tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-29 16:44:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg TcgStorageOpalLib: Check the capability before use.

Browse Source 
For Pyrite SSC device, it may not supports Active Key,  So
add check logic before enable it.

Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
This commit is contained in:
Dong, Eric 2016-05-05 08:51:28 +08:00 committed by Feng Tian
parent 6e2814c1a1
commit 6e7423c3c2
1 changed files with 28 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
View File

@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin(
TCG_PARSE_STRUCT ParseStruct; TCG_PARSE_STRUCT ParseStruct;
UINT32 Size; UINT32 Size;
TCG_UID ActiveKey; TCG_UID ActiveKey;
TCG_RESULT Ret;
NULL_CHECK(LockingSpSession); NULL_CHECK(LockingSpSession);
NULL_CHECK(NewPin); NULL_CHECK(NewPin);
@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin(
ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size));
ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));
ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey)); //
// For Pyrite type SSC, it not supports Active Key.
// So here add check logic before enable it.
//
Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey);
if (Ret == TcgResultSuccess) {
ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));
ERROR_CHECK(TcgCreateSetAce(
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
LockingSpSession->ComIdExtension,
LockingSpSession->TperSessionId,
LockingSpSession->HostSessionId,
(ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,
OPAL_LOCKING_SP_USER1_AUTHORITY,
TCG_ACE_EXPRESSION_OR,
OPAL_LOCKING_SP_ADMINS_AUTHORITY
));
ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));
ERROR_CHECK(TcgCreateSetAce(
&CreateStruct,
&Size,
LockingSpSession->OpalBaseComId,
LockingSpSession->ComIdExtension,
LockingSpSession->TperSessionId,
LockingSpSession->HostSessionId,
(ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,
OPAL_LOCKING_SP_USER1_AUTHORITY,
TCG_ACE_EXPRESSION_OR,
OPAL_LOCKING_SP_ADMINS_AUTHORITY
));
ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));
if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { //
DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); // TODO do we want to disable user1 if all permissions are not granted
// //
//TODO do we want to disable user1 if all permissions are not granted return TcgResultFailure;
// }
return TcgResultFailure;
} }
ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));