public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch 0/2] Fixed correct password not works issue
@ 2018-07-10  4:01 Eric Dong
  2018-07-10  4:01 ` [Patch 1/2] SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error Eric Dong
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Eric Dong @ 2018-07-10  4:01 UTC (permalink / raw)
  To: edk2-devel

Opal device may have an count in firmware to decide whether to resistent 
user input password. If yes, even correct password will be reject by device
firmware. This count will be reset only after an cold reboot or user input
correct password.

Opal driver also has an internal count to decide whether allowed user to input 
password. A reboot (code or hot) action will reset this count.

Current implementation just base on the count in opal driver to decide whether
allow user to input password again. In this case, if the count in opal device
already exceeded, even an correct password will be rejected.

New solution will check both count, either cout exceed will cause opal driver 
report count exceed and a shutdown required.

Eric Dong (2):
  SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error.
  SecurityPkg/OpalPassword: Fixed input correct password not works issue

 SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c | 10 +++++++++-
 SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c             |  9 +++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

-- 
2.15.0.windows.1



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Patch 1/2] SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error.
  2018-07-10  4:01 [Patch 0/2] Fixed correct password not works issue Eric Dong
@ 2018-07-10  4:01 ` Eric Dong
  2018-07-10  4:01 ` [Patch 2/2] SecurityPkg/OpalPassword: Fixed input correct password not works issue Eric Dong
  2018-07-10  7:21 ` [Patch 0/2] Fixed " Wu, Hao A
  2 siblings, 0 replies; 4+ messages in thread
From: Eric Dong @ 2018-07-10  4:01 UTC (permalink / raw)
  To: edk2-devel; +Cc: Hao, Wu

Caller need to known this error to handle specially, but current
error status not has specified value for this type. In order to
keep compatibility, here use TcgResultFailureInvalidType as an
replacement.

Cc: Hao, Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
index 756f9b8f2d..b738ab91ee 100644
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c
@@ -788,7 +788,15 @@ OpalUtilUpdateGlobalLockingRange(
 
 done:
   if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
-    Ret = TcgResultFailure;
+    if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) {
+      //
+      // Caller need to know this special error, but return status not has type for it.
+      // so here use TcgResultFailureInvalidType as an replacement.
+      //
+      Ret = TcgResultFailureInvalidType;
+    } else {
+      Ret = TcgResultFailure;
+    }
   }
   return Ret;
 }
-- 
2.15.0.windows.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [Patch 2/2] SecurityPkg/OpalPassword: Fixed input correct password not works issue
  2018-07-10  4:01 [Patch 0/2] Fixed correct password not works issue Eric Dong
  2018-07-10  4:01 ` [Patch 1/2] SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error Eric Dong
@ 2018-07-10  4:01 ` Eric Dong
  2018-07-10  7:21 ` [Patch 0/2] Fixed " Wu, Hao A
  2 siblings, 0 replies; 4+ messages in thread
From: Eric Dong @ 2018-07-10  4:01 UTC (permalink / raw)
  To: edk2-devel; +Cc: Hao, Wu

When user input error password exceed the max allowed times, opal device
will return Invalid type error code even user input the correct password.
In this case, opal driver needs to force user shutdown the system before
let user input new password.

Cc: Hao, Wu <hao.a.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Eric Dong <eric.dong@intel.com>
---
 SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 5d1638d5cf..cf1f4cd64e 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -1076,6 +1076,15 @@ OpalDriverRequestPassword (
         break;
       }
 
+      //
+      // Check whether opal device's Tries value has reach the TryLimit value, if yes, force a shutdown 
+      // before accept new password.
+      //
+      if (Ret == TcgResultFailureInvalidType) {
+        Count = MAX_PASSWORD_TRY_COUNT;
+        break;
+      }
+
       Count++;
 
       do {
-- 
2.15.0.windows.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Patch 0/2] Fixed correct password not works issue
  2018-07-10  4:01 [Patch 0/2] Fixed correct password not works issue Eric Dong
  2018-07-10  4:01 ` [Patch 1/2] SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error Eric Dong
  2018-07-10  4:01 ` [Patch 2/2] SecurityPkg/OpalPassword: Fixed input correct password not works issue Eric Dong
@ 2018-07-10  7:21 ` Wu, Hao A
  2 siblings, 0 replies; 4+ messages in thread
From: Wu, Hao A @ 2018-07-10  7:21 UTC (permalink / raw)
  To: Dong, Eric, edk2-devel@lists.01.org

The series looks good to me.
Reviewed-by: Hao Wu <hao.a.wu@intel.com>

Best Regards,
Hao Wu


> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Eric
> Dong
> Sent: Tuesday, July 10, 2018 12:02 PM
> To: edk2-devel@lists.01.org
> Subject: [edk2] [Patch 0/2] Fixed correct password not works issue
> 
> Opal device may have an count in firmware to decide whether to resistent
> user input password. If yes, even correct password will be reject by device
> firmware. This count will be reset only after an cold reboot or user input
> correct password.
> 
> Opal driver also has an internal count to decide whether allowed user to input
> password. A reboot (code or hot) action will reset this count.
> 
> Current implementation just base on the count in opal driver to decide whether
> allow user to input password again. In this case, if the count in opal device
> already exceeded, even an correct password will be rejected.
> 
> New solution will check both count, either cout exceed will cause opal driver
> report count exceed and a shutdown required.
> 
> Eric Dong (2):
>   SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error.
>   SecurityPkg/OpalPassword: Fixed input correct password not works issue
> 
>  SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c | 10 +++++++++-
>  SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c             |  9 +++++++++
>  2 files changed, 18 insertions(+), 1 deletion(-)
> 
> --
> 2.15.0.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-10  7:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-10  4:01 [Patch 0/2] Fixed correct password not works issue Eric Dong
2018-07-10  4:01 ` [Patch 1/2] SecurityPkg/TcgStorageOpalLib: Return AUTHORITY_LOCKED_OUT error Eric Dong
2018-07-10  4:01 ` [Patch 2/2] SecurityPkg/OpalPassword: Fixed input correct password not works issue Eric Dong
2018-07-10  7:21 ` [Patch 0/2] Fixed " Wu, Hao A

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox