tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/OpalPassword: Add support for pyrite 2.0 devices. 

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Hao Wu <hao.a.wu@intel.com>
This commit is contained in:
Eric Dong 2018-05-07 13:27:40 +08:00
parent a3068f06e6
commit 40d32e7942
4 changed files with 148 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
View File

@ -105,13 +105,12 @@ OpalSupportGetAvailableActions(
} }
// //
// Psid revert is available for any device with media encryption support // Psid revert is available for any device with media encryption support or pyrite 2.0 type support.
// Revert is allowed for any device with media encryption support, however it requires
// //
if (SupportedAttributes->MediaEncryption) { if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) {
// //
// Only allow psid revert if media encryption is enabled. // Only allow psid revert if media encryption is enabled or pyrite 2.0 type support..
// Otherwise, someone who steals a disk can psid revert the disk and the user Data is still // Otherwise, someone who steals a disk can psid revert the disk and the user Data is still
// intact and accessible // intact and accessible
// //
@ -657,6 +656,8 @@ OpalEndOfDxeEventNotify (
@param[in] Dev The device which need Psid to process Psid Revert @param[in] Dev The device which need Psid to process Psid Revert
OPAL request. OPAL request.
@param[in] PopUpString Pop up string. @param[in] PopUpString Pop up string.
@param[in] PopUpString2 Pop up string in line 2.
@param[out] PressEsc Whether user escape function through Press ESC. @param[out] PressEsc Whether user escape function through Press ESC.
@retval Psid string if success. NULL if failed. @retval Psid string if success. NULL if failed.
@ -666,6 +667,7 @@ CHAR8 *
OpalDriverPopUpPsidInput ( OpalDriverPopUpPsidInput (
IN OPAL_DRIVER_DEVICE *Dev, IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString, IN CHAR16 *PopUpString,
IN CHAR16 *PopUpString2,
OUT BOOLEAN *PressEsc OUT BOOLEAN *PressEsc
) )
{ {
@ -689,6 +691,7 @@ OpalDriverPopUpPsidInput (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&InputKey, &InputKey,
PopUpString, PopUpString,
PopUpString2,
L"---------------------", L"---------------------",
Mask, Mask,
NULL NULL
@ -1369,6 +1372,8 @@ ProcessOpalRequestPsidRevert (
EFI_INPUT_KEY Key; EFI_INPUT_KEY Key;
TCG_RESULT Ret; TCG_RESULT Ret;
CHAR16 *PopUpString; CHAR16 *PopUpString;
CHAR16 *PopUpString2;
UINTN BufferSize;
if (Dev == NULL) { if (Dev == NULL) {
return; return;
@ -1378,6 +1383,20 @@ ProcessOpalRequestPsidRevert (
PopUpString = OpalGetPopUpString (Dev, RequestString); PopUpString = OpalGetPopUpString (Dev, RequestString);
if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) {
BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds, DO NOT power off system during the revert action!");
PopUpString2 = AllocateZeroPool (BufferSize);
ASSERT (PopUpString2 != NULL);
UnicodeSPrint (
PopUpString2,
BufferSize,
L"WARNING: Revert action will take about %d seconds, DO NOT power off system during the revert action!",
Dev->OpalDisk.EstimateTimeCost
);
} else {
PopUpString2 = NULL;
}
Count = 0; Count = 0;
ZeroMem(&Session, sizeof(Session)); ZeroMem(&Session, sizeof(Session));
@ -1386,7 +1405,7 @@ ProcessOpalRequestPsidRevert (
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
while (Count < MAX_PSID_TRY_COUNT) { while (Count < MAX_PSID_TRY_COUNT) {
Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, &PressEsc); Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, PopUpString2, &PressEsc);
if (PressEsc) { if (PressEsc) {
do { do {
CreatePopUp ( CreatePopUp (
@ -1400,7 +1419,7 @@ ProcessOpalRequestPsidRevert (
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen(gST->ConOut);
return; goto Done;
} else { } else {
// //
// Let user input Psid again. // Let user input Psid again.
@ -1456,6 +1475,11 @@ ProcessOpalRequestPsidRevert (
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen(gST->ConOut);
} }
Done:
if (PopUpString2 != NULL) {
FreePool (PopUpString2);
}
} }
/** /**
@ -1482,6 +1506,8 @@ ProcessOpalRequestRevert (
TCG_RESULT Ret; TCG_RESULT Ret;
BOOLEAN PasswordFailed; BOOLEAN PasswordFailed;
CHAR16 *PopUpString; CHAR16 *PopUpString;
CHAR16 *PopUpString2;
UINTN BufferSize;
if (Dev == NULL) { if (Dev == NULL) {
return; return;
@ -1491,6 +1517,20 @@ ProcessOpalRequestRevert (
PopUpString = OpalGetPopUpString (Dev, RequestString); PopUpString = OpalGetPopUpString (Dev, RequestString);
if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) {
BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds, DO NOT power off system during the revert action!");
PopUpString2 = AllocateZeroPool (BufferSize);
ASSERT (PopUpString2 != NULL);
UnicodeSPrint (
PopUpString2,
BufferSize,
L"WARNING: Revert action will take about %d seconds, DO NOT power off system during the revert action!",
Dev->OpalDisk.EstimateTimeCost
);
} else {
PopUpString2 = NULL;
}
Count = 0; Count = 0;
ZeroMem(&Session, sizeof(Session)); ZeroMem(&Session, sizeof(Session));
@ -1499,7 +1539,7 @@ ProcessOpalRequestRevert (
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
while (Count < MAX_PASSWORD_TRY_COUNT) { while (Count < MAX_PASSWORD_TRY_COUNT) {
Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, &PressEsc);
if (PressEsc) { if (PressEsc) {
do { do {
CreatePopUp ( CreatePopUp (
@ -1513,7 +1553,7 @@ ProcessOpalRequestRevert (
if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) {
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen(gST->ConOut);
return; goto Done;
} else { } else {
// //
// Let user input password again. // Let user input password again.
@ -1596,6 +1636,11 @@ ProcessOpalRequestRevert (
} while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN);
gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->ClearScreen(gST->ConOut);
} }
Done:
if (PopUpString2 != NULL) {
FreePool (PopUpString2);
}
} }
/** /**
@ -2337,6 +2382,7 @@ ReadyToBootCallback (
Session.MediaId = Itr->OpalDisk.MediaId; Session.MediaId = Itr->OpalDisk.MediaId;
Session.OpalBaseComId = Itr->OpalDisk.OpalBaseComId; Session.OpalBaseComId = Itr->OpalDisk.OpalBaseComId;
DEBUG ((DEBUG_INFO, "OpalPassword: ReadyToBoot point, send BlockSid command to device!\n"));
Result = OpalBlockSid (&Session, TRUE); // HardwareReset must always be TRUE Result = OpalBlockSid (&Session, TRUE); // HardwareReset must always be TRUE
if (Result != TcgResultSuccess) { if (Result != TcgResultSuccess) {
DEBUG ((DEBUG_ERROR, "OpalBlockSid fail\n")); DEBUG ((DEBUG_ERROR, "OpalBlockSid fail\n"));

9
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h
View File

@ -75,6 +75,13 @@ extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2;
#define PSID_CHARACTER_LENGTH 0x20 #define PSID_CHARACTER_LENGTH 0x20
#define MAX_PSID_TRY_COUNT 5 #define MAX_PSID_TRY_COUNT 5
//
// The max timeout value assume the user can wait for the revert action. The unit of this macro is second.
// If the revert time value bigger than this one, driver needs to popup a dialog to let user confirm the
// revert action.
//
#define MAX_ACCEPTABLE_REVERTING_TIME 10
#pragma pack(1) #pragma pack(1)
// //
@ -140,6 +147,8 @@ typedef struct {
TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery
UINT8 PasswordLength; UINT8 PasswordLength;
UINT8 Password[OPAL_MAX_PASSWORD_SIZE]; UINT8 Password[OPAL_MAX_PASSWORD_SIZE];
UINT32 EstimateTimeCost;
} OPAL_DISK; } OPAL_DISK;
// //

84
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c
View File

@ -13,6 +13,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/ **/
#include "OpalHii.h" #include "OpalHii.h"
//
// Character definitions
//
#define UPPER_LOWER_CASE_OFFSET 0x20
// //
// This is the generated IFR binary Data for each formset defined in VFR. // This is the generated IFR binary Data for each formset defined in VFR.
@ -520,6 +524,59 @@ GetDiskNameStringId(
return 0; return 0;
} }
/**
Confirm whether user truly want to do the revert action.
@param OpalDisk The device which need to do the revert action.
@retval EFI_SUCCESS Confirmed user want to do the revert action.
**/
EFI_STATUS
HiiConfirmRevertAction (
IN OPAL_DISK *OpalDisk
)
{
CHAR16 Unicode[512];
EFI_INPUT_KEY Key;
CHAR16 ApproveResponse;
CHAR16 RejectResponse;
//
// When the estimate cost time bigger than MAX_ACCEPTABLE_REVERTING_TIME, pop up dialog to let user confirm
// the revert action.
//
if (OpalDisk->EstimateTimeCost < MAX_ACCEPTABLE_REVERTING_TIME) {
return EFI_SUCCESS;
}
ApproveResponse = L'Y';
RejectResponse = L'N';
UnicodeSPrint(Unicode, StrSize(L"WARNING: Revert device needs about ####### seconds"), L"WARNING: Revert device needs about %d seconds", OpalDisk->EstimateTimeCost);
do {
CreatePopUp(
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
&Key,
Unicode,
L" System should not be powered off until revert completion ",
L" ",
L" Press 'Y/y' to continue, press 'N/n' to cancal ",
NULL
);
} while (
((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (ApproveResponse | UPPER_LOWER_CASE_OFFSET)) &&
((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (RejectResponse | UPPER_LOWER_CASE_OFFSET))
);
if ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) == (RejectResponse | UPPER_LOWER_CASE_OFFSET)) {
return EFI_ABORTED;
}
return EFI_SUCCESS;
}
/** /**
This function processes the results of changes in configuration. This function processes the results of changes in configuration.
@ -588,6 +645,17 @@ DriverCallback(
switch (HiiKeyId) { switch (HiiKeyId) {
case HII_KEY_ID_GOTO_DISK_INFO: case HII_KEY_ID_GOTO_DISK_INFO:
return HiiSelectDisk((UINT8)HiiKey.KeyBits.Index); return HiiSelectDisk((UINT8)HiiKey.KeyBits.Index);
case HII_KEY_ID_REVERT:
case HII_KEY_ID_PSID_REVERT:
OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex);
if (OpalDisk != NULL) {
return HiiConfirmRevertAction (OpalDisk);
} else {
ASSERT (FALSE);
return EFI_SUCCESS;
}
} }
} else if (Action == EFI_BROWSER_ACTION_CHANGED) { } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) { switch (HiiKeyId) {
@ -1112,6 +1180,8 @@ OpalDiskInitialize (
{ {
TCG_RESULT TcgResult; TCG_RESULT TcgResult;
OPAL_SESSION Session; OPAL_SESSION Session;
UINT8 ActiveDataRemovalMechanism;
UINT32 RemovalMechanishLists[ResearvedMechanism];
ZeroMem(&Dev->OpalDisk, sizeof(OPAL_DISK)); ZeroMem(&Dev->OpalDisk, sizeof(OPAL_DISK));
Dev->OpalDisk.Sscp = Dev->Sscp; Dev->OpalDisk.Sscp = Dev->Sscp;
@ -1133,6 +1203,20 @@ OpalDiskInitialize (
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
} }
if (Dev->OpalDisk.SupportedAttributes.DataRemoval) {
TcgResult = OpalUtilGetDataRemovalMechanismLists (&Session, RemovalMechanishLists);
if (TcgResult != TcgResultSuccess) {
return EFI_DEVICE_ERROR;
}
TcgResult = OpalUtilGetActiveDataRemovalMechanism (&Session, Dev->OpalDisk.Msid, Dev->OpalDisk.MsidLength, &ActiveDataRemovalMechanism);
if (TcgResult != TcgResultSuccess) {
return EFI_DEVICE_ERROR;
}
Dev->OpalDisk.EstimateTimeCost = RemovalMechanishLists[ActiveDataRemovalMechanism];
}
return OpalDiskUpdateStatus (&Dev->OpalDisk); return OpalDiskUpdateStatus (&Dev->OpalDisk);
} }

1
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
View File

@ -635,6 +635,7 @@ UnlockOpalPassword (
BlockSIDEnabled = FALSE; BlockSIDEnabled = FALSE;
} }
if (BlockSIDEnabled && BlockSidSupport) { if (BlockSIDEnabled && BlockSidSupport) {
DEBUG ((DEBUG_INFO, "OpalPassword: S3 phase send BlockSid command to device!\n"));
ZeroMem(&Session, sizeof (Session)); ZeroMem(&Session, sizeof (Session));
Session.Sscp = &OpalDev->Sscp; Session.Sscp = &OpalDev->Sscp;
Session.MediaId = 0; Session.MediaId = 0;