SecurityPkg: TcgStorageOpalLib: Add TCG storage opal library.
Library APIs used to create commands defined by TCG storage opal spec. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
This commit is contained in:
		
							
								
								
									
										831
									
								
								SecurityPkg/Include/Library/TcgStorageOpalLib.h
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										831
									
								
								SecurityPkg/Include/Library/TcgStorageOpalLib.h
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,831 @@ | ||||
| /** @file | ||||
|   Public API for Opal Core library. | ||||
|  | ||||
| Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> | ||||
| This program and the accompanying materials | ||||
| are licensed and made available under the terms and conditions of the BSD License | ||||
| which accompanies this distribution.  The full text of the license may be found at | ||||
| http://opensource.org/licenses/bsd-license.php | ||||
|  | ||||
| THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | ||||
| WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | ||||
|  | ||||
| **/ | ||||
|  | ||||
| #ifndef _OPAL_CORE_H_ | ||||
| #define _OPAL_CORE_H_ | ||||
|  | ||||
| #include <IndustryStandard/TcgStorageOpal.h> | ||||
|  | ||||
| #include <Library/TcgStorageCoreLib.h> | ||||
| #include <Protocol/StorageSecurityCommand.h> | ||||
|  | ||||
| #pragma pack(1) | ||||
|  | ||||
| typedef struct { | ||||
|     // | ||||
|     // Opal SSC 1 support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 OpalSsc1 : 1; | ||||
|  | ||||
|     // | ||||
|     // Opal SSC 2support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 OpalSsc2 : 1; | ||||
|  | ||||
|     // | ||||
|     // Opal SSC Lite support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 OpalSscLite : 1; | ||||
|  | ||||
|     // | ||||
|     // Pyrite SSC support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 PyriteSsc : 1; | ||||
|  | ||||
|     // | ||||
|     // Security protocol 1 support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 Sp1 : 1; | ||||
|  | ||||
|     // | ||||
|     // Security protocol 2 support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 Sp2 : 1; | ||||
|  | ||||
|     // | ||||
|     // Security protocol IEEE1667 support  (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 SpIeee1667 : 1; | ||||
|  | ||||
|     // | ||||
|     // Media encryption supported (0 - not supported, 1 - supported) | ||||
|     // | ||||
|     UINT32 MediaEncryption : 1; | ||||
|  | ||||
|     // | ||||
|     // Initial C_PIN_SID PIN Indicator | ||||
|     //  0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value | ||||
|     //  1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value | ||||
|     // | ||||
|     UINT32 InitCpinIndicator : 1; | ||||
|  | ||||
|     // | ||||
|     // Behavior of C_PIN_SID PIN upon TPer Revert | ||||
|     //  0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value | ||||
|     //  1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value | ||||
|     // | ||||
|     UINT32 CpinUponRevert : 1; | ||||
| } OPAL_DISK_SUPPORT_ATTRIBUTE; | ||||
|  | ||||
| // | ||||
| // Opal device ownership type | ||||
| // The type indicates who was the determined owner of the device. | ||||
| // | ||||
| typedef enum { | ||||
|     // | ||||
|     // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP | ||||
|     //was unsuccessful with the provided PIN | ||||
|     // | ||||
|     OpalOwnershipUnknown, | ||||
|  | ||||
|     // | ||||
|     // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN | ||||
|     // | ||||
|     OpalOwnershipNobody, | ||||
| } OPAL_OWNER_SHIP; | ||||
|  | ||||
| // | ||||
| // Structure that is used to represent an Opal session. | ||||
| // The structure must be initialized by calling OpalStartSession before being used as a parameter | ||||
| // for any other Opal function. | ||||
| // This structure should NOT be directly modified by the client of this library. | ||||
| // | ||||
| // | ||||
| typedef struct  { | ||||
|     UINT32                                 HostSessionId; | ||||
|     UINT32                                 TperSessionId; | ||||
|     UINT16                                 ComIdExtension; | ||||
|  | ||||
|     UINT16                                 OpalBaseComId; | ||||
|  | ||||
|     EFI_STORAGE_SECURITY_COMMAND_PROTOCOL  *Sscp; | ||||
|     UINT32                                 MediaId; | ||||
| } OPAL_SESSION; | ||||
| #pragma pack() | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function fills in the provided Buffer with the supported protocol list | ||||
|   of the device specified. | ||||
|  | ||||
|   @param[in]        Session         OPAL_SESSION data. | ||||
|   @param[in]        BufferSize      Size of Buffer provided (in bytes) | ||||
|   @param[in]        BuffAddress     Buffer address to fill with security protocol list | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalRetrieveSupportedProtocolList( | ||||
|   OPAL_SESSION     *Session, | ||||
|   UINTN            BufferSize, | ||||
|   VOID             *BuffAddress | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function fills in the provided Buffer with the level 0 discovery Header | ||||
|   of the device specified. | ||||
|  | ||||
|   @param[in]        Session         OPAL_SESSION data. | ||||
|   @param[in]        BufferSize      Size of Buffer provided (in bytes) | ||||
|   @param[in]        BuffAddress     Buffer address to fill with Level 0 Discovery response | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalRetrieveLevel0DiscoveryHeader( | ||||
|   OPAL_SESSION     *Session, | ||||
|   UINTN            BufferSize, | ||||
|   VOID             *BuffAddress | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Starts a session with a security provider (SP). | ||||
|  | ||||
|   If a session is started successfully, the caller must end the session with OpalEndSession when finished | ||||
|   performing Opal actions. | ||||
|  | ||||
|   @param[in/out]  Session                 OPAL_SESSION to initialize. | ||||
|   @param[in]      SpId                    Security provider ID to start the session with. | ||||
|   @param[in]      Write                   Whether the session should be read-only (FALSE) or read/write (TRUE). | ||||
|   @param[in]      HostChallengeLength     Length of the host challenge.  Length should be 0 if hostChallenge is NULL | ||||
|   @param[in]      HostChallenge           Host challenge for Host Signing Authority.  If NULL, then no Host Challenge will be sent. | ||||
|   @param[in]      HostSigningAuthority    Host Signing Authority used for start session.  If NULL, then no Host Signing Authority will be sent. | ||||
|   @param[in/out]  MethodStatus            Status of the StartSession method; only valid if TcgResultSuccess is returned. | ||||
|  | ||||
|   @return TcgResultSuccess indicates that the function completed without any internal errors. | ||||
|   The caller must inspect the MethodStatus field to determine whether the method completed successfully. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalStartSession( | ||||
|   OPAL_SESSION     *Session, | ||||
|   TCG_UID          SpId, | ||||
|   BOOLEAN          Write, | ||||
|   UINT32           HostChallengeLength, | ||||
|   const VOID       *HostChallenge, | ||||
|   TCG_UID          HostSigningAuthority, | ||||
|   UINT8            *MethodStatus | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Close a session opened with OpalStartSession. | ||||
|  | ||||
|   @param[in/out]  Session                 OPAL_SESSION to end. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalEndSession( | ||||
|   OPAL_SESSION     *Session | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   Reverts device using Admin SP Revert method. | ||||
|  | ||||
|   @param[in]  AdminSpSession      OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalPsidRevert( | ||||
|   OPAL_SESSION              *AdminSpSession | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function retrieves the MSID from the device specified | ||||
|  | ||||
|   @param[in]  AdminSpSession      OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. | ||||
|   @param[in]  MsidBufferSize      Allocated buffer size (in bytes) for MSID allocated by caller | ||||
|   @param[in]  Msid                Variable length byte sequence representing MSID of device | ||||
|   @param[in]  MsidLength          Actual length of MSID retrieved from device | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalGetMsid( | ||||
|   OPAL_SESSION    *AdminSpSession, | ||||
|   UINT32          MsidBufferSize, | ||||
|   UINT8           *Msid, | ||||
|   UINT32          *MsidLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function activates the Locking SP. | ||||
|   Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN. | ||||
|   If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs. | ||||
|  | ||||
|   @param[in]      AdminSpSession      OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP | ||||
|   @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalActivateLockingSp( | ||||
|   OPAL_SESSION           *AdminSpSession, | ||||
|   UINT8                  *MethodStatus | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value. | ||||
|  | ||||
|   @param[in/out]  Session                 OPAL_SESSION to set password | ||||
|   @param[in]      CpinRowUid              UID of row (authority) to update PIN column | ||||
|   @param[in]      NewPin                  New Pin to set for cpinRowUid specified | ||||
|   @param[in]      NewPinLength            Length in bytes of newPin | ||||
|   @param[in/out]  MethodStatus            Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalSetPassword( | ||||
|   OPAL_SESSION   *Session, | ||||
|   TCG_UID        CpinRowUid, | ||||
|   const VOID     *NewPin, | ||||
|   UINT32         NewPinLength, | ||||
|   UINT8          *MethodStatus | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function retrieves the active key of the global locking range | ||||
|   and calls the GenKey method on the active key retrieved. | ||||
|  | ||||
|   @param[in]        LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key | ||||
|   @param[in/out]    MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalGlobalLockingRangeGenKey( | ||||
|   OPAL_SESSION   *LockingSpSession, | ||||
|   UINT8          *MethodStatus | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function updates the ReadLocked and WriteLocked columns of the Global Locking Range. | ||||
|   This funciton is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns | ||||
|   (not ReadLockEnabled and WriteLockEnabled columns). | ||||
|  | ||||
|   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key | ||||
|   @param[in]      ReadLocked          Value to set ReadLocked column for Global Locking Range | ||||
|   @param[in]      WriteLocked         Value to set WriteLocked column for Global Locking Range | ||||
|   @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUpdateGlobalLockingRange( | ||||
|   OPAL_SESSION             *LockingSpSession, | ||||
|   BOOLEAN                  ReadLocked, | ||||
|   BOOLEAN                  WriteLocked, | ||||
|   UINT8                    *MethodStatus | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns | ||||
|   of the specified Locking Range.  This function requires admin authority of a locking SP session. | ||||
|  | ||||
|   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key | ||||
|   @param[in]      LockingRangeUid     Locking range UID to set values | ||||
|   @param[in]      RangeStart          Value to set RangeStart column for Locking Range | ||||
|   @param[in]      RangeLength         Value to set RangeLength column for Locking Range | ||||
|   @param[in]      ReadLockEnabled     Value to set readLockEnabled column for Locking Range | ||||
|   @param[in]      WriteLockEnabled    Value to set writeLockEnabled column for Locking Range | ||||
|   @param[in]      ReadLocked          Value to set ReadLocked column for Locking Range | ||||
|   @param[in]      WriteLocked         Value to set WriteLocked column for Locking Range | ||||
|   @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalSetLockingRange( | ||||
|   OPAL_SESSION     *LockingSpSession, | ||||
|   TCG_UID          LockingRangeUid, | ||||
|   UINT64           RangeStart, | ||||
|   UINT64           RangeLength, | ||||
|   BOOLEAN          ReadLockEnabled, | ||||
|   BOOLEAN          WriteLockEnabled, | ||||
|   BOOLEAN          ReadLocked, | ||||
|   BOOLEAN          WriteLocked, | ||||
|   UINT8            *MethodStatus | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided | ||||
|   using the newPin provided.  AuthorityUid and cpinRowUid should describe the same authority. | ||||
|  | ||||
|   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update | ||||
|   @param[in]      CpinRowUid          Row UID of C_PIN table of Locking SP to update PIN | ||||
|   @param[in]      AuthorityUid        UID of Locking SP authority to update Pin column with | ||||
|   @param[in]      NewPin              New Password used to set Pin column | ||||
|   @param[in]      NewPinLength        Length in bytes of new password | ||||
|   @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalSetLockingSpAuthorityEnabledAndPin( | ||||
|   OPAL_SESSION    *LockingSpSession, | ||||
|   TCG_UID         CpinRowUid, | ||||
|   TCG_UID         AuthorityUid, | ||||
|   const VOID      *NewPin, | ||||
|   UINT32          NewPinLength, | ||||
|   UINT8           *MethodStatus | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function sets the Enabled column to FALSE for the USER1 authority. | ||||
|  | ||||
|   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1 | ||||
|   @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalDisableUser( | ||||
|   OPAL_SESSION     *LockingSpSession, | ||||
|   UINT8            *MethodStatus | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function calls the Admin SP RevertSP method on the Locking SP.  If KeepUserData is True, then the optional parameter | ||||
|   to keep the user data is set to True, otherwise the optional parameter is not provided. | ||||
|  | ||||
|   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP | ||||
|   @param[in]      KeepUserData        Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data. | ||||
|   @param[in/out]  MethodStatus        Method status of last action performed.  If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalAdminRevert( | ||||
|   OPAL_SESSION    *LockingSpSession, | ||||
|   BOOLEAN         KeepUserData, | ||||
|   UINT8           *MethodStatus | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function retrieves the TryLimit column for the specified rowUid (authority). | ||||
|  | ||||
|   @param[in]      LockingSpSession    OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit | ||||
|   @param[in]      RowUid              Row UID of the Locking SP C_PIN table to retrieve TryLimit column | ||||
|   @param[in/out]  TryLimit            Value from TryLimit column | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalGetTryLimit( | ||||
|   OPAL_SESSION   *LockingSpSession, | ||||
|   TCG_UID        RowUid, | ||||
|   UINT32         *TryLimit | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function populates the CreateStruct with a payload that will retrieve the global locking range active key. | ||||
|   It is intended to be called with a session that is already started with a valid credential. | ||||
|   The function does not send the payload. | ||||
|  | ||||
|   @param[in]      Session        OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in/out]  CreateStruct   Structure to populate with encoded TCG command | ||||
|   @param[in/out]  Size           Size in bytes of the command created. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalCreateRetrieveGlobalLockingRangeActiveKey( | ||||
|   const OPAL_SESSION    *Session, | ||||
|   TCG_CREATE_STRUCT     *CreateStruct, | ||||
|   UINT32                *Size | ||||
|   ); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function acquires the activeKey specified for the Global Locking Range from the parseStruct. | ||||
|  | ||||
|   @param[in]      ParseStruct    Structure that contains the device's response with the activekey | ||||
|   @param[in/out]  ActiveKey      The UID of the active key retrieved | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalParseRetrieveGlobalLockingRangeActiveKey( | ||||
|   TCG_PARSE_STRUCT  *ParseStruct, | ||||
|   TCG_UID           *ActiveKey | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   Get the support attribute info. | ||||
|  | ||||
|   @param[in]      Session             OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. | ||||
|   @param[in/out]  LockingFeature      Return the Locking info. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalGetLockingInfo( | ||||
|   OPAL_SESSION                     *Session, | ||||
|   TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function determines whether or not all of the requirements for the Opal Feature (not full specification) | ||||
|   are met by the specified device. | ||||
|  | ||||
|   @param[in]      SupportedAttributes     Opal device attribute. | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| EFIAPI | ||||
| OpalFeatureSupported( | ||||
|   OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function returns whether or not the device is Opal Enabled. | ||||
|   TRUE means that the device is partially or fully locked. | ||||
|   This will perform a Level 0 Discovery and parse the locking feature descriptor | ||||
|  | ||||
|   @param[in]      SupportedAttributes     Opal device attribute. | ||||
|   @param[in]      LockingFeature          Opal device locking status. | ||||
|  | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| EFIAPI | ||||
| OpalFeatureEnabled( | ||||
|   OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes, | ||||
|   TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function returns whether or not the device is Opal Locked. | ||||
|   TRUE means that the device is partially or fully locked. | ||||
|   This will perform a Level 0 Discovery and parse the locking feature descriptor | ||||
|  | ||||
|   @param[in]      SupportedAttributes     Opal device attribute. | ||||
|   @param[in]      LockingFeature          Opal device locking status. | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| OpalDeviceLocked( | ||||
|   OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes, | ||||
|   TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Trig the block sid action. | ||||
|  | ||||
|   @param[in]      Session            OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      HardwareReset      Whether need to do hardware reset. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalBlockSid( | ||||
|   OPAL_SESSION                           *Session, | ||||
|   BOOLEAN                                HardwareReset | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   Get the support attribute info. | ||||
|  | ||||
|   @param[in]      Session             OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. | ||||
|   @param[in/out]  SupportedAttributes Return the support attribute info. | ||||
|   @param[out]     OpalBaseComId       Return the base com id info. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalGetSupportedAttributesInfo( | ||||
|   OPAL_SESSION                 *Session, | ||||
|   OPAL_DISK_SUPPORT_ATTRIBUTE  *SupportedAttributes, | ||||
|   UINT16                       *OpalBaseComId | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method. | ||||
|  | ||||
|   @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      Psid               PSID of device to revert. | ||||
|   @param[in]      PsidLength         Length of PSID in bytes. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilPsidRevert( | ||||
|   OPAL_SESSION   *AdminSpSession, | ||||
|   const VOID     *Psid, | ||||
|   UINT32         PsidLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, | ||||
|   sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password, | ||||
|   and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN. | ||||
|  | ||||
|   @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      GeneratedSid       Generated SID of disk | ||||
|   @param[in]      SidLength          Length of generatedSid in bytes | ||||
|   @param[in]      Password           New admin password to set | ||||
|   @param[in]      PassLength         Length of password in bytes | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilSetAdminPasswordAsSid( | ||||
|   OPAL_SESSION      *AdminSpSession, | ||||
|   const VOID        *GeneratedSid, | ||||
|   UINT32            SidLength, | ||||
|   const VOID        *Password, | ||||
|   UINT32            PassLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY, | ||||
|   and updates the specified locking range with the provided column values. | ||||
|  | ||||
|   @param[in]      LockingSpSession   OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      Password           New admin password to set | ||||
|   @param[in]      PassLength         Length of password in bytes | ||||
|   @param[in]      LockingRangeUid    Locking range UID to set values | ||||
|   @param[in]      RangeStart         Value to set RangeStart column for Locking Range | ||||
|   @param[in]      RangeLength        Value to set RangeLength column for Locking Range | ||||
|   @param[in]      ReadLockEnabled    Value to set readLockEnabled column for Locking Range | ||||
|   @param[in]      WriteLockEnabled   Value to set writeLockEnabled column for Locking Range | ||||
|   @param[in]      ReadLocked         Value to set ReadLocked column for Locking Range | ||||
|   @param[in]      WriteLocked        Value to set WriteLocked column for Locking Range | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilSetOpalLockingRange( | ||||
|   OPAL_SESSION   *LockingSpSession, | ||||
|   const VOID     *Password, | ||||
|   UINT32         PassLength, | ||||
|   TCG_UID        LockingRangeUid, | ||||
|   UINT64         RangeStart, | ||||
|   UINT64         RangeLength, | ||||
|   BOOLEAN        ReadLockEnabled, | ||||
|   BOOLEAN        WriteLockEnabled, | ||||
|   BOOLEAN        ReadLocked, | ||||
|   BOOLEAN        WriteLocked | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, | ||||
|   sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password, | ||||
|   and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password. | ||||
|  | ||||
|   @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      OldPassword        Current admin password | ||||
|   @param[in]      OldPasswordLength  Length of current admin password in bytes | ||||
|   @param[in]      NewPassword        New admin password to set | ||||
|   @param[in]      NewPasswordLength  Length of new password in bytes | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilSetAdminPassword( | ||||
|   OPAL_SESSION  *AdminSpSession, | ||||
|   const VOID    *OldPassword, | ||||
|   UINT32        OldPasswordLength, | ||||
|   const VOID    *NewPassword, | ||||
|   UINT32        NewPasswordLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY | ||||
|   and sets the User1 SP authority to enabled and sets the User1 password. | ||||
|  | ||||
|   @param[in]      LockingSpSession   OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      OldPassword        Current admin password | ||||
|   @param[in]      OldPasswordLength  Length of current admin password in bytes | ||||
|   @param[in]      NewPassword        New admin password to set | ||||
|   @param[in]      NewPasswordLength  Length of new password in bytes | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilSetUserPassword( | ||||
|   OPAL_SESSION    *LockingSpSession, | ||||
|   const VOID      *OldPassword, | ||||
|   UINT32          OldPasswordLength, | ||||
|   const VOID      *NewPassword, | ||||
|   UINT32          NewPasswordLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Verify whether user input the correct password. | ||||
|  | ||||
|   @param[in]      LockingSpSession            OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      Password                    Admin password | ||||
|   @param[in]      PasswordLength              Length of password in bytes | ||||
|   @param[in/out]  HostSigningAuthority        Use the Host signing authority type. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilVerifyPassword ( | ||||
|   OPAL_SESSION   *LockingSpSession, | ||||
|   const VOID     *Password, | ||||
|   UINT32         PasswordLength, | ||||
|   TCG_UID        HostSigningAuthority | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY | ||||
|   and generates a new global locking range key to erase the Data. | ||||
|  | ||||
|   @param[in]      LockingSpSession     OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      Password             Admin or user password | ||||
|   @param[in]      PasswordLength       Length of password in bytes | ||||
|   @param[in/out]  PasswordFailed       indicates if password failed (start session didn't work) | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilSecureErase( | ||||
|   OPAL_SESSION     *LockingSpSession, | ||||
|   const VOID       *Password, | ||||
|   UINT32           PasswordLength, | ||||
|   BOOLEAN          *PasswordFailed | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority. | ||||
|  | ||||
|   @param[in]      LockingSpSession      OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      Password              Admin password | ||||
|   @param[in]      PasswordLength        Length of password in bytes | ||||
|   @param[in/out]  PasswordFailed        indicates if password failed (start session didn't work) | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilDisableUser( | ||||
|   OPAL_SESSION   *LockingSpSession, | ||||
|   const VOID     *Password, | ||||
|   UINT32         PasswordLength, | ||||
|   BOOLEAN        *PasswordFailed | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method. | ||||
|  | ||||
|   @param[in]      LockingSpSession      OPAL_SESSION to populate command for, needs comId | ||||
|   @param[in]      KeepUserData       TRUE to keep existing Data on the disk, or FALSE to erase it | ||||
|   @param[in]      Password           Admin password | ||||
|   @param[in]      PasswordLength     Length of password in bytes | ||||
|   @param[in/out]  PasswordFailed     indicates if password failed (start session didn't work) | ||||
|   @param[in]      Msid               Input Msid info. | ||||
|   @param[in]      MsidLength         Input Msid info length. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilRevert( | ||||
|   OPAL_SESSION     *LockingSpSession, | ||||
|   BOOLEAN          KeepUserData, | ||||
|   const VOID       *Password, | ||||
|   UINT32           PasswordLength, | ||||
|   BOOLEAN          *PasswordFailed, | ||||
|   UINT8            *Msid, | ||||
|   UINT32           MsidLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   After revert success, set SID to MSID. | ||||
|  | ||||
|   @param[in]      AdminSpSession     OPAL_SESSION to populate command for, needs comId | ||||
|   @param          Password,          Input password info. | ||||
|   @param          PasswordLength,    Input password length. | ||||
|   @param[in]      Msid               Input Msid info. | ||||
|   @param[in]      MsidLength         Input Msid info length. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilSetSIDtoMSID ( | ||||
|   OPAL_SESSION     *AdminSpSession, | ||||
|   const VOID       *Password, | ||||
|   UINT32           PasswordLength, | ||||
|   UINT8            *Msid, | ||||
|   UINT32           MsidLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Update global locking range. | ||||
|  | ||||
|   @param[in]      LockingSpSession   OPAL_SESSION to populate command for, needs comId | ||||
|   @param          Password,          Input password info. | ||||
|   @param          PasswordLength,    Input password length. | ||||
|   @param          ReadLocked,        Read lock info. | ||||
|   @param          WriteLocked        write lock info. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilUpdateGlobalLockingRange( | ||||
|   OPAL_SESSION    *LockingSpSession, | ||||
|   const VOID      *Password, | ||||
|   UINT32          PasswordLength, | ||||
|   BOOLEAN         ReadLocked, | ||||
|   BOOLEAN         WriteLocked | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|   Update global locking range. | ||||
|  | ||||
|   @param          Session,           The session info for one opal device. | ||||
|   @param          Msid,              The data buffer to save Msid info. | ||||
|   @param          MsidBufferLength,  The data buffer length for Msid. | ||||
|   @param          MsidLength,        The actual data length for Msid. | ||||
|  | ||||
| **/ | ||||
| TCG_RESULT | ||||
| EFIAPI | ||||
| OpalUtilGetMsid( | ||||
|   OPAL_SESSION    *Session, | ||||
|   UINT8           *Msid, | ||||
|   UINT32          MsidBufferLength, | ||||
|   UINT32          *MsidLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function determines who owns the device by attempting to start a session with different credentials. | ||||
|   If the SID PIN matches the MSID PIN, the no one owns the device. | ||||
|   If the SID PIN matches the ourSidPin, then "Us" owns the device.  Otherwise it is unknown. | ||||
|  | ||||
|  | ||||
|   @param[in]      Session            The session info for one opal device. | ||||
|   @param          Msid,              The Msid info. | ||||
|   @param          MsidLength,        The data length for Msid. | ||||
|  | ||||
| **/ | ||||
| OPAL_OWNER_SHIP | ||||
| EFIAPI | ||||
| OpalUtilDetermineOwnership( | ||||
|   OPAL_SESSION       *Session, | ||||
|   UINT8              *Msid, | ||||
|   UINT32             MsidLength | ||||
|   ); | ||||
|  | ||||
| /** | ||||
|  | ||||
|   The function returns if admin password exists. | ||||
|  | ||||
|   @param[in]      OwnerShip         The owner ship of the opal device. | ||||
|   @param[in]      LockingFeature    The locking info of the opal device. | ||||
|  | ||||
|   @retval         TRUE              Admin password existed. | ||||
|   @retval         FALSE             Admin password not existed. | ||||
|  | ||||
| **/ | ||||
| BOOLEAN | ||||
| EFIAPI | ||||
| OpalUtilAdminPasswordExists( | ||||
|   IN  UINT16                           OwnerShip, | ||||
|   IN  TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature | ||||
|   ); | ||||
|  | ||||
| #endif // _OPAL_CORE_H_ | ||||
		Reference in New Issue
	
	Block a user