audk/SecurityPkg/HddPassword/HddPassword.vfr

182 lines
5.9 KiB
Plaintext
Raw Normal View History

SecurityPkg/HddPassword: Add Security feature set support for ATA dev REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529 This commit will add the 'Security feature set' support for ATA devices. According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS) specification, the Security feature set is an optional feature. In summary, the feature is a password system that restricts access to user data stored on an ATA device. A more detailed introduction of this feature can be referred from the ATA8-ACS spec. The HddPassword driver is composed of 2 parts: * A DXE driver and * A PEI driver The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs an HII GUI to manage the devices. If the managing device supports Security feature set, the HII page will provide the user with the ability to set/update/disable the password for this device. Also, if a password is being set via the Security feature set, a popup window will show during boot requesting the user to input password. Another feature supported by this driver is that for those managing devices with password set, they will be automatically unlocked during the S3 resume. This is done by the co-work of the DXE driver and the PEI driver: The DXE driver will save the password and the identification information for these devices into a LockBox, which is only allowed to restore during S3 resume. The PEI driver, during S3 resume, will restore the content in the LockBox and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-01-15 09:33:09 +01:00
/** @file
HDD Password Configuration Formset.
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
SecurityPkg/HddPassword: Add Security feature set support for ATA dev REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529 This commit will add the 'Security feature set' support for ATA devices. According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS) specification, the Security feature set is an optional feature. In summary, the feature is a password system that restricts access to user data stored on an ATA device. A more detailed introduction of this feature can be referred from the ATA8-ACS spec. The HddPassword driver is composed of 2 parts: * A DXE driver and * A PEI driver The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs an HII GUI to manage the devices. If the managing device supports Security feature set, the HII page will provide the user with the ability to set/update/disable the password for this device. Also, if a password is being set via the Security feature set, a popup window will show during boot requesting the user to input password. Another feature supported by this driver is that for those managing devices with password set, they will be automatically unlocked during the S3 resume. This is done by the co-work of the DXE driver and the PEI driver: The DXE driver will save the password and the identification information for these devices into a LockBox, which is only allowed to restore during S3 resume. The PEI driver, during S3 resume, will restore the content in the LockBox and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
2019-01-15 09:33:09 +01:00
**/
#include "HddPasswordHiiDataStruc.h"
formset
guid = HDD_PASSWORD_CONFIG_GUID,
title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),
help = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
varstore HDD_PASSWORD_CONFIG,
name = HDD_PASSWORD_CONFIG,
guid = HDD_PASSWORD_CONFIG_GUID;
form formid = FORMID_HDD_MAIN_FORM,
title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG);
label HDD_DEVICE_ENTRY_LABEL;
label HDD_DEVICE_LABEL_END;
endform;
form
formid = FORMID_HDD_DEVICE_FORM,
title = STRING_TOKEN(STR_HDD_SECURITY_HD);
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_PWD_DESC);
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_ONE);
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_TWO);
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_THREE);
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_FOUR);
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_FIVE);
subtitle text = STRING_TOKEN(STR_NULL);
subtitle text = STRING_TOKEN(STR_HDD_PASSWORD_CONFIG);
subtitle text = STRING_TOKEN(STR_NULL);
grayoutif TRUE;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_SUPPORTED),
text = STRING_TOKEN(STR_YES),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 1;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_SUPPORTED),
text = STRING_TOKEN(STR_NO),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Enabled == 0;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_ENABLED),
text = STRING_TOKEN(STR_YES),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Enabled == 1;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_ENABLED),
text = STRING_TOKEN(STR_NO),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Locked == 0;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_LOCKED),
text = STRING_TOKEN(STR_YES),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Locked == 1;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_LOCKED),
text = STRING_TOKEN(STR_NO),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Frozen == 0;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_FROZEN),
text = STRING_TOKEN(STR_YES),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Frozen == 1;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_SEC_FROZEN),
text = STRING_TOKEN(STR_NO),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.UserPasswordStatus == 0;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_HDD_USER_PASSWORD_STS),
text = STRING_TOKEN(STR_INSTALLED),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.UserPasswordStatus == 1;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_HDD_USER_PASSWORD_STS),
text = STRING_TOKEN(STR_NOT_INSTALLED),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.MasterPasswordStatus == 0;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_STS),
text = STRING_TOKEN(STR_INSTALLED),
flags = 0,
key = 0;
endif;
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.MasterPasswordStatus == 1;
text
help = STRING_TOKEN(STR_EMPTY),
text = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_STS),
text = STRING_TOKEN(STR_NOT_INSTALLED),
flags = 0,
key = 0;
endif;
endif;
subtitle text = STRING_TOKEN(STR_NULL);
grayoutif ideqval HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0;
checkbox varid = HDD_PASSWORD_CONFIG.Request.UserPassword,
prompt = STRING_TOKEN(STR_HDD_USER_PASSWORD),
help = STRING_TOKEN(STR_HDD_USER_PASSWORD_HELP),
flags = INTERACTIVE | RESET_REQUIRED,
key = KEY_HDD_USER_PASSWORD,
endcheckbox;
endif;
grayoutif ideqval HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0;
checkbox varid = HDD_PASSWORD_CONFIG.Request.MasterPassword,
prompt = STRING_TOKEN(STR_HDD_MASTER_PASSWORD),
help = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_HELP),
flags = INTERACTIVE | RESET_REQUIRED,
key = KEY_HDD_MASTER_PASSWORD,
endcheckbox;
endif;
endform;
endformset;