mirror of https://github.com/acidanthera/audk.git
SecurityPkg/HddPassword: Add Security feature set support for ATA dev
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529 This commit will add the 'Security feature set' support for ATA devices. According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS) specification, the Security feature set is an optional feature. In summary, the feature is a password system that restricts access to user data stored on an ATA device. A more detailed introduction of this feature can be referred from the ATA8-ACS spec. The HddPassword driver is composed of 2 parts: * A DXE driver and * A PEI driver The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs an HII GUI to manage the devices. If the managing device supports Security feature set, the HII page will provide the user with the ability to set/update/disable the password for this device. Also, if a password is being set via the Security feature set, a popup window will show during boot requesting the user to input password. Another feature supported by this driver is that for those managing devices with password set, they will be automatically unlocked during the S3 resume. This is done by the co-work of the DXE driver and the PEI driver: The DXE driver will save the password and the identification information for these devices into a LockBox, which is only allowed to restore during S3 resume. The PEI driver, during S3 resume, will restore the content in the LockBox and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
This commit is contained in:
parent
a3efbc29c4
commit
e8959f8100
|
@ -0,0 +1,188 @@
|
||||||
|
/** @file
|
||||||
|
HDD Password Configuration Formset.
|
||||||
|
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
This program and the accompanying materials
|
||||||
|
are licensed and made available under the terms and conditions
|
||||||
|
of the BSD License which accompanies this distribution. The
|
||||||
|
full text of the license may be found at
|
||||||
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
**/
|
||||||
|
|
||||||
|
#include "HddPasswordHiiDataStruc.h"
|
||||||
|
|
||||||
|
formset
|
||||||
|
guid = HDD_PASSWORD_CONFIG_GUID,
|
||||||
|
title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),
|
||||||
|
help = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),
|
||||||
|
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
|
||||||
|
|
||||||
|
varstore HDD_PASSWORD_CONFIG,
|
||||||
|
name = HDD_PASSWORD_CONFIG,
|
||||||
|
guid = HDD_PASSWORD_CONFIG_GUID;
|
||||||
|
|
||||||
|
form formid = FORMID_HDD_MAIN_FORM,
|
||||||
|
title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG);
|
||||||
|
|
||||||
|
label HDD_DEVICE_ENTRY_LABEL;
|
||||||
|
label HDD_DEVICE_LABEL_END;
|
||||||
|
|
||||||
|
endform;
|
||||||
|
|
||||||
|
form
|
||||||
|
formid = FORMID_HDD_DEVICE_FORM,
|
||||||
|
title = STRING_TOKEN(STR_HDD_SECURITY_HD);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_PWD_DESC);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_ONE);
|
||||||
|
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_TWO);
|
||||||
|
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_THREE);
|
||||||
|
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_FOUR);
|
||||||
|
subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_FIVE);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_HDD_PASSWORD_CONFIG);
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
grayoutif TRUE;
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_SUPPORTED),
|
||||||
|
text = STRING_TOKEN(STR_YES),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 1;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_SUPPORTED),
|
||||||
|
text = STRING_TOKEN(STR_NO),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Enabled == 0;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_ENABLED),
|
||||||
|
text = STRING_TOKEN(STR_YES),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Enabled == 1;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_ENABLED),
|
||||||
|
text = STRING_TOKEN(STR_NO),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Locked == 0;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_LOCKED),
|
||||||
|
text = STRING_TOKEN(STR_YES),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Locked == 1;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_LOCKED),
|
||||||
|
text = STRING_TOKEN(STR_NO),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Frozen == 0;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_FROZEN),
|
||||||
|
text = STRING_TOKEN(STR_YES),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Frozen == 1;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_SEC_FROZEN),
|
||||||
|
text = STRING_TOKEN(STR_NO),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.UserPasswordStatus == 0;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_HDD_USER_PASSWORD_STS),
|
||||||
|
text = STRING_TOKEN(STR_INSTALLED),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.UserPasswordStatus == 1;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_HDD_USER_PASSWORD_STS),
|
||||||
|
text = STRING_TOKEN(STR_NOT_INSTALLED),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.MasterPasswordStatus == 0;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_STS),
|
||||||
|
text = STRING_TOKEN(STR_INSTALLED),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.MasterPasswordStatus == 1;
|
||||||
|
text
|
||||||
|
help = STRING_TOKEN(STR_EMPTY),
|
||||||
|
text = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_STS),
|
||||||
|
text = STRING_TOKEN(STR_NOT_INSTALLED),
|
||||||
|
flags = 0,
|
||||||
|
key = 0;
|
||||||
|
endif;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
grayoutif ideqval HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0;
|
||||||
|
checkbox varid = HDD_PASSWORD_CONFIG.Request.UserPassword,
|
||||||
|
prompt = STRING_TOKEN(STR_HDD_USER_PASSWORD),
|
||||||
|
help = STRING_TOKEN(STR_HDD_USER_PASSWORD_HELP),
|
||||||
|
flags = INTERACTIVE | RESET_REQUIRED,
|
||||||
|
key = KEY_HDD_USER_PASSWORD,
|
||||||
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
grayoutif ideqval HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0;
|
||||||
|
checkbox varid = HDD_PASSWORD_CONFIG.Request.MasterPassword,
|
||||||
|
prompt = STRING_TOKEN(STR_HDD_MASTER_PASSWORD),
|
||||||
|
help = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_HELP),
|
||||||
|
flags = INTERACTIVE | RESET_REQUIRED,
|
||||||
|
key = KEY_HDD_MASTER_PASSWORD,
|
||||||
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
endform;
|
||||||
|
|
||||||
|
endformset;
|
|
@ -0,0 +1,61 @@
|
||||||
|
/** @file
|
||||||
|
HDD Password common header file.
|
||||||
|
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
This program and the accompanying materials
|
||||||
|
are licensed and made available under the terms and conditions
|
||||||
|
of the BSD License which accompanies this distribution. The
|
||||||
|
full text of the license may be found at
|
||||||
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
#ifndef _HDD_PASSWORD_COMMON_H_
|
||||||
|
#define _HDD_PASSWORD_COMMON_H_
|
||||||
|
|
||||||
|
//
|
||||||
|
// The payload length of HDD related ATA commands
|
||||||
|
//
|
||||||
|
#define HDD_PAYLOAD 512
|
||||||
|
|
||||||
|
#define ATA_SECURITY_SET_PASSWORD_CMD 0xF1
|
||||||
|
#define ATA_SECURITY_UNLOCK_CMD 0xF2
|
||||||
|
#define ATA_SECURITY_FREEZE_LOCK_CMD 0xF5
|
||||||
|
#define ATA_SECURITY_DIS_PASSWORD_CMD 0xF6
|
||||||
|
|
||||||
|
//
|
||||||
|
// The max retry count specified in ATA 8 spec.
|
||||||
|
//
|
||||||
|
#define MAX_HDD_PASSWORD_RETRY_COUNT 5
|
||||||
|
|
||||||
|
//
|
||||||
|
// According to ATA spec, the max length of hdd password is 32 bytes
|
||||||
|
//
|
||||||
|
#define HDD_PASSWORD_MAX_LENGTH 32
|
||||||
|
|
||||||
|
#define HDD_PASSWORD_DEVICE_INFO_GUID { 0x96d877ad, 0x48af, 0x4b39, { 0x9b, 0x27, 0x4d, 0x97, 0x43, 0x9, 0xae, 0x47 } }
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
UINT8 Bus;
|
||||||
|
UINT8 Device;
|
||||||
|
UINT8 Function;
|
||||||
|
UINT8 Reserved;
|
||||||
|
UINT16 Port;
|
||||||
|
UINT16 PortMultiplierPort;
|
||||||
|
} HDD_PASSWORD_DEVICE;
|
||||||
|
|
||||||
|
//
|
||||||
|
// It will be used to unlock HDD password for S3.
|
||||||
|
//
|
||||||
|
typedef struct {
|
||||||
|
HDD_PASSWORD_DEVICE Device;
|
||||||
|
CHAR8 Password[HDD_PASSWORD_MAX_LENGTH];
|
||||||
|
UINT32 DevicePathLength;
|
||||||
|
EFI_DEVICE_PATH_PROTOCOL DevicePath[];
|
||||||
|
} HDD_PASSWORD_DEVICE_INFO;
|
||||||
|
|
||||||
|
#endif // _HDD_PASSWORD_COMMON_H_
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,148 @@
|
||||||
|
/** @file
|
||||||
|
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
This program and the accompanying materials
|
||||||
|
are licensed and made available under the terms and conditions
|
||||||
|
of the BSD License which accompanies this distribution. The
|
||||||
|
full text of the license may be found at
|
||||||
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
#ifndef _HDD_PASSWORD_DXE_H_
|
||||||
|
#define _HDD_PASSWORD_DXE_H_
|
||||||
|
|
||||||
|
#include <Uefi.h>
|
||||||
|
|
||||||
|
#include <IndustryStandard/Atapi.h>
|
||||||
|
#include <IndustryStandard/Pci.h>
|
||||||
|
#include <Protocol/AtaPassThru.h>
|
||||||
|
#include <Protocol/PciIo.h>
|
||||||
|
#include <Protocol/HiiConfigAccess.h>
|
||||||
|
#include <Protocol/VariableLock.h>
|
||||||
|
|
||||||
|
#include <Guid/MdeModuleHii.h>
|
||||||
|
#include <Guid/EventGroup.h>
|
||||||
|
#include <Guid/S3StorageDeviceInitList.h>
|
||||||
|
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/UefiRuntimeServicesTableLib.h>
|
||||||
|
#include <Library/UefiDriverEntryPoint.h>
|
||||||
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
|
#include <Library/DxeServicesTableLib.h>
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/UefiHiiServicesLib.h>
|
||||||
|
#include <Library/HiiLib.h>
|
||||||
|
#include <Library/DevicePathLib.h>
|
||||||
|
#include <Library/PrintLib.h>
|
||||||
|
#include <Library/UefiLib.h>
|
||||||
|
#include <Library/LockBoxLib.h>
|
||||||
|
#include <Library/S3BootScriptLib.h>
|
||||||
|
#include <Library/PciLib.h>
|
||||||
|
#include <Library/BaseCryptLib.h>
|
||||||
|
|
||||||
|
#include "HddPasswordCommon.h"
|
||||||
|
#include "HddPasswordHiiDataStruc.h"
|
||||||
|
|
||||||
|
//
|
||||||
|
// This is the generated IFR binary data for each formset defined in VFR.
|
||||||
|
// This data array is ready to be used as input of HiiAddPackages() to
|
||||||
|
// create a packagelist (which contains Form packages, String packages, etc).
|
||||||
|
//
|
||||||
|
extern UINT8 HddPasswordBin[];
|
||||||
|
|
||||||
|
//
|
||||||
|
// This is the generated String package data for all .UNI files.
|
||||||
|
// This data array is ready to be used as input of HiiAddPackages() to
|
||||||
|
// create a packagelist (which contains Form packages, String packages, etc).
|
||||||
|
//
|
||||||
|
extern UINT8 HddPasswordDxeStrings[];
|
||||||
|
|
||||||
|
#define HDD_PASSWORD_DXE_PRIVATE_SIGNATURE SIGNATURE_32 ('H', 'D', 'D', 'P')
|
||||||
|
|
||||||
|
typedef struct _HDD_PASSWORD_CONFIG_FORM_ENTRY {
|
||||||
|
LIST_ENTRY Link;
|
||||||
|
EFI_HANDLE Controller;
|
||||||
|
UINTN Bus;
|
||||||
|
UINTN Device;
|
||||||
|
UINTN Function;
|
||||||
|
UINT16 Port;
|
||||||
|
UINT16 PortMultiplierPort;
|
||||||
|
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
|
||||||
|
CHAR16 HddString[64];
|
||||||
|
CHAR8 Password[HDD_PASSWORD_MAX_LENGTH];
|
||||||
|
EFI_STRING_ID TitleToken;
|
||||||
|
EFI_STRING_ID TitleHelpToken;
|
||||||
|
|
||||||
|
HDD_PASSWORD_CONFIG IfrData;
|
||||||
|
EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru;
|
||||||
|
} HDD_PASSWORD_CONFIG_FORM_ENTRY;
|
||||||
|
|
||||||
|
typedef struct _HDD_PASSWORD_DXE_PRIVATE_DATA {
|
||||||
|
UINTN Signature;
|
||||||
|
EFI_HANDLE DriverHandle;
|
||||||
|
EFI_HII_HANDLE HiiHandle;
|
||||||
|
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
|
||||||
|
HDD_PASSWORD_CONFIG_FORM_ENTRY *Current;
|
||||||
|
} HDD_PASSWORD_DXE_PRIVATE_DATA;
|
||||||
|
|
||||||
|
#define HDD_PASSWORD_DXE_PRIVATE_FROM_THIS(a) CR (a, HDD_PASSWORD_DXE_PRIVATE_DATA, ConfigAccess, HDD_PASSWORD_DXE_PRIVATE_SIGNATURE)
|
||||||
|
|
||||||
|
//
|
||||||
|
//Iterate through the doule linked list. NOT delete safe
|
||||||
|
//
|
||||||
|
#define EFI_LIST_FOR_EACH(Entry, ListHead) \
|
||||||
|
for (Entry = (ListHead)->ForwardLink; Entry != (ListHead); Entry = Entry->ForwardLink)
|
||||||
|
|
||||||
|
#define PASSWORD_SALT_SIZE 32
|
||||||
|
|
||||||
|
#define HDD_PASSWORD_REQUEST_VARIABLE_NAME L"HddPasswordRequest"
|
||||||
|
|
||||||
|
//
|
||||||
|
// It needs to be locked before EndOfDxe.
|
||||||
|
//
|
||||||
|
#define HDD_PASSWORD_VARIABLE_NAME L"HddPassword"
|
||||||
|
|
||||||
|
#pragma pack(1)
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
HDD_PASSWORD_DEVICE Device;
|
||||||
|
HDD_PASSWORD_REQUEST Request;
|
||||||
|
} HDD_PASSWORD_REQUEST_VARIABLE;
|
||||||
|
|
||||||
|
//
|
||||||
|
// It will be used to validate HDD password when the device is at frozen state.
|
||||||
|
//
|
||||||
|
typedef struct {
|
||||||
|
HDD_PASSWORD_DEVICE Device;
|
||||||
|
UINT8 PasswordHash[SHA256_DIGEST_SIZE];
|
||||||
|
UINT8 PasswordSalt[PASSWORD_SALT_SIZE];
|
||||||
|
} HDD_PASSWORD_VARIABLE;
|
||||||
|
|
||||||
|
///
|
||||||
|
/// HII specific Vendor Device Path definition.
|
||||||
|
///
|
||||||
|
typedef struct {
|
||||||
|
VENDOR_DEVICE_PATH VendorDevicePath;
|
||||||
|
EFI_DEVICE_PATH_PROTOCOL End;
|
||||||
|
} HII_VENDOR_DEVICE_PATH;
|
||||||
|
|
||||||
|
#pragma pack()
|
||||||
|
|
||||||
|
//
|
||||||
|
// Time out value for ATA pass through protocol
|
||||||
|
//
|
||||||
|
#define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3)
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
UINT32 Address;
|
||||||
|
S3_BOOT_SCRIPT_LIB_WIDTH Width;
|
||||||
|
} HDD_HC_PCI_REGISTER_SAVE;
|
||||||
|
|
||||||
|
#endif
|
|
@ -0,0 +1,75 @@
|
||||||
|
## @file
|
||||||
|
# HddPasswordDxe driver which is used to set/clear hdd password at attached harddisk
|
||||||
|
# devices.
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
#
|
||||||
|
# This program and the accompanying materials
|
||||||
|
# are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
# which accompanies this distribution. The full text of the license may be found at
|
||||||
|
# http://opensource.org/licenses/bsd-license.php
|
||||||
|
#
|
||||||
|
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
#
|
||||||
|
##
|
||||||
|
|
||||||
|
[Defines]
|
||||||
|
INF_VERSION = 0x00010005
|
||||||
|
BASE_NAME = HddPasswordDxe
|
||||||
|
FILE_GUID = 9BD549CD-86D1-4925-9F7D-3686DDD876FC
|
||||||
|
MODULE_TYPE = DXE_DRIVER
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
ENTRY_POINT = HddPasswordDxeInit
|
||||||
|
|
||||||
|
#
|
||||||
|
# The following information is for reference only and not required by the build tools.
|
||||||
|
#
|
||||||
|
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
|
||||||
|
#
|
||||||
|
|
||||||
|
[Sources]
|
||||||
|
HddPasswordDxe.c
|
||||||
|
HddPasswordDxe.h
|
||||||
|
HddPasswordHiiDataStruc.h
|
||||||
|
HddPassword.vfr
|
||||||
|
HddPasswordStrings.uni
|
||||||
|
HddPasswordCommon.h
|
||||||
|
|
||||||
|
[Packages]
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
MdeModulePkg/MdeModulePkg.dec
|
||||||
|
CryptoPkg/CryptoPkg.dec
|
||||||
|
|
||||||
|
[LibraryClasses]
|
||||||
|
BaseLib
|
||||||
|
MemoryAllocationLib
|
||||||
|
UefiBootServicesTableLib
|
||||||
|
UefiDriverEntryPoint
|
||||||
|
UefiHiiServicesLib
|
||||||
|
UefiRuntimeServicesTableLib
|
||||||
|
DxeServicesTableLib
|
||||||
|
BaseMemoryLib
|
||||||
|
DebugLib
|
||||||
|
HiiLib
|
||||||
|
PrintLib
|
||||||
|
UefiLib
|
||||||
|
LockBoxLib
|
||||||
|
S3BootScriptLib
|
||||||
|
PciLib
|
||||||
|
BaseCryptLib
|
||||||
|
|
||||||
|
[Guids]
|
||||||
|
gEfiIfrTianoGuid ## CONSUMES ## GUID
|
||||||
|
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
|
||||||
|
gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED
|
||||||
|
|
||||||
|
[Protocols]
|
||||||
|
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
|
||||||
|
gEfiAtaPassThruProtocolGuid ## CONSUMES
|
||||||
|
gEfiPciIoProtocolGuid ## CONSUMES
|
||||||
|
gEdkiiVariableLockProtocolGuid ## CONSUMES
|
||||||
|
|
||||||
|
[Depex]
|
||||||
|
gEfiVariableWriteArchProtocolGuid
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
/** @file
|
||||||
|
HddPassword HII data structure used by the driver.
|
||||||
|
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
This program and the accompanying materials
|
||||||
|
are licensed and made available under the terms and conditions
|
||||||
|
of the BSD License which accompanies this distribution. The
|
||||||
|
full text of the license may be found at
|
||||||
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
#ifndef _HDD_PASSWORD_HII_DATASTRUC_H_
|
||||||
|
#define _HDD_PASSWORD_HII_DATASTRUC_H_
|
||||||
|
|
||||||
|
#include <Guid/HiiPlatformSetupFormset.h>
|
||||||
|
|
||||||
|
#define HDD_PASSWORD_CONFIG_GUID \
|
||||||
|
{ \
|
||||||
|
0x737cded7, 0x448b, 0x4801, { 0xb5, 0x7d, 0xb1, 0x94, 0x83, 0xec, 0x60, 0x6f } \
|
||||||
|
}
|
||||||
|
|
||||||
|
#define FORMID_HDD_MAIN_FORM 1
|
||||||
|
#define FORMID_HDD_DEVICE_FORM 2
|
||||||
|
|
||||||
|
#define HDD_DEVICE_ENTRY_LABEL 0x1234
|
||||||
|
#define HDD_DEVICE_LABEL_END 0xffff
|
||||||
|
|
||||||
|
#define KEY_HDD_DEVICE_ENTRY_BASE 0x1000
|
||||||
|
|
||||||
|
#define KEY_HDD_USER_PASSWORD 0x101
|
||||||
|
#define KEY_HDD_MASTER_PASSWORD 0x102
|
||||||
|
|
||||||
|
#pragma pack(1)
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
UINT8 Supported:1;
|
||||||
|
UINT8 Enabled:1;
|
||||||
|
UINT8 Locked:1;
|
||||||
|
UINT8 Frozen:1;
|
||||||
|
UINT8 UserPasswordStatus:1;
|
||||||
|
UINT8 MasterPasswordStatus:1;
|
||||||
|
UINT8 Reserved:2;
|
||||||
|
} HDD_PASSWORD_SECURITY_STATUS;
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
UINT8 UserPassword:1;
|
||||||
|
UINT8 MasterPassword:1;
|
||||||
|
UINT8 Reserved:6;
|
||||||
|
} HDD_PASSWORD_REQUEST;
|
||||||
|
|
||||||
|
typedef struct _HDD_PASSWORD_CONFIG {
|
||||||
|
HDD_PASSWORD_SECURITY_STATUS SecurityStatus;
|
||||||
|
HDD_PASSWORD_REQUEST Request;
|
||||||
|
} HDD_PASSWORD_CONFIG;
|
||||||
|
|
||||||
|
#pragma pack()
|
||||||
|
|
||||||
|
#endif
|
|
@ -0,0 +1,374 @@
|
||||||
|
/** @file
|
||||||
|
HddPassword PEI module which is used to unlock HDD password for S3.
|
||||||
|
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
This program and the accompanying materials
|
||||||
|
are licensed and made available under the terms and conditions
|
||||||
|
of the BSD License which accompanies this distribution. The
|
||||||
|
full text of the license may be found at
|
||||||
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
#include "HddPasswordPei.h"
|
||||||
|
|
||||||
|
EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
Send unlock hdd password cmd through ATA PassThru PPI.
|
||||||
|
|
||||||
|
@param[in] AtaPassThru The pointer to the ATA PassThru PPI.
|
||||||
|
@param[in] Port The port number of the ATA device.
|
||||||
|
@param[in] PortMultiplierPort The port multiplier port number of the ATA device.
|
||||||
|
@param[in] Identifier The identifier to set user or master password.
|
||||||
|
@param[in] Password The hdd password of attached ATA device.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS Successful to send unlock hdd password cmd.
|
||||||
|
@retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
|
||||||
|
@retval EFI_OUT_OF_RESOURCES Not enough memory to send unlock hdd password cmd.
|
||||||
|
@retval EFI_DEVICE_ERROR Can not send unlock hdd password cmd.
|
||||||
|
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
UnlockDevice (
|
||||||
|
IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru,
|
||||||
|
IN UINT16 Port,
|
||||||
|
IN UINT16 PortMultiplierPort,
|
||||||
|
IN CHAR8 Identifier,
|
||||||
|
IN CHAR8 *Password
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
EFI_ATA_COMMAND_BLOCK Acb;
|
||||||
|
EFI_ATA_STATUS_BLOCK *Asb;
|
||||||
|
EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
|
||||||
|
UINT8 Buffer[HDD_PAYLOAD];
|
||||||
|
|
||||||
|
if ((AtaPassThru == NULL) || (Password == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
|
||||||
|
// EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
|
||||||
|
// the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
|
||||||
|
// the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
|
||||||
|
// may not be aligned when allocated on stack for some compilers. Hence, we
|
||||||
|
// use the API AllocateAlignedPages to ensure this structure is properly
|
||||||
|
// aligned.
|
||||||
|
//
|
||||||
|
Asb = AllocateAlignedPages (
|
||||||
|
EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
|
||||||
|
AtaPassThru->Mode->IoAlign
|
||||||
|
);
|
||||||
|
if (Asb == NULL) {
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prepare for ATA command block.
|
||||||
|
//
|
||||||
|
ZeroMem (&Acb, sizeof (Acb));
|
||||||
|
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
|
||||||
|
Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD;
|
||||||
|
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prepare for ATA pass through packet.
|
||||||
|
//
|
||||||
|
ZeroMem (&Packet, sizeof (Packet));
|
||||||
|
Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT;
|
||||||
|
Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES;
|
||||||
|
Packet.Asb = Asb;
|
||||||
|
Packet.Acb = &Acb;
|
||||||
|
|
||||||
|
((CHAR16 *) Buffer)[0] = Identifier & BIT0;
|
||||||
|
CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH);
|
||||||
|
|
||||||
|
Packet.OutDataBuffer = Buffer;
|
||||||
|
Packet.OutTransferLength = sizeof (Buffer);
|
||||||
|
Packet.Timeout = ATA_TIMEOUT;
|
||||||
|
|
||||||
|
Status = AtaPassThru->PassThru (
|
||||||
|
AtaPassThru,
|
||||||
|
Port,
|
||||||
|
PortMultiplierPort,
|
||||||
|
&Packet
|
||||||
|
);
|
||||||
|
if (!EFI_ERROR (Status) &&
|
||||||
|
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
|
||||||
|
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
|
||||||
|
Status = EFI_DEVICE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
|
||||||
|
|
||||||
|
ZeroMem (Buffer, sizeof (Buffer));
|
||||||
|
|
||||||
|
DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
Send security freeze lock cmd through ATA PassThru PPI.
|
||||||
|
|
||||||
|
@param[in] AtaPassThru The pointer to the ATA PassThru PPI.
|
||||||
|
@param[in] Port The port number of the ATA device.
|
||||||
|
@param[in] PortMultiplierPort The port multiplier port number of the ATA device.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS Successful to send security freeze lock cmd.
|
||||||
|
@retval EFI_INVALID_PARAMETER The parameter passed-in is invalid.
|
||||||
|
@retval EFI_OUT_OF_RESOURCES Not enough memory to send unlock hdd password cmd.
|
||||||
|
@retval EFI_DEVICE_ERROR Can not send security freeze lock cmd.
|
||||||
|
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
FreezeLockDevice (
|
||||||
|
IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru,
|
||||||
|
IN UINT16 Port,
|
||||||
|
IN UINT16 PortMultiplierPort
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
EFI_ATA_COMMAND_BLOCK Acb;
|
||||||
|
EFI_ATA_STATUS_BLOCK *Asb;
|
||||||
|
EFI_ATA_PASS_THRU_COMMAND_PACKET Packet;
|
||||||
|
|
||||||
|
if (AtaPassThru == NULL) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in
|
||||||
|
// EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by
|
||||||
|
// the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile,
|
||||||
|
// the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it
|
||||||
|
// may not be aligned when allocated on stack for some compilers. Hence, we
|
||||||
|
// use the API AllocateAlignedPages to ensure this structure is properly
|
||||||
|
// aligned.
|
||||||
|
//
|
||||||
|
Asb = AllocateAlignedPages (
|
||||||
|
EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)),
|
||||||
|
AtaPassThru->Mode->IoAlign
|
||||||
|
);
|
||||||
|
if (Asb == NULL) {
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prepare for ATA command block.
|
||||||
|
//
|
||||||
|
ZeroMem (&Acb, sizeof (Acb));
|
||||||
|
ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK));
|
||||||
|
Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD;
|
||||||
|
Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4));
|
||||||
|
|
||||||
|
//
|
||||||
|
// Prepare for ATA pass through packet.
|
||||||
|
//
|
||||||
|
ZeroMem (&Packet, sizeof (Packet));
|
||||||
|
Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_ATA_NON_DATA;
|
||||||
|
Packet.Length = EFI_ATA_PASS_THRU_LENGTH_NO_DATA_TRANSFER;
|
||||||
|
Packet.Asb = Asb;
|
||||||
|
Packet.Acb = &Acb;
|
||||||
|
Packet.Timeout = ATA_TIMEOUT;
|
||||||
|
|
||||||
|
Status = AtaPassThru->PassThru (
|
||||||
|
AtaPassThru,
|
||||||
|
Port,
|
||||||
|
PortMultiplierPort,
|
||||||
|
&Packet
|
||||||
|
);
|
||||||
|
if (!EFI_ERROR (Status) &&
|
||||||
|
((Asb->AtaStatus & ATA_STSREG_ERR) != 0) &&
|
||||||
|
((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) {
|
||||||
|
Status = EFI_DEVICE_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)));
|
||||||
|
|
||||||
|
DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status));
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
Unlock HDD password for S3.
|
||||||
|
|
||||||
|
@param[in] AtaPassThruPpi Pointer to the EDKII_PEI_ATA_PASS_THRU_PPI instance.
|
||||||
|
|
||||||
|
**/
|
||||||
|
VOID
|
||||||
|
UnlockHddPassword (
|
||||||
|
IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThruPpi
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
VOID *Buffer;
|
||||||
|
UINTN Length;
|
||||||
|
UINT8 DummyData;
|
||||||
|
HDD_PASSWORD_DEVICE_INFO *DevInfo;
|
||||||
|
UINT16 Port;
|
||||||
|
UINT16 PortMultiplierPort;
|
||||||
|
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
|
||||||
|
UINTN DevicePathLength;
|
||||||
|
|
||||||
|
//
|
||||||
|
// Get HDD password device info from LockBox.
|
||||||
|
//
|
||||||
|
Buffer = (VOID *) &DummyData;
|
||||||
|
Length = sizeof (DummyData);
|
||||||
|
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
|
||||||
|
if (Status == EFI_BUFFER_TOO_SMALL) {
|
||||||
|
Buffer = AllocatePages (EFI_SIZE_TO_PAGES (Length));
|
||||||
|
if (Buffer != NULL) {
|
||||||
|
Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ((Buffer == NULL) || (Buffer == (VOID *) &DummyData)) {
|
||||||
|
return;
|
||||||
|
} else if (EFI_ERROR (Status)) {
|
||||||
|
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
Status = AtaPassThruPpi->GetDevicePath (AtaPassThruPpi, &DevicePathLength, &DevicePath);
|
||||||
|
if (EFI_ERROR (Status) || (DevicePathLength <= sizeof (EFI_DEVICE_PATH_PROTOCOL))) {
|
||||||
|
goto Exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Go through all the devices managed by the AtaPassThru PPI instance.
|
||||||
|
//
|
||||||
|
Port = 0xFFFF;
|
||||||
|
while (TRUE) {
|
||||||
|
Status = AtaPassThruPpi->GetNextPort (AtaPassThruPpi, &Port);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
//
|
||||||
|
// We cannot find more legal port then we are done.
|
||||||
|
//
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
PortMultiplierPort = 0xFFFF;
|
||||||
|
while (TRUE) {
|
||||||
|
Status = AtaPassThruPpi->GetNextDevice (AtaPassThruPpi, Port, &PortMultiplierPort);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
//
|
||||||
|
// We cannot find more legal port multiplier port number for ATA device
|
||||||
|
// on the port, then we are done.
|
||||||
|
//
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// Search the device in the restored LockBox.
|
||||||
|
//
|
||||||
|
DevInfo = (HDD_PASSWORD_DEVICE_INFO *) Buffer;
|
||||||
|
while ((UINTN) DevInfo < ((UINTN) Buffer + Length)) {
|
||||||
|
//
|
||||||
|
// Find the matching device.
|
||||||
|
//
|
||||||
|
if ((DevInfo->Device.Port == Port) &&
|
||||||
|
(DevInfo->Device.PortMultiplierPort == PortMultiplierPort) &&
|
||||||
|
(DevInfo->DevicePathLength >= DevicePathLength) &&
|
||||||
|
(CompareMem (
|
||||||
|
DevInfo->DevicePath,
|
||||||
|
DevicePath,
|
||||||
|
DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) {
|
||||||
|
//
|
||||||
|
// If device locked, unlock first.
|
||||||
|
//
|
||||||
|
if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) {
|
||||||
|
UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password);
|
||||||
|
}
|
||||||
|
//
|
||||||
|
// Freeze lock the device.
|
||||||
|
//
|
||||||
|
FreezeLockDevice (AtaPassThruPpi, Port, PortMultiplierPort);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
DevInfo = (HDD_PASSWORD_DEVICE_INFO *)
|
||||||
|
((UINTN) DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Exit:
|
||||||
|
ZeroMem (Buffer, Length);
|
||||||
|
FreePages (Buffer, EFI_SIZE_TO_PAGES (Length));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
Entry point of the notification callback function itself within the PEIM.
|
||||||
|
It is to unlock HDD password for S3.
|
||||||
|
|
||||||
|
@param PeiServices Indirect reference to the PEI Services Table.
|
||||||
|
@param NotifyDescriptor Address of the notification descriptor data structure.
|
||||||
|
@param Ppi Address of the PPI that was installed.
|
||||||
|
|
||||||
|
@return Status of the notification.
|
||||||
|
The status code returned from this function is ignored.
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
HddPasswordAtaPassThruNotify (
|
||||||
|
IN EFI_PEI_SERVICES **PeiServices,
|
||||||
|
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
|
||||||
|
IN VOID *Ppi
|
||||||
|
)
|
||||||
|
{
|
||||||
|
DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__));
|
||||||
|
|
||||||
|
UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *) Ppi);
|
||||||
|
|
||||||
|
DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__));
|
||||||
|
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = {
|
||||||
|
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
|
||||||
|
&gEdkiiPeiAtaPassThruPpiGuid,
|
||||||
|
HddPasswordAtaPassThruNotify
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
Main entry for this module.
|
||||||
|
|
||||||
|
@param FileHandle Handle of the file being invoked.
|
||||||
|
@param PeiServices Pointer to PEI Services table.
|
||||||
|
|
||||||
|
@return Status from PeiServicesNotifyPpi.
|
||||||
|
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
HddPasswordPeiInit (
|
||||||
|
IN EFI_PEI_FILE_HANDLE FileHandle,
|
||||||
|
IN CONST EFI_PEI_SERVICES **PeiServices
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
EFI_BOOT_MODE BootMode;
|
||||||
|
|
||||||
|
Status = PeiServicesGetBootMode (&BootMode);
|
||||||
|
if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) {
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
DEBUG ((DEBUG_INFO, "%a: Enters in S3 path.\n", __FUNCTION__));
|
||||||
|
|
||||||
|
Status = PeiServicesNotifyPpi (&mHddPasswordAtaPassThruPpiNotifyDesc);
|
||||||
|
ASSERT_EFI_ERROR (Status);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
/** @file
|
||||||
|
HddPassword PEI module which is used to unlock HDD password for S3.
|
||||||
|
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
This program and the accompanying materials
|
||||||
|
are licensed and made available under the terms and conditions
|
||||||
|
of the BSD License which accompanies this distribution. The
|
||||||
|
full text of the license may be found at
|
||||||
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
#ifndef _HDD_PASSWORD_PEI_H_
|
||||||
|
#define _HDD_PASSWORD_PEI_H_
|
||||||
|
|
||||||
|
#include <PiPei.h>
|
||||||
|
#include <IndustryStandard/Atapi.h>
|
||||||
|
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/PeimEntryPoint.h>
|
||||||
|
#include <Library/PeiServicesLib.h>
|
||||||
|
#include <Library/PciLib.h>
|
||||||
|
#include <Library/LockBoxLib.h>
|
||||||
|
|
||||||
|
#include <Ppi/AtaPassThru.h>
|
||||||
|
|
||||||
|
#include "HddPasswordCommon.h"
|
||||||
|
|
||||||
|
|
||||||
|
//
|
||||||
|
// Time out value for ATA PassThru PPI
|
||||||
|
//
|
||||||
|
#define ATA_TIMEOUT 30000000
|
||||||
|
|
||||||
|
#endif
|
|
@ -0,0 +1,54 @@
|
||||||
|
## @file
|
||||||
|
# HddPassword PEI module which is used to unlock HDD password for S3.
|
||||||
|
#
|
||||||
|
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
#
|
||||||
|
# This program and the accompanying materials
|
||||||
|
# are licensed and made available under the terms and conditions of the BSD License
|
||||||
|
# which accompanies this distribution. The full text of the license may be found at
|
||||||
|
# http://opensource.org/licenses/bsd-license.php
|
||||||
|
#
|
||||||
|
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
#
|
||||||
|
##
|
||||||
|
|
||||||
|
[Defines]
|
||||||
|
INF_VERSION = 0x00010005
|
||||||
|
BASE_NAME = HddPasswordPei
|
||||||
|
FILE_GUID = 91AD7375-8E8E-49D2-A343-68BC78273955
|
||||||
|
MODULE_TYPE = PEIM
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
ENTRY_POINT = HddPasswordPeiInit
|
||||||
|
|
||||||
|
#
|
||||||
|
# The following information is for reference only and not required by the build tools.
|
||||||
|
#
|
||||||
|
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
|
||||||
|
#
|
||||||
|
|
||||||
|
[Sources]
|
||||||
|
HddPasswordPei.c
|
||||||
|
HddPasswordPei.h
|
||||||
|
HddPasswordCommon.h
|
||||||
|
|
||||||
|
[Packages]
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
MdeModulePkg/MdeModulePkg.dec
|
||||||
|
|
||||||
|
[LibraryClasses]
|
||||||
|
PeimEntryPoint
|
||||||
|
PeiServicesLib
|
||||||
|
DebugLib
|
||||||
|
BaseLib
|
||||||
|
BaseMemoryLib
|
||||||
|
MemoryAllocationLib
|
||||||
|
PciLib
|
||||||
|
LockBoxLib
|
||||||
|
|
||||||
|
[Ppis]
|
||||||
|
gEdkiiPeiAtaPassThruPpiGuid ## NOTIFY
|
||||||
|
|
||||||
|
[Depex]
|
||||||
|
gEfiPeiMasterBootModePpiGuid
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
// /** @file
|
||||||
|
// String definitions for HddPassword Setup Form.
|
||||||
|
//
|
||||||
|
// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
//
|
||||||
|
// This program and the accompanying materials
|
||||||
|
// are licensed and made available under the terms and conditions
|
||||||
|
// of the BSD License which accompanies this distribution. The
|
||||||
|
// full text of the license may be found at
|
||||||
|
// http://opensource.org/licenses/bsd-license.php
|
||||||
|
//
|
||||||
|
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
//
|
||||||
|
// **/
|
||||||
|
|
||||||
|
#langdef en-US "English"
|
||||||
|
|
||||||
|
#string STR_HDD_SECURITY_CONFIG #language en-US "HDD Security Configuration"
|
||||||
|
|
||||||
|
#string STR_SECURITY_HDD_PWD_DESC #language en-US "HDD Password Description :"
|
||||||
|
|
||||||
|
#string STR_SECURITY_HDD_BANNER_ONE #language en-US "Allows Access to Set, Modify and Clear HardDisk User and"
|
||||||
|
#string STR_SECURITY_HDD_BANNER_TWO #language en-US "Master Passwords."
|
||||||
|
#string STR_SECURITY_HDD_BANNER_THREE #language en-US "User Password need to be installed for Enabling Security."
|
||||||
|
#string STR_SECURITY_HDD_BANNER_FOUR #language en-US "Master Password can be modified only when succesfully"
|
||||||
|
#string STR_SECURITY_HDD_BANNER_FIVE #language en-US "unlocked with User Password in POST."
|
||||||
|
|
||||||
|
#string STR_HDD_SECURITY_HD #language en-US "HDD Password"
|
||||||
|
#string STR_HDD_SECURITY_HELP #language en-US "Set HDD Password"
|
||||||
|
#string STR_HDD_PASSWORD_CONFIG #language en-US "HDD PASSWORD CONFIGURATION:"
|
||||||
|
#string STR_SEC_SUPPORTED #language en-US "Security Supported :"
|
||||||
|
#string STR_SEC_ENABLED #language en-US "Security Enabled :"
|
||||||
|
#string STR_SEC_LOCKED #language en-US "Security Locked :"
|
||||||
|
#string STR_SEC_FROZEN #language en-US "Security Frozen :"
|
||||||
|
#string STR_YES #language en-US "Yes"
|
||||||
|
#string STR_NO #language en-US "No"
|
||||||
|
#string STR_HDD_USER_PASSWORD #language en-US "Request to set User Password"
|
||||||
|
#string STR_HDD_USER_PASSWORD_HELP #language en-US "Request to set HDD User Password. \n*** Reset is required for the request to be processed in next boot *** \n*** G3 circle is required to disable freeze state when Security Frozen state is Yes, otherwise the request will be ignored. *** "
|
||||||
|
#string STR_HDD_MASTER_PASSWORD #language en-US "Request to set Master Password"
|
||||||
|
#string STR_HDD_MASTER_PASSWORD_HELP #language en-US "Request to set HDD Master Password. \n*** Reset is required for the request to be processed in next boot *** \n*** G3 circle is required to disable freeze state when Security Frozen state is Yes, otherwise the request will be ignored. *** "
|
||||||
|
|
||||||
|
#string STR_INSTALLED #language en-US "INSTALLED"
|
||||||
|
#string STR_NOT_INSTALLED #language en-US "NOT INSTALLED"
|
||||||
|
#string STR_HDD_USER_PASSWORD_STS #language en-US "HDD User Password Status :"
|
||||||
|
#string STR_HDD_MASTER_PASSWORD_STS #language en-US "HDD Master Password Status:"
|
||||||
|
#string STR_NULL #language en-US ""
|
||||||
|
#string STR_EMPTY #language en-US ""
|
|
@ -287,6 +287,12 @@
|
||||||
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
|
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
|
||||||
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf
|
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf
|
||||||
|
|
||||||
|
#
|
||||||
|
# HDD Password solution
|
||||||
|
#
|
||||||
|
SecurityPkg/HddPassword/HddPasswordDxe.inf
|
||||||
|
SecurityPkg/HddPassword/HddPasswordPei.inf
|
||||||
|
|
||||||
[BuildOptions]
|
[BuildOptions]
|
||||||
MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256
|
MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256
|
||||||
INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256
|
INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256
|
||||||
|
|
Loading…
Reference in New Issue