public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Chu, Maggie" <maggie.chu@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Dong, Eric" <eric.dong@intel.com>,
	"Wang, Jian J" <jian.j.wang@intel.com>,
	"Zhang, Qi1" <qi1.zhang@intel.com>,
	"Kumar, Rahul1" <rahul1.kumar@intel.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>
Subject: Re: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported
Date: Fri, 23 Oct 2020 23:05:30 +0000	[thread overview]
Message-ID: <CY4PR11MB12880ADD923BBE2F8B94FC578C1A0@CY4PR11MB1288.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20201015071442.955-1-Maggie.Chu@intel.com>

Thanks Maggie.

My feeling is that it is weird and unnecessary to put MediaEncryption check under (PyriteSscV2 || MediaEncryption)
===============
if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) {
  if (SupportedAttributes->MediaEncryption) {
  }
}
===============
Is that necessary to check PyriteSscV2 for SecureErase ?

If it is not needed, can we write code in below way to make logic clear?
===============
if (SupportedAttributes->PyriteSscV2) {
  ...
} else {
  ...
}

if (SupportedAttributes->MediaEncryption) {
  ...
} else {
  ...
}
===============



> -----Original Message-----
> From: Chu, Maggie <maggie.chu@intel.com>
> Sent: Thursday, October 15, 2020 3:15 PM
> To: devel@edk2.groups.io
> Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if
> encryption is supported
> 
> From: Maggie Chu <maggie.chu@intel.com>
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=3004
> 
> Secure erase is performed by generating a new encryption key,
> this is only available if encryption is supported.
> This commit will hide "secure erase" option from setup page
> if connected device doesn't support encryption.
> 
> Signed-off-by: Maggie Chu <maggie.chu@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> ---
>  SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> index b5b6aec98c..bf5e374163 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
>      // Secure erase is performed by generating a new encryption key
> 
>      // this is only available if encryption is supported
> 
>      //
> 
> -    AvalDiskActions->SecureErase = 1;
> 
> +    if (SupportedAttributes->MediaEncryption) {
> 
> +      AvalDiskActions->SecureErase = 1;
> 
> +    } else {
> 
> +      AvalDiskActions->SecureErase = 0;
> 
> +    }
> 
>    } else {
> 
>      AvalDiskActions->PsidRevert = 0;
> 
>      AvalDiskActions->SecureErase = 0;
> 
> --
> 2.16.2.windows.1


      parent reply	other threads:[~2020-10-23 23:05 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-15  7:14 [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Maggie Chu
2020-10-15 12:51 ` Yao, Jiewen
2020-10-16  0:05 ` Dong, Eric
2020-10-23 23:05 ` Yao, Jiewen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CY4PR11MB12880ADD923BBE2F8B94FC578C1A0@CY4PR11MB1288.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox