SecurityPkg TcgStorageOpalLib: Check the capability before use.

For Pyrite SSC device, it may not supports Active Key, So add check logic before enable it. Cc: Feng Tian <feng.tian@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
2016-05-05 08:51:28 +08:00 · 2016-05-05 08:51:28 +08:00 · 6e7423c3c2
parent 6e2814c1a1
commit 6e7423c3c2
1 changed files with 28 additions and 22 deletions
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  TCG_PARSE_STRUCT  ParseStruct;
  UINT32            Size;
  TCG_UID           ActiveKey;
+  TCG_RESULT        Ret;

  NULL_CHECK(LockingSpSession);
  NULL_CHECK(NewPin);
@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin(
  ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size));
  ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));

-  ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey));
+  //
+  // For Pyrite type SSC, it not supports Active Key. 
+  // So here add check logic before enable it.
+  //
+  Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey);
+  if (Ret == TcgResultSuccess) {
+    ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));
+    ERROR_CHECK(TcgCreateSetAce(
+                    &CreateStruct,
+                    &Size,
+                    LockingSpSession->OpalBaseComId,
+                    LockingSpSession->ComIdExtension,
+                    LockingSpSession->TperSessionId,
+                    LockingSpSession->HostSessionId,
+                    (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,
+                    OPAL_LOCKING_SP_USER1_AUTHORITY,
+                    TCG_ACE_EXPRESSION_OR,
+                    OPAL_LOCKING_SP_ADMINS_AUTHORITY
+                ));

-  ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));
-  ERROR_CHECK(TcgCreateSetAce(
-                  &CreateStruct,
-                  &Size,
-                  LockingSpSession->OpalBaseComId,
-                  LockingSpSession->ComIdExtension,
-                  LockingSpSession->TperSessionId,
-                  LockingSpSession->HostSessionId,
-                  (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,
-                  OPAL_LOCKING_SP_USER1_AUTHORITY,
-                  TCG_ACE_EXPRESSION_OR,
-                  OPAL_LOCKING_SP_ADMINS_AUTHORITY
-              ));
+    ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));

-  ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));
-
-  if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
-    DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));
-    //
-    //TODO do we want to disable user1 if all permissions are not granted
-    //
-    return TcgResultFailure;
+    if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+      DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));
+      //
+      // TODO do we want to disable user1 if all permissions are not granted
+      //
+      return TcgResultFailure;
+    }
  }

  ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));