/** @file | |
Opal password smm driver which is used to support Opal security feature at s3 path. | |
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> | |
This program and the accompanying materials | |
are licensed and made available under the terms and conditions of the BSD License | |
which accompanies this distribution. The full text of the license may be found at | |
http://opensource.org/licenses/bsd-license.php | |
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, | |
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. | |
**/ | |
#ifndef _OPAL_PASSWORD_SMM_H_ | |
#define _OPAL_PASSWORD_SMM_H_ | |
#include <PiSmm.h> | |
#include <IndustryStandard/Atapi.h> | |
#include <Protocol/SmmSwDispatch2.h> | |
#include <Protocol/SmmSxDispatch2.h> | |
#include <Protocol/AtaPassThru.h> | |
#include <Protocol/PciIo.h> | |
#include <Protocol/SmmReadyToLock.h> | |
#include <Protocol/SmmVariable.h> | |
#include <Protocol/VariableLock.h> | |
#include <Protocol/SmmEndOfDxe.h> | |
#include <Protocol/StorageSecurityCommand.h> | |
#include <Library/OpalPasswordSupportLib.h> | |
#include <Library/DebugLib.h> | |
#include <Library/PcdLib.h> | |
#include <Library/IoLib.h> | |
#include <Library/TimerLib.h> | |
#include <Library/PciLib.h> | |
#include <Library/BaseLib.h> | |
#include <Library/BaseMemoryLib.h> | |
#include <Library/SmmServicesTableLib.h> | |
#include <Library/MemoryAllocationLib.h> | |
#include <Library/UefiDriverEntryPoint.h> | |
#include <Library/UefiBootServicesTableLib.h> | |
#include <Library/UefiRuntimeServicesTableLib.h> | |
#include <Library/UefiLib.h> | |
#include <Library/S3BootScriptLib.h> | |
#include <Library/DevicePathLib.h> | |
#include <Library/DxeServicesTableLib.h> | |
#include <Library/SmmIoLib.h> | |
#include <Library/Tcg2PhysicalPresenceLib.h> | |
#include <IndustryStandard/Pci22.h> | |
#include "OpalAhciMode.h" | |
#include "OpalIdeMode.h" | |
#include "OpalNvmeMode.h" | |
// | |
// Time out Value for ATA pass through protocol | |
// | |
#define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3) | |
// | |
// The payload Length of HDD related ATA commands | |
// | |
#define HDD_PAYLOAD 512 | |
extern VOID *mBuffer; | |
#pragma pack(1) | |
typedef struct { | |
UINT32 Address; | |
S3_BOOT_SCRIPT_LIB_WIDTH Width; | |
} OPAL_HC_PCI_REGISTER_SAVE; | |
typedef struct { | |
UINT32 SegNum; | |
UINT32 BusNum; | |
UINT32 DevNum; | |
UINT32 FuncNum; | |
} PCI_DEVICE; | |
/** | |
* Opal I/O Type utilized by the Trusted IO callback | |
* | |
* The type indicates if the I/O is a send or receive | |
*/ | |
typedef enum { | |
// | |
// I/O is a TCG Trusted Send command | |
// | |
OpalSend, | |
// | |
// I/O is a TCG Trusted Receive command | |
// | |
OpalRecv | |
} OPAL_IO_TYPE; | |
#define OPAL_SMM_DEVICE_SIGNATURE SIGNATURE_32 ('o', 's', 'd', 's') | |
typedef struct { | |
UINTN Signature; | |
LIST_ENTRY Link; | |
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL Sscp; | |
UINT32 SegNum; | |
UINT32 BusNum; | |
UINT32 DevNum; | |
UINT32 FuncNum; | |
UINT8 DeviceType; | |
UINT32 SataPort; | |
UINT32 SataPortMultiplierPort; | |
UINT32 NvmeNamespaceId; | |
UINT8 Password[OPAL_PASSWORD_MAX_LENGTH]; | |
UINT8 PasswordLength; | |
UINT32 Length; | |
PCI_DEVICE *PciBridgeNode; | |
UINT16 OpalBaseComId; | |
} OPAL_SMM_DEVICE; | |
#define OPAL_SMM_DEVICE_FROM_THIS(a) CR (a, OPAL_SMM_DEVICE, Sscp, OPAL_SMM_DEVICE_SIGNATURE) | |
#pragma pack() | |
/** | |
Send a security protocol command to a device that receives data and/or the result | |
of one or more commands sent by SendData. | |
The ReceiveData function sends a security protocol command to the given MediaId. | |
The security protocol command sent is defined by SecurityProtocolId and contains | |
the security protocol specific data SecurityProtocolSpecificData. The function | |
returns the data from the security protocol command in PayloadBuffer. | |
For devices supporting the SCSI command set, the security protocol command is sent | |
using the SECURITY PROTOCOL IN command defined in SPC-4. | |
For devices supporting the ATA command set, the security protocol command is sent | |
using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize | |
is non-zero. | |
If the PayloadBufferSize is zero, the security protocol command is sent using the | |
Trusted Non-Data command defined in ATA8-ACS. | |
If PayloadBufferSize is too small to store the available data from the security | |
protocol command, the function shall copy PayloadBufferSize bytes into the | |
PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. | |
If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, | |
the function shall return EFI_INVALID_PARAMETER. | |
If the given MediaId does not support security protocol commands, the function shall | |
return EFI_UNSUPPORTED. If there is no media in the device, the function returns | |
EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, | |
the function returns EFI_MEDIA_CHANGED. | |
If the security protocol fails to complete within the Timeout period, the function | |
shall return EFI_TIMEOUT. | |
If the security protocol command completes without an error, the function shall | |
return EFI_SUCCESS. If the security protocol command completes with an error, the | |
function shall return EFI_DEVICE_ERROR. | |
@param This Indicates a pointer to the calling context. | |
@param MediaId ID of the medium to receive data from. | |
@param Timeout The timeout, in 100ns units, to use for the execution | |
of the security protocol command. A Timeout value of 0 | |
means that this function will wait indefinitely for the | |
security protocol command to execute. If Timeout is greater | |
than zero, then this function will return EFI_TIMEOUT | |
if the time required to execute the receive data command | |
is greater than Timeout. | |
@param SecurityProtocolId The value of the "Security Protocol" parameter of | |
the security protocol command to be sent. | |
@param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter | |
of the security protocol command to be sent. | |
@param PayloadBufferSize Size in bytes of the payload data buffer. | |
@param PayloadBuffer A pointer to a destination buffer to store the security | |
protocol command specific payload data for the security | |
protocol command. The caller is responsible for having | |
either implicit or explicit ownership of the buffer. | |
@param PayloadTransferSize A pointer to a buffer to store the size in bytes of the | |
data written to the payload data buffer. | |
@retval EFI_SUCCESS The security protocol command completed successfully. | |
@retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available | |
data from the device. The PayloadBuffer contains the truncated data. | |
@retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. | |
@retval EFI_DEVICE_ERROR The security protocol command completed with an error. | |
@retval EFI_NO_MEDIA There is no media in the device. | |
@retval EFI_MEDIA_CHANGED The MediaId is not for the current media. | |
@retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and | |
PayloadBufferSize is non-zero. | |
@retval EFI_TIMEOUT A timeout occurred while waiting for the security | |
protocol command to execute. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
SecurityReceiveData ( | |
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, | |
IN UINT32 MediaId, | |
IN UINT64 Timeout, | |
IN UINT8 SecurityProtocolId, | |
IN UINT16 SecurityProtocolSpecificData, | |
IN UINTN PayloadBufferSize, | |
OUT VOID *PayloadBuffer, | |
OUT UINTN *PayloadTransferSize | |
); | |
/** | |
Send a security protocol command to a device. | |
The SendData function sends a security protocol command containing the payload | |
PayloadBuffer to the given MediaId. The security protocol command sent is | |
defined by SecurityProtocolId and contains the security protocol specific data | |
SecurityProtocolSpecificData. If the underlying protocol command requires a | |
specific padding for the command payload, the SendData function shall add padding | |
bytes to the command payload to satisfy the padding requirements. | |
For devices supporting the SCSI command set, the security protocol command is sent | |
using the SECURITY PROTOCOL OUT command defined in SPC-4. | |
For devices supporting the ATA command set, the security protocol command is sent | |
using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize | |
is non-zero. If the PayloadBufferSize is zero, the security protocol command is | |
sent using the Trusted Non-Data command defined in ATA8-ACS. | |
If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall | |
return EFI_INVALID_PARAMETER. | |
If the given MediaId does not support security protocol commands, the function | |
shall return EFI_UNSUPPORTED. If there is no media in the device, the function | |
returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the | |
device, the function returns EFI_MEDIA_CHANGED. | |
If the security protocol fails to complete within the Timeout period, the function | |
shall return EFI_TIMEOUT. | |
If the security protocol command completes without an error, the function shall return | |
EFI_SUCCESS. If the security protocol command completes with an error, the function | |
shall return EFI_DEVICE_ERROR. | |
@param This Indicates a pointer to the calling context. | |
@param MediaId ID of the medium to receive data from. | |
@param Timeout The timeout, in 100ns units, to use for the execution | |
of the security protocol command. A Timeout value of 0 | |
means that this function will wait indefinitely for the | |
security protocol command to execute. If Timeout is greater | |
than zero, then this function will return EFI_TIMEOUT | |
if the time required to execute the receive data command | |
is greater than Timeout. | |
@param SecurityProtocolId The value of the "Security Protocol" parameter of | |
the security protocol command to be sent. | |
@param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter | |
of the security protocol command to be sent. | |
@param PayloadBufferSize Size in bytes of the payload data buffer. | |
@param PayloadBuffer A pointer to a destination buffer to store the security | |
protocol command specific payload data for the security | |
protocol command. | |
@retval EFI_SUCCESS The security protocol command completed successfully. | |
@retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. | |
@retval EFI_DEVICE_ERROR The security protocol command completed with an error. | |
@retval EFI_NO_MEDIA There is no media in the device. | |
@retval EFI_MEDIA_CHANGED The MediaId is not for the current media. | |
@retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero. | |
@retval EFI_TIMEOUT A timeout occurred while waiting for the security | |
protocol command to execute. | |
**/ | |
EFI_STATUS | |
EFIAPI | |
SecuritySendData ( | |
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, | |
IN UINT32 MediaId, | |
IN UINT64 Timeout, | |
IN UINT8 SecurityProtocolId, | |
IN UINT16 SecurityProtocolSpecificData, | |
IN UINTN PayloadBufferSize, | |
IN VOID *PayloadBuffer | |
); | |
#endif // _OPAL_PASSWORD_SMM_H_ | |