tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg/AtaBus: remove TPer Reset operation in DriverBindingStart 

The TPer Reset operation would be moved into SecurityPkg/Tcg/
MemoryOverwriteControl/TcgMor.inf module and be triggered at EndOfDxe.

By this way, all encrypted drives which produce EFI_STORAGE_SECURITY_
RPOTOCOL interface would be force reset when MOR is set.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Tian Feng <feng.tian@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17717 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Tian Feng 2015-06-26 08:42:17 +00:00 committed by erictian
parent fe0c434eb1
commit 857ce453d4
3 changed files with 5 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

208
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBus.c
View File

@ -4,7 +4,7 @@
This file implements protocol interfaces: Driver Binding protocol, This file implements protocol interfaces: Driver Binding protocol,
Block IO protocol and DiskInfo protocol. Block IO protocol and DiskInfo protocol.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -18,8 +18,6 @@
#include "AtaBus.h" #include "AtaBus.h"
UINT8 mMorControl;
// //
// ATA Bus Driver Binding Protocol Instance // ATA Bus Driver Binding Protocol Instance
// //
@ -379,17 +377,6 @@ RegisterAtaDevice (
DEBUG ((EFI_D_INFO, "Successfully Install Storage Security Protocol on the ATA device\n")); DEBUG ((EFI_D_INFO, "Successfully Install Storage Security Protocol on the ATA device\n"));
} }
if (((mMorControl & 0x01) == 0x01) && ((AtaDevice->IdentifyData->trusted_computing_support & BIT0) != 0)) {
DEBUG ((EFI_D_INFO,
"mMorControl = %x, AtaDevice->IdentifyData->trusted_computing_support & BIT0 = %x\n",
mMorControl,
(AtaDevice->IdentifyData->trusted_computing_support & BIT0)
));
DEBUG ((EFI_D_INFO, "Try to lock device by sending TPer Reset command...\n"));
InitiateTPerReset(AtaDevice);
}
gBS->OpenProtocol ( gBS->OpenProtocol (
AtaBusDriverData->Controller, AtaBusDriverData->Controller,
&gEfiAtaPassThruProtocolGuid, &gEfiAtaPassThruProtocolGuid,
@ -1556,7 +1543,7 @@ AtaStorageSecurityReceiveData (
ATA_DEVICE *Private; ATA_DEVICE *Private;
EFI_TPL OldTpl; EFI_TPL OldTpl;
DEBUG ((EFI_D_INFO, "EFI Storage Security Protocol - Read")); DEBUG ((EFI_D_INFO, "EFI Storage Security Protocol - Read\n"));
if ((PayloadBuffer == NULL || PayloadTransferSize == NULL) && PayloadBufferSize != 0) { if ((PayloadBuffer == NULL || PayloadTransferSize == NULL) && PayloadBufferSize != 0) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -1666,7 +1653,7 @@ AtaStorageSecuritySendData (
ATA_DEVICE *Private; ATA_DEVICE *Private;
EFI_TPL OldTpl; EFI_TPL OldTpl;
DEBUG ((EFI_D_INFO, "EFI Storage Security Protocol - Send")); DEBUG ((EFI_D_INFO, "EFI Storage Security Protocol - Send\n"));
if ((PayloadBuffer == NULL) && (PayloadBufferSize != 0)) { if ((PayloadBuffer == NULL) && (PayloadBufferSize != 0)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
@ -1712,7 +1699,6 @@ InitializeAtaBus(
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
UINTN DataSize;
// //
// Install driver model protocol(s). // Install driver model protocol(s).
@ -1727,194 +1713,6 @@ InitializeAtaBus(
); );
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
//
// Get the MorControl bit.
//
DataSize = sizeof (mMorControl);
Status = gRT->GetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&mMorControl
);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "AtaBus:gEfiMemoryOverwriteControlDataGuid doesn't exist!!***\n"));
mMorControl = 0;
Status = EFI_SUCCESS;
} else {
DEBUG ((EFI_D_INFO, "AtaBus:Get the gEfiMemoryOverwriteControlDataGuid = %x!!***\n", mMorControl));
}
return Status; return Status;
} }
/**
Send TPer Reset command to reset eDrive to lock all protected bands.
Typically, there are 2 mechanism for resetting eDrive. They are:
1. TPer Reset through IEEE 1667 protocol.
2. TPer Reset through native TCG protocol.
This routine will detect what protocol the attached eDrive comform to, TCG or
IEEE 1667 protocol. Then send out TPer Reset command separately.
@param[in] AtaDevice ATA_DEVICE pointer.
**/
VOID
InitiateTPerReset (
IN ATA_DEVICE *AtaDevice
)
{
EFI_STATUS Status;
UINT8 *Buffer;
UINTN XferSize;
UINTN Len;
UINTN Index;
BOOLEAN TcgFlag;
BOOLEAN IeeeFlag;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp;
SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *Data;
Buffer = NULL;
TcgFlag = FALSE;
IeeeFlag = FALSE;
Ssp = &AtaDevice->StorageSecurity;
BlockIo = &AtaDevice->BlockIo;
//
// ATA8-ACS 7.57.6.1 indicates the Transfer Length field requirements a multiple of 512.
// If the length of the TRUSTED RECEIVE parameter data is greater than the Transfer Length,
// then the device shall return the TRUSTED RECEIVE parameter data truncated to the requested Transfer Length.
//
Len = ROUNDUP512(sizeof(SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA));
Buffer = AllocateZeroPool(Len);
if (Buffer == NULL) {
return;
}
//
// When the Security Protocol field is set to 00h, and SP Specific is set to 0000h in a TRUSTED RECEIVE
// command, the device basic information data shall be returned.
//
Status = Ssp->ReceiveData (
Ssp,
BlockIo->Media->MediaId,
100000000, // Timeout 10-sec
0, // SecurityProtocol
0, // SecurityProtocolSpecifcData
Len, // PayloadBufferSize,
Buffer, // PayloadBuffer
&XferSize
);
if (EFI_ERROR (Status)) {
goto Exit;
}
//
// In returned data, the ListLength field indicates the total length, in bytes,
// of the supported security protocol list.
//
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer;
Len = ROUNDUP512(sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
(Data->SupportedSecurityListLength[0] << 8) +
(Data->SupportedSecurityListLength[1])
);
//
// Free original buffer and allocate new buffer.
//
FreePool(Buffer);
Buffer = AllocateZeroPool(Len);
if (Buffer == NULL) {
return;
}
//
// Read full supported security protocol list from device.
//
Status = Ssp->ReceiveData (
Ssp,
BlockIo->Media->MediaId,
100000000, // Timeout 10-sec
0, // SecurityProtocol
0, // SecurityProtocolSpecifcData
Len, // PayloadBufferSize,
Buffer, // PayloadBuffer
&XferSize
);
if (EFI_ERROR (Status)) {
goto Exit;
}
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer;
Len = (Data->SupportedSecurityListLength[0] << 8) + Data->SupportedSecurityListLength[1];
//
// Iterate full supported security protocol list to check if TCG or IEEE 1667 protocol
// is supported.
//
for (Index = 0; Index < Len; Index++) {
if (Data->SupportedSecurityProtocol[Index] == SECURITY_PROTOCOL_TCG) {
//
// Found a TCG device.
//
TcgFlag = TRUE;
DEBUG ((EFI_D_INFO, "This device is a TCG protocol device\n"));
break;
}
if (Data->SupportedSecurityProtocol[Index] == SECURITY_PROTOCOL_IEEE1667) {
//
// Found a IEEE 1667 device.
//
IeeeFlag = TRUE;
DEBUG ((EFI_D_INFO, "This device is a IEEE 1667 protocol device\n"));
break;
}
}
if (!TcgFlag && !IeeeFlag) {
DEBUG ((EFI_D_INFO, "Neither a TCG nor IEEE 1667 protocol device is found\n"));
goto Exit;
}
if (TcgFlag) {
//
// As long as TCG protocol is supported, send out a TPer Reset
// TCG command to the device via the TrustedSend command with a non-zero Transfer Length.
//
Status = Ssp->SendData (
Ssp,
BlockIo->Media->MediaId,
100000000, // Timeout 10-sec
SECURITY_PROTOCOL_TCG, // SecurityProtocol
0x0400, // SecurityProtocolSpecifcData
512, // PayloadBufferSize,
Buffer // PayloadBuffer
);
if (!EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "Send TPer Reset Command Successfully !\n"));
} else {
DEBUG ((EFI_D_INFO, "Send TPer Reset Command Fail !\n"));
}
}
if (IeeeFlag) {
//
// TBD : Perform a TPer Reset via IEEE 1667 Protocol
//
DEBUG ((EFI_D_INFO, "IEEE 1667 Protocol didn't support yet!\n"));
}
Exit:
if (Buffer != NULL) {
FreePool(Buffer);
}
}

18
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBus.h
View File

@ -4,7 +4,7 @@
This file defines common data structures, macro definitions and some module This file defines common data structures, macro definitions and some module
internal function header files. internal function header files.
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
@ -20,7 +20,6 @@
#include <Uefi.h> #include <Uefi.h>
#include <Guid/MemoryOverwriteControl.h>
#include <Protocol/AtaPassThru.h> #include <Protocol/AtaPassThru.h>
#include <Protocol/BlockIo.h> #include <Protocol/BlockIo.h>
#include <Protocol/BlockIo2.h> #include <Protocol/BlockIo2.h>
@ -85,21 +84,6 @@
#define ATA_SUB_TASK_SIGNATURE SIGNATURE_32 ('A', 'S', 'T', 'S') #define ATA_SUB_TASK_SIGNATURE SIGNATURE_32 ('A', 'S', 'T', 'S')
#define IS_ALIGNED(addr, size) (((UINTN) (addr) & (size - 1)) == 0) #define IS_ALIGNED(addr, size) (((UINTN) (addr) & (size - 1)) == 0)
#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)
#define SECURITY_PROTOCOL_TCG 0x02
#define SECURITY_PROTOCOL_IEEE1667 0xEE
//
// ATA Supported Security Protocols List Description.
// Refer to ATA8-ACS Spec 7.57.6.2 Table 69.
//
typedef struct {
UINT8 Reserved1[6];
UINT8 SupportedSecurityListLength[2];
UINT8 SupportedSecurityProtocol[1];
} SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA;
// //
// ATA bus data structure for ATA controller // ATA bus data structure for ATA controller
// //

3
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
View File

@ -5,7 +5,7 @@
# in UEFI spec 2.2. It installs Block IO and Disk Info protocol for each ATA device # in UEFI spec 2.2. It installs Block IO and Disk Info protocol for each ATA device
# it enumerates and identifies successfully. # it enumerates and identifies successfully.
# #
# Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
# #
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
@ -62,7 +62,6 @@
[Guids] [Guids]
gEfiDiskInfoIdeInterfaceGuid ## SOMETIMES_PRODUCES ## UNDEFINED gEfiDiskInfoIdeInterfaceGuid ## SOMETIMES_PRODUCES ## UNDEFINED
gEfiDiskInfoAhciInterfaceGuid ## SOMETIMES_PRODUCES ## UNDEFINED gEfiDiskInfoAhciInterfaceGuid ## SOMETIMES_PRODUCES ## UNDEFINED
gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
[Protocols] [Protocols]
gEfiDiskInfoProtocolGuid ## BY_START gEfiDiskInfoProtocolGuid ## BY_START