* [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
@ 2020-10-15 7:14 Maggie Chu
2020-10-15 12:51 ` Yao, Jiewen
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Maggie Chu @ 2020-10-15 7:14 UTC (permalink / raw)
To: devel; +Cc: Maggie Chu, Eric Dong, Jian J Wang, Jiewen Yao, Qi Zhang,
Rahul Kumar
From: Maggie Chu <maggie.chu@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=3004
Secure erase is performed by generating a new encryption key,
this is only available if encryption is supported.
This commit will hide "secure erase" option from setup page
if connected device doesn't support encryption.
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index b5b6aec98c..bf5e374163 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
// Secure erase is performed by generating a new encryption key
// this is only available if encryption is supported
//
- AvalDiskActions->SecureErase = 1;
+ if (SupportedAttributes->MediaEncryption) {
+ AvalDiskActions->SecureErase = 1;
+ } else {
+ AvalDiskActions->SecureErase = 0;
+ }
} else {
AvalDiskActions->PsidRevert = 0;
AvalDiskActions->SecureErase = 0;
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
2020-10-15 7:14 [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Maggie Chu
@ 2020-10-15 12:51 ` Yao, Jiewen
2020-10-16 0:05 ` Dong, Eric
2020-10-23 23:05 ` Yao, Jiewen
2 siblings, 0 replies; 4+ messages in thread
From: Yao, Jiewen @ 2020-10-15 12:51 UTC (permalink / raw)
To: Chu, Maggie, devel@edk2.groups.io
Cc: Dong, Eric, Wang, Jian J, Zhang, Qi1, Kumar, Rahul1
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Chu, Maggie <maggie.chu@intel.com>
> Sent: Thursday, October 15, 2020 3:15 PM
> To: devel@edk2.groups.io
> Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if
> encryption is supported
>
> From: Maggie Chu <maggie.chu@intel.com>
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=3004
>
> Secure erase is performed by generating a new encryption key,
> this is only available if encryption is supported.
> This commit will hide "secure erase" option from setup page
> if connected device doesn't support encryption.
>
> Signed-off-by: Maggie Chu <maggie.chu@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> ---
> SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> index b5b6aec98c..bf5e374163 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
> // Secure erase is performed by generating a new encryption key
>
> // this is only available if encryption is supported
>
> //
>
> - AvalDiskActions->SecureErase = 1;
>
> + if (SupportedAttributes->MediaEncryption) {
>
> + AvalDiskActions->SecureErase = 1;
>
> + } else {
>
> + AvalDiskActions->SecureErase = 0;
>
> + }
>
> } else {
>
> AvalDiskActions->PsidRevert = 0;
>
> AvalDiskActions->SecureErase = 0;
>
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
2020-10-15 7:14 [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Maggie Chu
2020-10-15 12:51 ` Yao, Jiewen
@ 2020-10-16 0:05 ` Dong, Eric
2020-10-23 23:05 ` Yao, Jiewen
2 siblings, 0 replies; 4+ messages in thread
From: Dong, Eric @ 2020-10-16 0:05 UTC (permalink / raw)
To: Chu, Maggie, devel@edk2.groups.io
Cc: Wang, Jian J, Yao, Jiewen, Zhang, Qi1, Kumar, Rahul1
Reviewed-by: Eric Dong <eric.dong@intel.com>
-----Original Message-----
From: Chu, Maggie <maggie.chu@intel.com>
Sent: Thursday, October 15, 2020 3:15 PM
To: devel@edk2.groups.io
Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
From: Maggie Chu <maggie.chu@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=3004
Secure erase is performed by generating a new encryption key,
this is only available if encryption is supported.
This commit will hide "secure erase" option from setup page
if connected device doesn't support encryption.
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index b5b6aec98c..bf5e374163 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
// Secure erase is performed by generating a new encryption key
// this is only available if encryption is supported
//
- AvalDiskActions->SecureErase = 1;
+ if (SupportedAttributes->MediaEncryption) {
+ AvalDiskActions->SecureErase = 1;
+ } else {
+ AvalDiskActions->SecureErase = 0;
+ }
} else {
AvalDiskActions->PsidRevert = 0;
AvalDiskActions->SecureErase = 0;
--
2.16.2.windows.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
2020-10-15 7:14 [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Maggie Chu
2020-10-15 12:51 ` Yao, Jiewen
2020-10-16 0:05 ` Dong, Eric
@ 2020-10-23 23:05 ` Yao, Jiewen
2 siblings, 0 replies; 4+ messages in thread
From: Yao, Jiewen @ 2020-10-23 23:05 UTC (permalink / raw)
To: Chu, Maggie, devel@edk2.groups.io
Cc: Dong, Eric, Wang, Jian J, Zhang, Qi1, Kumar, Rahul1, Yao, Jiewen
Thanks Maggie.
My feeling is that it is weird and unnecessary to put MediaEncryption check under (PyriteSscV2 || MediaEncryption)
===============
if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) {
if (SupportedAttributes->MediaEncryption) {
}
}
===============
Is that necessary to check PyriteSscV2 for SecureErase ?
If it is not needed, can we write code in below way to make logic clear?
===============
if (SupportedAttributes->PyriteSscV2) {
...
} else {
...
}
if (SupportedAttributes->MediaEncryption) {
...
} else {
...
}
===============
> -----Original Message-----
> From: Chu, Maggie <maggie.chu@intel.com>
> Sent: Thursday, October 15, 2020 3:15 PM
> To: devel@edk2.groups.io
> Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if
> encryption is supported
>
> From: Maggie Chu <maggie.chu@intel.com>
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=3004
>
> Secure erase is performed by generating a new encryption key,
> this is only available if encryption is supported.
> This commit will hide "secure erase" option from setup page
> if connected device doesn't support encryption.
>
> Signed-off-by: Maggie Chu <maggie.chu@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> ---
> SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> index b5b6aec98c..bf5e374163 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
> // Secure erase is performed by generating a new encryption key
>
> // this is only available if encryption is supported
>
> //
>
> - AvalDiskActions->SecureErase = 1;
>
> + if (SupportedAttributes->MediaEncryption) {
>
> + AvalDiskActions->SecureErase = 1;
>
> + } else {
>
> + AvalDiskActions->SecureErase = 0;
>
> + }
>
> } else {
>
> AvalDiskActions->PsidRevert = 0;
>
> AvalDiskActions->SecureErase = 0;
>
> --
> 2.16.2.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-10-23 23:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-10-15 7:14 [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Maggie Chu
2020-10-15 12:51 ` Yao, Jiewen
2020-10-16 0:05 ` Dong, Eric
2020-10-23 23:05 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox