audk/SecurityPkg/HddPassword/HddPasswordCommon.h

/** @file
  HDD Password common header file.

  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>

  SPDX-License-Identifier: BSD-2-Clause-Patent

**/

#ifndef _HDD_PASSWORD_COMMON_H_
#define _HDD_PASSWORD_COMMON_H_

//
// The payload length of HDD related ATA commands
//
#define HDD_PAYLOAD                     512

#define ATA_SECURITY_SET_PASSWORD_CMD   0xF1
#define ATA_SECURITY_UNLOCK_CMD         0xF2
#define ATA_SECURITY_FREEZE_LOCK_CMD    0xF5
#define ATA_SECURITY_DIS_PASSWORD_CMD   0xF6

//
// The max retry count specified in ATA 8 spec.
//
#define MAX_HDD_PASSWORD_RETRY_COUNT    5

//
// According to ATA spec, the max length of hdd password is 32 bytes
//
#define HDD_PASSWORD_MAX_LENGTH         32

#define HDD_PASSWORD_DEVICE_INFO_GUID { 0x96d877ad, 0x48af, 0x4b39, { 0x9b, 0x27, 0x4d, 0x97, 0x43, 0x9, 0xae, 0x47 } }

typedef struct {
  UINT8             Bus;
  UINT8             Device;
  UINT8             Function;
  UINT8             Reserved;
  UINT16            Port;
  UINT16            PortMultiplierPort;
} HDD_PASSWORD_DEVICE;

//
// It will be used to unlock HDD password for S3.
//
typedef struct {
  HDD_PASSWORD_DEVICE         Device;
  CHAR8                       Password[HDD_PASSWORD_MAX_LENGTH];
  UINT32                      DevicePathLength;
  EFI_DEVICE_PATH_PROTOCOL    DevicePath[];
} HDD_PASSWORD_DEVICE_INFO;

#endif // _HDD_PASSWORD_COMMON_H_
SecurityPkg/HddPassword: Add Security feature set support for ATA dev REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529 This commit will add the 'Security feature set' support for ATA devices. According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS) specification, the Security feature set is an optional feature. In summary, the feature is a password system that restricts access to user data stored on an ATA device. A more detailed introduction of this feature can be referred from the ATA8-ACS spec. The HddPassword driver is composed of 2 parts: * A DXE driver and * A PEI driver The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs an HII GUI to manage the devices. If the managing device supports Security feature set, the HII page will provide the user with the ability to set/update/disable the password for this device. Also, if a password is being set via the Security feature set, a popup window will show during boot requesting the user to input password. Another feature supported by this driver is that for those managing devices with password set, they will be automatically unlocked during the S3 resume. This is done by the co-work of the DXE driver and the PEI driver: The DXE driver will save the password and the identification information for these devices into a LockBox, which is only allowed to restore during S3 resume. The PEI driver, during S3 resume, will restore the content in the LockBox and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> 2019-01-15 09:33:09 +01:00			`/** @file`
			`HDD Password common header file.`

			`Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>`

SecurityPkg: Replace BSD License with BSD+Patent License https://bugzilla.tianocore.org/show_bug.cgi?id=1373 Replace BSD 2-Clause License with BSD+Patent License. This change is based on the following emails: https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html RFCs with detailed process for the license change: V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> 2019-04-04 01:06:56 +02:00			`SPDX-License-Identifier: BSD-2-Clause-Patent`
SecurityPkg/HddPassword: Add Security feature set support for ATA dev REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529 This commit will add the 'Security feature set' support for ATA devices. According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS) specification, the Security feature set is an optional feature. In summary, the feature is a password system that restricts access to user data stored on an ATA device. A more detailed introduction of this feature can be referred from the ATA8-ACS spec. The HddPassword driver is composed of 2 parts: * A DXE driver and * A PEI driver The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs an HII GUI to manage the devices. If the managing device supports Security feature set, the HII page will provide the user with the ability to set/update/disable the password for this device. Also, if a password is being set via the Security feature set, a popup window will show during boot requesting the user to input password. Another feature supported by this driver is that for those managing devices with password set, they will be automatically unlocked during the S3 resume. This is done by the co-work of the DXE driver and the PEI driver: The DXE driver will save the password and the identification information for these devices into a LockBox, which is only allowed to restore during S3 resume. The PEI driver, during S3 resume, will restore the content in the LockBox and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com> 2019-01-15 09:33:09 +01:00
			`**/`

			`#ifndef _HDD_PASSWORD_COMMON_H_`
			`#define _HDD_PASSWORD_COMMON_H_`

			`//`
			`// The payload length of HDD related ATA commands`
			`//`
			`#define HDD_PAYLOAD 512`

			`#define ATA_SECURITY_SET_PASSWORD_CMD 0xF1`
			`#define ATA_SECURITY_UNLOCK_CMD 0xF2`
			`#define ATA_SECURITY_FREEZE_LOCK_CMD 0xF5`
			`#define ATA_SECURITY_DIS_PASSWORD_CMD 0xF6`

			`//`
			`// The max retry count specified in ATA 8 spec.`
			`//`
			`#define MAX_HDD_PASSWORD_RETRY_COUNT 5`

			`//`
			`// According to ATA spec, the max length of hdd password is 32 bytes`
			`//`
			`#define HDD_PASSWORD_MAX_LENGTH 32`

			`#define HDD_PASSWORD_DEVICE_INFO_GUID { 0x96d877ad, 0x48af, 0x4b39, { 0x9b, 0x27, 0x4d, 0x97, 0x43, 0x9, 0xae, 0x47 } }`

			`typedef struct {`
			`UINT8 Bus;`
			`UINT8 Device;`
			`UINT8 Function;`
			`UINT8 Reserved;`
			`UINT16 Port;`
			`UINT16 PortMultiplierPort;`
			`} HDD_PASSWORD_DEVICE;`

			`//`
			`// It will be used to unlock HDD password for S3.`
			`//`
			`typedef struct {`
			`HDD_PASSWORD_DEVICE Device;`
			`CHAR8 Password[HDD_PASSWORD_MAX_LENGTH];`
			`UINT32 DevicePathLength;`
			`EFI_DEVICE_PATH_PROTOCOL DevicePath[];`
			`} HDD_PASSWORD_DEVICE_INFO;`

			`#endif // _HDD_PASSWORD_COMMON_H_`