From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D570522485A6A for ; Tue, 6 Mar 2018 22:49:33 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2018 22:55:48 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,434,1515484800"; d="scan'208";a="23153307" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga008.jf.intel.com with ESMTP; 06 Mar 2018 22:55:47 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 22:55:36 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.253]) with mapi id 14.03.0319.002; Wed, 7 Mar 2018 14:55:32 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Dong, Eric" , "Zhang, Chao B" Thread-Topic: [PATCH 6/7] SecurityPkg OpalPasswordSupportLib: Remove it Thread-Index: AQHTtVdo4th00PpIvkyQ33PZYBCvhaPEV9cA Date: Wed, 7 Mar 2018 06:55:31 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AADF849@shsmsx102.ccr.corp.intel.com> References: <1520346480-65348-1-git-send-email-star.zeng@intel.com> <1520346480-65348-7-git-send-email-star.zeng@intel.com> In-Reply-To: <1520346480-65348-7-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTgzNTljZDYtMWFjZi00YTcxLThjMzQtZGIyMzY1MjQ2ZTVjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJ5UzYrQU40UG41c0FwTzNVNmZSY1lyMjA0WFZSK21HeGZrMzY4MXphTFYzNjY5WGpDQmVTZGxiKzFPbks0MmJpIn0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 6/7] SecurityPkg OpalPasswordSupportLib: Remove it X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 06:49:34 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Tuesday, March 6, 2018 10:28 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Dong, Eric ; Zhang, Chao B > Subject: [PATCH 6/7] SecurityPkg OpalPasswordSupportLib: Remove it >=20 > Remove OpalPasswordSupportLib as it is not been used > anymore. >=20 > Cc: Jiewen Yao > Cc: Eric Dong > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Star Zeng > --- > .../Include/Library/OpalPasswordSupportLib.h | 289 -------- > .../OpalPasswordSupportLib.c | 781 > --------------------- > .../OpalPasswordSupportLib.inf | 55 -- > .../OpalPasswordSupportNotify.h | 55 -- > SecurityPkg/SecurityPkg.dec | 4 - > SecurityPkg/SecurityPkg.dsc | 2 - > 6 files changed, 1186 deletions(-) > delete mode 100644 SecurityPkg/Include/Library/OpalPasswordSupportLib.h > delete mode 100644 > SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.c > delete mode 100644 > SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf > delete mode 100644 > SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportNotify.h >=20 > diff --git a/SecurityPkg/Include/Library/OpalPasswordSupportLib.h > b/SecurityPkg/Include/Library/OpalPasswordSupportLib.h > deleted file mode 100644 > index e616c763f05c..000000000000 > --- a/SecurityPkg/Include/Library/OpalPasswordSupportLib.h > +++ /dev/null > @@ -1,289 +0,0 @@ > -/** @file > - Header file of Opal password support library. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e found > at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > - > -**/ > - > - > -#ifndef _OPAL_PASSWORD_SUPPORT_LIB_H_ > -#define _OPAL_PASSWORD_SUPPORT_LIB_H_ > - > -#include > -#include > - > - > -#pragma pack(1) > - > -// > -// Structure that is used to represent the available actions for an Opal= Disk. > -// The data can then be utilized to expose/hide certain actions availabl= e to an > end user > -// by the consumer of this library. > -// > -typedef struct { > - // > - // Indicates if the disk can support PSID Revert action. should ver= ify disk > supports PSID authority > - // > - UINT16 PsidRevert : 1; > - > - // > - // Indicates if the disk can support Revert action > - // > - UINT16 Revert : 1; > - > - // > - // Indicates if the user must keep data for revert action. It is tr= ue if no > media encryption is supported. > - // > - UINT16 RevertKeepDataForced : 1; > - > - // > - // Indicates if the disk can support set Admin password > - // > - UINT16 AdminPass : 1; > - > - // > - // Indicates if the disk can support set User password. This action= requires > that a user > - // password is first enabled. > - // > - UINT16 UserPass : 1; > - > - // > - // Indicates if unlock action is available. Requires disk to be cur= rently > locked. > - // > - UINT16 Unlock : 1; > - > - // > - // Indicates if Secure Erase action is available. Action requires a= dmin > credentials and media encryption support. > - // > - UINT16 SecureErase : 1; > - > - // > - // Indicates if Disable User action is available. Action requires a= dmin > credentials. > - // > - UINT16 DisableUser : 1; > -} OPAL_DISK_ACTIONS; > - > -// > -// Structure that is used to represent the Opal device with password inf= o. > -// > -typedef struct { > - LIST_ENTRY Link; > - > - UINT8 Password[32]; > - UINT8 PasswordLength; > - > - EFI_DEVICE_PATH_PROTOCOL OpalDevicePath; > -} OPAL_DISK_AND_PASSWORD_INFO; > - > -#pragma pack() > - > -/** > - > - The function performs determines the available actions for the OPAL_DI= SK > provided. > - > - @param[in] SupportedAttributes The support attribute for the devic= e. > - @param[in] LockingFeature The locking status for the device. > - @param[in] OwnerShip The ownership for the device. > - @param[out] AvalDiskActions Pointer to fill-out with appropriat= e > disk actions. > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportGetAvailableActions( > - IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, > - IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, > - IN UINT16 OwnerShip, > - OUT OPAL_DISK_ACTIONS *AvalDiskActions > - ); > - > -/** > - Enable Opal Feature for the input device. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Msid Msid > - @param[in] MsidLength Msid Length > - @param[in] Password Admin password > - @param[in] PassLength Length of password in bytes > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportEnableOpalFeature( > - IN OPAL_SESSION *Session, > - IN VOID *Msid, > - IN UINT32 MsidLength, > - IN VOID *Password, > - IN UINT32 PassLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ); > - > -/** > - Creates a session with OPAL_UID_ADMIN_SP as > OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert > method. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Psid PSID of device to revert. > - @param[in] PsidLength Length of PSID in bytes. > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportPsidRevert( > - IN OPAL_SESSION *Session, > - IN VOID *Psid, > - IN UINT32 PsidLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ); > - > -/** > - Opens a session with OPAL_UID_ADMIN_SP as > OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP > method. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] KeepUserData TRUE to keep existing Data on the > disk, or FALSE to erase it > - @param[in] Password Admin password > - @param[in] PasswordLength Length of password in bytes > - @param[in] Msid Msid > - @param[in] MsidLength Msid Length > - @param[out] PasswordFailed indicates if password failed (start > session didn't work) > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportRevert( > - IN OPAL_SESSION *Session, > - IN BOOLEAN KeepUserData, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - IN VOID *Msid, > - IN UINT32 MsidLength, > - OUT BOOLEAN *PasswordFailed, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ); > - > -/** > - Set new password. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] OldPassword Current admin password > - @param[in] OldPasswordLength Length of current admin password > in bytes > - @param[in] NewPassword New admin password to set > - @param[in] NewPasswordLength Length of new password in bytes > - @param[in] DevicePath The device path for the opal devcie= . > - @param[in] SetAdmin Whether set admin password or > user password. > - TRUE for admin, FALSE for user. > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportSetPassword( > - IN OPAL_SESSION *Session, > - IN VOID *OldPassword, > - IN UINT32 OldPasswordLength, > - IN VOID *NewPassword, > - IN UINT32 NewPasswordLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, > - IN BOOLEAN SetAdmin > - ); > - > -/** > - Starts a session with OPAL_UID_LOCKING_SP as > OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Password Admin password > - @param[in] PasswordLength Length of password in bytes > - @param[out] PasswordFailed Indicates if password failed (start > session didn't work) > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportDisableUser( > - IN OPAL_SESSION *Session, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - OUT BOOLEAN *PasswordFailed, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ); > - > -/** > - Starts a session with OPAL_UID_LOCKING_SP as > OPAL_LOCKING_SP_USER1_AUTHORITY or > OPAL_LOCKING_SP_ADMIN1_AUTHORITY > - and updates the global locking range ReadLocked and WriteLocked column= s > to FALSE. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Password Admin or user password > - @param[in] PasswordLength Length of password in bytes > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportUnlock( > - IN OPAL_SESSION *Session, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ); > - > -/** > - Starts a session with OPAL_UID_LOCKING_SP as > OPAL_LOCKING_SP_USER1_AUTHORITY or > OPAL_LOCKING_SP_ADMIN1_AUTHORITY > - and updates the global locking range ReadLocked and WriteLocked column= s > to TRUE. > - > - @param[in] Session The opal session for the opal > device. > - @param[in] Password Admin or user password > - @param[in] PasswordLength Length of password in bytes > - @param[in] DevicePath The device path for the opal > devcie. > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportLock( > - IN OPAL_SESSION *Session, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ); > - > -/** > - Check if the password is full zero. > - > - @param[in] Password Points to the Data Buffer > - > - @retval TRUE This password string is full zero. > - @retval FALSE This password string is not full zero. > - > -**/ > -LIST_ENTRY * > -EFIAPI > -OpalSupportGetOpalDeviceList ( > - VOID > - ); > - > -/** > - Transfer the password to the smm driver. > - > - @param[in] DevicePath The device path for the opal devcie. > - @param PasswordLen The input password length. > - @param Password Input password buffer. > - > - @retval EFI_SUCCESS Do the required action success. > - @retval Others Error occured. > - > -**/ > -EFI_STATUS > -EFIAPI > -OpalSupportSendPasword( > - EFI_DEVICE_PATH_PROTOCOL *DevicePath, > - UINTN PasswordLen, > - VOID *Password > - ); > - > -#endif // _OPAL_CORE_H_ > diff --git > a/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.c > b/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.c > deleted file mode 100644 > index 837582359e4f..000000000000 > --- a/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.c > +++ /dev/null > @@ -1,781 +0,0 @@ > -/** @file > - Implementation of Opal password support library. > - > -Copyright (c) 2016, Intel Corporation. All rights reserved.
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e found > at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > - > -**/ > - > -#include "OpalPasswordSupportNotify.h" > - > -#define OPAL_PASSWORD_MAX_LENGTH 32 > - > -LIST_ENTRY mDeviceList =3D INITIALIZE_LIST_HEAD_VARIABLE > (mDeviceList); > -BOOLEAN gInSmm =3D FALSE; > -EFI_GUID gOpalPasswordNotifyProtocolGuid =3D > OPAL_PASSWORD_NOTIFY_PROTOCOL_GUID; > - > -/** > - > - The function performs determines the available actions for the OPAL_DI= SK > provided. > - > - @param[in] SupportedAttributes The support attribute for the devic= e. > - @param[in] LockingFeature The locking status for the device. > - @param[in] OwnerShip The ownership for the device. > - @param[out] AvalDiskActions Pointer to fill-out with appropriat= e > disk actions. > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportGetAvailableActions( > - IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, > - IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, > - IN UINT16 OwnerShip, > - OUT OPAL_DISK_ACTIONS *AvalDiskActions > - ) > -{ > - BOOLEAN ExistingPassword; > - > - NULL_CHECK(AvalDiskActions); > - > - AvalDiskActions->AdminPass =3D 1; > - AvalDiskActions->UserPass =3D 0; > - AvalDiskActions->DisableUser =3D 0; > - AvalDiskActions->Unlock =3D 0; > - > - // > - // Revert is performed on locking sp, so only allow if locking sp is e= nabled > - // > - if (LockingFeature->LockingEnabled) { > - AvalDiskActions->Revert =3D 1; > - } > - > - // > - // Psid revert is available for any device with media encryption suppo= rt > - // Revert is allowed for any device with media encryption support, how= ever it > requires > - // > - if (SupportedAttributes->MediaEncryption) { > - > - // > - // Only allow psid revert if media encryption is enabled. > - // Otherwise, someone who steals a disk can psid revert the disk and= the > user Data is still > - // intact and accessible > - // > - AvalDiskActions->PsidRevert =3D 1; > - AvalDiskActions->RevertKeepDataForced =3D 0; > - > - // > - // Secure erase is performed by generating a new encryption key > - // this is only available is encryption is supported > - // > - AvalDiskActions->SecureErase =3D 1; > - } else { > - AvalDiskActions->PsidRevert =3D 0; > - AvalDiskActions->SecureErase =3D 0; > - > - // > - // If no media encryption is supported, then a revert (using passwor= d) will > not > - // erase the Data (since you can't generate a new encryption key) > - // > - AvalDiskActions->RevertKeepDataForced =3D 1; > - } > - > - if (LockingFeature->Locked) { > - AvalDiskActions->Unlock =3D 1; > - } else { > - AvalDiskActions->Unlock =3D 0; > - } > - > - // > - // Only allow user to set password if an admin password exists > - // > - ExistingPassword =3D OpalUtilAdminPasswordExists(OwnerShip, > LockingFeature); > - AvalDiskActions->UserPass =3D ExistingPassword; > - > - // > - // This will still show up even if there isn't a user, which is fine > - // > - AvalDiskActions->DisableUser =3D ExistingPassword; > - > - return TcgResultSuccess; > -} > - > -/** > - Creates a session with OPAL_UID_ADMIN_SP as > OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert > method. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Psid PSID of device to revert. > - @param[in] PsidLength Length of PSID in bytes. > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportPsidRevert( > - IN OPAL_SESSION *Session, > - IN VOID *Psid, > - IN UINT32 PsidLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(Psid); > - > - Ret =3D OpalUtilPsidRevert (Session, Psid, PsidLength); > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, 0, NULL); > - } > - > - return Ret; > -} > - > -/** > - Opens a session with OPAL_UID_ADMIN_SP as > OPAL_ADMIN_SP_SID_AUTHORITY, > - sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password, > - and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] OldPassword Current admin password > - @param[in] OldPasswordLength Length of current admin password > in bytes > - @param[in] NewPassword New admin password to set > - @param[in] NewPasswordLength Length of new password in bytes > - @param[in] DevicePath The device path for the opal devcie= . > - @param[in] SetAdmin Whether set admin password or > user password. > - TRUE for admin, FALSE for user. > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportSetPassword( > - IN OPAL_SESSION *Session, > - IN VOID *OldPassword, > - IN UINT32 OldPasswordLength, > - IN VOID *NewPassword, > - IN UINT32 NewPasswordLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, > - IN BOOLEAN SetAdmin > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(OldPassword); > - NULL_CHECK(NewPassword); > - > - if (SetAdmin) { > - Ret =3D OpalUtilSetAdminPassword(Session, OldPassword, > OldPasswordLength, NewPassword, NewPasswordLength); > - } else { > - Ret =3D OpalUtilSetUserPassword(Session, OldPassword, OldPasswordLen= gth, > NewPassword, NewPasswordLength); > - } > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, NewPasswordLength, > NewPassword); > - } > - > - return Ret; > -} > - > -/** > - Starts a session with OPAL_UID_LOCKING_SP as > OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Password Admin password > - @param[in] PasswordLength Length of password in bytes > - @param[out] PasswordFailed Indicates if password failed (start > session didn't work) > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportDisableUser( > - IN OPAL_SESSION *Session, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - OUT BOOLEAN *PasswordFailed, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(Password); > - NULL_CHECK(PasswordFailed); > - > - Ret =3D OpalUtilDisableUser(Session, Password, PasswordLength, > PasswordFailed); > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, PasswordLength, Password); > - } > - > - return Ret; > -} > - > -/** > - Enable Opal Feature for the input device. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Msid Msid > - @param[in] MsidLength Msid Length > - @param[in] Password Admin password > - @param[in] PassLength Length of password in bytes > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportEnableOpalFeature ( > - IN OPAL_SESSION *Session, > - IN VOID *Msid, > - IN UINT32 MsidLength, > - IN VOID *Password, > - IN UINT32 PassLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(Msid); > - NULL_CHECK(Password); > - > - Ret =3D OpalUtilSetAdminPasswordAsSid( > - Session, > - Msid, > - MsidLength, > - Password, > - PassLength > - ); > - if (Ret =3D=3D TcgResultSuccess) { > - // > - // Enable global locking range > - // > - Ret =3D OpalUtilSetOpalLockingRange( > - Session, > - Password, > - PassLength, > - > OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, > - 0, > - 0, > - TRUE, > - TRUE, > - FALSE, > - FALSE > - ); > - } > - > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, PassLength, Password); > - } > - > - return Ret; > -} > - > -/** > - Opens a session with OPAL_UID_ADMIN_SP as > OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP > method. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] KeepUserData TRUE to keep existing Data on the > disk, or FALSE to erase it > - @param[in] Password Admin password > - @param[in] PasswordLength Length of password in bytes > - @param[in] Msid Msid > - @param[in] MsidLength Msid Length > - @param[out] PasswordFailed indicates if password failed (start > session didn't work) > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportRevert( > - IN OPAL_SESSION *Session, > - IN BOOLEAN KeepUserData, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - IN VOID *Msid, > - IN UINT32 MsidLength, > - OUT BOOLEAN *PasswordFailed, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(Password); > - NULL_CHECK(Msid); > - NULL_CHECK(PasswordFailed); > - > - Ret =3D OpalUtilRevert(Session, KeepUserData, Password, PasswordLength= , > PasswordFailed, Msid, MsidLength); > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, 0, NULL); > - } > - > - return Ret; > -} > - > -/** > - Starts a session with OPAL_UID_LOCKING_SP as > OPAL_LOCKING_SP_USER1_AUTHORITY or > OPAL_LOCKING_SP_ADMIN1_AUTHORITY > - and updates the global locking range ReadLocked and WriteLocked column= s > to FALSE. > - > - @param[in] Session The opal session for the opal devic= e. > - @param[in] Password Admin or user password > - @param[in] PasswordLength Length of password in bytes > - @param[in] DevicePath The device path for the opal devcie= . > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportUnlock( > - IN OPAL_SESSION *Session, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(Password); > - > - Ret =3D OpalUtilUpdateGlobalLockingRange(Session, Password, > PasswordLength, FALSE, FALSE); > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, PasswordLength, Password); > - } > - > - return Ret; > -} > - > -/** > - Starts a session with OPAL_UID_LOCKING_SP as > OPAL_LOCKING_SP_USER1_AUTHORITY or > OPAL_LOCKING_SP_ADMIN1_AUTHORITY > - and updates the global locking range ReadLocked and WriteLocked column= s > to TRUE. > - > - @param[in] Session The opal session for the opal > device. > - @param[in] Password Admin or user password > - @param[in] PasswordLength Length of password in bytes > - @param[in] DevicePath The device path for the opal > devcie. > - > -**/ > -TCG_RESULT > -EFIAPI > -OpalSupportLock( > - IN OPAL_SESSION *Session, > - IN VOID *Password, > - IN UINT32 PasswordLength, > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath > - ) > -{ > - TCG_RESULT Ret; > - > - NULL_CHECK(Session); > - NULL_CHECK(Password); > - > - Ret =3D OpalUtilUpdateGlobalLockingRange(Session, Password, > PasswordLength, TRUE, TRUE); > - if (Ret =3D=3D TcgResultSuccess && !gInSmm) { > - OpalSupportSendPasword (DevicePath, PasswordLength, Password); > - } > - > - return Ret; > -} > - > -/** > - Initialize the communicate Buffer using DataSize and Function. > - > - @param[out] DataPtr Points to the Data in the > communicate Buffer. > - @param[in] DataSize The Data Size to send to SMM. > - @param[in] Function The function number to initialize th= e > communicate Header. > - > - @retval EFI_INVALID_PARAMETER The Data Size is too big. > - @retval EFI_SUCCESS Find the specified variable. > - > -**/ > -VOID* > -OpalInitCommunicateBuffer ( > - OUT VOID **DataPtr OPTIONAL, > - IN UINTN DataSize, > - IN UINTN Function > - ) > -{ > - EFI_SMM_COMMUNICATE_HEADER > *SmmCommunicateHeader; > - OPAL_SMM_COMMUNICATE_HEADER > *SmmFunctionHeader; > - VOID *Buffer; > - EDKII_PI_SMM_COMMUNICATION_REGION_TABLE > *SmmCommRegionTable; > - EFI_MEMORY_DESCRIPTOR > *SmmCommMemRegion; > - UINTN Index; > - UINTN Size; > - EFI_STATUS Status; > - > - Buffer =3D NULL; > - Status =3D EfiGetSystemConfigurationTable ( > - &gEdkiiPiSmmCommunicationRegionTableGuid, > - (VOID **) &SmmCommRegionTable > - ); > - if (EFI_ERROR (Status)) { > - return NULL; > - } > - > - ASSERT (SmmCommRegionTable !=3D NULL); > - SmmCommMemRegion =3D (EFI_MEMORY_DESCRIPTOR *) > (SmmCommRegionTable + 1); > - Size =3D 0; > - for (Index =3D 0; Index < SmmCommRegionTable->NumberOfEntries; Index++= ) { > - if (SmmCommMemRegion->Type =3D=3D EfiConventionalMemory) { > - Size =3D EFI_PAGES_TO_SIZE ((UINTN) > SmmCommMemRegion->NumberOfPages); > - if (Size >=3D (DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, > Data) + OFFSET_OF (OPAL_SMM_COMMUNICATE_HEADER, Data))) { > - break; > - } > - } > - SmmCommMemRegion =3D (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) > SmmCommMemRegion + SmmCommRegionTable->DescriptorSize); > - } > - ASSERT (Index < SmmCommRegionTable->NumberOfEntries); > - > - Buffer =3D (VOID*)(UINTN)SmmCommMemRegion->PhysicalStart; > - ASSERT (Buffer !=3D NULL); > - > - SmmCommunicateHeader =3D (EFI_SMM_COMMUNICATE_HEADER *) Buffer; > - CopyGuid (&SmmCommunicateHeader->HeaderGuid, > &gOpalPasswordNotifyProtocolGuid); > - SmmCommunicateHeader->MessageLength =3D DataSize + OFFSET_OF > (OPAL_SMM_COMMUNICATE_HEADER, Data); > - > - SmmFunctionHeader =3D (OPAL_SMM_COMMUNICATE_HEADER *) > SmmCommunicateHeader->Data; > - SmmFunctionHeader->Function =3D Function; > - if (DataPtr !=3D NULL) { > - *DataPtr =3D SmmFunctionHeader->Data; > - } > - > - return Buffer; > -} > - > -/** > - Send the Data in communicate Buffer to SMM. > - > - @param[in] Buffer Points to the Data in the > communicate Buffer. > - @param[in] DataSize This Size of the function Header > and the Data. > - > - @retval EFI_SUCCESS Success is returned from the > functin in SMM. > - @retval Others Failure is returned from the > function in SMM. > - > -**/ > -EFI_STATUS > -OpalSendCommunicateBuffer ( > - IN VOID *Buffer, > - IN UINTN DataSize > - ) > -{ > - EFI_STATUS Status; > - UINTN CommSize; > - EFI_SMM_COMMUNICATE_HEADER > *SmmCommunicateHeader; > - OPAL_SMM_COMMUNICATE_HEADER > *SmmFunctionHeader; > - EFI_SMM_COMMUNICATION_PROTOCOL > *SmmCommunication; > - > - Status =3D gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NUL= L, > (VOID **) &SmmCommunication); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - CommSize =3D DataSize + OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, > Data) + OFFSET_OF (OPAL_SMM_COMMUNICATE_HEADER, Data); > - Status =3D SmmCommunication->Communicate (SmmCommunication, Buffer, > &CommSize); > - if (EFI_ERROR (Status)) { > - return Status; > - } > - > - SmmCommunicateHeader =3D (EFI_SMM_COMMUNICATE_HEADER *) Buffer; > - SmmFunctionHeader =3D (OPAL_SMM_COMMUNICATE_HEADER > *)SmmCommunicateHeader->Data; > - > - return SmmFunctionHeader->ReturnStatus; > -} > - > -/** > - Transfer the password to the smm driver. > - > - @param[in] DevicePath The device path for the opal devcie. > - @param PasswordLen The input password length. > - @param Password Input password buffer. > - > - @retval EFI_SUCCESS Do the required action success. > - @retval Others Error occured. > - > -**/ > -EFI_STATUS > -EFIAPI > -OpalSupportSendPasword( > - EFI_DEVICE_PATH_PROTOCOL *DevicePath, > - UINTN PasswordLen, > - VOID *Password > - ) > -{ > - OPAL_COMM_DEVICE_LIST *Parameter; > - VOID *Buffer; > - UINTN Length; > - EFI_STATUS Status; > - UINTN DevicePathLen; > - > - Parameter =3D NULL; > - Buffer =3D NULL; > - > - if (DevicePath =3D=3D NULL) { > - // > - // Assume DevicePath =3D=3D NULL only when library used by SMM drive= r > - // and should not run to here, just return success. > - // > - return EFI_SUCCESS; > - } > - > - DevicePathLen =3D GetDevicePathSize (DevicePath); > - Length =3D OFFSET_OF (OPAL_COMM_DEVICE_LIST, OpalDevicePath) + > DevicePathLen; > - Buffer =3D OpalInitCommunicateBuffer((VOID**)&Parameter, Length, > SMM_FUNCTION_SET_OPAL_PASSWORD); > - if (Buffer =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - if (Password !=3D NULL) { > - CopyMem((VOID*)Parameter->Password, Password, PasswordLen); > - Parameter->PasswordLength =3D (UINT8)PasswordLen; > - } > - CopyMem (&Parameter->OpalDevicePath, DevicePath, DevicePathLen); > - > - Status =3D OpalSendCommunicateBuffer(Buffer, Length); > - if (EFI_ERROR(Status)) { > - goto EXIT; > - } > - > -EXIT: > - ZeroMem(Parameter, Length); > - return Status; > -} > - > -/** > - Get saved Opal device list. > - > - @retval return opal device list. > - > -**/ > -LIST_ENTRY* > -EFIAPI > -OpalSupportGetOpalDeviceList ( > - VOID > - ) > -{ > - return &mDeviceList; > -} > - > -/** > - Check if the password is full zero. > - > - @param[in] Password Points to the Data Buffer > - > - @retval TRUE This password string is full zero. > - @retval FALSE This password string is not full zero. > - > -**/ > -BOOLEAN > -OpalPasswordIsFullZero ( > - IN UINT8 *Password > - ) > -{ > - UINTN Index; > - > - for (Index =3D 0; Index < OPAL_PASSWORD_MAX_LENGTH; Index++) { > - if (Password[Index] !=3D 0) { > - return FALSE; > - } > - } > - > - return TRUE; > -} > - > -/** > - Save hdd password to SMM. > - > - @param[in] DevicePath Input device path info for the > device. > - @param[in] Password The hdd password of attached > ATA device. > - @param[in] PasswordLength The hdd password length. > - > - @retval EFI_OUT_OF_RESOURCES Insufficient resources to create > database record > - @retval EFI_SUCCESS The function has been successfully > executed. > - > -**/ > -EFI_STATUS > -OpalSavePasswordToSmm ( > - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, > - IN UINT8 *Password, > - IN UINT8 PasswordLength > - ) > -{ > - OPAL_DISK_AND_PASSWORD_INFO *List; > - OPAL_DISK_AND_PASSWORD_INFO *Dev; > - LIST_ENTRY *Entry; > - UINTN DevicePathLen; > - > - DevicePathLen =3D GetDevicePathSize (DevicePath); > - > - for (Entry =3D mDeviceList.ForwardLink; Entry !=3D &mDeviceList; Entry= =3D > Entry->ForwardLink) { > - List =3D BASE_CR (Entry, OPAL_DISK_AND_PASSWORD_INFO, Link); > - if (CompareMem (&List->OpalDevicePath, DevicePath, DevicePathLen) = =3D=3D > 0) { > - CopyMem(List->Password, Password, > OPAL_PASSWORD_MAX_LENGTH); > - return EFI_SUCCESS; > - } > - } > - > - Dev =3D AllocateZeroPool (OFFSET_OF (OPAL_DISK_AND_PASSWORD_INFO, > OpalDevicePath) + DevicePathLen); > - if (Dev =3D=3D NULL) { > - return EFI_OUT_OF_RESOURCES; > - } > - > - Dev->PasswordLength =3D PasswordLength; > - CopyMem(&(Dev->Password), Password, OPAL_PASSWORD_MAX_LENGTH); > - CopyMem(&(Dev->OpalDevicePath), DevicePath, DevicePathLen); > - > - InsertHeadList (&mDeviceList, &Dev->Link); > - > - return EFI_SUCCESS; > -} > - > -/** > - Communication service SMI Handler entry. > - > - This SMI handler provides services for saving HDD password and saving = S3 > boot script when ready to boot. > - > - @param[in] DispatchHandle The unique handle assigned to this > handler by SmiHandlerRegister(). > - @param[in] RegisterContext Points to an optional handler context w= hich > was specified when the > - handler was registered. > - @param[in, out] CommBuffer A pointer to a collection of Data in > memory that will > - be conveyed from a non-SMM > environment into an SMM environment. > - @param[in, out] CommBufferSize The Size of the CommBuffer. > - > - @retval EFI_SUCCESS The interrupt was handled > and quiesced. No other handlers > - should still be called. > - @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has > been quiesced but other handlers should > - still be called. > - @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still > pending and other handlers should still > - be called. > - @retval EFI_INTERRUPT_PENDING The interrupt could not > be quiesced. > -**/ > -EFI_STATUS > -EFIAPI > -SmmOpalPasswordHandler ( > - IN EFI_HANDLE DispatchHandle, > - IN CONST VOID *RegisterContext, > - IN OUT VOID *CommBuffer, > - IN OUT UINTN *CommBufferSize > - ) > -{ > - EFI_STATUS Status; > - OPAL_SMM_COMMUNICATE_HEADER *SmmFunctionHeader; > - UINTN TempCommBufferSize; > - UINT8 *NewPassword; > - UINT8 PasswordLength; > - EFI_DEVICE_PATH_PROTOCOL *DevicePath; > - > - if (CommBuffer =3D=3D NULL || CommBufferSize =3D=3D NULL) { > - return EFI_SUCCESS; > - } > - > - TempCommBufferSize =3D *CommBufferSize; > - if (TempCommBufferSize < OFFSET_OF > (OPAL_SMM_COMMUNICATE_HEADER, Data)) { > - return EFI_SUCCESS; > - } > - > - Status =3D EFI_SUCCESS; > - SmmFunctionHeader =3D (OPAL_SMM_COMMUNICATE_HEADER > *)CommBuffer; > - > - DevicePath =3D > &((OPAL_COMM_DEVICE_LIST*)(SmmFunctionHeader->Data))->OpalDevicePat > h; > - PasswordLength =3D > ((OPAL_COMM_DEVICE_LIST*)(SmmFunctionHeader->Data))->PasswordLength > ; > - NewPassword =3D > ((OPAL_COMM_DEVICE_LIST*)(SmmFunctionHeader->Data))->Password; > - > - switch (SmmFunctionHeader->Function) { > - case SMM_FUNCTION_SET_OPAL_PASSWORD: > - if (OpalPasswordIsFullZero (NewPassword) || PasswordLength =3D= =3D 0) { > - Status =3D EFI_INVALID_PARAMETER; > - goto EXIT; > - } > - > - Status =3D OpalSavePasswordToSmm (DevicePath, NewPassword, > PasswordLength); > - break; > - > - default: > - Status =3D EFI_UNSUPPORTED; > - break; > - } > - > -EXIT: > - SmmFunctionHeader->ReturnStatus =3D Status; > - > - // > - // Return EFI_SUCCESS cause only one handler can be trigged. > - // so return EFI_WARN_INTERRUPT_SOURCE_PENDING to make all handler > can be trigged. > - // > - return EFI_WARN_INTERRUPT_SOURCE_PENDING; > -} > - > -/** > - The constructor function. > - > - Register SMI handler when link to SMM driver. > - > - @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > - > -**/ > -EFI_STATUS > -EFIAPI > -OpalPasswordSupportLibConstructor ( > - VOID > - ) > -{ > - EFI_SMM_BASE2_PROTOCOL *SmmBase2; > - EFI_SMM_SYSTEM_TABLE2 *Smst; > - EFI_HANDLE SmmHandle; > - EFI_STATUS Status; > - > - Status =3D gBS->LocateProtocol (&gEfiSmmBase2ProtocolGuid, NULL, (VOID= **) > &SmmBase2); > - if (EFI_ERROR (Status)) { > - return RETURN_SUCCESS; > - } > - Status =3D SmmBase2->InSmm (SmmBase2, &gInSmm); > - if (EFI_ERROR (Status)) { > - return RETURN_SUCCESS; > - } > - if (!gInSmm) { > - return RETURN_SUCCESS; > - } > - > - // > - // Good, we are in SMM > - // > - Status =3D SmmBase2->GetSmstLocation (SmmBase2, &Smst); > - if (EFI_ERROR (Status)) { > - return RETURN_SUCCESS; > - } > - > - SmmHandle =3D NULL; > - Status =3D Smst->SmiHandlerRegister (SmmOpalPasswordHandler, > &gOpalPasswordNotifyProtocolGuid, &SmmHandle); > - ASSERT_EFI_ERROR (Status); > - > - return EFI_SUCCESS; > -} > - > -/** > - The Destructor function. > - > - Clean the saved opal device list. > - > - @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. > - > -**/ > -EFI_STATUS > -EFIAPI > -OpalPasswordSupportLibDestructor ( > - VOID > - ) > -{ > - OPAL_DISK_AND_PASSWORD_INFO *Device; > - > - while (!IsListEmpty (&mDeviceList)) { > - Device =3D BASE_CR (mDeviceList.ForwardLink, > OPAL_DISK_AND_PASSWORD_INFO, Link); > - > - RemoveEntryList (&Device->Link); > - FreePool (Device); > - } > - > - return EFI_SUCCESS; > -} > diff --git > a/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf > b/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf > deleted file mode 100644 > index b7831356e5dd..000000000000 > --- a/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.i= nf > +++ /dev/null > @@ -1,55 +0,0 @@ > -## @file > -# This is a OpalPassword support library. > -# > -# This module is used to provide API used by Opal password solution. > -# > -# Copyright (c) 2016, Intel Corporation. All rights reserved.
> -# This program and the accompanying materials > -# are licensed and made available under the terms and conditions of the = BSD > License > -# which accompanies this distribution. The full text of the license may = be found > at > -# http://opensource.org/licenses/bsd-license.php > -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" > BASIS, > -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > -# > -## > -[Defines] > - INF_VERSION =3D 0x00010017 > - BASE_NAME =3D OpalPasswordSupportLib > - FILE_GUID =3D > 00F93D8C-00A6-42D0-9327-11CE309B944A > - VERSION_STRING =3D 1.0 > - MODULE_TYPE =3D BASE > - LIBRARY_CLASS =3D > OpalPasswordSupportLib|DXE_DRIVER DXE_CORE DXE_SMM_DRIVER > - > - CONSTRUCTOR =3D > OpalPasswordSupportLibConstructor > - DESTRUCTOR =3D OpalPasswordSupportLibDestructor > -# > -# The following information is for reference only and not required by th= e build > tools. > -# > -# VALID_ARCHITECTURES =3D IA32 X64 > -# > - > -[Sources] > - OpalPasswordSupportLib.c > - OpalPasswordSupportNotify.h > - > -[LibraryClasses] > - BaseLib > - BaseMemoryLib > - PrintLib > - DebugLib > - TimerLib > - TcgStorageOpalLib > - UefiLib > - > -[Packages] > - MdePkg/MdePkg.dec > - MdeModulePkg/MdeModulePkg.dec > - SecurityPkg/SecurityPkg.dec > - > -[Protocols] > - gEfiStorageSecurityCommandProtocolGuid ## > CONSUMES > - gEfiSmmCommunicationProtocolGuid ## > CONSUMES > - gEfiSmmBase2ProtocolGuid ## > CONSUMES # only for SMM version > - > -[Guids] > - gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES ## > SystemTable > diff --git > a/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportNotify.h > b/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportNotify.h > deleted file mode 100644 > index a2115b738653..000000000000 > --- > a/SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportNotify.h > +++ /dev/null > @@ -1,55 +0,0 @@ > -/** @file > - Implementation of Opal password support library. > - > -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> -This program and the accompanying materials > -are licensed and made available under the terms and conditions of the BS= D > License > -which accompanies this distribution. The full text of the license may b= e found > at > -http://opensource.org/licenses/bsd-license.php > - > -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > OR IMPLIED. > - > -**/ > - > -#ifndef _DXE_OPAL_NOTIFY_H_ > -#define _DXE_OPAL_NOTIFY_H_ > - > -#include > -#include > - > -#include > -#include > -#include > -#include > -#include > -#include > -#include > -#include > - > -#include > -#include > - > - > -#pragma pack(1) > - > -typedef struct { > - UINTN Function; > - EFI_STATUS ReturnStatus; > - UINT8 Data[1]; > -} OPAL_SMM_COMMUNICATE_HEADER; > - > -typedef struct { > - UINT8 Password[32]; > - UINT8 PasswordLength; > - > - EFI_DEVICE_PATH_PROTOCOL OpalDevicePath; > -} OPAL_COMM_DEVICE_LIST; > - > -#pragma pack() > - > -#define SMM_FUNCTION_SET_OPAL_PASSWORD 1 > - > -#define OPAL_PASSWORD_NOTIFY_PROTOCOL_GUID {0x0ff2ddd0, 0xefc9, > 0x4f49, { 0x99, 0x7a, 0xcb, 0x59, 0x44, 0xe6, 0x97, 0xd3 } } > - > -#endif > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 71963eb750d5..77d6b073d401 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -90,10 +90,6 @@ [LibraryClasses] > # > TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h >=20 > - ## @libraryclass Provides interfaces about Opal commond special for O= pal > password solution. > - # > - OpalPasswordSupportLib|Include/Library/OpalPasswordSupportLib.h > - > [Guids] > ## Security package token space guid. > # Include/Guid/SecurityPkgTokenSpace.h > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 9be484877cc2..ed47fb2fa05b 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -73,7 +73,6 @@ [LibraryClasses] > PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf >=20 > TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib= .in > f >=20 > TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib= .in > f > - > OpalPasswordSupportLib|SecurityPkg/Library/OpalPasswordSupportLib/OpalP > asswordSupportLib.inf >=20 > ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSyst > emLibNull.inf >=20 > [LibraryClasses.common.PEIM] > @@ -204,7 +203,6 @@ [Components] > # > SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf > SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf > - SecurityPkg/Library/OpalPasswordSupportLib/OpalPasswordSupportLib.inf >=20 > # > # Other > -- > 2.7.0.windows.1