From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: maggie.chu@intel.com) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by groups.io with SMTP; Tue, 30 Apr 2019 03:40:59 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Apr 2019 03:40:58 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,413,1549958400"; d="scan'208";a="153538723" Received: from chumaggi-mobl.gar.corp.intel.com ([10.255.183.79]) by FMSMGA003.fm.intel.com with ESMTP; 30 Apr 2019 03:40:56 -0700 From: "Maggie Chu" To: devel@edk2.groups.io Cc: Chao Zhang , Jiewen Yao , Eric Dong Subject: [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase Date: Tue, 30 Apr 2019 18:40:46 +0800 Message-Id: <20190430104046.14964-1-maggie.chu@intel.com> X-Mailer: git-send-email 2.14.2.windows.3 https://bugzilla.tianocore.org/show_bug.cgi?id=1753 Add pop-up warning messages before secure erase action. In order to notify user the secure erase action will take a longer time. This change also fix some pop-up windows are unable to show up complete message due to some strings are too long. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu Cc: Chao Zhang Cc: Jiewen Yao Cc: Eric Dong --- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 131 ++++++++++++++++++------- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c | 23 +++-- 2 files changed, 112 insertions(+), 42 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index ed7f968255..42999c89f0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -487,6 +487,7 @@ OpalEndOfDxeEventNotify ( OPAL request. @param[in] PopUpString Pop up string. @param[in] PopUpString2 Pop up string in line 2. + @param[in] PopUpString3 Pop up string in line 3. @param[out] PressEsc Whether user escape function through Press ESC. @@ -498,6 +499,7 @@ OpalDriverPopUpPsidInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -527,15 +529,28 @@ OpalDriverPopUpPsidInput ( NULL ); } else { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &InputKey, - PopUpString, - PopUpString2, - L"---------------------", - Mask, - NULL - ); + if (PopUpString3 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + L"---------------------", + Mask, + NULL + ); + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + PopUpString3, + L"---------------------", + Mask, + NULL + ); + } } // @@ -625,6 +640,7 @@ OpalDriverPopUpPsidInput ( process OPAL request. @param[in] PopUpString1 Pop up string 1. @param[in] PopUpString2 Pop up string 2. + @param[in] PopUpString3 Pop up string 3. @param[out] PressEsc Whether user escape function through Press ESC. @retval Password string if success. NULL if failed. @@ -635,6 +651,7 @@ OpalDriverPopUpPasswordInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString1, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -664,15 +681,28 @@ OpalDriverPopUpPasswordInput ( NULL ); } else { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &InputKey, - PopUpString1, - PopUpString2, - L"---------------------", - Mask, - NULL - ); + if (PopUpString3 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + L"---------------------", + Mask, + NULL + ); + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + PopUpString3, + L"---------------------", + Mask, + NULL + ); + } } // @@ -823,7 +853,7 @@ OpalDriverRequestPassword ( } while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { if (IsLocked) { // @@ -988,7 +1018,7 @@ ProcessOpalRequestEnableFeature ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1017,7 +1047,7 @@ ProcessOpalRequestEnableFeature ( } PasswordLen = (UINT32) AsciiStrLen(Password); - PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", &PressEsc); + PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { ZeroMem (Password, PasswordLen); FreePool (Password); @@ -1132,7 +1162,7 @@ ProcessOpalRequestDisableUser ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1227,6 +1257,7 @@ ProcessOpalRequestPsidRevert ( TCG_RESULT Ret; CHAR16 *PopUpString; CHAR16 *PopUpString2; + CHAR16 *PopUpString3; UINTN BufferSize; if (Dev == NULL) { @@ -1238,17 +1269,19 @@ ProcessOpalRequestPsidRevert ( PopUpString = OpalGetPopUpString (Dev, RequestString); if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { - BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds, DO NOT power off system during the revert action!"); + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); PopUpString2 = AllocateZeroPool (BufferSize); ASSERT (PopUpString2 != NULL); UnicodeSPrint ( PopUpString2, BufferSize, - L"WARNING: Revert action will take about %d seconds, DO NOT power off system during the revert action!", + L"WARNING: Revert action will take about %d seconds", Dev->OpalDisk.EstimateTimeCost ); + PopUpString3 = L"DO NOT power off system during the revert action!"; } else { PopUpString2 = NULL; + PopUpString3 = NULL; } Count = 0; @@ -1259,7 +1292,7 @@ ProcessOpalRequestPsidRevert ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PSID_TRY_COUNT) { - Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, PopUpString2, &PressEsc); + Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1361,6 +1394,7 @@ ProcessOpalRequestRevert ( BOOLEAN PasswordFailed; CHAR16 *PopUpString; CHAR16 *PopUpString2; + CHAR16 *PopUpString3; UINTN BufferSize; if (Dev == NULL) { @@ -1373,17 +1407,19 @@ ProcessOpalRequestRevert ( if ((!KeepUserData) && (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME)) { - BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds, DO NOT power off system during the revert action!"); + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); PopUpString2 = AllocateZeroPool (BufferSize); ASSERT (PopUpString2 != NULL); UnicodeSPrint ( PopUpString2, BufferSize, - L"WARNING: Revert action will take about %d seconds, DO NOT power off system during the revert action!", + L"WARNING: Revert action will take about %d seconds", Dev->OpalDisk.EstimateTimeCost ); + PopUpString3 = L"DO NOT power off system during the revert action!"; } else { PopUpString2 = NULL; + PopUpString3 = NULL; } Count = 0; @@ -1394,7 +1430,7 @@ ProcessOpalRequestRevert ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1520,6 +1556,9 @@ ProcessOpalRequestSecureErase ( TCG_RESULT Ret; BOOLEAN PasswordFailed; CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; if (Dev == NULL) { return; @@ -1529,6 +1568,21 @@ ProcessOpalRequestSecureErase ( PopUpString = OpalGetPopUpString (Dev, RequestString); + if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { + BufferSize = StrSize (L"Warning: Secure erase action will take about ####### seconds"); + PopUpString2 = AllocateZeroPool (BufferSize); + ASSERT (PopUpString2 != NULL); + UnicodeSPrint ( + PopUpString2, + BufferSize, + L"WARNING: Secure erase action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost + ); + PopUpString3 = L"DO NOT power off system during the action!"; + } else { + PopUpString2 = NULL; + PopUpString3 = NULL; + } Count = 0; ZeroMem(&Session, sizeof(Session)); @@ -1537,7 +1591,7 @@ ProcessOpalRequestSecureErase ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1551,7 +1605,7 @@ ProcessOpalRequestSecureErase ( if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { gST->ConOut->ClearScreen(gST->ConOut); - return; + goto Done; } else { // // Let user input password again. @@ -1608,6 +1662,11 @@ ProcessOpalRequestSecureErase ( } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); gST->ConOut->ClearScreen(gST->ConOut); } + +Done: + if (PopUpString2 != NULL) { + FreePool (PopUpString2); + } } /** @@ -1647,7 +1706,7 @@ ProcessOpalRequestSetUserPwd ( Count = 0; while (Count < MAX_PASSWORD_TRY_COUNT) { - OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", &PressEsc); + OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1705,7 +1764,7 @@ ProcessOpalRequestSetUserPwd ( } } - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (Password == NULL) { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); @@ -1714,7 +1773,7 @@ ProcessOpalRequestSetUserPwd ( } PasswordLen = (UINT32) AsciiStrLen(Password); - PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", &PressEsc); + PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); @@ -1846,7 +1905,7 @@ ProcessOpalRequestSetAdminPwd ( Count = 0; while (Count < MAX_PASSWORD_TRY_COUNT) { - OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", &PressEsc); + OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1899,7 +1958,7 @@ ProcessOpalRequestSetAdminPwd ( continue; } - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (Password == NULL) { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); @@ -1908,7 +1967,7 @@ ProcessOpalRequestSetAdminPwd ( } PasswordLen = (UINT32) AsciiStrLen(Password); - PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", &PressEsc); + PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { ZeroMem (OldPassword, OldPasswordLen); FreePool (OldPassword); diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c index 8abb3d028b..d0f3eda1e8 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c @@ -511,13 +511,15 @@ GetDiskNameStringId( /** Confirm whether user truly want to do the revert action. - @param OpalDisk The device which need to do the revert action. + @param OpalDisk The device which need to perform data removal action. + @param ActionString Specifies the action name shown on pop up menu. @retval EFI_SUCCESS Confirmed user want to do the revert action. **/ EFI_STATUS -HiiConfirmRevertAction ( - IN OPAL_DISK *OpalDisk +HiiConfirmDataRemovalAction ( + IN OPAL_DISK *OpalDisk, + IN CHAR16 *ActionString ) { @@ -537,14 +539,14 @@ HiiConfirmRevertAction ( ApproveResponse = L'Y'; RejectResponse = L'N'; - UnicodeSPrint(Unicode, StrSize(L"WARNING: Revert device needs about ####### seconds"), L"WARNING: Revert device needs about %d seconds", OpalDisk->EstimateTimeCost); + UnicodeSPrint(Unicode, StrSize(L"WARNING: ############# action needs about ####### seconds"), L"WARNING: %s action needs about %d seconds", ActionString, OpalDisk->EstimateTimeCost); do { CreatePopUp( EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, Unicode, - L" System should not be powered off until revert completion ", + L" System should not be powered off until action completion ", L" ", L" Press 'Y/y' to continue, press 'N/n' to cancal ", NULL @@ -634,7 +636,16 @@ DriverCallback( case HII_KEY_ID_PSID_REVERT: OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); if (OpalDisk != NULL) { - return HiiConfirmRevertAction (OpalDisk); + return HiiConfirmDataRemovalAction (OpalDisk, L"Revert"); + } else { + ASSERT (FALSE); + return EFI_SUCCESS; + } + + case HII_KEY_ID_SECURE_ERASE: + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + return HiiConfirmDataRemovalAction (OpalDisk, L"Secure erase"); } else { ASSERT (FALSE); return EFI_SUCCESS; -- 2.16.2.windows.1