mirror of https://github.com/acidanthera/audk.git
300 lines
13 KiB
C
300 lines
13 KiB
C
/** @file
|
|
Opal password smm driver which is used to support Opal security feature at s3 path.
|
|
|
|
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
|
This program and the accompanying materials
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
**/
|
|
|
|
#ifndef _OPAL_PASSWORD_SMM_H_
|
|
#define _OPAL_PASSWORD_SMM_H_
|
|
|
|
#include <PiSmm.h>
|
|
#include <IndustryStandard/Atapi.h>
|
|
|
|
#include <Protocol/SmmSwDispatch2.h>
|
|
#include <Protocol/SmmSxDispatch2.h>
|
|
#include <Protocol/AtaPassThru.h>
|
|
#include <Protocol/PciIo.h>
|
|
#include <Protocol/SmmReadyToLock.h>
|
|
#include <Protocol/SmmVariable.h>
|
|
#include <Protocol/VariableLock.h>
|
|
#include <Protocol/StorageSecurityCommand.h>
|
|
|
|
#include <Library/OpalPasswordSupportLib.h>
|
|
#include <Library/DebugLib.h>
|
|
#include <Library/PcdLib.h>
|
|
#include <Library/IoLib.h>
|
|
#include <Library/TimerLib.h>
|
|
#include <Library/PciLib.h>
|
|
#include <Library/BaseLib.h>
|
|
#include <Library/BaseMemoryLib.h>
|
|
#include <Library/SmmServicesTableLib.h>
|
|
#include <Library/MemoryAllocationLib.h>
|
|
#include <Library/UefiDriverEntryPoint.h>
|
|
#include <Library/UefiBootServicesTableLib.h>
|
|
#include <Library/UefiRuntimeServicesTableLib.h>
|
|
#include <Library/UefiLib.h>
|
|
#include <Library/S3BootScriptLib.h>
|
|
#include <Library/DevicePathLib.h>
|
|
#include <Library/SmmMemLib.h>
|
|
|
|
#include <Library/DxeServicesTableLib.h>
|
|
|
|
#include <IndustryStandard/Pci22.h>
|
|
|
|
#include <Guid/OpalPasswordExtraInfoVariable.h>
|
|
|
|
#include "OpalAhciMode.h"
|
|
#include "OpalIdeMode.h"
|
|
#include "OpalNvmeMode.h"
|
|
|
|
//
|
|
// Time out Value for ATA pass through protocol
|
|
//
|
|
#define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3)
|
|
|
|
//
|
|
// The payload Length of HDD related ATA commands
|
|
//
|
|
#define HDD_PAYLOAD 512
|
|
//
|
|
// According to ATA spec, the max Length of hdd password is 32 bytes
|
|
//
|
|
#define OPAL_PASSWORD_MAX_LENGTH 32
|
|
|
|
extern VOID *mBuffer;
|
|
|
|
#pragma pack(1)
|
|
|
|
typedef struct {
|
|
UINT32 Address;
|
|
S3_BOOT_SCRIPT_LIB_WIDTH Width;
|
|
} OPAL_HC_PCI_REGISTER_SAVE;
|
|
|
|
|
|
typedef struct {
|
|
UINT32 SegNum;
|
|
UINT32 BusNum;
|
|
UINT32 DevNum;
|
|
UINT32 FuncNum;
|
|
} PCI_DEVICE;
|
|
|
|
/**
|
|
* Opal I/O Type utilized by the Trusted IO callback
|
|
*
|
|
* The type indicates if the I/O is a send or receive
|
|
*/
|
|
typedef enum {
|
|
//
|
|
// I/O is a TCG Trusted Send command
|
|
//
|
|
OpalSend,
|
|
|
|
//
|
|
// I/O is a TCG Trusted Receive command
|
|
//
|
|
OpalRecv
|
|
} OPAL_IO_TYPE;
|
|
|
|
|
|
#define OPAL_SMM_DEVICE_SIGNATURE SIGNATURE_32 ('o', 's', 'd', 's')
|
|
|
|
typedef struct {
|
|
UINTN Signature;
|
|
LIST_ENTRY Link;
|
|
|
|
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL Sscp;
|
|
|
|
UINT32 SegNum;
|
|
UINT32 BusNum;
|
|
UINT32 DevNum;
|
|
UINT32 FuncNum;
|
|
|
|
UINT8 DeviceType;
|
|
|
|
UINT32 SataPort;
|
|
UINT32 SataPortMultiplierPort;
|
|
|
|
UINT32 NvmeNamespaceId;
|
|
|
|
UINT8 Password[32];
|
|
UINT8 PasswordLength;
|
|
|
|
UINT32 Length;
|
|
PCI_DEVICE *PciBridgeNode;
|
|
|
|
UINT16 OpalBaseComId;
|
|
} OPAL_SMM_DEVICE;
|
|
|
|
#define OPAL_SMM_DEVICE_FROM_THIS(a) CR (a, OPAL_SMM_DEVICE, Sscp, OPAL_SMM_DEVICE_SIGNATURE)
|
|
|
|
#pragma pack()
|
|
|
|
/**
|
|
Send a security protocol command to a device that receives data and/or the result
|
|
of one or more commands sent by SendData.
|
|
|
|
The ReceiveData function sends a security protocol command to the given MediaId.
|
|
The security protocol command sent is defined by SecurityProtocolId and contains
|
|
the security protocol specific data SecurityProtocolSpecificData. The function
|
|
returns the data from the security protocol command in PayloadBuffer.
|
|
|
|
For devices supporting the SCSI command set, the security protocol command is sent
|
|
using the SECURITY PROTOCOL IN command defined in SPC-4.
|
|
|
|
For devices supporting the ATA command set, the security protocol command is sent
|
|
using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize
|
|
is non-zero.
|
|
|
|
If the PayloadBufferSize is zero, the security protocol command is sent using the
|
|
Trusted Non-Data command defined in ATA8-ACS.
|
|
|
|
If PayloadBufferSize is too small to store the available data from the security
|
|
protocol command, the function shall copy PayloadBufferSize bytes into the
|
|
PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL.
|
|
|
|
If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero,
|
|
the function shall return EFI_INVALID_PARAMETER.
|
|
|
|
If the given MediaId does not support security protocol commands, the function shall
|
|
return EFI_UNSUPPORTED. If there is no media in the device, the function returns
|
|
EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device,
|
|
the function returns EFI_MEDIA_CHANGED.
|
|
|
|
If the security protocol fails to complete within the Timeout period, the function
|
|
shall return EFI_TIMEOUT.
|
|
|
|
If the security protocol command completes without an error, the function shall
|
|
return EFI_SUCCESS. If the security protocol command completes with an error, the
|
|
function shall return EFI_DEVICE_ERROR.
|
|
|
|
@param This Indicates a pointer to the calling context.
|
|
@param MediaId ID of the medium to receive data from.
|
|
@param Timeout The timeout, in 100ns units, to use for the execution
|
|
of the security protocol command. A Timeout value of 0
|
|
means that this function will wait indefinitely for the
|
|
security protocol command to execute. If Timeout is greater
|
|
than zero, then this function will return EFI_TIMEOUT
|
|
if the time required to execute the receive data command
|
|
is greater than Timeout.
|
|
@param SecurityProtocolId The value of the "Security Protocol" parameter of
|
|
the security protocol command to be sent.
|
|
@param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter
|
|
of the security protocol command to be sent.
|
|
@param PayloadBufferSize Size in bytes of the payload data buffer.
|
|
@param PayloadBuffer A pointer to a destination buffer to store the security
|
|
protocol command specific payload data for the security
|
|
protocol command. The caller is responsible for having
|
|
either implicit or explicit ownership of the buffer.
|
|
@param PayloadTransferSize A pointer to a buffer to store the size in bytes of the
|
|
data written to the payload data buffer.
|
|
|
|
@retval EFI_SUCCESS The security protocol command completed successfully.
|
|
@retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available
|
|
data from the device. The PayloadBuffer contains the truncated data.
|
|
@retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.
|
|
@retval EFI_DEVICE_ERROR The security protocol command completed with an error.
|
|
@retval EFI_NO_MEDIA There is no media in the device.
|
|
@retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
|
|
@retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and
|
|
PayloadBufferSize is non-zero.
|
|
@retval EFI_TIMEOUT A timeout occurred while waiting for the security
|
|
protocol command to execute.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
SecurityReceiveData (
|
|
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
|
|
IN UINT32 MediaId,
|
|
IN UINT64 Timeout,
|
|
IN UINT8 SecurityProtocolId,
|
|
IN UINT16 SecurityProtocolSpecificData,
|
|
IN UINTN PayloadBufferSize,
|
|
OUT VOID *PayloadBuffer,
|
|
OUT UINTN *PayloadTransferSize
|
|
);
|
|
|
|
/**
|
|
Send a security protocol command to a device.
|
|
|
|
The SendData function sends a security protocol command containing the payload
|
|
PayloadBuffer to the given MediaId. The security protocol command sent is
|
|
defined by SecurityProtocolId and contains the security protocol specific data
|
|
SecurityProtocolSpecificData. If the underlying protocol command requires a
|
|
specific padding for the command payload, the SendData function shall add padding
|
|
bytes to the command payload to satisfy the padding requirements.
|
|
|
|
For devices supporting the SCSI command set, the security protocol command is sent
|
|
using the SECURITY PROTOCOL OUT command defined in SPC-4.
|
|
|
|
For devices supporting the ATA command set, the security protocol command is sent
|
|
using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize
|
|
is non-zero. If the PayloadBufferSize is zero, the security protocol command is
|
|
sent using the Trusted Non-Data command defined in ATA8-ACS.
|
|
|
|
If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall
|
|
return EFI_INVALID_PARAMETER.
|
|
|
|
If the given MediaId does not support security protocol commands, the function
|
|
shall return EFI_UNSUPPORTED. If there is no media in the device, the function
|
|
returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the
|
|
device, the function returns EFI_MEDIA_CHANGED.
|
|
|
|
If the security protocol fails to complete within the Timeout period, the function
|
|
shall return EFI_TIMEOUT.
|
|
|
|
If the security protocol command completes without an error, the function shall return
|
|
EFI_SUCCESS. If the security protocol command completes with an error, the function
|
|
shall return EFI_DEVICE_ERROR.
|
|
|
|
@param This Indicates a pointer to the calling context.
|
|
@param MediaId ID of the medium to receive data from.
|
|
@param Timeout The timeout, in 100ns units, to use for the execution
|
|
of the security protocol command. A Timeout value of 0
|
|
means that this function will wait indefinitely for the
|
|
security protocol command to execute. If Timeout is greater
|
|
than zero, then this function will return EFI_TIMEOUT
|
|
if the time required to execute the receive data command
|
|
is greater than Timeout.
|
|
@param SecurityProtocolId The value of the "Security Protocol" parameter of
|
|
the security protocol command to be sent.
|
|
@param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter
|
|
of the security protocol command to be sent.
|
|
@param PayloadBufferSize Size in bytes of the payload data buffer.
|
|
@param PayloadBuffer A pointer to a destination buffer to store the security
|
|
protocol command specific payload data for the security
|
|
protocol command.
|
|
|
|
@retval EFI_SUCCESS The security protocol command completed successfully.
|
|
@retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands.
|
|
@retval EFI_DEVICE_ERROR The security protocol command completed with an error.
|
|
@retval EFI_NO_MEDIA There is no media in the device.
|
|
@retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
|
|
@retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero.
|
|
@retval EFI_TIMEOUT A timeout occurred while waiting for the security
|
|
protocol command to execute.
|
|
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
SecuritySendData (
|
|
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
|
|
IN UINT32 MediaId,
|
|
IN UINT64 Timeout,
|
|
IN UINT8 SecurityProtocolId,
|
|
IN UINT16 SecurityProtocolSpecificData,
|
|
IN UINTN PayloadBufferSize,
|
|
IN VOID *PayloadBuffer
|
|
);
|
|
|
|
#endif // _OPAL_PASSWORD_SMM_H_
|
|
|