NewPasswordLength
249 )
250{
251 TCG_RESULT Ret;
252 UINT8 MethodStatus;
253
254 NULL_CHECK (Session);
255 NULL_CHECK (OldPassword);
256 NULL_CHECK (NewPassword);
257
258 //
259 // Unknown ownership
260 //
261 Ret = OpalStartSession (
262 Session,
263 OPAL_UID_ADMIN_SP,
264 TRUE,
265 OldPasswordLength,
266 OldPassword,
267 OPAL_ADMIN_SP_SID_AUTHORITY,
268 &MethodStatus
269 );
270 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
271 DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n"));
272 goto done;
273 }
274
275 //
276 // Update SID = new pw
277 //
278 Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus);
279 OpalEndSession (Session);
280 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
281 DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n"));
282 goto done;
283 }
284
285 Ret = OpalStartSession (
286 Session,
287 OPAL_UID_LOCKING_SP,
288 TRUE,
289 OldPasswordLength,
290 OldPassword,
291 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
292 &MethodStatus
293 );
294 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
295 DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n"));
296 goto done;
297 }
298
299 //
300 // Update admin locking SP to new pw
301 //
302 Ret = OpalSetPassword (Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus);
303 OpalEndSession (Session);
304 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
305 DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n"));
306 goto done;
307 }
308
309done:
310 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
311 Ret = TcgResultFailure;
312 }
313
314 return Ret;
315}
316
328TCG_RESULT
329EFIAPI
330OpalUtilSetUserPassword (
331 OPAL_SESSION *Session,
332 const VOID *OldPassword,
333 UINT32 OldPasswordLength,
334 const VOID *NewPassword,
335 UINT32 NewPasswordLength
336 )
337{
338 UINT8 MethodStatus;
339 TCG_RESULT Ret;
340
341 NULL_CHECK (Session);
342 NULL_CHECK (OldPassword);
343 NULL_CHECK (NewPassword);
344
345 //
346 // See if updating user1 authority
347 //
348 Ret = OpalStartSession (
349 Session,
350 OPAL_UID_LOCKING_SP,
351 TRUE,
352 OldPasswordLength,
353 OldPassword,
354 OPAL_LOCKING_SP_USER1_AUTHORITY,
355 &MethodStatus
356 );
357 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
358 Ret = OpalSetPassword (
359 Session,
360 OPAL_LOCKING_SP_C_PIN_USER1,
361 NewPassword,
362 NewPasswordLength,
363 &MethodStatus
364 );
365 OpalEndSession (Session);
366 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
367 return Ret;
368 }
369 }
370
371 //
372 // Setting Password for first time or setting Password as admin
373 //
374
375 //
376 // Start session with Locking SP using current admin Password
377 //
378 Ret = OpalStartSession (
379 Session,
380 OPAL_UID_LOCKING_SP,
381 TRUE,
382 OldPasswordLength,
383 OldPassword,
384 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
385 &MethodStatus
386 );
387 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
388 DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n"));
389 goto done;
390 }
391
392 //
393 // Enable User1 and set its PIN
394 //
395 Ret = OpalSetLockingSpAuthorityEnabledAndPin (
396 Session,
397 OPAL_LOCKING_SP_C_PIN_USER1,
398 OPAL_LOCKING_SP_USER1_AUTHORITY,
399 NewPassword,
400 NewPasswordLength,
401 &MethodStatus
402 );
403 OpalEndSession (Session);
404 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
405 DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n"));
406 goto done;
407 }
408
409done:
410 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
411 Ret = TcgResultFailure;
412 }
413
414 return Ret;
415}
416
426TCG_RESULT
427EFIAPI
428OpalUtilVerifyPassword (
429 OPAL_SESSION *Session,
430 const VOID *Password,
431 UINT32 PasswordLength,
432 TCG_UID HostSigningAuthority
433 )
434{
435 TCG_RESULT Ret;
436 UINT8 MethodStatus;
437
438 NULL_CHECK (Session);
439 NULL_CHECK (Password);
440
441 Ret = OpalStartSession (
442 Session,
443 OPAL_UID_LOCKING_SP,
444 TRUE,
445 PasswordLength,
446 Password,
447 HostSigningAuthority,
448 &MethodStatus
449 );
450 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
451 OpalEndSession (Session);
452 return TcgResultSuccess;
453 }
454
455 return TcgResultFailure;
456}
457
468TCG_RESULT
469EFIAPI
470OpalUtilSecureErase (
471 OPAL_SESSION *Session,
472 const VOID *Password,
473 UINT32 PasswordLength,
474 BOOLEAN *PasswordFailed
475 )
476{
477 UINT8 MethodStatus;
478 TCG_RESULT Ret;
479
480 NULL_CHECK (Session);
481 NULL_CHECK (Password);
482 NULL_CHECK (PasswordFailed);
483
484 //
485 // Try to generate a new key with admin1
486 //
487 Ret = OpalStartSession (
488 Session,
489 OPAL_UID_LOCKING_SP,
490 TRUE,
491 PasswordLength,
492 Password,
493 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
494 &MethodStatus
495 );
496
497 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
498 Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
499 *PasswordFailed = FALSE;
500 OpalEndSession (Session);
501 } else {
502 //
503 // Try to generate a new key with user1
504 //
505 Ret = OpalStartSession (
506 Session,
507 OPAL_UID_LOCKING_SP,
508 TRUE,
509 PasswordLength,
510 Password,
511 OPAL_LOCKING_SP_USER1_AUTHORITY,
512 &MethodStatus
513 );
514
515 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
516 Ret = OpalGlobalLockingRangeGenKey (Session, &MethodStatus);
517 *PasswordFailed = FALSE;
518 OpalEndSession (Session);
519 } else {
520 *PasswordFailed = TRUE;
521 }
522 }
523
524 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
525 Ret = TcgResultFailure;
526 }
527
528 return Ret;
529}
530
540TCG_RESULT
541EFIAPI
542OpalUtilDisableUser (
543 OPAL_SESSION *Session,
544 const VOID *Password,
545 UINT32 PasswordLength,
546 BOOLEAN *PasswordFailed
547 )
548{
549 UINT8 MethodStatus;
550 TCG_RESULT Ret;
551
552 NULL_CHECK (Session);
553 NULL_CHECK (Password);
554 NULL_CHECK (PasswordFailed);
555
556 //
557 // Start session with Locking SP using current admin Password
558 //
559 Ret = OpalStartSession (
560 Session,
561 OPAL_UID_LOCKING_SP,
562 TRUE,
563 PasswordLength,
564 Password,
565 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
566 &MethodStatus
567 );
568 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
569 DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n"));
570 *PasswordFailed = TRUE;
571 goto done;
572 }
573
574 *PasswordFailed = FALSE;
575 Ret = OpalDisableUser (Session, &MethodStatus);
576 OpalEndSession (Session);
577
578done:
579 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
580 Ret = TcgResultFailure;
581 }
582
583 return Ret;
584}
585
598TCG_RESULT
599EFIAPI
600OpalUtilRevert (
601 OPAL_SESSION *Session,
602 BOOLEAN KeepUserData,
603 const VOID *Password,
604 UINT32 PasswordLength,
605 BOOLEAN *PasswordFailed,
606 UINT8 *Msid,
607 UINT32 MsidLength
608 )
609{
610 UINT8 MethodStatus;
611 TCG_RESULT Ret;
612 UINT32 RemovalTimeOut;
613
614 NULL_CHECK (Session);
615 NULL_CHECK (Msid);
616 NULL_CHECK (Password);
617 NULL_CHECK (PasswordFailed);
618
619 RemovalTimeOut = GetRevertTimeOut (Session);
620 DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut));
621
622 Ret = OpalStartSession (
623 Session,
624 OPAL_UID_LOCKING_SP,
625 TRUE,
626 PasswordLength,
627 Password,
628 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
629 &MethodStatus
630 );
631
632 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
633 DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus));
634 *PasswordFailed = TRUE;
635 goto done;
636 }
637
638 *PasswordFailed = FALSE;
639 //
640 // Try to revert with admin1
641 //
642 Ret = OpalPyrite2AdminRevert (Session, KeepUserData, &MethodStatus, RemovalTimeOut);
643 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
644 //
645 // Device ends the session on successful revert, so only call OpalEndSession when fail.
646 //
647 DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n"));
648 OpalEndSession (Session);
649 }
650
651 Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength);
652
653done:
654 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
655 Ret = TcgResultFailure;
656 }
657
658 return Ret;
659}
660
671TCG_RESULT
672EFIAPI
673OpalUtilSetSIDtoMSID (
674 OPAL_SESSION *Session,
675 const VOID *Password,
676 UINT32 PasswordLength,
677 UINT8 *Msid,
678 UINT32 MsidLength
679 )
680{
681 TCG_RESULT Ret;
682 UINT8 MethodStatus;
683
684 NULL_CHECK (Session);
685 NULL_CHECK (Msid);
686 NULL_CHECK (Password);
687
688 //
689 // Start session with admin sp to update SID to MSID
690 //
691 Ret = OpalStartSession (
692 Session,
693 OPAL_UID_ADMIN_SP,
694 TRUE,
695 PasswordLength,
696 Password,
697 OPAL_ADMIN_SP_SID_AUTHORITY,
698 &MethodStatus
699 );
700 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
701 goto done;
702 }
703
704 //
705 // Update SID pin
706 //
707 Ret = OpalSetPassword (Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus);
708 OpalEndSession (Session);
709
710done:
711 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
712 Ret = TcgResultFailure;
713 }
714
715 return Ret;
716}
717
728TCG_RESULT
729EFIAPI
730OpalUtilUpdateGlobalLockingRange (
731 OPAL_SESSION *Session,
732 const VOID *Password,
733 UINT32 PasswordLength,
734 BOOLEAN ReadLocked,
735 BOOLEAN WriteLocked
736 )
737{
738 UINT8 MethodStatus;
739 TCG_RESULT Ret;
740
741 NULL_CHECK (Session);
742 NULL_CHECK (Password);
743
744 //
745 // Try to start session with Locking SP as admin1 authority
746 //
747 Ret = OpalStartSession (
748 Session,
749 OPAL_UID_LOCKING_SP,
750 TRUE,
751 PasswordLength,
752 Password,
753 OPAL_LOCKING_SP_ADMIN1_AUTHORITY,
754 &MethodStatus
755 );
756 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
757 Ret = OpalUpdateGlobalLockingRange (
758 Session,
759 ReadLocked,
760 WriteLocked,
761 &MethodStatus
762 );
763 OpalEndSession (Session);
764 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
765 goto done;
766 }
767 }
768
769 if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) {
770 DEBUG ((DEBUG_INFO, "unlock as admin failed with AUTHORITY_LOCKED_OUT\n"));
771 }
772
773 //
774 // Try user1 authority
775 //
776 Ret = OpalStartSession (
777 Session,
778 OPAL_UID_LOCKING_SP,
779 TRUE,
780 PasswordLength,
781 Password,
782 OPAL_LOCKING_SP_USER1_AUTHORITY,
783 &MethodStatus
784 );
785 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
786 DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n"));
787 goto done;
788 }
789
790 Ret = OpalUpdateGlobalLockingRange (Session, ReadLocked, WriteLocked, &MethodStatus);
791 OpalEndSession (Session);
792
793done:
794 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
795 if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) {
796 //
797 // Caller need to know this special error, but return status not has type for it.
798 // so here use TcgResultFailureInvalidType as an replacement.
799 //
800 Ret = TcgResultFailureInvalidType;
801 } else {
802 Ret = TcgResultFailure;
803 }
804 }
805
806 return Ret;
807}
808
818TCG_RESULT
819EFIAPI
820OpalUtilGetMsid (
821 OPAL_SESSION *Session,
822 UINT8 *Msid,
823 UINT32 MsidBufferLength,
824 UINT32 *MsidLength
825 )
826{
827 UINT8 MethodStatus;
828 TCG_RESULT Ret;
829
830 NULL_CHECK (Session);
831 NULL_CHECK (Msid);
832 NULL_CHECK (MsidLength);
833
834 Ret = OpalStartSession (
835 Session,
836 OPAL_UID_ADMIN_SP,
837 TRUE,
838 0,
839 NULL,
840 TCG_UID_NULL,
841 &MethodStatus
842 );
843 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
844 Ret = OpalGetMsid (Session, MsidBufferLength, Msid, MsidLength);
845 OpalEndSession (Session);
846 }
847
848 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
849 Ret = TcgResultFailure;
850 }
851
852 return Ret;
853}
854
867OPAL_OWNER_SHIP
868EFIAPI
869OpalUtilDetermineOwnership (
870 OPAL_SESSION *Session,
871 UINT8 *Msid,
872 UINT32 MsidLength
873 )
874{
875 UINT8 MethodStatus;
876 TCG_RESULT Ret;
877 OPAL_OWNER_SHIP Owner;
878
879 if ((Session == NULL) || (Msid == NULL)) {
880 return OpalOwnershipUnknown;
881 }
882
883 Owner = OpalOwnershipUnknown;
884 //
885 // Start Session as SID_UID with ADMIN_SP using MSID PIN
886 //
887 Ret = OpalStartSession (
888 Session,
889 OPAL_UID_ADMIN_SP,
890 TRUE,
891 MsidLength,
892 Msid,
893 OPAL_ADMIN_SP_SID_AUTHORITY,
894 &MethodStatus
895 );
896 if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) {
897 //
898 // now we know that SID PIN == MSID PIN
899 //
900 Owner = OpalOwnershipNobody;
901
902 OpalEndSession (Session);
903 }
904
905 return Owner;
906}
907
919BOOLEAN
920EFIAPI
921OpalUtilAdminPasswordExists (
922 IN UINT16 OwnerShip,
923 IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature
924 )
925{
926 NULL_CHECK (LockingFeature);
927
928 // if it is Unknown who owns the device
929 // then someone has set password previously through our UI
930 // because the SID would no longer match the generated SID (ownership us)
931 // or someone has set password using 3rd party software
932
933 //
934 // Locking sp enabled is checked b/c it must be enabled to change the PIN of the Admin1.
935 //
936 return (OwnerShip == OpalOwnershipUnknown && LockingFeature->LockingEnabled);
937}
938
948TCG_RESULT
949EFIAPI
950OpalUtilGetActiveDataRemovalMechanism (
951 OPAL_SESSION *Session,
952 const VOID *GeneratedSid,
953 UINT32 SidLength,
954 UINT8 *ActiveDataRemovalMechanism
955 )
956{
957 TCG_RESULT Ret;
958 UINT8 MethodStatus;
959
960 NULL_CHECK (Session);
961 NULL_CHECK (GeneratedSid);
962 NULL_CHECK (ActiveDataRemovalMechanism);
963
964 Ret = OpalStartSession (
965 Session,
966 OPAL_UID_ADMIN_SP,
967 TRUE,
968 SidLength,
969 GeneratedSid,
970 OPAL_ADMIN_SP_ANYBODY_AUTHORITY,
971 &MethodStatus
972 );
973 if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) {
974 DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus));
975 if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
976 Ret = TcgResultFailure;
977 }
978
979 return Ret;
980 }
981
982 Ret = OpalPyrite2GetActiveDataRemovalMechanism (
983 Session,
984 ActiveDataRemovalMechanism
985 );
986
987 if (Ret != TcgResultSuccess) {
988 DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret));
989 }
990
991 OpalEndSession (Session);
992
993 return Ret;
994}
995
1003UINT32
1004CalculateDataRemovalTime (
1005 IN BOOLEAN IsMinute,
1006 IN UINT16 Time
1007 )
1008{
1009 if (IsMinute) {
1010 return Time * 2 * 60;
1011 } else {
1012 return Time * 2;
1013 }
1014}
1015
1023UINT32
1024GetDataRemovalTime (
1025 IN UINT8 Index,
1026 IN DATA_REMOVAL_FEATURE_DESCRIPTOR *Descriptor
1027 )
1028{
1029 switch (Index) {
1030 case OverwriteDataErase:
1031 return CalculateDataRemovalTime (Descriptor->FormatBit0, SwapBytes16 (Descriptor->TimeBit0));
1032
1033 case BlockErase:
1034 return CalculateDataRemovalTime (Descriptor->FormatBit1, SwapBytes16 (Descriptor->TimeBit1));
1035
1036 case CryptoErase:
1037 return CalculateDataRemovalTime (Descriptor->FormatBit2, SwapBytes16 (Descriptor->TimeBit2));
1038
1039 case Unmap:
1040 return CalculateDataRemovalTime (Descriptor->FormatBit3, SwapBytes16 (Descriptor->TimeBit3));
1041
1042 case ResetWritePointers:
1043 return CalculateDataRemovalTime (Descriptor->FormatBit4, SwapBytes16 (Descriptor->TimeBit4));
1044
1045 case VendorSpecificErase:
1046 return CalculateDataRemovalTime (Descriptor->FormatBit5, SwapBytes16 (Descriptor->TimeBit5));
1047
1048 default:
1049 return 0;
1050 }
1051}
1052
1060TCG_RESULT
1061EFIAPI
1062OpalUtilGetDataRemovalMechanismLists (
1063 IN OPAL_SESSION *Session,
1064 OUT UINT32 *RemovalMechanismLists
1065 )
1066{
1067 TCG_RESULT Ret;
1068 UINTN DataSize;
1069 DATA_REMOVAL_FEATURE_DESCRIPTOR Descriptor;
1070 UINT8 Index;
1071 UINT8 BitValue;
1072
1073 NULL_CHECK (Session);
1074 NULL_CHECK (RemovalMechanismLists);
1075
1076 DataSize = sizeof (Descriptor);
1077 Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor);
1078 if (Ret != TcgResultSuccess) {
1079 return TcgResultFailure;
1080 }
1081
1082 ASSERT (Descriptor.RemovalMechanism != 0);
1083
1084 for (Index = 0; Index < ResearvedMechanism; Index++) {
1085 BitValue = (BOOLEAN)BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index);
1086
1087 if (BitValue == 0) {
1088 RemovalMechanismLists[Index] = 0;
1089 } else {
1090 RemovalMechanismLists[Index] = GetDataRemovalTime (Index, &Descriptor);
1091 }
1092 }
1093
1094 return TcgResultSuccess;
1095}
1096
1103UINT32
1104GetRevertTimeOut (
1105 IN OPAL_SESSION *Session
1106 )
1107{
1108 TCG_RESULT TcgResult;
1109 OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;
1110 UINT16 BaseComId;
1111 UINT32 MsidLength;
1112 UINT8 Msid[OPAL_MSID_LENGTH];
1113 UINT32 RemovalMechanishLists[ResearvedMechanism];
1114 UINT8 ActiveDataRemovalMechanism;
1115
1116 TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId);
1117 if ((TcgResult != TcgResultSuccess) || (SupportedAttributes.DataRemoval == 0)) {
1118 return 0;
1119 }
1120
1121 TcgResult = OpalUtilGetMsid (Session, Msid, OPAL_MSID_LENGTH, &MsidLength);
1122 if (TcgResult != TcgResultSuccess) {
1123 return 0;
1124 }
1125
1126 TcgResult = OpalUtilGetDataRemovalMechanismLists (Session, RemovalMechanishLists);
1127 if (TcgResult != TcgResultSuccess) {
1128 return 0;
1129 }
1130
1131 TcgResult = OpalUtilGetActiveDataRemovalMechanism (Session, Msid, MsidLength, &ActiveDataRemovalMechanism);
1132 if (TcgResult != TcgResultSuccess) {
1133 return 0;
1134 }
1135
1136 return RemovalMechanishLists[ActiveDataRemovalMechanism];
1137}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
SwapBytes16
UINT16 EFIAPI SwapBytes16(IN UINT16 Value)
Definition: SwapBytes16.c:25
BitFieldRead8
UINT8 EFIAPI BitFieldRead8(IN UINT8 Operand, IN UINTN StartBit, IN UINTN EndBit)
Definition: BitField.c:143
NULL
#define NULL
Definition: Base.h:319
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434
TCG_UID
UINT64 TCG_UID
UID in host native byte order.
Definition: TcgStorageCore.h:22
TCG_RESULT
TCG_RESULT
Definition: TcgStorageCoreLib.h:49
OpalPyrite2GetActiveDataRemovalMechanism
TCG_RESULT OpalPyrite2GetActiveDataRemovalMechanism(IN OPAL_SESSION *AdminSpSession, OUT UINT8 *ActiveDataRemovalMechanism)
Definition: TcgStorageOpalCore.c:675
OpalPyrite2AdminRevert
TCG_RESULT OpalPyrite2AdminRevert(OPAL_SESSION *LockingSpSession, BOOLEAN KeepUserData, UINT8 *MethodStatus, UINT32 EstimateTimeCost)
Definition: TcgStorageOpalCore.c:852
OpalGetFeatureDescriptor
TCG_RESULT OpalGetFeatureDescriptor(IN OPAL_SESSION *Session, IN UINT16 FeatureCode, IN OUT UINTN *DataSize, OUT VOID *Data)
Definition: TcgStorageOpalCore.c:1904
OpalPyrite2PsidRevert
TCG_RESULT OpalPyrite2PsidRevert(OPAL_SESSION *AdminSpSession, UINT32 EstimateTimeCost)
Definition: TcgStorageOpalCore.c:336
OpalGetSupportedAttributesInfo
TCG_RESULT EFIAPI OpalGetSupportedAttributesInfo(OPAL_SESSION *Session, OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, UINT16 *OpalBaseComId)
OpalSetPassword
TCG_RESULT EFIAPI OpalSetPassword(OPAL_SESSION *Session, TCG_UID CpinRowUid, const VOID *NewPin, UINT32 NewPinLength, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:998
OpalSetLockingSpAuthorityEnabledAndPin
TCG_RESULT EFIAPI OpalSetLockingSpAuthorityEnabledAndPin(OPAL_SESSION *LockingSpSession, TCG_UID CpinRowUid, TCG_UID AuthorityUid, const VOID *NewPin, UINT32 NewPinLength, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:1052
OpalEndSession
TCG_RESULT EFIAPI OpalEndSession(OPAL_SESSION *Session)
Definition: TcgStorageOpalCore.c:518
OpalSetLockingRange
TCG_RESULT EFIAPI OpalSetLockingRange(OPAL_SESSION *LockingSpSession, TCG_UID LockingRangeUid, UINT64 RangeStart, UINT64 RangeLength, BOOLEAN ReadLockEnabled, BOOLEAN WriteLockEnabled, BOOLEAN ReadLocked, BOOLEAN WriteLocked, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:1406
OpalStartSession
TCG_RESULT EFIAPI OpalStartSession(OPAL_SESSION *Session, TCG_UID SpId, BOOLEAN Write, UINT32 HostChallengeLength, const VOID *HostChallenge, TCG_UID HostSigningAuthority, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:456
OpalGetMsid
TCG_RESULT EFIAPI OpalGetMsid(OPAL_SESSION *AdminSpSession, UINT32 MsidBufferSize, UINT8 *Msid, UINT32 *MsidLength)
Definition: TcgStorageOpalCore.c:583
OpalActivateLockingSp
TCG_RESULT EFIAPI OpalActivateLockingSp(OPAL_SESSION *AdminSpSession, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:948
OpalDisableUser
TCG_RESULT EFIAPI OpalDisableUser(OPAL_SESSION *LockingSpSession, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:1233
OpalGlobalLockingRangeGenKey
TCG_RESULT EFIAPI OpalGlobalLockingRangeGenKey(OPAL_SESSION *LockingSpSession, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:1276
OpalUpdateGlobalLockingRange
TCG_RESULT EFIAPI OpalUpdateGlobalLockingRange(OPAL_SESSION *LockingSpSession, BOOLEAN ReadLocked, BOOLEAN WriteLocked, UINT8 *MethodStatus)
Definition: TcgStorageOpalCore.c:1335
OpalUtilUpdateGlobalLockingRange
TCG_RESULT EFIAPI OpalUtilUpdateGlobalLockingRange(OPAL_SESSION *Session, const VOID *Password, UINT32 PasswordLength, BOOLEAN ReadLocked, BOOLEAN WriteLocked)
Definition: TcgStorageOpalUtil.c:730
OpalUtilSetOpalLockingRange
TCG_RESULT EFIAPI OpalUtilSetOpalLockingRange(OPAL_SESSION *Session, const VOID *Password, UINT32 PassLength, TCG_UID LockingRangeUid, UINT64 RangeStart, UINT64 RangeLength, BOOLEAN ReadLockEnabled, BOOLEAN WriteLockEnabled, BOOLEAN ReadLocked, BOOLEAN WriteLocked)
Definition: TcgStorageOpalUtil.c:165
GetDataRemovalTime
UINT32 GetDataRemovalTime(IN UINT8 Index, IN DATA_REMOVAL_FEATURE_DESCRIPTOR *Descriptor)
Definition: TcgStorageOpalUtil.c:1024
OpalUtilGetActiveDataRemovalMechanism
TCG_RESULT EFIAPI OpalUtilGetActiveDataRemovalMechanism(OPAL_SESSION *Session, const VOID *GeneratedSid, UINT32 SidLength, UINT8 *ActiveDataRemovalMechanism)
Definition: TcgStorageOpalUtil.c:950
OpalUtilSecureErase
TCG_RESULT EFIAPI OpalUtilSecureErase(OPAL_SESSION *Session, const VOID *Password, UINT32 PasswordLength, BOOLEAN *PasswordFailed)
Definition: TcgStorageOpalUtil.c:470
OpalUtilPsidRevert
TCG_RESULT EFIAPI OpalUtilPsidRevert(OPAL_SESSION *Session, const VOID *Psid, UINT32 PsidLength)
Definition: TcgStorageOpalUtil.c:26
OpalUtilRevert
TCG_RESULT EFIAPI OpalUtilRevert(OPAL_SESSION *Session, BOOLEAN KeepUserData, const VOID *Password, UINT32 PasswordLength, BOOLEAN *PasswordFailed, UINT8 *Msid, UINT32 MsidLength)
Definition: TcgStorageOpalUtil.c:600
OpalUtilDisableUser
TCG_RESULT EFIAPI OpalUtilDisableUser(OPAL_SESSION *Session, const VOID *Password, UINT32 PasswordLength, BOOLEAN *PasswordFailed)
Definition: TcgStorageOpalUtil.c:542
OpalUtilSetUserPassword
TCG_RESULT EFIAPI OpalUtilSetUserPassword(OPAL_SESSION *Session, const VOID *OldPassword, UINT32 OldPasswordLength, const VOID *NewPassword, UINT32 NewPasswordLength)
Definition: TcgStorageOpalUtil.c:330
OpalUtilVerifyPassword
TCG_RESULT EFIAPI OpalUtilVerifyPassword(OPAL_SESSION *Session, const VOID *Password, UINT32 PasswordLength, TCG_UID HostSigningAuthority)
Definition: TcgStorageOpalUtil.c:428
OpalUtilSetSIDtoMSID
TCG_RESULT EFIAPI OpalUtilSetSIDtoMSID(OPAL_SESSION *Session, const VOID *Password, UINT32 PasswordLength, UINT8 *Msid, UINT32 MsidLength)
Definition: TcgStorageOpalUtil.c:673
CalculateDataRemovalTime
UINT32 CalculateDataRemovalTime(IN BOOLEAN IsMinute, IN UINT16 Time)
Definition: TcgStorageOpalUtil.c:1004
OpalUtilAdminPasswordExists
BOOLEAN EFIAPI OpalUtilAdminPasswordExists(IN UINT16 OwnerShip, IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature)
Definition: TcgStorageOpalUtil.c:921
OpalUtilDetermineOwnership
OPAL_OWNER_SHIP EFIAPI OpalUtilDetermineOwnership(OPAL_SESSION *Session, UINT8 *Msid, UINT32 MsidLength)
Definition: TcgStorageOpalUtil.c:869
OpalUtilGetDataRemovalMechanismLists
TCG_RESULT EFIAPI OpalUtilGetDataRemovalMechanismLists(IN OPAL_SESSION *Session, OUT UINT32 *RemovalMechanismLists)
Definition: TcgStorageOpalUtil.c:1062
OpalUtilSetAdminPasswordAsSid
TCG_RESULT EFIAPI OpalUtilSetAdminPasswordAsSid(OPAL_SESSION *Session, const VOID *GeneratedSid, UINT32 SidLength, const VOID *Password, UINT32 PassLength)
Definition: TcgStorageOpalUtil.c:82
OpalUtilSetAdminPassword
TCG_RESULT EFIAPI OpalUtilSetAdminPassword(OPAL_SESSION *Session, const VOID *OldPassword, UINT32 OldPasswordLength, const VOID *NewPassword, UINT32 NewPasswordLength)
Definition: TcgStorageOpalUtil.c:243
GetRevertTimeOut
UINT32 GetRevertTimeOut(IN OPAL_SESSION *Session)
Definition: TcgStorageOpalUtil.c:1104
OpalUtilGetMsid
TCG_RESULT EFIAPI OpalUtilGetMsid(OPAL_SESSION *Session, UINT8 *Msid, UINT32 MsidBufferLength, UINT32 *MsidLength)
Definition: TcgStorageOpalUtil.c:820
_DATA_REMOVAL_FEATURE_DESCRIPTOR
Definition: TcgStorageOpal.h:201
OPAL_DISK_SUPPORT_ATTRIBUTE
Definition: TcgStorageOpalLib.h:39
OPAL_SESSION
Definition: TcgStorageOpalLib.h:134
TCG_LOCKING_FEATURE_DESCRIPTOR
Definition: TcgStorageCore.h:288