From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: hao.a.wu@intel.com) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by groups.io with SMTP; Mon, 19 Aug 2019 01:13:52 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Aug 2019 01:10:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,403,1559545200"; d="scan'208";a="378119078" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga006.fm.intel.com with ESMTP; 19 Aug 2019 01:10:53 -0700 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 19 Aug 2019 01:10:53 -0700 Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 19 Aug 2019 01:10:53 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.112]) by SHSMSX107.ccr.corp.intel.com ([169.254.9.65]) with mapi id 14.03.0439.000; Mon, 19 Aug 2019 16:10:50 +0800 From: "Wu, Hao A" To: "Zurcher, Christopher J" , "devel@edk2.groups.io" CC: "Kinney, Michael D" , "Yao, Jiewen" , "Wang, Jian J" , "Gao, Liming" Subject: Re: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol Thread-Topic: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol Thread-Index: AQHVIYxtW0lgrc6hkUGwrA1qS2jib6afdIKwgF8koWCAA+IrQA== Date: Mon, 19 Aug 2019 08:10:50 +0000 Message-ID: References: <20190613020454.19324-1-christopher.j.zurcher@intel.com> <20190613020454.19324-3-christopher.j.zurcher@intel.com> <8EE4873E19344F4DA986A2AC15D512AE4A477A58@CRSMSX103.amr.corp.intel.com> In-Reply-To: <8EE4873E19344F4DA986A2AC15D512AE4A477A58@CRSMSX103.amr.corp.intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: hao.a.wu@intel.com Content-Language: en-US Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Zurcher, Christopher J > Sent: Saturday, August 17, 2019 4:22 AM > To: Wu, Hao A; devel@edk2.groups.io > Cc: Kinney, Michael D; Yao, Jiewen; Wang, Jian J; Gao, Liming > Subject: RE: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: > Support Storage Security Command Protocol >=20 > Hao, > Why will this cause CDROM devices to fail to be recognized? If they requ= ire a Hello, My observation is that after the patch, the below assignment: "ScsiDiskDevice->BlkIo.Media->MediaPresent =3D TRUE;" is moved from GetMediaInfo() to ScsiDiskTestUnitReady(). The flow for CD-ROM devices is that: ScsiDiskDriverBindingStart() | =84-> ScsiDiskDetectMedia() | =84-> ScsiDiskTestUnitReady() | =84-> DetectMediaParsingSenseKeys() - Outputs 'Action' | =84-> If Action is READ_CAPACITY, ScsiDiskReadCapacity() Now, 'MediaPresent' is set to TRUE in ScsiDiskTestUnitReady(), which leads= to DetectMediaParsingSenseKeys() returning NO_ACTION: *Action =3D ACTION_NO_ACTION; ... if (!ScsiDiskHaveSenseKey (SenseData, NumberOfSenseKeys)) { // // No Sense Key returned from last submitted command // if (ScsiDiskDevice->BlkIo.Media->MediaPresent =3D=3D TRUE) { } return EFI_SUCCESS; } > capacity read, I can change the MustReadCapacity flag to TRUE. On > subsequent media change, the sense key parsing will set Action to > ACTION_READ_CAPACITY so that case is covered as well. Is there a reason > the MustReadCapacity flag was originally set to FALSE for CDROM devices? I think setting 'MustReadCapacity' to FALSE for CD-ROM devices is for the performance consideration. Before the patch, logic in DetectMediaParsingSenseKeys(): if (ScsiDiskIsNoMedia (SenseData, NumberOfSenseKeys)) { ScsiDiskDevice->BlkIo.Media->MediaPresent =3D FALSE; ScsiDiskDevice->BlkIo.Media->LastBlock =3D 0; *Action =3D ACTION_NO_ACTION; DEBUG ((EFI_D_VERBOSE, "ScsiDisk: ScsiDiskIsNoMedia\n")); return EFI_SUCCESS; } will decide whether there is media within the CD-ROM devices after parsing= the sense data returned from the device. If the media does not exist, the Read Capacity command will not be sent. Setting 'MustReadCapacity' to TRUE will then always require a Read Capacit= y command be sent. Best Regards, Hao Wu > With the default action being to read capacity anyway, the existing > implementation seems to make the flag mostly useless. >=20 > I have implemented the rest of the suggestions. >=20 > Thanks, > Christopher Zurcher >=20 > -----Original Message----- > From: Wu, Hao A > Sent: Monday, June 17, 2019 19:12 > To: devel@edk2.groups.io; Zurcher, Christopher J > > Cc: Kinney, Michael D ; Yao, Jiewen > ; Wang, Jian J ; Gao, Limin= g > > Subject: RE: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: > Support Storage Security Command Protocol >=20 > > -----Original Message----- > > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > > Zurcher, Christopher J > > Sent: Thursday, June 13, 2019 10:05 AM > > To: devel@edk2.groups.io > > Cc: Kinney, Michael D; Yao, Jiewen; Wang, Jian J; Gao, Liming > > Subject: [edk2-devel] [PATCH v4 2/2] MdeModulePkg/ScsiDiskDxe: > Support > > Storage Security Command Protocol > > > > This patch implements the > EFI_STORAGE_SECURITY_COMMAND_PROTOCOL > > in the > > ScsiDiskDxe driver. > > > > Support is currently limited to the RPMB Well-known LUN for UFS device= s. >=20 >=20 > Hello, >=20 > Some general level comments: > 1. CDROM device issue > This patch will bring an issue to the CDROM devices that CD/DVD will not > be recognized properly. >=20 > I think the cause of the issue is the relocation of the below logic: > ScsiDiskDevice->BlkIo.Media->MediaPresent =3D TRUE; > from GetMediaInfo() to ScsiDiskTestUnitReady(). It will lead to the read > capacity command being skipped for CDROM devices, which results into the > LastBlock for the device equals to 0. >=20 > We may need to find out a better approach to handle the case for UFS RPM= B. >=20 > 2. Split this patch into three commits > Besides adding the Storage Security Command Protocol support in ScsiDisk > driver, the patch also: > * Updates the ScsiBus driver to recognize the Well known logical unit > * Updates the UfsPassThruDxe driver to expose the RPMB WLUN >=20 > Please help to split the patch into 3 separate commits. >=20 > 3. Updates for the BlockIO(2) services > For functions ScsiDiskReadBlocks(Ex) & ScsiDiskWriteBlocks(Ex), below co= des > are added for the dummy BlockIO(2) protocol instance on the UFS RPMB Lun= : >=20 > if (BlockSize =3D=3D 0) { > Status =3D EFI_UNSUPPORTED; > goto Done; > } >=20 > I suggest to use status 'EFI_DEVICE_ERROR' for such case, since > 'EFI_UNSUPPORTED' is not listed as an expected return status in the UEFI > spec. >=20 > 4. Reinstallation of the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL > For the reinstallation of the SSC protocol to handle media change, I saw > this is only handled within ScsiDiskReceiveData() & ScsiDiskSendData(). > The below functions should be considered as well: >=20 > ScsiDiskReadBlocks(Ex) > ScsiDiskWriteBlocks(Ex) > ScsiDiskFlushBlocksEx > ScsiDiskEraseBlocks >=20 >=20 > Some inline comments below: >=20 >=20 > > > > Cc: Michael D Kinney > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Liming Gao > > Signed-off-by: Christopher J Zurcher > > --- > > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- > > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 ++++++- > > MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +- > > MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 522 > > +++++++++++++++++++- > > MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 19 +- > > 5 files changed, 698 insertions(+), 22 deletions(-) > > > > diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > > b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > > index 5500d828e9..40818e669b 100644 > > --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > > +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf > > @@ -3,7 +3,7 @@ > > # It detects the SCSI disk media and installs Block I/O and Block I/= O2 > Protocol > > on > > # the device handle. > > # > > -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.=
> > +# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.=
> > # SPDX-License-Identifier: BSD-2-Clause-Patent > > # > > ## > > @@ -52,6 +52,7 @@ > > gEfiBlockIoProtocolGuid ## BY_START > > gEfiBlockIo2ProtocolGuid ## BY_START > > gEfiEraseBlockProtocolGuid ## BY_START > > + gEfiStorageSecurityCommandProtocolGuid ## BY_START > > gEfiScsiIoProtocolGuid ## TO_START > > gEfiScsiPassThruProtocolGuid ## TO_START > > gEfiExtScsiPassThruProtocolGuid ## TO_START > > diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h > > b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h > > index 42c0aaaa95..2d8679ec6f 100644 > > --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h > > +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h > > @@ -1,7 +1,7 @@ > > /** @file > > Header file for SCSI Disk Driver. > > > > -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved. > > +Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved. > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > #include > > #include > > #include > > +#include > > > > > > #include > > @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > > > > #define IS_DEVICE_FIXED(a) (a)->FixedDevice ? 1 : 0 > > > > +#define IS_ALIGNED(addr, size) (((UINTN) (addr) & (size - 1)) =3D= =3D 0) > > + > > +#define UFS_WLUN_RPMB 0xC4 > > + > > typedef struct { > > UINT32 MaxLbaCnt; > > UINT32 MaxBlkDespCnt; > > @@ -51,6 +56,8 @@ typedef struct { > > > > EFI_HANDLE Handle; > > > > + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; > > + > > EFI_BLOCK_IO_PROTOCOL BlkIo; > > EFI_BLOCK_IO2_PROTOCOL BlkIo2; > > EFI_BLOCK_IO_MEDIA BlkIoMedia; > > @@ -95,6 +102,7 @@ typedef struct { > > #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, > > SCSI_DISK_DEV_SIGNATURE) > > #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, > > SCSI_DISK_DEV_SIGNATURE) > > #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, > > EraseBlock, SCSI_DISK_DEV_SIGNATURE) > > +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, > > StorageSecurity, SCSI_DISK_DEV_SIGNATURE) > > > > #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, > > DiskInfo, SCSI_DISK_DEV_SIGNATURE) > > > > @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( > > ); > > > > > > +/** > > + Send a security protocol command to a device that receives data and= /or > > the result > > + of one or more commands sent by SendData. > > + > > + The ReceiveData function sends a security protocol command to the > given > > MediaId. > > + The security protocol command sent is defined by SecurityProtocolId= and > > contains > > + the security protocol specific data SecurityProtocolSpecificData. T= he > > function > > + returns the data from the security protocol command in PayloadBuffe= r. > > + > > + For devices supporting the SCSI command set, the security protocol > > command is sent > > + using the SECURITY PROTOCOL IN command defined in SPC-4. > > + > > + If PayloadBufferSize is too small to store the available data from = the > > security > > + protocol command, the function shall copy PayloadBufferSize bytes i= nto > > the > > + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. > > + > > + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSi= ze is > > non-zero, > > + the function shall return EFI_INVALID_PARAMETER. > > + > > + If the given MediaId does not support security protocol commands, t= he > > function shall > > + return EFI_UNSUPPORTED. If there is no media in the device, the > function > > returns > > + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in= the > > device, > > + the function returns EFI_MEDIA_CHANGED. > > + > > + If the security protocol fails to complete within the Timeout perio= d, the > > function > > + shall return EFI_TIMEOUT. > > + > > + If the security protocol command completes without an error, the > function > > shall > > + return EFI_SUCCESS. If the security protocol command completes with > an > > error, the > > + function shall return EFI_DEVICE_ERROR. > > + > > + @param This Indicates a pointer to the cal= ling context. > > + @param MediaId ID of the medium to receive da= ta from. > > + @param Timeout The timeout, in 100ns units, t= o use for the > > execution > > + of the security protocol comma= nd. A Timeout value of > 0 > > + means that this function will = wait indefinitely for the > > + security protocol command to e= xecute. If Timeout is > > greater > > + than zero, then this function = will return EFI_TIMEOUT > if > > the > > + time required to execute the r= eceive data command is > > greater than Timeout. > > + @param SecurityProtocolId The value of the "Security Pro= tocol" > > parameter of > > + the security protocol command = to be sent. > > + @param SecurityProtocolSpecificData The value of the "Security > Protocol > > Specific" parameter > > + of the security protocol comma= nd to be sent. > > + @param PayloadBufferSize Size in bytes of the payload d= ata buffer. > > + @param PayloadBuffer A pointer to a destination buf= fer to store > > the security > > + protocol command specific payl= oad data for the > security > > + protocol command. The caller i= s responsible for having > > + either implicit or explicit ow= nership of the buffer. > > + @param PayloadTransferSize A pointer to a buffer to store= the size > in > > bytes of the > > + data written to the payload da= ta buffer. > > + > > + @retval EFI_SUCCESS The security protocol command > completed > > successfully. > > + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was > too > > small to store the available > > + data from the device. The Payl= oadBuffer contains the > > truncated data. > > + @retval EFI_UNSUPPORTED The given MediaId does not sup= port > > security protocol commands. > > + @retval EFI_DEVICE_ERROR The security protocol command > > completed with an error. > > + @retval EFI_NO_MEDIA There is no media in the devic= e. > > + @retval EFI_MEDIA_CHANGED The MediaId is not for the cur= rent > > media. > > + @retval EFI_INVALID_PARAMETER The PayloadBuffer or > > PayloadTransferSize is NULL and > > + PayloadBufferSize is non-zero. > > + @retval EFI_TIMEOUT A timeout occurred while waiti= ng for the > > security > > + protocol command to execute. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +ScsiDiskReceiveData ( > > + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, > > + IN UINT32 MediaId OPTIONAL, > > + IN UINT64 Timeout, > > + IN UINT8 SecurityProtocolId, > > + IN UINT16 SecurityProtocolSpecifi= cData, > > + IN UINTN PayloadBufferSize, > > + OUT VOID *PayloadBuffer, > > + OUT UINTN *PayloadTransferSize > > + ); > > + > > +/** > > + Send a security protocol command to a device. > > + > > + The SendData function sends a security protocol command containing > the > > payload > > + PayloadBuffer to the given MediaId. The security protocol command > sent > > is > > + defined by SecurityProtocolId and contains the security protocol sp= ecific > > data > > + SecurityProtocolSpecificData. If the underlying protocol command > requires > > a > > + specific padding for the command payload, the SendData function sha= ll > > add padding > > + bytes to the command payload to satisfy the padding requirements. > > + > > + For devices supporting the SCSI command set, the security protocol > > command is sent > > + using the SECURITY PROTOCOL OUT command defined in SPC-4. > > + > > + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the fun= ction > > shall > > + return EFI_INVALID_PARAMETER. > > + > > + If the given MediaId does not support security protocol commands, t= he > > function > > + shall return EFI_UNSUPPORTED. If there is no media in the device, t= he > > function > > + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current > media > > in the > > + device, the function returns EFI_MEDIA_CHANGED. > > + > > + If the security protocol fails to complete within the Timeout perio= d, the > > function > > + shall return EFI_TIMEOUT. > > + > > + If the security protocol command completes without an error, the > function > > shall return > > + EFI_SUCCESS. If the security protocol command completes with an err= or, > > the function > > + shall return EFI_DEVICE_ERROR. > > + > > + @param This Indicates a pointer to the cal= ling context. > > + @param MediaId ID of the medium to receive da= ta from. > > + @param Timeout The timeout, in 100ns units, t= o use for the > > execution > > + of the security protocol comma= nd. A Timeout value of > 0 > > + means that this function will = wait indefinitely for the > > + security protocol command to e= xecute. If Timeout is > > greater > > + than zero, then this function = will return EFI_TIMEOUT > if > > the > > + time required to execute the r= eceive data command is > > greater than Timeout. > > + @param SecurityProtocolId The value of the "Security Pro= tocol" > > parameter of > > + the security protocol command = to be sent. > > + @param SecurityProtocolSpecificData The value of the "Security > Protocol > > Specific" parameter > > + of the security protocol comma= nd to be sent. > > + @param PayloadBufferSize Size in bytes of the payload d= ata buffer. > > + @param PayloadBuffer A pointer to a destination buf= fer to store > > the security > > + protocol command specific payl= oad data for the > security > > + protocol command. > > + > > + @retval EFI_SUCCESS The security protocol command > completed > > successfully. > > + @retval EFI_UNSUPPORTED The given MediaId does not sup= port > > security protocol commands. > > + @retval EFI_DEVICE_ERROR The security protocol command > > completed with an error. > > + @retval EFI_NO_MEDIA There is no media in the devic= e. > > + @retval EFI_MEDIA_CHANGED The MediaId is not for the cur= rent > > media. > > + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and > > PayloadBufferSize is non-zero. > > + @retval EFI_TIMEOUT A timeout occurred while waiti= ng for the > > security > > + protocol command to execute. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +ScsiDiskSendData ( > > + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, > > + IN UINT32 MediaId OPTIONAL, > > + IN UINT64 Timeout, > > + IN UINT8 SecurityProtocolId, > > + IN UINT16 SecurityProtocolSpecifi= cData, > > + IN UINTN PayloadBufferSize, > > + OUT VOID *PayloadBuffer > > + ); > > + > > + > > /** > > Provides inquiry information for the controller type. > > > > @@ -1428,4 +1581,20 @@ DetermineInstallEraseBlock ( > > IN EFI_HANDLE ChildHandle > > ); > > > > +/** > > + Determine if EFI Storage Security Command Protocol should be produc= ed. > > + > > + @param ScsiDiskDevice The pointer of SCSI_DISK_DEV. > > + @param ChildHandle Handle of device. > > + > > + @retval TRUE Should produce EFI Storage Security Command Protoc= ol. > > + @retval FALSE Should not produce EFI Storage Security Command > > Protocol. > > + > > +**/ > > +BOOLEAN > > +DetermineInstallStorageSecurity ( > > + IN SCSI_DISK_DEV *ScsiDiskDevice, > > + IN EFI_HANDLE ChildHandle > > + ); > > + > > #endif > > diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c > > b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c > > index c4069aec0f..1caffd38cd 100644 > > --- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c > > +++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c > > @@ -2,7 +2,7 @@ > > SCSI Bus driver that layers on every SCSI Pass Thru and > > Extended SCSI Pass Thru protocol in the system. > > > > -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. > > +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -1368,7 +1368,8 @@ DiscoverScsiDevice ( > > goto Done; > > } > > > > - if (0x1e >=3D InquiryData->Peripheral_Type && InquiryData- > > >Peripheral_Type >=3D 0xa) { > > + if ((InquiryData->Peripheral_Type >=3D EFI_SCSI_TYPE_RESERVED_LOW) > && > > + (InquiryData->Peripheral_Type <=3D EFI_SCSI_TYPE_RESERVED_HIGH)= ) { > > ScsiDeviceFound =3D FALSE; > > goto Done; > > } > > diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c > > b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c > > index fbdf927a11..01d5ad4969 100644 > > --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c > > +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c > > @@ -1,7 +1,7 @@ > > /** @file > > SCSI disk driver that layers on every SCSI IO protocol in the syste= m. > > > > -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved. > > +Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved. > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -151,7 +151,9 @@ ScsiDiskDriverBindingSupported ( > > > > Status =3D ScsiIo->GetDeviceType (ScsiIo, &DeviceType); > > if (!EFI_ERROR (Status)) { > > - if ((DeviceType =3D=3D EFI_SCSI_TYPE_DISK) || (DeviceType =3D=3D > > EFI_SCSI_TYPE_CDROM)) { > > + if ((DeviceType =3D=3D EFI_SCSI_TYPE_DISK) || > > + (DeviceType =3D=3D EFI_SCSI_TYPE_CDROM) || > > + (DeviceType =3D=3D EFI_SCSI_TYPE_WLUN)) { > > Status =3D EFI_SUCCESS; > > } else { > > Status =3D EFI_UNSUPPORTED; > > @@ -238,6 +240,8 @@ ScsiDiskDriverBindingStart ( > > ScsiDiskDevice->BlkIo2.ReadBlocksEx =3D ScsiDiskReadB= locksEx; > > ScsiDiskDevice->BlkIo2.WriteBlocksEx =3D ScsiDiskWrite= BlocksEx; > > ScsiDiskDevice->BlkIo2.FlushBlocksEx =3D ScsiDiskFlush= BlocksEx; > > + ScsiDiskDevice->StorageSecurity.ReceiveData =3D ScsiDiskRecei= veData; > > + ScsiDiskDevice->StorageSecurity.SendData =3D ScsiDiskSendD= ata; > > ScsiDiskDevice->EraseBlock.Revision =3D > > EFI_ERASE_BLOCK_PROTOCOL_REVISION; > > ScsiDiskDevice->EraseBlock.EraseLengthGranularity =3D 1; > > ScsiDiskDevice->EraseBlock.EraseBlocks =3D ScsiDiskErase= Blocks; > > @@ -258,6 +262,10 @@ ScsiDiskDriverBindingStart ( > > ScsiDiskDevice->BlkIo.Media->ReadOnly =3D TRUE; > > MustReadCapacity =3D FALSE; > > break; > > + > > + case EFI_SCSI_TYPE_WLUN: > > + MustReadCapacity =3D FALSE; > > + break; > > } > > // > > // The Sense Data Array's initial size is 6 > > @@ -309,8 +317,8 @@ ScsiDiskDriverBindingStart ( > > // Determine if Block IO & Block IO2 should be produced on this > controller > > // handle > > // > > - if (DetermineInstallBlockIo(Controller)) { > > - InitializeInstallDiskInfo(ScsiDiskDevice, Controller); > > + if (DetermineInstallBlockIo (Controller)) { > > + InitializeInstallDiskInfo (ScsiDiskDevice, Controller); > > Status =3D gBS->InstallMultipleProtocolInterfaces ( > > &Controller, > > &gEfiBlockIoProtocolGuid, > > @@ -321,16 +329,27 @@ ScsiDiskDriverBindingStart ( > > &ScsiDiskDevice->DiskInfo, > > NULL > > ); > > - if (!EFI_ERROR(Status)) { > > - if (DetermineInstallEraseBlock(ScsiDiskDevice, Controller)) { > > + if (!EFI_ERROR (Status)) { > > + if (DetermineInstallEraseBlock (ScsiDiskDevice, Controller)) = { > > Status =3D gBS->InstallProtocolInterface ( > > &Controller, > > &gEfiEraseBlockProtocolGuid, > > EFI_NATIVE_INTERFACE, > > &ScsiDiskDevice->EraseBlock > > ); > > - if (EFI_ERROR(Status)) { > > - DEBUG ((EFI_D_ERROR, "ScsiDisk: Failed to install the Era= se Block > > Protocol! Status =3D %r\n", Status)); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "ScsiDisk: Failed to install the Era= se Block > > Protocol! Status =3D %r\n", Status)); > > + } > > + } > > + if (DetermineInstallStorageSecurity (ScsiDiskDevice, Controll= er)) { > > + Status =3D gBS->InstallProtocolInterface ( > > + &Controller, > > + &gEfiStorageSecurityCommandProtocolGuid, > > + EFI_NATIVE_INTERFACE, > > + &ScsiDiskDevice->StorageSecurity > > + ); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "ScsiDisk: Failed to install the Sto= rage > > Security Command Protocol! Status =3D %r\n", Status)); > > } > > } > > ScsiDiskDevice->ControllerNameTable =3D NULL; > > @@ -606,6 +625,11 @@ ScsiDiskReadBlocks ( > > // > > BlockSize =3D Media->BlockSize; > > > > + if (BlockSize =3D=3D 0) { > > + Status =3D EFI_UNSUPPORTED; > > + goto Done; > > + } > > + > > NumberOfBlocks =3D BufferSize / BlockSize; > > > > if (!(Media->MediaPresent)) { > > @@ -742,6 +766,11 @@ ScsiDiskWriteBlocks ( > > // > > BlockSize =3D Media->BlockSize; > > > > + if (BlockSize =3D=3D 0) { > > + Status =3D EFI_UNSUPPORTED; > > + goto Done; > > + } > > + > > NumberOfBlocks =3D BufferSize / BlockSize; > > > > if (!(Media->MediaPresent)) { > > @@ -968,6 +997,11 @@ ScsiDiskReadBlocksEx ( > > // > > BlockSize =3D Media->BlockSize; > > > > + if (BlockSize =3D=3D 0) { > > + Status =3D EFI_UNSUPPORTED; > > + goto Done; > > + } > > + > > NumberOfBlocks =3D BufferSize / BlockSize; > > > > if (!(Media->MediaPresent)) { > > @@ -1131,6 +1165,11 @@ ScsiDiskWriteBlocksEx ( > > // > > BlockSize =3D Media->BlockSize; > > > > + if (BlockSize =3D=3D 0) { > > + Status =3D EFI_UNSUPPORTED; > > + goto Done; > > + } > > + > > NumberOfBlocks =3D BufferSize / BlockSize; > > > > if (!(Media->MediaPresent)) { > > @@ -1708,6 +1747,393 @@ Done: > > return Status; > > } > > > > +/** > > + Send a security protocol command to a device that receives data and= /or > > the result > > + of one or more commands sent by SendData. > > + > > + The ReceiveData function sends a security protocol command to the > given > > MediaId. > > + The security protocol command sent is defined by SecurityProtocolId= and > > contains > > + the security protocol specific data SecurityProtocolSpecificData. T= he > > function > > + returns the data from the security protocol command in PayloadBuffe= r. > > + > > + For devices supporting the SCSI command set, the security protocol > > command is sent > > + using the SECURITY PROTOCOL IN command defined in SPC-4. > > + > > + If PayloadBufferSize is too small to store the available data from = the > > security > > + protocol command, the function shall copy PayloadBufferSize bytes i= nto > > the > > + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. > > + > > + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSi= ze is > > non-zero, > > + the function shall return EFI_INVALID_PARAMETER. > > + > > + If the given MediaId does not support security protocol commands, t= he > > function shall > > + return EFI_UNSUPPORTED. If there is no media in the device, the > function > > returns > > + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in= the > > device, > > + the function returns EFI_MEDIA_CHANGED. > > + > > + If the security protocol fails to complete within the Timeout perio= d, the > > function > > + shall return EFI_TIMEOUT. > > + > > + If the security protocol command completes without an error, the > function > > shall > > + return EFI_SUCCESS. If the security protocol command completes with > an > > error, the > > + function shall return EFI_DEVICE_ERROR. > > + > > + @param This Indicates a pointer to the cal= ling context. > > + @param MediaId ID of the medium to receive da= ta from. > > + @param Timeout The timeout, in 100ns units, t= o use for the > > execution > > + of the security protocol comma= nd. A Timeout value of > 0 > > + means that this function will = wait indefinitely for the > > + security protocol command to e= xecute. If Timeout is > > greater > > + than zero, then this function = will return EFI_TIMEOUT > if > > the > > + time required to execute the r= eceive data command is > > greater than Timeout. > > + @param SecurityProtocolId The value of the "Security Pro= tocol" > > parameter of > > + the security protocol command = to be sent. > > + @param SecurityProtocolSpecificData The value of the "Security > Protocol > > Specific" parameter > > + of the security protocol comma= nd to be sent. > > + @param PayloadBufferSize Size in bytes of the payload d= ata buffer. > > + @param PayloadBuffer A pointer to a destination buf= fer to store > > the security > > + protocol command specific payl= oad data for the > security > > + protocol command. The caller i= s responsible for having > > + either implicit or explicit ow= nership of the buffer. > > + @param PayloadTransferSize A pointer to a buffer to store= the size > in > > bytes of the > > + data written to the payload da= ta buffer. > > + > > + @retval EFI_SUCCESS The security protocol command > completed > > successfully. > > + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was > too > > small to store the available > > + data from the device. The Payl= oadBuffer contains the > > truncated data. > > + @retval EFI_UNSUPPORTED The given MediaId does not sup= port > > security protocol commands. > > + @retval EFI_DEVICE_ERROR The security protocol command > > completed with an error. > > + @retval EFI_NO_MEDIA There is no media in the devic= e. > > + @retval EFI_MEDIA_CHANGED The MediaId is not for the cur= rent > > media. > > + @retval EFI_INVALID_PARAMETER The PayloadBuffer or > > PayloadTransferSize is NULL and > > + PayloadBufferSize is non-zero. > > + @retval EFI_TIMEOUT A timeout occurred while waiti= ng for the > > security > > + protocol command to execute. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +ScsiDiskReceiveData ( > > + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, > > + IN UINT32 MediaId OPTIONAL, > > + IN UINT64 Timeout, > > + IN UINT8 SecurityProtocolId, > > + IN UINT16 SecurityProtocolSpecifi= cData, > > + IN UINTN PayloadBufferSize, > > + OUT VOID *PayloadBuffer, > > + OUT UINTN *PayloadTransferSize > > + ) > > +{ > > + SCSI_DISK_DEV *ScsiDiskDevice; > > + EFI_BLOCK_IO_MEDIA *Media; > > + EFI_STATUS Status; > > + BOOLEAN MediaChange; > > + EFI_TPL OldTpl; > > + UINT8 SenseDataLength; > > + UINT8 HostAdapterStatus; > > + UINT8 TargetStatus; > > + VOID *AlignedBuffer; > > + BOOLEAN AlignedBufferAllocated; > > + > > + AlignedBuffer =3D NULL; > > + MediaChange =3D FALSE; > > + AlignedBufferAllocated =3D FALSE; > > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > > + ScsiDiskDevice =3D SCSI_DISK_DEV_FROM_STORSEC (This); > > + Media =3D ScsiDiskDevice->BlkIo.Media; > > + > > + SenseDataLength =3D (UINT8) (ScsiDiskDevice->SenseDataNumber * size= of > > (EFI_SCSI_SENSE_DATA)); > > + > > + if (!DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevic= e- > > >Handle)) { > > + Status =3D EFI_UNSUPPORTED; > > + goto Done; > > + } >=20 >=20 > I think the above 'if' statement is not needed, and should be placed > within the below 'if' statement when handling media change: >=20 > if (MediaChange) {...} >=20 > (Similar case to ScsiDiskSendData().) >=20 > > + > > + if (!IS_DEVICE_FIXED (ScsiDiskDevice)) { > > + Status =3D ScsiDiskDetectMedia (ScsiDiskDevice, FALSE, &MediaChan= ge); > > + if (EFI_ERROR (Status)) { > > + Status =3D EFI_DEVICE_ERROR; > > + goto Done; > > + } > > + > > + if (MediaChange) { > > + gBS->ReinstallProtocolInterface ( > > + ScsiDiskDevice->Handle, > > + &gEfiStorageSecurityCommandProtocolGuid, > > + &ScsiDiskDevice->StorageSecurity, > > + &ScsiDiskDevice->StorageSecurity > > + ); >=20 >=20 > The BlockIO(2) & EraseBlocks (if supported) should be reinstalled as wel= l. >=20 > (Similar case to ScsiDiskSendData().) >=20 >=20 > > + if (Media->MediaPresent) { > > + Status =3D EFI_MEDIA_CHANGED; > > + } else { > > + Status =3D EFI_NO_MEDIA; > > + } > > + goto Done; > > + } > > + } > > + > > + // > > + // Validate Media > > + // > > + if (!(Media->MediaPresent)) { > > + Status =3D EFI_NO_MEDIA; > > + goto Done; > > + } > > + > > + if ((MediaId !=3D 0) && (MediaId !=3D Media->MediaId)) { > > + Status =3D EFI_MEDIA_CHANGED; > > + goto Done; > > + } > > + > > + if (PayloadBufferSize !=3D 0) { > > + if ((PayloadBuffer =3D=3D NULL) || (PayloadTransferSize =3D=3D NU= LL)) { > > + Status =3D EFI_INVALID_PARAMETER; > > + goto Done; > > + } > > + > > + if ((ScsiDiskDevice->ScsiIo->IoAlign > 1) && !IS_ALIGNED (Payload= Buffer, > > ScsiDiskDevice->ScsiIo->IoAlign)) { > > + AlignedBuffer =3D AllocateAlignedBuffer (ScsiDiskDevice, > > PayloadBufferSize); > > + if (AlignedBuffer =3D=3D NULL) { > > + Status =3D EFI_OUT_OF_RESOURCES; > > + goto Done; > > + } > > + ZeroMem (AlignedBuffer, PayloadBufferSize); > > + AlignedBufferAllocated =3D TRUE; > > + } else { > > + AlignedBuffer =3D PayloadBuffer; > > + } > > + } > > + > > + Status =3D ScsiSecurityProtocolInCommand ( > > + ScsiDiskDevice->ScsiIo, > > + Timeout, > > + ScsiDiskDevice->SenseData, > > + &SenseDataLength, > > + &HostAdapterStatus, > > + &TargetStatus, > > + SecurityProtocolId, > > + SecurityProtocolSpecificData, > > + (UINT32) PayloadBufferSize, > > + AlignedBuffer, > > + (UINT32 *) PayloadTransferSize > > + ); > > + if (EFI_ERROR (Status)) { > > + goto Done; > > + } > > + > > + if (AlignedBufferAllocated) { > > + CopyMem (PayloadBuffer, AlignedBuffer, PayloadBufferSize); > > + } > > + > > + if (PayloadBufferSize < *PayloadTransferSize) { > > + Status =3D EFI_WARN_BUFFER_TOO_SMALL; > > + goto Done; > > + } > > + > > + Status =3D CheckHostAdapterStatus (HostAdapterStatus); > > + if (EFI_ERROR (Status)) { > > + goto Done; > > + } > > + > > + Status =3D CheckTargetStatus (TargetStatus); > > + if (EFI_ERROR (Status)) { > > + goto Done; > > + } > > + > > +Done: > > + if (AlignedBufferAllocated) { >=20 >=20 > IMO, the content in 'AlignedBuffer' should be wiped out, since it might > contain sensitive information. SSC protocol user can control the data in > 'PayloadBuffer' but not in 'AlignedBuffer'. >=20 >=20 > > + FreeAlignedBuffer (AlignedBuffer, PayloadBufferSize); > > + } > > + gBS->RestoreTPL (OldTpl); > > + return Status; > > +} > > + > > +/** > > + Send a security protocol command to a device. > > + > > + The SendData function sends a security protocol command containing > the > > payload > > + PayloadBuffer to the given MediaId. The security protocol command > sent > > is > > + defined by SecurityProtocolId and contains the security protocol sp= ecific > > data > > + SecurityProtocolSpecificData. If the underlying protocol command > requires > > a > > + specific padding for the command payload, the SendData function sha= ll > > add padding > > + bytes to the command payload to satisfy the padding requirements. > > + > > + For devices supporting the SCSI command set, the security protocol > > command is sent > > + using the SECURITY PROTOCOL OUT command defined in SPC-4. > > + > > + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the fun= ction > > shall > > + return EFI_INVALID_PARAMETER. > > + > > + If the given MediaId does not support security protocol commands, t= he > > function > > + shall return EFI_UNSUPPORTED. If there is no media in the device, t= he > > function > > + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current > media > > in the > > + device, the function returns EFI_MEDIA_CHANGED. > > + > > + If the security protocol fails to complete within the Timeout perio= d, the > > function > > + shall return EFI_TIMEOUT. > > + > > + If the security protocol command completes without an error, the > function > > shall return > > + EFI_SUCCESS. If the security protocol command completes with an err= or, > > the function > > + shall return EFI_DEVICE_ERROR. > > + > > + @param This Indicates a pointer to the cal= ling context. > > + @param MediaId ID of the medium to receive da= ta from. > > + @param Timeout The timeout, in 100ns units, t= o use for the > > execution > > + of the security protocol comma= nd. A Timeout value of > 0 > > + means that this function will = wait indefinitely for the > > + security protocol command to e= xecute. If Timeout is > > greater > > + than zero, then this function = will return EFI_TIMEOUT > if > > the > > + time required to execute the r= eceive data command is > > greater than Timeout. > > + @param SecurityProtocolId The value of the "Security Pro= tocol" > > parameter of > > + the security protocol command = to be sent. > > + @param SecurityProtocolSpecificData The value of the "Security > Protocol > > Specific" parameter > > + of the security protocol comma= nd to be sent. > > + @param PayloadBufferSize Size in bytes of the payload d= ata buffer. > > + @param PayloadBuffer A pointer to a destination buf= fer to store > > the security > > + protocol command specific payl= oad data for the > security > > + protocol command. > > + > > + @retval EFI_SUCCESS The security protocol command > completed > > successfully. > > + @retval EFI_UNSUPPORTED The given MediaId does not sup= port > > security protocol commands. > > + @retval EFI_DEVICE_ERROR The security protocol command > > completed with an error. > > + @retval EFI_NO_MEDIA There is no media in the devic= e. > > + @retval EFI_MEDIA_CHANGED The MediaId is not for the cur= rent > > media. > > + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and > > PayloadBufferSize is non-zero. > > + @retval EFI_TIMEOUT A timeout occurred while waiti= ng for the > > security > > + protocol command to execute. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +ScsiDiskSendData ( > > + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, > > + IN UINT32 MediaId OPTIONAL, > > + IN UINT64 Timeout, > > + IN UINT8 SecurityProtocolId, > > + IN UINT16 SecurityProtocolSpecifi= cData, > > + IN UINTN PayloadBufferSize, > > + OUT VOID *PayloadBuffer > > + ) > > +{ > > + SCSI_DISK_DEV *ScsiDiskDevice; > > + EFI_BLOCK_IO_MEDIA *Media; > > + EFI_STATUS Status; > > + BOOLEAN MediaChange; > > + EFI_TPL OldTpl; > > + UINT8 SenseDataLength; > > + UINT8 HostAdapterStatus; > > + UINT8 TargetStatus; > > + VOID *AlignedBuffer; > > + BOOLEAN AlignedBufferAllocated; > > + > > + AlignedBuffer =3D NULL; > > + MediaChange =3D FALSE; > > + AlignedBufferAllocated =3D FALSE; > > + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); > > + ScsiDiskDevice =3D SCSI_DISK_DEV_FROM_STORSEC (This); > > + Media =3D ScsiDiskDevice->BlkIo.Media; > > + > > + SenseDataLength =3D (UINT8) (ScsiDiskDevice->SenseDataNumber * size= of > > (EFI_SCSI_SENSE_DATA)); > > + > > + if (!DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevic= e- > > >Handle)) { > > + Status =3D EFI_UNSUPPORTED; > > + goto Done; > > + } > > + > > + if (!IS_DEVICE_FIXED (ScsiDiskDevice)) { > > + Status =3D ScsiDiskDetectMedia (ScsiDiskDevice, FALSE, &MediaChan= ge); > > + if (EFI_ERROR (Status)) { > > + Status =3D EFI_DEVICE_ERROR; > > + goto Done; > > + } > > + > > + if (MediaChange) { > > + gBS->ReinstallProtocolInterface ( > > + ScsiDiskDevice->Handle, > > + &gEfiStorageSecurityCommandProtocolGuid, > > + &ScsiDiskDevice->StorageSecurity, > > + &ScsiDiskDevice->StorageSecurity > > + ); > > + if (Media->MediaPresent) { > > + Status =3D EFI_MEDIA_CHANGED; > > + } else { > > + Status =3D EFI_NO_MEDIA; > > + } > > + goto Done; > > + } > > + } > > + > > + // > > + // Validate Media > > + // > > + if (!(Media->MediaPresent)) { > > + Status =3D EFI_NO_MEDIA; > > + goto Done; > > + } > > + > > + if ((MediaId !=3D 0) && (MediaId !=3D Media->MediaId)) { > > + Status =3D EFI_MEDIA_CHANGED; > > + goto Done; > > + } > > + > > + if (Media->ReadOnly) { > > + Status =3D EFI_WRITE_PROTECTED; > > + goto Done; > > + } > > + > > + if (PayloadBufferSize !=3D 0) { > > + if (PayloadBuffer =3D=3D NULL) { > > + Status =3D EFI_INVALID_PARAMETER; > > + goto Done; > > + } > > + > > + if ((ScsiDiskDevice->ScsiIo->IoAlign > 1) && !IS_ALIGNED (Payload= Buffer, > > ScsiDiskDevice->ScsiIo->IoAlign)) { > > + AlignedBuffer =3D AllocateAlignedBuffer (ScsiDiskDevice, > > PayloadBufferSize); > > + if (AlignedBuffer =3D=3D NULL) { > > + Status =3D EFI_OUT_OF_RESOURCES; > > + goto Done; > > + } > > + CopyMem (AlignedBuffer, PayloadBuffer, PayloadBufferSize); > > + AlignedBufferAllocated =3D TRUE; > > + } else { > > + AlignedBuffer =3D PayloadBuffer; > > + } > > + } > > + > > + Status =3D ScsiSecurityProtocolOutCommand ( > > + ScsiDiskDevice->ScsiIo, > > + Timeout, > > + ScsiDiskDevice->SenseData, > > + &SenseDataLength, > > + &HostAdapterStatus, > > + &TargetStatus, > > + SecurityProtocolId, > > + SecurityProtocolSpecificData, > > + (UINT32) PayloadBufferSize, > > + AlignedBuffer > > + ); > > + if (EFI_ERROR (Status)) { > > + goto Done; > > + } > > + > > + Status =3D CheckHostAdapterStatus (HostAdapterStatus); > > + if (EFI_ERROR (Status)) { > > + goto Done; > > + } > > + > > + Status =3D CheckTargetStatus (TargetStatus); > > + if (EFI_ERROR (Status)) { > > + goto Done; > > + } > > + > > +Done: > > + if (AlignedBufferAllocated) { >=20 >=20 > IMO, the content in 'AlignedBuffer' should be wiped out, since it might > contain sensitive information. SSC protocol user can control the data in > 'PayloadBuffer' but not in 'AlignedBuffer'. >=20 >=20 > > + FreeAlignedBuffer (AlignedBuffer, PayloadBufferSize); > > + } > > + gBS->RestoreTPL (OldTpl); > > + return Status; > > +} > > + > > > > /** > > Detect Device and read out capacity ,if error occurs, parse the sen= se key. > > @@ -2261,6 +2687,8 @@ ScsiDiskTestUnitReady ( > > return EFI_DEVICE_ERROR; > > } > > > > + ScsiDiskDevice->BlkIo.Media->MediaPresent =3D TRUE; > > + > > if (SenseDataLength !=3D 0) { > > *NumberOfSenseKeys =3D SenseDataLength / sizeof > > (EFI_SCSI_SENSE_DATA); > > *SenseDataArray =3D ScsiDiskDevice->SenseData; > > @@ -2315,13 +2743,12 @@ DetectMediaParsingSenseKeys ( > > BOOLEAN RetryLater; > > > > // > > - // Default is to read capacity, unless.. > > + // Default is no action > > // > > - *Action =3D ACTION_READ_CAPACITY; > > + *Action =3D ACTION_NO_ACTION; > > > > if (NumberOfSenseKeys =3D=3D 0) { > > if (ScsiDiskDevice->BlkIo.Media->MediaPresent =3D=3D TRUE) { > > - *Action =3D ACTION_NO_ACTION; > > } >=20 >=20 > I do not think the behavior is the same after the patch. > Can it be: >=20 > if (NumberOfSenseKeys =3D=3D 0) { > if (!ScsiDiskDevice->BlkIo.Media->MediaPresent) { > *Action =3D ACTION_READ_CAPACITY; > } > return EFI_SUCCESS; > } >=20 >=20 > > return EFI_SUCCESS; > > } > > @@ -2331,7 +2758,6 @@ DetectMediaParsingSenseKeys ( > > // No Sense Key returned from last submitted command > > // > > if (ScsiDiskDevice->BlkIo.Media->MediaPresent =3D=3D TRUE) { > > - *Action =3D ACTION_NO_ACTION; > > } >=20 >=20 > I do not think the behavior is the same after the patch. > Can it be: >=20 > if (!ScsiDiskHaveSenseKey (SenseData, NumberOfSenseKeys)) { > // > // No Sense Key returned from last submitted command > // > if (!ScsiDiskDevice->BlkIo.Media->MediaPresent) { > *Action =3D ACTION_READ_CAPACITY; > } > return EFI_SUCCESS; > } >=20 >=20 > Best Regards, > Hao Wu >=20 >=20 > > return EFI_SUCCESS; > > } > > @@ -2339,13 +2765,13 @@ DetectMediaParsingSenseKeys ( > > if (ScsiDiskIsNoMedia (SenseData, NumberOfSenseKeys)) { > > ScsiDiskDevice->BlkIo.Media->MediaPresent =3D FALSE; > > ScsiDiskDevice->BlkIo.Media->LastBlock =3D 0; > > - *Action =3D ACTION_NO_ACTION; > > DEBUG ((EFI_D_VERBOSE, "ScsiDisk: ScsiDiskIsNoMedia\n")); > > return EFI_SUCCESS; > > } > > > > if (ScsiDiskIsMediaChange (SenseData, NumberOfSenseKeys)) { > > ScsiDiskDevice->BlkIo.Media->MediaId++; > > + *Action =3D ACTION_READ_CAPACITY; > > DEBUG ((EFI_D_VERBOSE, "ScsiDisk: ScsiDiskIsMediaChange!\n")); > > return EFI_SUCCESS; > > } > > @@ -2374,7 +2800,6 @@ DetectMediaParsingSenseKeys ( > > DEBUG ((EFI_D_VERBOSE, "ScsiDisk: ScsiDiskDriveNotReady!\n")); > > return EFI_SUCCESS; > > } > > - *Action =3D ACTION_NO_ACTION; > > return EFI_DEVICE_ERROR; > > } > > > > @@ -2808,8 +3233,6 @@ GetMediaInfo ( > > } > > } > > } > > - > > - ScsiDiskDevice->BlkIo.Media->MediaPresent =3D TRUE; > > } > > > > /** > > @@ -5358,6 +5781,14 @@ DetermineInstallEraseBlock ( > > RetVal =3D TRUE; > > CapacityData16 =3D NULL; > > > > + // > > + // UNMAP command is not supported by any of the UFS WLUNs. > > + // > > + if (ScsiDiskDevice->DeviceType =3D=3D EFI_SCSI_TYPE_WLUN) { > > + RetVal =3D FALSE; > > + goto Done; > > + } > > + > > Status =3D gBS->HandleProtocol ( > > ChildHandle, > > &gEfiDevicePathProtocolGuid, > > @@ -5460,6 +5891,65 @@ Done: > > return RetVal; > > } > > > > +/** > > + Determine if EFI Storage Security Command Protocol should be produc= ed. > > + > > + @param ScsiDiskDevice The pointer of SCSI_DISK_DEV. > > + @param ChildHandle Handle of device. > > + > > + @retval TRUE Should produce EFI Storage Security Command Protoc= ol. > > + @retval FALSE Should not produce EFI Storage Security Command > > Protocol. > > + > > +**/ > > +BOOLEAN > > +DetermineInstallStorageSecurity ( > > + IN SCSI_DISK_DEV *ScsiDiskDevice, > > + IN EFI_HANDLE ChildHandle > > + ) > > +{ > > + EFI_STATUS Status; > > + UFS_DEVICE_PATH *UfsDevice; > > + BOOLEAN RetVal; > > + EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; > > + > > + UfsDevice =3D NULL; > > + RetVal =3D TRUE; > > + > > + Status =3D gBS->HandleProtocol ( > > + ChildHandle, > > + &gEfiDevicePathProtocolGuid, > > + (VOID **) &DevicePathNode > > + ); > > + // > > + // Device Path protocol must be installed on the device handle. > > + // > > + ASSERT_EFI_ERROR (Status); > > + > > + while (!IsDevicePathEndType (DevicePathNode)) { > > + // > > + // For now, only support Storage Security Command Protocol on UFS > > devices. > > + // > > + if ((DevicePathNode->Type =3D=3D MESSAGING_DEVICE_PATH) && > > + (DevicePathNode->SubType =3D=3D MSG_UFS_DP)) { > > + UfsDevice =3D (UFS_DEVICE_PATH *) DevicePathNode; > > + break; > > + } > > + > > + DevicePathNode =3D NextDevicePathNode (DevicePathNode); > > + } > > + if (UfsDevice =3D=3D NULL) { > > + RetVal =3D FALSE; > > + goto Done; > > + } > > + > > + if (UfsDevice->Lun !=3D UFS_WLUN_RPMB) { > > + RetVal =3D FALSE; > > + } > > + > > +Done: > > + return RetVal; > > +} > > + > > /** > > Provides inquiry information for the controller type. > > > > diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c > > b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c > > index 1518b251d8..0bb67f2ddc 100644 > > --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c > > +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c > > @@ -1,6 +1,6 @@ > > /** @file > > > > - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<= BR> > > + Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<= BR> > > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -819,7 +819,9 @@ UfsPassThruDriverBindingStart ( > > UINTN UfsHcBase; > > UINT32 Index; > > UFS_UNIT_DESC UnitDescriptor; > > + UFS_DEV_DESC DeviceDescriptor; > > UINT32 UnitDescriptorSize; > > + UINT32 DeviceDescriptorSize; > > > > Status =3D EFI_SUCCESS; > > UfsHc =3D NULL; > > @@ -894,7 +896,6 @@ UfsPassThruDriverBindingStart ( > > > > // > > // Check if 8 common luns are active and set corresponding bit mask= . > > - // TODO: Parse device descriptor to decide if exposing RPMB LUN to > upper > > layer for authentication access. > > // > > UnitDescriptorSize =3D sizeof (UFS_UNIT_DESC); > > for (Index =3D 0; Index < 8; Index++) { > > @@ -909,6 +910,20 @@ UfsPassThruDriverBindingStart ( > > } > > } > > > > + // > > + // Check if RPMB WLUN is supported and set corresponding bit mask. > > + // > > + DeviceDescriptorSize =3D sizeof (UFS_DEV_DESC); > > + Status =3D UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, > > &DeviceDescriptor, &DeviceDescriptorSize); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status > =3D %r\n", > > Status)); > > + } else { > > + if (DeviceDescriptor.SecurityLun =3D=3D 0x1) { > > + DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n")); > > + Private->Luns.BitMask |=3D BIT11; > > + } > > + } > > + > > // > > // Start the asynchronous interrupt monitor > > // > > -- > > 2.16.2.windows.1 > > > > > >=20