From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Eric Dong <eric.dong@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Chao Zhang <chao.b.zhang@intel.com>,
Star Zeng <star.zeng@intel.com>
Subject: [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID
Date: Thu, 24 Nov 2016 17:14:03 +0800 [thread overview]
Message-ID: <1479978844-101272-3-git-send-email-star.zeng@intel.com> (raw)
In-Reply-To: <1479978844-101272-1-git-send-email-star.zeng@intel.com>
From: Eric Dong <eric.dong@intel.com>
Update the implementation to use PP BlockSID related actions.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +---
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 3 +-
SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 139 ++++++++++++++++-----
.../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 ++-
.../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +-
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 +
.../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +++-
7 files changed, 159 insertions(+), 60 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
index 91324cd61df0..cd0c5a4096a0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c
@@ -417,28 +417,15 @@ ReadyToBootCallback (
IN VOID *Context
)
{
- EFI_STATUS Status;
- OPAL_DRIVER_DEVICE* Itr;
- TCG_RESULT Result;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
- OPAL_SESSION Session;
+ OPAL_DRIVER_DEVICE *Itr;
+ TCG_RESULT Result;
+ OPAL_SESSION Session;
+ UINT32 PpStorageFlag;
gBS->CloseEvent (Event);
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->GetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- NULL,
- &DataSize,
- &OpalExtraInfo
- );
- if (EFI_ERROR (Status)) {
- return;
- }
-
- if (OpalExtraInfo.EnableBlockSid == TRUE) {
+ PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags ();
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
//
// Send BlockSID command to each Opal disk
//
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
index 213c139e0145..7761d64cbb28 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h
@@ -17,8 +17,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <PiDxe.h>
-#include <Guid/OpalPasswordExtraInfoVariable.h>
-
#include <Protocol/PciIo.h>
#include <Protocol/SmmCommunication.h>
#include <Protocol/BlockIo.h>
@@ -40,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiHiiServicesLib.h>
#include <Library/TcgStorageOpalLib.h>
#include <Library/OpalPasswordSupportLib.h>
+#include <Library/Tcg2PhysicalPresenceLib.h>
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
index 1e4987f9a0f3..4f82c1c545ee 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c
@@ -90,23 +90,63 @@ HiiSetCurrentConfiguration(
VOID
)
{
- EFI_STATUS Status;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
+ UINT32 PpStorageFlag;
+ EFI_STRING NewString;
gHiiConfiguration.NumDisks = GetDeviceCount();
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->GetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- NULL,
- &DataSize,
- &OpalExtraInfo
- );
- if (!EFI_ERROR (Status)) {
- gHiiConfiguration.EnableBlockSid = OpalExtraInfo.EnableBlockSid;
+ //
+ // Update the BlockSID status string.
+ //
+ PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags ();
+
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ }
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL);
+ FreePool (NewString);
+
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
}
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL);
+ FreePool (NewString);
+
+ if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ } else {
+ NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL);
+ if (NewString == NULL) {
+ DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n"));
+ return;
+ }
+ }
+ HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL);
+ FreePool (NewString);
}
/**
@@ -400,6 +440,7 @@ DriverCallback(
{
HII_KEY HiiKey;
UINT8 HiiKeyId;
+ UINT32 PpRequest;
if (ActionRequest != NULL) {
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE;
@@ -468,9 +509,47 @@ DriverCallback(
} else if (Action == EFI_BROWSER_ACTION_CHANGED) {
switch (HiiKeyId) {
case HII_KEY_ID_BLOCKSID:
- HiiSetBlockSid(Value->b);
+ switch (Value->u8) {
+ case 0:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ break;
+
+ case 1:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID;
+ break;
+
+ case 2:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID;
+ break;
+
+ case 3:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE;
+ break;
+
+ case 4:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE;
+ break;
+
+ case 5:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE;
+ break;
+
+ case 6:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE;
+ break;
+
+ default:
+ PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION;
+ DEBUG ((DEBUG_ERROR, "Invalid value input!\n"));
+ break;
+ }
+ HiiSetBlockSidAction(PpRequest);
+
*ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
return EFI_SUCCESS;
+
+ default:
+ break;
}
}
@@ -1104,25 +1183,23 @@ HiiPasswordEntered(
**/
EFI_STATUS
-HiiSetBlockSid (
- BOOLEAN Enable
+HiiSetBlockSidAction (
+ IN UINT32 PpRequest
)
{
- EFI_STATUS Status;
- OPAL_EXTRA_INFO_VAR OpalExtraInfo;
- UINTN DataSize;
-
- Status = EFI_SUCCESS;
-
- OpalExtraInfo.EnableBlockSid = Enable;
- DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
- Status = gRT->SetVariable (
- OPAL_EXTRA_INFO_VAR_NAME,
- &gOpalExtraInfoVariableGuid,
- EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE,
- DataSize,
- &OpalExtraInfo
- );
+ UINT32 ReturnCode;
+ EFI_STATUS Status;
+
+ ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0);
+ if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
+ Status = EFI_SUCCESS;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
+ Status = EFI_OUT_OF_RESOURCES;
+ } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
+ Status = EFI_UNSUPPORTED;
+ } else {
+ Status = EFI_DEVICE_ERROR;
+ }
return Status;
}
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
index 754dbf776b1d..4cfbde3f847e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni
@@ -54,9 +54,21 @@
#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
-#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "Enable BlockSID"
-#string STR_ENABLED #language en-US "Enabled"
-#string STR_DISABLED #language en-US "Disabled"
+#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
+#string STR_ENABLED #language en-US "Enable BlockSID"
+#string STR_DISABLED #language en-US "Disable BlockSID"
+
+#string STR_NONE #language en-US "None"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
+
+#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
+#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
+#string STR_BLOCKSID_STATUS1 #language en-US ""
+#string STR_BLOCKSID_STATUS2 #language en-US ""
+#string STR_BLOCKSID_STATUS3 #language en-US ""
#string STR_DISK_INFO_GOTO_LOCK_HELP #language en-US "Lock the disk"
#string STR_DISK_INFO_GOTO_UNLOCK_HELP #language en-US "Unlock the disk"
@@ -66,7 +78,7 @@
#string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults"
#string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language en-US "Disable User"
#string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language en-US "Enable Feature"
-#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Enable to send BlockSID command"
+#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
///////////////////////////////// DISK ACTION MENU FORM /////////////////////////////////
#string STR_DISK_ACTION_LBL #language en-US " "
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
index 1f1afbc21e62..ec5a93cf3f3e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h
@@ -211,15 +211,15 @@ HiiPasswordEntered(
/**
Update block sid info.
- @param Enable Enable/disable BlockSid.
+ @param PpRequest Input the Pp Request.
@retval EFI_SUCCESS Do the required action success.
@retval Others Other error occur.
**/
EFI_STATUS
-HiiSetBlockSid (
- BOOLEAN Enable
+HiiSetBlockSidAction (
+ UINT32 PpRequest
);
/**
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
index 703c1b6039ad..f2afc378108c 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf
@@ -62,6 +62,7 @@ [LibraryClasses]
OpalPasswordSupportLib
UefiLib
TcgStorageOpalLib
+ Tcg2PhysicalPresenceLib
[Protocols]
gEfiHiiConfigAccessProtocolGuid ## PRODUCES
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
index 88cc2a1c4e98..218e0f442ce6 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr
@@ -118,15 +118,38 @@ form formid = FORMID_VALUE_MAIN_MENU,
subtitle text = STRING_TOKEN(STR_NULL);
+ grayoutif TRUE;
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS1);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS2);
+ text
+ help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP),
+ text = STRING_TOKEN(STR_BLOCKSID_STATUS3);
+ subtitle text = STRING_TOKEN(STR_NULL);
+ endif;
+
oneof varid = OpalHiiConfig.EnableBlockSid,
questionid = 0x8017, // 32791,
prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID),
help = STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP),
flags = INTERACTIVE,
- option text = STRING_TOKEN(STR_DISABLED), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED;
option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED;
+ option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED;
endoneof;
+
+
endform; // MAIN MENU FORM
//
--
2.7.0.windows.1
next prev parent reply other threads:[~2016-11-24 9:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-24 9:14 [PATCH 0/3] Support TCG2 BlockSID related actions Star Zeng
2016-11-24 9:14 ` [PATCH 1/3] SecurityPkg Tcg2PPLib: Support " Star Zeng
2016-11-24 12:23 ` Yao, Jiewen
2016-11-24 9:14 ` Star Zeng [this message]
2016-11-24 12:20 ` [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Yao, Jiewen
2016-11-24 9:14 ` [PATCH 3/3] SecurityPkg Tcg2ConfigDxe: Remove BlockSID actions and related strings Star Zeng
2016-11-24 12:20 ` Yao, Jiewen
2016-11-25 2:13 ` [PATCH 0/3] Support TCG2 BlockSID related actions Dong, Eric
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479978844-101272-3-git-send-email-star.zeng@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox