Home | History | Annotate | Download | only in Library 
      1 /** @file
      2   Header file of Opal password support library.
      3 
      4 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
      5 This program and the accompanying materials
      6 are licensed and made available under the terms and conditions of the BSD License
      7 which accompanies this distribution.  The full text of the license may be found at
      8 http://opensource.org/licenses/bsd-license.php
      9 
     10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
     11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
     12 
     13 **/
     14 
     15 
     16 #ifndef _OPAL_PASSWORD_SUPPORT_LIB_H_
     17 #define _OPAL_PASSWORD_SUPPORT_LIB_H_
     18 
     19 #include <Protocol/DevicePath.h>
     20 #include <Library/TcgStorageOpalLib.h>
     21 
     22 
     23 #pragma pack(1)
     24 
     25 //
     26 // Structure that is used to represent the available actions for an OpalDisk.
     27 // The data can then be utilized to expose/hide certain actions available to an end user
     28 // by the consumer of this library.
     29 //
     30 typedef struct {
     31     //
     32     // Indicates if the disk can support PSID Revert action.  should verify disk supports PSID authority
     33     //
     34     UINT16 PsidRevert : 1;
     35 
     36     //
     37     // Indicates if the disk can support Revert action
     38     //
     39     UINT16 Revert : 1;
     40 
     41     //
     42     // Indicates if the user must keep data for revert action.  It is true if no media encryption is supported.
     43     //
     44     UINT16 RevertKeepDataForced : 1;
     45 
     46     //
     47     // Indicates if the disk can support set Admin password
     48     //
     49     UINT16 AdminPass : 1;
     50 
     51     //
     52     // Indicates if the disk can support set User password.  This action requires that a user
     53     // password is first enabled.
     54     //
     55     UINT16 UserPass : 1;
     56 
     57     //
     58     // Indicates if unlock action is available.  Requires disk to be currently locked.
     59     //
     60     UINT16 Unlock : 1;
     61 
     62     //
     63     // Indicates if Secure Erase action is available.  Action requires admin credentials and media encryption support.
     64     //
     65     UINT16 SecureErase : 1;
     66 
     67     //
     68     // Indicates if Disable User action is available.  Action requires admin credentials.
     69     //
     70     UINT16 DisableUser : 1;
     71 } OPAL_DISK_ACTIONS;
     72 
     73 //
     74 // Structure that is used to represent the Opal device with password info.
     75 //
     76 typedef struct {
     77   LIST_ENTRY                 Link;
     78 
     79   UINT8                      Password[32];
     80   UINT8                      PasswordLength;
     81 
     82   EFI_DEVICE_PATH_PROTOCOL   OpalDevicePath;
     83 } OPAL_DISK_AND_PASSWORD_INFO;
     84 
     85 #pragma pack()
     86 
     87 /**
     88 
     89   The function performs determines the available actions for the OPAL_DISK provided.
     90 
     91   @param[in]   SupportedAttributes   The support attribute for the device.
     92   @param[in]   LockingFeature        The locking status for the device.
     93   @param[in]   OwnerShip             The ownership for the device.
     94   @param[out]  AvalDiskActions       Pointer to fill-out with appropriate disk actions.
     95 
     96 **/
     97 TCG_RESULT
     98 EFIAPI
     99 OpalSupportGetAvailableActions(
    100   IN  OPAL_DISK_SUPPORT_ATTRIBUTE      *SupportedAttributes,
    101   IN  TCG_LOCKING_FEATURE_DESCRIPTOR   *LockingFeature,
    102   IN  UINT16                           OwnerShip,
    103   OUT OPAL_DISK_ACTIONS                *AvalDiskActions
    104   );
    105 
    106 /**
    107   Enable Opal Feature for the input device.
    108 
    109   @param[in]      Session            The opal session for the opal device.
    110   @param[in]      Msid               Msid
    111   @param[in]      MsidLength         Msid Length
    112   @param[in]      Password           Admin password
    113   @param[in]      PassLength         Length of password in bytes
    114   @param[in]      DevicePath         The device path for the opal devcie.
    115 
    116 **/
    117 TCG_RESULT
    118 EFIAPI
    119 OpalSupportEnableOpalFeature(
    120   IN OPAL_SESSION              *Session,
    121   IN VOID                      *Msid,
    122   IN UINT32                    MsidLength,
    123   IN VOID                      *Password,
    124   IN UINT32                    PassLength,
    125   IN EFI_DEVICE_PATH_PROTOCOL  *DevicePath
    126   );
    127 
    128 /**
    129   Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method.
    130 
    131   @param[in]      Session            The opal session for the opal device.
    132   @param[in]      Psid               PSID of device to revert.
    133   @param[in]      PsidLength         Length of PSID in bytes.
    134   @param[in]      DevicePath         The device path for the opal devcie.
    135 
    136 **/
    137 TCG_RESULT
    138 EFIAPI
    139 OpalSupportPsidRevert(
    140   IN OPAL_SESSION              *Session,
    141   IN VOID                      *Psid,
    142   IN UINT32                    PsidLength,
    143   IN EFI_DEVICE_PATH_PROTOCOL  *DevicePath
    144   );
    145 
    146 /**
    147   Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method.
    148 
    149   @param[in]      Session            The opal session for the opal device.
    150   @param[in]      KeepUserData       TRUE to keep existing Data on the disk, or FALSE to erase it
    151   @param[in]      Password           Admin password
    152   @param[in]      PasswordLength     Length of password in bytes
    153   @param[in]      Msid               Msid
    154   @param[in]      MsidLength         Msid Length
    155   @param[out]     PasswordFailed     indicates if password failed (start session didn't work)
    156   @param[in]      DevicePath         The device path for the opal devcie.
    157 
    158 **/
    159 TCG_RESULT
    160 EFIAPI
    161 OpalSupportRevert(
    162   IN  OPAL_SESSION              *Session,
    163   IN  BOOLEAN                   KeepUserData,
    164   IN  VOID                      *Password,
    165   IN  UINT32                    PasswordLength,
    166   IN  VOID                      *Msid,
    167   IN  UINT32                    MsidLength,
    168   OUT BOOLEAN                   *PasswordFailed,
    169   IN  EFI_DEVICE_PATH_PROTOCOL  *DevicePath
    170   );
    171 
    172 /**
    173   Set new password.
    174 
    175   @param[in]      Session            The opal session for the opal device.
    176   @param[in]      OldPassword        Current admin password
    177   @param[in]      OldPasswordLength  Length of current admin password in bytes
    178   @param[in]      NewPassword        New admin password to set
    179   @param[in]      NewPasswordLength  Length of new password in bytes
    180   @param[in]      DevicePath         The device path for the opal devcie.
    181   @param[in]      SetAdmin           Whether set admin password or user password.
    182                                      TRUE for admin, FALSE for user.
    183 
    184 **/
    185 TCG_RESULT
    186 EFIAPI
    187 OpalSupportSetPassword(
    188   IN OPAL_SESSION              *Session,
    189   IN VOID                      *OldPassword,
    190   IN UINT32                    OldPasswordLength,
    191   IN VOID                      *NewPassword,
    192   IN UINT32                    NewPasswordLength,
    193   IN EFI_DEVICE_PATH_PROTOCOL  *DevicePath,
    194   IN BOOLEAN                   SetAdmin
    195   );
    196 
    197 /**
    198   Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority.
    199 
    200   @param[in]      Session            The opal session for the opal device.
    201   @param[in]      Password           Admin password
    202   @param[in]      PasswordLength     Length of password in bytes
    203   @param[out]     PasswordFailed     Indicates if password failed (start session didn't work)
    204   @param[in]      DevicePath         The device path for the opal devcie.
    205 
    206 **/
    207 TCG_RESULT
    208 EFIAPI
    209 OpalSupportDisableUser(
    210   IN  OPAL_SESSION              *Session,
    211   IN  VOID                      *Password,
    212   IN  UINT32                    PasswordLength,
    213   OUT BOOLEAN                   *PasswordFailed,
    214   IN  EFI_DEVICE_PATH_PROTOCOL  *DevicePath
    215   );
    216 
    217 /**
    218   Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
    219   and updates the global locking range ReadLocked and WriteLocked columns to FALSE.
    220 
    221   @param[in]      Session            The opal session for the opal device.
    222   @param[in]      Password           Admin or user password
    223   @param[in]      PasswordLength     Length of password in bytes
    224   @param[in]      DevicePath         The device path for the opal devcie.
    225 
    226 **/
    227 TCG_RESULT
    228 EFIAPI
    229 OpalSupportUnlock(
    230   IN OPAL_SESSION               *Session,
    231   IN VOID                       *Password,
    232   IN UINT32                     PasswordLength,
    233   IN EFI_DEVICE_PATH_PROTOCOL   *DevicePath
    234   );
    235 
    236 /**
    237   Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY
    238   and updates the global locking range ReadLocked and WriteLocked columns to TRUE.
    239 
    240   @param[in]      Session             The opal session for the opal device.
    241   @param[in]      Password            Admin or user password
    242   @param[in]      PasswordLength      Length of password in bytes
    243   @param[in]      DevicePath          The device path for the opal devcie.
    244 
    245 **/
    246 TCG_RESULT
    247 EFIAPI
    248 OpalSupportLock(
    249   IN OPAL_SESSION               *Session,
    250   IN VOID                       *Password,
    251   IN UINT32                     PasswordLength,
    252   IN EFI_DEVICE_PATH_PROTOCOL   *DevicePath
    253   );
    254 
    255 /**
    256   Check if the password is full zero.
    257 
    258   @param[in]   Password       Points to the Data Buffer
    259 
    260   @retval      TRUE           This password string is full zero.
    261   @retval      FALSE          This password string is not full zero.
    262 
    263 **/
    264 LIST_ENTRY *
    265 EFIAPI
    266 OpalSupportGetOpalDeviceList (
    267   VOID
    268   );
    269 
    270 /**
    271   Transfer the password to the smm driver.
    272 
    273   @param[in]  DevicePath     The device path for the opal devcie.
    274   @param      PasswordLen    The input password length.
    275   @param      Password       Input password buffer.
    276 
    277   @retval  EFI_SUCCESS       Do the required action success.
    278   @retval  Others            Error occured.
    279 
    280 **/
    281 EFI_STATUS
    282 EFIAPI
    283 OpalSupportSendPasword(
    284   EFI_DEVICE_PATH_PROTOCOL    *DevicePath,
    285   UINTN                       PasswordLen,
    286   VOID                        *Password
    287   );
    288 
    289 #endif // _OPAL_CORE_H_
    290