From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.4552.1603494334817689675 for ; Fri, 23 Oct 2020 16:05:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=ZyGnvY7M; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) IronPort-SDR: 2Y3nHimeYRiwyMUCajI7QfLQ6JXuDy8501Z0pJrgrobG2KRxsn8RHf0cIpkJraDhiQzFE1kq8L J9jvBcdyuR/A== X-IronPort-AV: E=McAfee;i="6000,8403,9783"; a="167836184" X-IronPort-AV: E=Sophos;i="5.77,410,1596524400"; d="scan'208";a="167836184" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Oct 2020 16:05:34 -0700 IronPort-SDR: PKuNa/oAVAEEqG75d+BTEWVi4h91wh1Ns78tGMuRayYgl8nRa5afGAoeyMhMjPzszrDfJbwaT4 t9xqmf5S1ykw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,410,1596524400"; d="scan'208";a="393523144" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by orsmga001.jf.intel.com with ESMTP; 23 Oct 2020 16:05:34 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 23 Oct 2020 16:05:33 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Fri, 23 Oct 2020 16:05:33 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Fri, 23 Oct 2020 16:05:33 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.42) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Fri, 23 Oct 2020 16:05:33 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TVXYrWHfr3bsLewkyPe7vbZzCLGpmvFTvKLMc+ut//mgEXy0PfmgGdEivHsZ8xSgmmFw3eOg6BKBO/defounwXwIRi4OkagVUK9c1Bpc3ryVZxpq/u7X6oVNV+vNg4Ai46PdqkzdA4D9txV95DplSZBGXHDBEhSqIv+qC7vm/T/5+0wS4sLCM1LaPL8T4rKEax54g4QtrhlkoXivuP5+XNcfpLLq39CcXdbVkSmqQ19N5TMcNlvP+HJeaIvCImbvcCDPRsx+GclJ6PBIGLEqq/WnsFJQXACuQmCViu2v4hpJadT5Ybiqu51P0ODeJUctBSNuMl1WDCveWm+RJWNhsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=arRSDKREcPw0yNZ4ky6ch/COPrfXEA0NLKkvFHrYzI4=; b=SfrO453eQ6Cm+Vw3/VZZL0E3F77f2gkXqL1Q3Ip5ScW1lNfw8SF9509OBBMTF0MpCXdK7h0D23tn+Lg28kFz/XawTO+Hi17o3TKfDUPDVhqhceaV9wBe6Unc7mj1+fL1+k3YlhOipYobNZ+rH/iY1QUOWMGJvAnH778t2GsjqTw//0OAK5ObfkzoLDsmfXIDieuYI6+92/ZGxnqpKxjVQVXNCumwjg/I+8THozVnBDfgKWxvIgQiHnjeC1NYEBLKQrTp3J5PYDwGYGbN57PPEbnepdnigTinQ8/dZhVk5SdBEscSDm0QDmxemlP3Om+UzGH2Co+1conIjgK43kauZg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=arRSDKREcPw0yNZ4ky6ch/COPrfXEA0NLKkvFHrYzI4=; b=ZyGnvY7MJ/e7KxTjZ4JJ9zwm6BU3zPzxsP0HIDD1tueapy/YaBTSr6Ud+X0GiEBDBvlwdXmzvl1XxPTz4H1UVHbJxiUe/XuOyrZOL4tCCAotzZ56IvPs5G6br8i7MnQNbVU6BQu9aduPCUxDA2jbHtK63DvEa3/K3vetw9Km+aY= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB0056.namprd11.prod.outlook.com (2603:10b6:910:7c::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.22; Fri, 23 Oct 2020 23:05:30 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8948:caa4:ca1a:23ac]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8948:caa4:ca1a:23ac%10]) with mapi id 15.20.3477.028; Fri, 23 Oct 2020 23:05:30 +0000 From: "Yao, Jiewen" To: "Chu, Maggie" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Wang, Jian J" , "Zhang, Qi1" , "Kumar, Rahul1" , "Yao, Jiewen" Subject: Re: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Thread-Topic: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported Thread-Index: AQHWosLzzf/1zAVLz0Ow+XOo+cWEzKml210w Date: Fri, 23 Oct 2020 23:05:30 +0000 Message-ID: References: <20201015071442.955-1-Maggie.Chu@intel.com> In-Reply-To: <20201015071442.955-1-Maggie.Chu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.217] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8c4b8990-da27-42f9-e7a8-08d877a82349 x-ms-traffictypediagnostic: CY4PR11MB0056: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1051; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: SJhFG1VGXuriC40TOmV0yN/bW1FVJpdDOr0N7coV60Zqs97W/ocRgkvQdCd1aiAbTSckwtCL86NSjsDWfE5xMIcuNZdXGADJTLydTfCVwZO7vX+BhqgbR0TloW1tzsdqcfBylJYS4mJs7c/PekpsKRySSA+F2GjaJwsjnMTxb9RsSxDn9ILOqMHdI3l/A5B9PKZdXmlCgEQxI6go960fisGrmbUBbtROpjQ70P8id1sc/oV9mjgazr+wVLRlCPtq/3gpOSBR6QChPmdMfruP7SG1KOZ4cDVfEekp1bA4p8uk26wahNZn7uthQ4GYxJvmh9qM2o9ISkgLrgwKQbthhYYCuULKPd7GK/CGVeY2Xjdqa6o/apAdi4BKFVsPcXHYu8aZS158TFpDD4owA0AVlw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(376002)(346002)(39860400002)(136003)(366004)(33656002)(15650500001)(53546011)(6506007)(7696005)(316002)(110136005)(54906003)(5660300002)(55016002)(52536014)(83380400001)(8936002)(71200400001)(8676002)(478600001)(2906002)(76116006)(9686003)(107886003)(86362001)(66476007)(66446008)(64756008)(66556008)(66946007)(26005)(186003)(4326008)(966005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: si5u7kOhp+/6louUgpn3PkKrjjjbVH82sef0JxKoKvmW5m2JLRUVIBS/TjoCQLvCY+s6FjftlFvSd0cFBTHU9Ryb16r5pISDG4nja+Ai/KWRMgGOdtT+Rwm5ko0ucTDbmCLwx4saX7Io9ddtYxEXvJ29LvcX1okatNT9T2OTG5m8DNCkJdffiMGSuL7AZlUq1OHHsIuopd5m/8djezSfEJMTzlHVvB3UbDdD3kRsAdSMMu5e/unfQDBNvcShSFgREIdp6nF7hJMtwWmI/7zTmeKl4Uqk8vPxHtJuk6tBqb+e610hn3N9gpO00YCzxIz4I0paoRvm3J/gzRJNn/5XLXUcG9acM9zQCLkQmYvlnZJn7TDdZ9ySY0ovG0krQ/p4CyX74MmjF0MXu8oXwBIN2PyI3xqMivZCNTekDaMuy62lRRVDZWZWuRbecp51NOox2VZVqp15vMB+Pp64/5+gch9IHNHzd4XewISph4ZyNAogj/AQz6pWBWpJMw7SEsrCDVaqNxCa18zWGIPxJC4URltwRPfIJGdZkuyON8VRgJ1oAFxnijE/b43a/dDRqOzD7s1gM61GFTnBWYoO674OZG+iVSdK/MeMGi3BK22S3X/WnTL+LWgdICHBb2AF2uDlnEYpRbulla7oxkhiRSYhDg== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8c4b8990-da27-42f9-e7a8-08d877a82349 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Oct 2020 23:05:30.2452 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NNUDds889zXi82k+RFX7cHzv1U9KF5FafmL8e6in6HGoUZF24Lz/opcphwaoeekNYrsZiMbA150c5tcwrlSaNw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB0056 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Thanks Maggie. My feeling is that it is weird and unnecessary to put MediaEncryption check= under (PyriteSscV2 || MediaEncryption) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryptio= n) { if (SupportedAttributes->MediaEncryption) { } } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Is that necessary to check PyriteSscV2 for SecureErase ? If it is not needed, can we write code in below way to make logic clear? =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D if (SupportedAttributes->PyriteSscV2) { ... } else { ... } if (SupportedAttributes->MediaEncryption) { ... } else { ... } =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > -----Original Message----- > From: Chu, Maggie > Sent: Thursday, October 15, 2020 3:15 PM > To: devel@edk2.groups.io > Cc: Chu, Maggie ; Dong, Eric ; > Wang, Jian J ; Yao, Jiewen ; > Zhang, Qi1 ; Kumar, Rahul1 > Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if > encryption is supported >=20 > From: Maggie Chu >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D3004 >=20 > Secure erase is performed by generating a new encryption key, > this is only available if encryption is supported. > This commit will hide "secure erase" option from setup page > if connected device doesn't support encryption. >=20 > Signed-off-by: Maggie Chu > Cc: Eric Dong > Cc: Jian J Wang > Cc: Jiewen Yao > Cc: Qi Zhang > Cc: Rahul Kumar > --- > SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) >=20 > diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > index b5b6aec98c..bf5e374163 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions( > // Secure erase is performed by generating a new encryption key >=20 > // this is only available if encryption is supported >=20 > // >=20 > - AvalDiskActions->SecureErase =3D 1; >=20 > + if (SupportedAttributes->MediaEncryption) { >=20 > + AvalDiskActions->SecureErase =3D 1; >=20 > + } else { >=20 > + AvalDiskActions->SecureErase =3D 0; >=20 > + } >=20 > } else { >=20 > AvalDiskActions->PsidRevert =3D 0; >=20 > AvalDiskActions->SecureErase =3D 0; >=20 > -- > 2.16.2.windows.1