SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic.

BlockSid feature can be retrieve from the header info. Update the logic, check BlockSid capability before use it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-04 12:48:50 +08:00 · 2016-05-04 12:48:50 +08:00 · 69cd129471
parent be08755355
commit 69cd129471
1 changed files with 10 additions and 5 deletions
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
@ -180,12 +180,14 @@ ExtractDeviceInfoFromDevicePath (
  TRUE means that the device is partially or fully locked.
  This will perform a Level 0 Discovery and parse the locking feature descriptor

-  @param[in]      OpalDev        Opal object to determine if locked
+  @param[in]      OpalDev             Opal object to determine if locked
+  @param[out]     BlockSidSupported   Whether device support BlockSid feature.

 **/
 BOOLEAN
 IsOpalDeviceLocked(
-  OPAL_SMM_DEVICE    *OpalDev
+  OPAL_SMM_DEVICE    *OpalDev,
+  BOOLEAN            *BlockSidSupported
  )
 {
  OPAL_SESSION                   Session;
@ -203,7 +205,8 @@ IsOpalDeviceLocked(
  }

  OpalDev->OpalBaseComId = OpalBaseComId;
-  Session.OpalBaseComId = OpalBaseComId;
+  Session.OpalBaseComId  = OpalBaseComId;
+  *BlockSidSupported     = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE;

  Ret = OpalGetLockingInfo(&Session, &LockingFeature);
  if (Ret != TcgResultSuccess) {
@ -346,6 +349,7 @@ SmmUnlockOpalPassword (
  UINTN                          MemoryBase;
  UINTN                          MemoryLength;
  OPAL_SESSION                   Session;
+  BOOLEAN                        BlockSidSupport;

  ZeroMem (StorePcieConfDataList, sizeof (StorePcieConfDataList));
  Status = EFI_DEVICE_ERROR;
@ -431,13 +435,14 @@ SmmUnlockOpalPassword (
    }

    Status = EFI_DEVICE_ERROR;
-    if (IsOpalDeviceLocked(OpalDev)) {
+    BlockSidSupport = FALSE;
+    if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) {
      ZeroMem(&Session, sizeof(Session));
      Session.Sscp = &OpalDev->Sscp;
      Session.MediaId = 0;
      Session.OpalBaseComId = OpalDev->OpalBaseComId;

-      if (mSendBlockSID) {
+      if (mSendBlockSID && BlockSidSupport) {
        Result = OpalBlockSid (&Session, TRUE);
        if (Result != TcgResultSuccess) {
          break;