tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID. 

Update the implementation, use physical presence defined actions to
update the BlockSid related status.

Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
This commit is contained in:
Eric Dong 2016-06-02 15:20:17 +08:00 committed by Star Zeng
parent 177dca331f
commit 9de81c126c
7 changed files with 163 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
View File

@ -416,28 +416,15 @@ ReadyToBootCallback (
IN VOID *Context IN VOID *Context
) )
{ {
EFI_STATUS Status;
OPAL_DRIVER_DEVICE *Itr; OPAL_DRIVER_DEVICE *Itr;
TCG_RESULT Result; TCG_RESULT Result;
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
UINTN DataSize;
OPAL_SESSION Session; OPAL_SESSION Session;
UINT32 PpStorageFlag;
gBS->CloseEvent (Event); gBS->CloseEvent (Event);
DataSize = sizeof (OPAL_EXTRA_INFO_VAR); PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
Status = gRT->GetVariable ( if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
OPAL_EXTRA_INFO_VAR_NAME,
&gOpalExtraInfoVariableGuid,
NULL,
&DataSize,
&OpalExtraInfo
);
if (EFI_ERROR (Status)) {
return;
}
if (OpalExtraInfo.EnableBlockSid == TRUE) {
// //
// Send BlockSID command to each Opal disk // Send BlockSID command to each Opal disk
// //

4
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
View File

@ -16,8 +16,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define _OPAL_DRIVER_H_ #define _OPAL_DRIVER_H_
#include <PiDxe.h> #include <PiDxe.h>
#include <IndustryStandard/TcgPhysicalPresence.h>
#include <Guid/OpalPasswordExtraInfoVariable.h>
#include <Protocol/PciIo.h> #include <Protocol/PciIo.h>
#include <Protocol/SmmCommunication.h> #include <Protocol/SmmCommunication.h>
@ -40,6 +39,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiHiiServicesLib.h> #include <Library/UefiHiiServicesLib.h>
#include <Library/TcgStorageOpalLib.h> #include <Library/TcgStorageOpalLib.h>
#include <Library/OpalPasswordSupportLib.h> #include <Library/OpalPasswordSupportLib.h>
#include <Library/TcgPhysicalPresenceStorageLib.h>
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver" #define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"

137
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
View File

@ -90,23 +90,63 @@ HiiSetCurrentConfiguration(
VOID VOID
) )
{ {
EFI_STATUS Status; UINT32 PpStorageFlag;
OPAL_EXTRA_INFO_VAR OpalExtraInfo; EFI_STRING NewString;
UINTN DataSize;
gHiiConfiguration.NumDisks = GetDeviceCount(); gHiiConfiguration.NumDisks = GetDeviceCount();
DataSize = sizeof (OPAL_EXTRA_INFO_VAR); //
Status = gRT->GetVariable ( // Update the BlockSID status string.
OPAL_EXTRA_INFO_VAR_NAME, //
&gOpalExtraInfoVariableGuid, PpStorageFlag = TcgPhysicalPresenceStorageLibReturnStorageFlags();
NULL,
&DataSize, if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
&OpalExtraInfo NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);
); if (NewString == NULL) {
if (!EFI_ERROR (Status)) { DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid; return;
} }
} else {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
}
HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
FreePool (NewString);
if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
} else {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
}
HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
FreePool (NewString);
if ((PpStorageFlag & TCG_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
} else {
NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
if (NewString == NULL) {
DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
return;
}
}
HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
FreePool (NewString);
} }
/** /**
@ -400,6 +440,7 @@ DriverCallback(
{ {
HII_KEY HiiKey; HII_KEY HiiKey;
UINT8 HiiKeyId; UINT8 HiiKeyId;
UINT32 PpRequest;
if (ActionRequest != NULL) { if (ActionRequest != NULL) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
@ -469,9 +510,47 @@ DriverCallback(
return EFI_SUCCESS; return EFI_SUCCESS;
case HII_KEY_ID_BLOCKSID: case HII_KEY_ID_BLOCKSID:
HiiSetBlockSid(Value->b); switch (Value->u8) {
case 0:
PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
break;
case 1:
PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
break;
case 2:
PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
break;
case 3:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;
break;
case 4:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;
break;
case 5:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;
break;
case 6:
PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;
break;
default:
PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
break;
}
HiiSetBlockSidAction(PpRequest);
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS; return EFI_SUCCESS;
default:
break;
} }
} }
@ -1090,25 +1169,27 @@ HiiPasswordEntered(
**/ **/
EFI_STATUS EFI_STATUS
HiiSetBlockSid ( HiiSetBlockSidAction (
BOOLEAN Enable IN UINT32 PpRequest
) )
{ {
UINT32 ReturnCode;
EFI_STATUS Status; EFI_STATUS Status;
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
UINTN DataSize;
//
// Process TCG Physical Presence request just after trusted console is ready
// Platform can connect trusted consoles and then call the below function.
//
ReturnCode = TcgPhysicalPresenceStorageLibSubmitRequestToPreOSFunction (PpRequest, 0);
if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
Status = EFI_SUCCESS; Status = EFI_SUCCESS;
} else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
OpalExtraInfo.EnableBlockSid = Enable; Status = EFI_OUT_OF_RESOURCES;
DataSize = sizeof (OPAL_EXTRA_INFO_VAR); } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
Status = gRT->SetVariable ( Status = EFI_UNSUPPORTED;
OPAL_EXTRA_INFO_VAR_NAME, } else {
&gOpalExtraInfoVariableGuid, Status = EFI_DEVICE_ERROR;
EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, }
DataSize,
&OpalExtraInfo
);
return Status; return Status;
} }

20
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
View File

@ -54,9 +54,21 @@
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable" #string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User" #string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature" #string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID" #string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
#string STR_ENABLED #language en-US "Enabled" #string STR_ENABLED #language en-US "Enable BlockSID"
#string STR_DISABLED #language en-US "Disabled" #string STR_DISABLED #language en-US "Disable BlockSID"
#string STR_NONE #language en-US "None"
#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
#string STR_BLOCKSID_STATUS1 #language en-US ""
#string STR_BLOCKSID_STATUS2 #language en-US ""
#string STR_BLOCKSID_STATUS3 #language en-US ""
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk" #string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk" #string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"
@ -66,7 +78,7 @@
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults" #string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User" #string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature" #string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"
#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command" #string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
///////////////////////////////// DISK ACTION MENU FORM ///////////////////////////////// ///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////
#string STR_DISK_ACTION_LBL #language en-US " " #string STR_DISK_ACTION_LBL #language en-US " "

6
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
View File

@ -211,15 +211,15 @@ HiiPasswordEntered(
/** /**
Update block sid info. Update block sid info.
@param Enable Enable/disable BlockSid. @param PpRequest Input the Pp Request.
@retval EFI_SUCCESS Do the required action success. @retval EFI_SUCCESS Do the required action success.
@retval Others Other error occur. @retval Others Other error occur.
**/ **/
EFI_STATUS EFI_STATUS
HiiSetBlockSid ( HiiSetBlockSidAction (
BOOLEAN Enable UINT32 PpRequest
); );
/** /**

1
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
View File

@ -62,6 +62,7 @@
OpalPasswordSupportLib OpalPasswordSupportLib
UefiLib UefiLib
TcgStorageOpalLib TcgStorageOpalLib
TcgPhysicalPresenceStorageLib
[Protocols] [Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiHiiConfigAccessProtocolGuid ## PRODUCES

25
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
View File

@ -118,15 +118,38 @@ form formid = FORMID_VALUE_MAIN_MENU,
subtitle text = STRING_TOKEN(STR_NULL); subtitle text = STRING_TOKEN(STR_NULL);
grayoutif TRUE;
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS);
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
text
help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
subtitle text = STRING_TOKEN(STR_NULL);
endif;
oneof varid = OpalHiiConfig.EnableBlockSid, oneof varid = OpalHiiConfig.EnableBlockSid,
questionid = 0x8017, // 32791, questionid = 0x8017, // 32791,
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID), prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP), help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
flags = INTERACTIVE, flags = INTERACTIVE,
option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED; option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;
option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;
endoneof; endoneof;
endform; // MAIN MENU FORM endform; // MAIN MENU FORM
// //