audk/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h

/** @file
  Opal Password common header file.

Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/

#ifndef _OPAL_PASSWORD_COMMON_H_
#define _OPAL_PASSWORD_COMMON_H_

#define OPAL_MAX_PASSWORD_SIZE      32

#define OPAL_DEVICE_TYPE_UNKNOWN    0x0
#define OPAL_DEVICE_TYPE_ATA        0x1
#define OPAL_DEVICE_TYPE_NVME       0x2

typedef struct {
  UINT16            Segment;
  UINT8             Bus;
  UINT8             Device;
  UINT8             Function;
  UINT8             Reserved;
} OPAL_PCI_DEVICE;

typedef struct {
  UINT32                      Length;
  OPAL_PCI_DEVICE             Device;
  UINT8                       PasswordLength;
  UINT8                       Password[OPAL_MAX_PASSWORD_SIZE];
  UINT16                      OpalBaseComId;
  UINT32                      DevicePathLength;
  EFI_DEVICE_PATH_PROTOCOL    DevicePath[];
} OPAL_DEVICE_LOCKBOX_DATA;

#define OPAL_DEVICE_LOCKBOX_GUID  { 0x56a77f0d, 0x6f05, 0x4d47, { 0xb9, 0x11, 0x4f, 0xd, 0xec, 0x5c, 0x58, 0x61 } }

#endif // _OPAL_PASSWORD_COMMON_H_
SecurityPkg OpalPassword: Add solution without SMM device code After IOMMU is enabled in S3, original solution with SMM device code (OpalPasswordSmm) to unlock OPAL device for S3 will not work as the DMA operation will be aborted without granted DMA buffer. Instead, this solution is to add OpalPasswordPei to eliminate SMM device code, and OPAL setup UI produced by OpalPasswordDxe will be updated to send requests (set password, update password, and etc), and then the requests will be processed in next boot before SmmReadyToLock, password and device info will be saved to lock box used by OpalPasswordPei to unlock OPAL device for S3. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> 2018-02-11 04:00:44 +01:00			`/** @file`
			`Opal Password common header file.`

SecurityPkg/OpalPassword: Remove HW init codes and consume SSC PPI REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1409 For the current implementation of OpalPassword drivers, it has a feature to support devices being automatically unlocked in the S3 resume. For this feature, two types of devices are supported: * ATA hard disks working under AHCI mode * NVM Express devices The support of this feature requires the above 2 types of device to be initialized at the PEI phase during S3 resume, which is done by the co-work of the OpalPasswordDxe driver and the OpalPasswordPei driver. More specifically, the OpalPasswordDxe will handle: * Pre-allocate MMIO resource and save it in a driver internal LockBox for OpalPasswordPei to retrieve; * Save the PCI configuration space of ATA controllers into boot script. Meanwhile, the OpalPasswordPei will handle: * Rely on the boot script for the PCI configuration space program of ATA controllers; * Restore the driver internal LockBox to get the MMIO resource; * Complete the PCI configuration space program for ATA and NVME controllers; * Initialize ATA and NVME controllers and devices. This commit will remove these hardware initialization related codes from the OpalPassword drivers. The hardware initialization will be covered by PEI storage device drivers (e.g. NvmExpressPei & AhciPei in the MdeModulePkg). After such codes removal, the OpalPasswordDxe will only handle: * Construct/update the S3StorageDeviceInitList LockBox with the managing ATA and NVME devices. And the OpalPasswordPei will only handle: * Locate Storage Security Command PPI instances to perform the device automatic unlock during the S3 resume. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> 2018-08-27 10:52:13 +02:00			`Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR>`
SecurityPkg: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> 2019-04-04 01:06:56 +02:00			`SPDX-License-Identifier: BSD-2-Clause-Patent`
SecurityPkg OpalPassword: Add solution without SMM device code After IOMMU is enabled in S3, original solution with SMM device code (OpalPasswordSmm) to unlock OPAL device for S3 will not work as the DMA operation will be aborted without granted DMA buffer. Instead, this solution is to add OpalPasswordPei to eliminate SMM device code, and OPAL setup UI produced by OpalPasswordDxe will be updated to send requests (set password, update password, and etc), and then the requests will be processed in next boot before SmmReadyToLock, password and device info will be saved to lock box used by OpalPasswordPei to unlock OPAL device for S3. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> 2018-02-11 04:00:44 +01:00
			`**/`

			`#ifndef _OPAL_PASSWORD_COMMON_H_`
			`#define _OPAL_PASSWORD_COMMON_H_`

			`#define OPAL_MAX_PASSWORD_SIZE 32`

			`#define OPAL_DEVICE_TYPE_UNKNOWN 0x0`
			`#define OPAL_DEVICE_TYPE_ATA 0x1`
			`#define OPAL_DEVICE_TYPE_NVME 0x2`

			`typedef struct {`
			`UINT16 Segment;`
			`UINT8 Bus;`
			`UINT8 Device;`
			`UINT8 Function;`
			`UINT8 Reserved;`
			`} OPAL_PCI_DEVICE;`

			`typedef struct {`
SecurityPkg/OpalPassword: Remove HW init codes and consume SSC PPI REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1409 For the current implementation of OpalPassword drivers, it has a feature to support devices being automatically unlocked in the S3 resume. For this feature, two types of devices are supported: * ATA hard disks working under AHCI mode * NVM Express devices The support of this feature requires the above 2 types of device to be initialized at the PEI phase during S3 resume, which is done by the co-work of the OpalPasswordDxe driver and the OpalPasswordPei driver. More specifically, the OpalPasswordDxe will handle: * Pre-allocate MMIO resource and save it in a driver internal LockBox for OpalPasswordPei to retrieve; * Save the PCI configuration space of ATA controllers into boot script. Meanwhile, the OpalPasswordPei will handle: * Rely on the boot script for the PCI configuration space program of ATA controllers; * Restore the driver internal LockBox to get the MMIO resource; * Complete the PCI configuration space program for ATA and NVME controllers; * Initialize ATA and NVME controllers and devices. This commit will remove these hardware initialization related codes from the OpalPassword drivers. The hardware initialization will be covered by PEI storage device drivers (e.g. NvmExpressPei & AhciPei in the MdeModulePkg). After such codes removal, the OpalPasswordDxe will only handle: * Construct/update the S3StorageDeviceInitList LockBox with the managing ATA and NVME devices. And the OpalPasswordPei will only handle: * Locate Storage Security Command PPI instances to perform the device automatic unlock during the S3 resume. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> 2018-08-27 10:52:13 +02:00			`UINT32 Length;`
			`OPAL_PCI_DEVICE Device;`
			`UINT8 PasswordLength;`
			`UINT8 Password[OPAL_MAX_PASSWORD_SIZE];`
			`UINT16 OpalBaseComId;`
			`UINT32 DevicePathLength;`
			`EFI_DEVICE_PATH_PROTOCOL DevicePath[];`
			`} OPAL_DEVICE_LOCKBOX_DATA;`

			`#define OPAL_DEVICE_LOCKBOX_GUID { 0x56a77f0d, 0x6f05, 0x4d47, { 0xb9, 0x11, 0x4f, 0xd, 0xec, 0x5c, 0x58, 0x61 } }`
SecurityPkg OpalPassword: Add solution without SMM device code After IOMMU is enabled in S3, original solution with SMM device code (OpalPasswordSmm) to unlock OPAL device for S3 will not work as the DMA operation will be aborted without granted DMA buffer. Instead, this solution is to add OpalPasswordPei to eliminate SMM device code, and OPAL setup UI produced by OpalPasswordDxe will be updated to send requests (set password, update password, and etc), and then the requests will be processed in next boot before SmmReadyToLock, password and device info will be saved to lock box used by OpalPasswordPei to unlock OPAL device for S3. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> 2018-02-11 04:00:44 +01:00
			`#endif // _OPAL_PASSWORD_COMMON_H_`