From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 47B4681ED8 for ; Thu, 24 Nov 2016 04:20:25 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga101.fm.intel.com with ESMTP; 24 Nov 2016 04:20:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,543,1473145200"; d="scan'208";a="790303809" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by FMSMGA003.fm.intel.com with ESMTP; 24 Nov 2016 04:20:24 -0800 Received: from fmsmsx124.amr.corp.intel.com (10.18.125.39) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 24 Nov 2016 04:20:24 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx124.amr.corp.intel.com (10.18.125.39) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 24 Nov 2016 04:20:24 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.96]) with mapi id 14.03.0248.002; Thu, 24 Nov 2016 20:20:20 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Dong, Eric" , "Zhang, Chao B" Thread-Topic: [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID Thread-Index: AQHSRjMq5vVSqj5CSES2Bu7/2Z0Q+qDoDclA Date: Thu, 24 Nov 2016 12:20:20 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386DA477@shsmsx102.ccr.corp.intel.com> References: <1479978844-101272-1-git-send-email-star.zeng@intel.com> <1479978844-101272-3-git-send-email-star.zeng@intel.com> In-Reply-To: <1479978844-101272-3-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to enable BlockSID X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Nov 2016 12:20:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Thursday, November 24, 2016 5:14 PM > To: edk2-devel@lists.01.org > Cc: Dong, Eric ; Yao, Jiewen ; > Zhang, Chao B ; Zeng, Star > Subject: [PATCH 2/3] SecurityPkg OpalPasswordDxe: Use PP actions to > enable BlockSID >=20 > From: Eric Dong >=20 > Update the implementation to use PP BlockSID related actions. >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Eric Dong > Signed-off-by: Star Zeng > --- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c | 25 +--- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h | 3 +- > SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c | 139 > ++++++++++++++++----- > .../Opal/OpalPasswordDxe/OpalHiiFormStrings.uni | 20 ++- > .../Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h | 6 +- > .../Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf | 1 + > .../Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr | 25 +++- > 7 files changed, 159 insertions(+), 60 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > index 91324cd61df0..cd0c5a4096a0 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.c > @@ -417,28 +417,15 @@ ReadyToBootCallback ( > IN VOID *Context > ) > { > - EFI_STATUS Status; > - OPAL_DRIVER_DEVICE* Itr; > - TCG_RESULT Result; > - OPAL_EXTRA_INFO_VAR OpalExtraInfo; > - UINTN DataSize; > - OPAL_SESSION Session; > + OPAL_DRIVER_DEVICE *Itr; > + TCG_RESULT Result; > + OPAL_SESSION Session; > + UINT32 PpStorageFlag; >=20 > gBS->CloseEvent (Event); >=20 > - DataSize =3D sizeof (OPAL_EXTRA_INFO_VAR); > - Status =3D gRT->GetVariable ( > - OPAL_EXTRA_INFO_VAR_NAME, > - &gOpalExtraInfoVariableGuid, > - NULL, > - &DataSize, > - &OpalExtraInfo > - ); > - if (EFI_ERROR (Status)) { > - return; > - } > - > - if (OpalExtraInfo.EnableBlockSid =3D=3D TRUE) { > + PpStorageFlag =3D Tcg2PhysicalPresenceLibGetManagementFlags (); > + if ((PpStorageFlag & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) !=3D 0) { > // > // Send BlockSID command to each Opal disk > // > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h > index 213c139e0145..7761d64cbb28 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalDriver.h > @@ -17,8 +17,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. >=20 > #include >=20 > -#include > - > #include > #include > #include > @@ -40,6 +38,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include >=20 > #define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver" >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > index 1e4987f9a0f3..4f82c1c545ee 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHii.c > @@ -90,23 +90,63 @@ HiiSetCurrentConfiguration( > VOID > ) > { > - EFI_STATUS Status; > - OPAL_EXTRA_INFO_VAR OpalExtraInfo; > - UINTN DataSize; > + UINT32 PpStorageFlag; > + EFI_STRING NewString; >=20 > gHiiConfiguration.NumDisks =3D GetDeviceCount(); >=20 > - DataSize =3D sizeof (OPAL_EXTRA_INFO_VAR); > - Status =3D gRT->GetVariable ( > - OPAL_EXTRA_INFO_VAR_NAME, > - &gOpalExtraInfoVariableGuid, > - NULL, > - &DataSize, > - &OpalExtraInfo > - ); > - if (!EFI_ERROR (Status)) { > - gHiiConfiguration.EnableBlockSid =3D OpalExtraInfo.EnableBlockSid; > + // > + // Update the BlockSID status string. > + // > + PpStorageFlag =3D Tcg2PhysicalPresenceLibGetManagementFlags (); > + > + if ((PpStorageFlag & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) !=3D 0) { > + NewString =3D HiiGetString (gHiiPackageListHandle, > STRING_TOKEN(STR_ENABLED), NULL); > + if (NewString =3D=3D NULL) { > + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: > HiiGetString( ) failed\n")); > + return; > + } > + } else { > + NewString =3D HiiGetString (gHiiPackageListHandle, > STRING_TOKEN(STR_DISABLED), NULL); > + if (NewString =3D=3D NULL) { > + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: > HiiGetString( ) failed\n")); > + return; > + } > + } > + HiiSetString(gHiiPackageListHandle, > STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL); > + FreePool (NewString); > + > + if ((PpStorageFlag & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_ > BLOCK_SID) !=3D 0) { > + NewString =3D HiiGetString (gHiiPackageListHandle, > STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL); > + if (NewString =3D=3D NULL) { > + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: > HiiGetString( ) failed\n")); > + return; > + } > + } else { > + NewString =3D HiiGetString (gHiiPackageListHandle, > STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL); > + if (NewString =3D=3D NULL) { > + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: > HiiGetString( ) failed\n")); > + return; > + } > } > + HiiSetString(gHiiPackageListHandle, > STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL); > + FreePool (NewString); > + > + if ((PpStorageFlag & > TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_ > BLOCK_SID) !=3D 0) { > + NewString =3D HiiGetString (gHiiPackageListHandle, > STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL); > + if (NewString =3D=3D NULL) { > + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: > HiiGetString( ) failed\n")); > + return; > + } > + } else { > + NewString =3D HiiGetString (gHiiPackageListHandle, > STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL); > + if (NewString =3D=3D NULL) { > + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: > HiiGetString( ) failed\n")); > + return; > + } > + } > + HiiSetString(gHiiPackageListHandle, > STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL); > + FreePool (NewString); > } >=20 > /** > @@ -400,6 +440,7 @@ DriverCallback( > { > HII_KEY HiiKey; > UINT8 HiiKeyId; > + UINT32 PpRequest; >=20 > if (ActionRequest !=3D NULL) { > *ActionRequest =3D EFI_BROWSER_ACTION_REQUEST_NONE; > @@ -468,9 +509,47 @@ DriverCallback( > } else if (Action =3D=3D EFI_BROWSER_ACTION_CHANGED) { > switch (HiiKeyId) { > case HII_KEY_ID_BLOCKSID: > - HiiSetBlockSid(Value->b); > + switch (Value->u8) { > + case 0: > + PpRequest =3D TCG2_PHYSICAL_PRESENCE_NO_ACTION; > + break; > + > + case 1: > + PpRequest =3D > TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID; > + break; > + > + case 2: > + PpRequest =3D > TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID; > + break; > + > + case 3: > + PpRequest =3D > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_TRUE; > + break; > + > + case 4: > + PpRequest =3D > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_ > FUNC_FALSE; > + break; > + > + case 5: > + PpRequest =3D > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_TRUE; > + break; > + > + case 6: > + PpRequest =3D > TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_ > FUNC_FALSE; > + break; > + > + default: > + PpRequest =3D TCG2_PHYSICAL_PRESENCE_NO_ACTION; > + DEBUG ((DEBUG_ERROR, "Invalid value input!\n")); > + break; > + } > + HiiSetBlockSidAction(PpRequest); > + > *ActionRequest =3D > EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; > return EFI_SUCCESS; > + > + default: > + break; > } > } >=20 > @@ -1104,25 +1183,23 @@ HiiPasswordEntered( >=20 > **/ > EFI_STATUS > -HiiSetBlockSid ( > - BOOLEAN Enable > +HiiSetBlockSidAction ( > + IN UINT32 PpRequest > ) > { > - EFI_STATUS Status; > - OPAL_EXTRA_INFO_VAR OpalExtraInfo; > - UINTN DataSize; > - > - Status =3D EFI_SUCCESS; > - > - OpalExtraInfo.EnableBlockSid =3D Enable; > - DataSize =3D sizeof (OPAL_EXTRA_INFO_VAR); > - Status =3D gRT->SetVariable ( > - OPAL_EXTRA_INFO_VAR_NAME, > - &gOpalExtraInfoVariableGuid, > - EFI_VARIABLE_BOOTSERVICE_ACCESS | > EFI_VARIABLE_NON_VOLATILE, > - DataSize, > - &OpalExtraInfo > - ); > + UINT32 ReturnCode; > + EFI_STATUS Status; > + > + ReturnCode =3D Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction > (PpRequest, 0); > + if (ReturnCode =3D=3D TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { > + Status =3D EFI_SUCCESS; > + } else if (ReturnCode =3D=3D > TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { > + Status =3D EFI_OUT_OF_RESOURCES; > + } else if (ReturnCode =3D=3D > TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { > + Status =3D EFI_UNSUPPORTED; > + } else { > + Status =3D EFI_DEVICE_ERROR; > + } >=20 > return Status; > } > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni > index 754dbf776b1d..4cfbde3f847e 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiFormStrings.uni > @@ -54,9 +54,21 @@ > #string STR_DISK_INFO_REVERT #language en-US > "Admin Revert to factory default and Disable" > #string STR_DISK_INFO_DISABLE_USER #language en-US > "Disable User" > #string STR_DISK_INFO_ENABLE_FEATURE #language en-US > "Enable Feature" > -#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US > "Enable BlockSID" > -#string STR_ENABLED #language en-US > "Enabled" > -#string STR_DISABLED #language en-US > "Disabled" > +#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US > "TCG Storage Action" > +#string STR_ENABLED #language > en-US "Enable BlockSID" > +#string STR_DISABLED #language en-US > "Disable BlockSID" > + > +#string STR_NONE #language > en-US "None" > +#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language > en-US "Require physical presence when remote enable BlockSID" > +#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US > "Not require physical presence when remote enable BlockSID" > +#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US > "Require physical presence when remote disable BlockSID" > +#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US > "Not require physical presence when remote disable BlockSID" > + > +#string STR_BLOCKSID_STATUS_HELP #language en-US > "BlockSID action change status" > +#string STR_BLOCKSID_STATUS #language en-US > "Current BlockSID Status:" > +#string STR_BLOCKSID_STATUS1 #language en-US > "" > +#string STR_BLOCKSID_STATUS2 #language en-US > "" > +#string STR_BLOCKSID_STATUS3 #language en-US > "" >=20 > #string STR_DISK_INFO_GOTO_LOCK_HELP #language > en-US "Lock the disk" > #string STR_DISK_INFO_GOTO_UNLOCK_HELP #language > en-US "Unlock the disk" > @@ -66,7 +78,7 @@ > #string STR_DISK_INFO_GOTO_PSID_REVERT_HELP #language > en-US "Revert the disk to factory defaults" > #string STR_DISK_INFO_GOTO_DISABLE_USER_HELP #language > en-US "Disable User" > #string STR_DISK_INFO_GOTO_ENABLE_FEATURE_HELP #language > en-US "Enable Feature" > -#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language > en-US "Enable to send BlockSID command" > +#string STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP #language > en-US "Change BlockSID actions, includes enable or disable BlockSID, > Require or not require physical presence when remote enable or disable > BlockSID" >=20 > ///////////////////////////////// DISK ACTION MENU FORM > ///////////////////////////////// > #string STR_DISK_ACTION_LBL #language en-US " > " > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > index 1f1afbc21e62..ec5a93cf3f3e 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalHiiPrivate.h > @@ -211,15 +211,15 @@ HiiPasswordEntered( > /** > Update block sid info. >=20 > - @param Enable Enable/disable BlockSid. > + @param PpRequest Input the Pp Request. >=20 > @retval EFI_SUCCESS Do the required action success. > @retval Others Other error occur. >=20 > **/ > EFI_STATUS > -HiiSetBlockSid ( > - BOOLEAN Enable > +HiiSetBlockSidAction ( > + UINT32 PpRequest > ); >=20 > /** > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf > index 703c1b6039ad..f2afc378108c 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordDxe.inf > @@ -62,6 +62,7 @@ [LibraryClasses] > OpalPasswordSupportLib > UefiLib > TcgStorageOpalLib > + Tcg2PhysicalPresenceLib >=20 > [Protocols] > gEfiHiiConfigAccessProtocolGuid ## PRODUCES > diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr > b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr > index 88cc2a1c4e98..218e0f442ce6 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr > +++ b/SecurityPkg/Tcg/Opal/OpalPasswordDxe/OpalPasswordForm.vfr > @@ -118,15 +118,38 @@ form formid =3D FORMID_VALUE_MAIN_MENU, >=20 > subtitle text =3D STRING_TOKEN(STR_NULL); >=20 > + grayoutif TRUE; > + text > + help =3D STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), > + text =3D STRING_TOKEN(STR_BLOCKSID_STATUS); > + text > + help =3D STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), > + text =3D STRING_TOKEN(STR_BLOCKSID_STATUS1); > + text > + help =3D STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), > + text =3D STRING_TOKEN(STR_BLOCKSID_STATUS2); > + text > + help =3D STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), > + text =3D STRING_TOKEN(STR_BLOCKSID_STATUS3); > + subtitle text =3D STRING_TOKEN(STR_NULL); > + endif; > + > oneof varid =3D OpalHiiConfig.EnableBlockSid, > questionid =3D 0x8017, // 32791, > prompt =3D > STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID), > help =3D > STRING_TOKEN(STR_DISK_INFO_GOTO_ENABLE_BLOCKSID_HELP), > flags =3D INTERACTIVE, > - option text =3D STRING_TOKEN(STR_DISABLED), value =3D 0, flags =3D > DEFAULT | MANUFACTURING | RESET_REQUIRED; > + option text =3D STRING_TOKEN(STR_NONE), value =3D 0, flags =3D > DEFAULT | MANUFACTURING | RESET_REQUIRED; > option text =3D STRING_TOKEN(STR_ENABLED), value =3D 1, flags =3D > RESET_REQUIRED; > + option text =3D STRING_TOKEN(STR_DISABLED), value =3D 2, flags =3D > RESET_REQUIRED; > + option text =3D > STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value =3D 3, flags > =3D RESET_REQUIRED; > + option text =3D > STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value =3D 4, flags > =3D RESET_REQUIRED; > + option text =3D > STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value =3D 5, flags > =3D RESET_REQUIRED; > + option text =3D > STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value =3D 6, flags > =3D RESET_REQUIRED; > endoneof; >=20 > + > + > endform; // MAIN MENU FORM >=20 > // > -- > 2.7.0.windows.1