From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by mx.groups.io with SMTP id smtpd.web11.6954.1602746112886502181
 for <devel@edk2.groups.io>;
 Thu, 15 Oct 2020 00:15:13 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: maggie.chu@intel.com)
IronPort-SDR: ufRZkLTsnI6DTj+aznPm5EYyfH2MvMPpOvKSMMfGv5bPskD6ondluF3wUUaewcQpVFYEl4q03h
 MdPEJp7I7erA==
X-IronPort-AV: E=McAfee;i="6000,8403,9774"; a="166341634"
X-IronPort-AV: E=Sophos;i="5.77,378,1596524400"; 
   d="scan'208";a="166341634"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga003.jf.intel.com ([10.7.209.27])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Oct 2020 00:15:10 -0700
IronPort-SDR: KVSDgfhuVHrvocycQGVy896wWJehwut5vcaIGBwONOQFA3D/QTRqLk0ZslC/aXTdqaavRYv+v4
 fcP3qCeHVdAA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.77,378,1596524400"; 
   d="scan'208";a="314412893"
Received: from chumaggi-mobl.gar.corp.intel.com ([10.5.241.223])
  by orsmga003.jf.intel.com with ESMTP; 15 Oct 2020 00:15:08 -0700
From: "Maggie Chu" <maggie.chu@intel.com>
To: devel@edk2.groups.io
Cc: Maggie Chu <maggie.chu@intel.com>,
	Eric Dong <eric.dong@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Qi Zhang <qi1.zhang@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>
Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
Date: Thu, 15 Oct 2020 15:14:42 +0800
Message-Id: <20201015071442.955-1-Maggie.Chu@intel.com>
X-Mailer: git-send-email 2.26.2.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Maggie Chu <maggie.chu@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=3D3004

Secure erase is performed by generating a new encryption key,
this is only available if encryption is supported.
This commit will hide "secure erase" option from setup page
if connected device doesn't support encryption.

Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/T=
cg/Opal/OpalPassword/OpalDriver.c
index b5b6aec98c..bf5e374163 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
     // Secure erase is performed by generating a new encryption key=0D
     // this is only available if encryption is supported=0D
     //=0D
-    AvalDiskActions->SecureErase =3D 1;=0D
+    if (SupportedAttributes->MediaEncryption) {=0D
+      AvalDiskActions->SecureErase =3D 1;=0D
+    } else {=0D
+      AvalDiskActions->SecureErase =3D 0;=0D
+    }=0D
   } else {=0D
     AvalDiskActions->PsidRevert =3D 0;=0D
     AvalDiskActions->SecureErase =3D 0;=0D
--=20
2.16.2.windows.1