/** @file | |
Public API for Opal Core library. | |
(TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00, | |
https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/ | |
Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00, | |
https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/ | |
Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00, | |
https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/ | |
TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00, | |
https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/ | |
TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00, | |
https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/ | |
TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00, | |
https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/) | |
Check http://trustedcomputinggroup.org for latest specification updates. | |
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> | |
SPDX-License-Identifier: BSD-2-Clause-Patent | |
**/ | |
#ifndef _OPAL_CORE_H_ | |
#define _OPAL_CORE_H_ | |
#include <IndustryStandard/TcgStorageOpal.h> | |
#include <Library/TcgStorageCoreLib.h> | |
#include <Protocol/StorageSecurityCommand.h> | |
#pragma pack(1) | |
typedef struct { | |
// | |
// Opal SSC 1 support (0 - not supported, 1 - supported) | |
// | |
UINT32 OpalSsc1 : 1; | |
// | |
// Opal SSC 2support (0 - not supported, 1 - supported) | |
// | |
UINT32 OpalSsc2 : 1; | |
// | |
// Opal SSC Lite support (0 - not supported, 1 - supported) | |
// | |
UINT32 OpalSscLite : 1; | |
// | |
// Pyrite SSC support (0 - not supported, 1 - supported) | |
// | |
UINT32 PyriteSsc : 1; | |
// | |
// Security protocol 1 support (0 - not supported, 1 - supported) | |
// | |
UINT32 Sp1 : 1; | |
// | |
// Security protocol 2 support (0 - not supported, 1 - supported) | |
// | |
UINT32 Sp2 : 1; | |
// | |
// Security protocol IEEE1667 support (0 - not supported, 1 - supported) | |
// | |
UINT32 SpIeee1667 : 1; | |
// | |
// Media encryption supported (0 - not supported, 1 - supported) | |
// | |
UINT32 MediaEncryption : 1; | |
// | |
// Initial C_PIN_SID PIN Indicator | |
// 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value | |
// 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value | |
// | |
UINT32 InitCpinIndicator : 1; | |
// | |
// Behavior of C_PIN_SID PIN upon TPer Revert | |
// 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value | |
// 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value | |
// | |
UINT32 CpinUponRevert : 1; | |
// | |
// Media encryption supported (0 - not supported, 1 - supported) | |
// | |
UINT32 BlockSid : 1; | |
// | |
// Pyrite SSC V2 support (0 - not supported, 1 - supported) | |
// | |
UINT32 PyriteSscV2 : 1; | |
// | |
// Supported Data Removal Mechanism support (0 - not supported, 1 - supported) | |
// | |
UINT32 DataRemoval : 1; | |
} OPAL_DISK_SUPPORT_ATTRIBUTE; | |
// | |
// Opal device ownership type | |
// The type indicates who was the determined owner of the device. | |
// | |
typedef enum { | |
// | |
// Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP | |
//was unsuccessful with the provided PIN | |
// | |
OpalOwnershipUnknown, | |
// | |
// Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN | |
// | |
OpalOwnershipNobody, | |
} OPAL_OWNER_SHIP; | |
// | |
// Structure that is used to represent an Opal session. | |
// The structure must be initialized by calling OpalStartSession before being used as a parameter | |
// for any other Opal function. | |
// This structure should NOT be directly modified by the client of this library. | |
// | |
// | |
typedef struct { | |
UINT32 HostSessionId; | |
UINT32 TperSessionId; | |
UINT16 ComIdExtension; | |
UINT16 OpalBaseComId; | |
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; | |
UINT32 MediaId; | |
} OPAL_SESSION; | |
#pragma pack() | |
/** | |
The function fills in the provided Buffer with the supported protocol list | |
of the device specified. | |
@param[in] Session OPAL_SESSION data. | |
@param[in] BufferSize Size of Buffer provided (in bytes) | |
@param[in] BuffAddress Buffer address to fill with security protocol list | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalRetrieveSupportedProtocolList( | |
OPAL_SESSION *Session, | |
UINTN BufferSize, | |
VOID *BuffAddress | |
); | |
/** | |
The function fills in the provided Buffer with the level 0 discovery Header | |
of the device specified. | |
@param[in] Session OPAL_SESSION data. | |
@param[in] BufferSize Size of Buffer provided (in bytes) | |
@param[in] BuffAddress Buffer address to fill with Level 0 Discovery response | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalRetrieveLevel0DiscoveryHeader( | |
OPAL_SESSION *Session, | |
UINTN BufferSize, | |
VOID *BuffAddress | |
); | |
/** | |
Starts a session with a security provider (SP). | |
If a session is started successfully, the caller must end the session with OpalEndSession when finished | |
performing Opal actions. | |
@param[in/out] Session OPAL_SESSION to initialize. | |
@param[in] SpId Security provider ID to start the session with. | |
@param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE). | |
@param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL | |
@param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent. | |
@param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent. | |
@param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned. | |
@return TcgResultSuccess indicates that the function completed without any internal errors. | |
The caller must inspect the MethodStatus field to determine whether the method completed successfully. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalStartSession( | |
OPAL_SESSION *Session, | |
TCG_UID SpId, | |
BOOLEAN Write, | |
UINT32 HostChallengeLength, | |
const VOID *HostChallenge, | |
TCG_UID HostSigningAuthority, | |
UINT8 *MethodStatus | |
); | |
/** | |
Close a session opened with OpalStartSession. | |
@param[in/out] Session OPAL_SESSION to end. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalEndSession( | |
OPAL_SESSION *Session | |
); | |
/** | |
Reverts device using Admin SP Revert method. | |
@param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalPsidRevert( | |
OPAL_SESSION *AdminSpSession | |
); | |
/** | |
The function retrieves the MSID from the device specified | |
@param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. | |
@param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller | |
@param[in] Msid Variable length byte sequence representing MSID of device | |
@param[in] MsidLength Actual length of MSID retrieved from device | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalGetMsid( | |
OPAL_SESSION *AdminSpSession, | |
UINT32 MsidBufferSize, | |
UINT8 *Msid, | |
UINT32 *MsidLength | |
); | |
/** | |
The function activates the Locking SP. | |
Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN. | |
If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs. | |
@param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalActivateLockingSp( | |
OPAL_SESSION *AdminSpSession, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value. | |
@param[in/out] Session OPAL_SESSION to set password | |
@param[in] CpinRowUid UID of row (authority) to update PIN column | |
@param[in] NewPin New Pin to set for cpinRowUid specified | |
@param[in] NewPinLength Length in bytes of newPin | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalSetPassword( | |
OPAL_SESSION *Session, | |
TCG_UID CpinRowUid, | |
const VOID *NewPin, | |
UINT32 NewPinLength, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function retrieves the active key of the global locking range | |
and calls the GenKey method on the active key retrieved. | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalGlobalLockingRangeGenKey( | |
OPAL_SESSION *LockingSpSession, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function updates the ReadLocked and WriteLocked columns of the Global Locking Range. | |
This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns | |
(not ReadLockEnabled and WriteLockEnabled columns). | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key | |
@param[in] ReadLocked Value to set ReadLocked column for Global Locking Range | |
@param[in] WriteLocked Value to set WriteLocked column for Global Locking Range | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUpdateGlobalLockingRange( | |
OPAL_SESSION *LockingSpSession, | |
BOOLEAN ReadLocked, | |
BOOLEAN WriteLocked, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns | |
of the specified Locking Range. This function requires admin authority of a locking SP session. | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key | |
@param[in] LockingRangeUid Locking range UID to set values | |
@param[in] RangeStart Value to set RangeStart column for Locking Range | |
@param[in] RangeLength Value to set RangeLength column for Locking Range | |
@param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range | |
@param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range | |
@param[in] ReadLocked Value to set ReadLocked column for Locking Range | |
@param[in] WriteLocked Value to set WriteLocked column for Locking Range | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalSetLockingRange( | |
OPAL_SESSION *LockingSpSession, | |
TCG_UID LockingRangeUid, | |
UINT64 RangeStart, | |
UINT64 RangeLength, | |
BOOLEAN ReadLockEnabled, | |
BOOLEAN WriteLockEnabled, | |
BOOLEAN ReadLocked, | |
BOOLEAN WriteLocked, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided | |
using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority. | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update | |
@param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN | |
@param[in] AuthorityUid UID of Locking SP authority to update Pin column with | |
@param[in] NewPin New Password used to set Pin column | |
@param[in] NewPinLength Length in bytes of new password | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalSetLockingSpAuthorityEnabledAndPin( | |
OPAL_SESSION *LockingSpSession, | |
TCG_UID CpinRowUid, | |
TCG_UID AuthorityUid, | |
const VOID *NewPin, | |
UINT32 NewPinLength, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function sets the Enabled column to FALSE for the USER1 authority. | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1 | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalDisableUser( | |
OPAL_SESSION *LockingSpSession, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter | |
to keep the user data is set to True, otherwise the optional parameter is not provided. | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP | |
@param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data. | |
@param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalAdminRevert( | |
OPAL_SESSION *LockingSpSession, | |
BOOLEAN KeepUserData, | |
UINT8 *MethodStatus | |
); | |
/** | |
The function retrieves the TryLimit column for the specified rowUid (authority). | |
@param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit | |
@param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column | |
@param[in/out] TryLimit Value from TryLimit column | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalGetTryLimit( | |
OPAL_SESSION *LockingSpSession, | |
TCG_UID RowUid, | |
UINT32 *TryLimit | |
); | |
/** | |
The function populates the CreateStruct with a payload that will retrieve the global locking range active key. | |
It is intended to be called with a session that is already started with a valid credential. | |
The function does not send the payload. | |
@param[in] Session OPAL_SESSION to populate command for, needs comId | |
@param[in/out] CreateStruct Structure to populate with encoded TCG command | |
@param[in/out] Size Size in bytes of the command created. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalCreateRetrieveGlobalLockingRangeActiveKey( | |
const OPAL_SESSION *Session, | |
TCG_CREATE_STRUCT *CreateStruct, | |
UINT32 *Size | |
); | |
/** | |
The function acquires the activeKey specified for the Global Locking Range from the parseStruct. | |
@param[in] ParseStruct Structure that contains the device's response with the activekey | |
@param[in/out] ActiveKey The UID of the active key retrieved | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalParseRetrieveGlobalLockingRangeActiveKey( | |
TCG_PARSE_STRUCT *ParseStruct, | |
TCG_UID *ActiveKey | |
); | |
/** | |
Get the support attribute info. | |
@param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. | |
@param[in/out] LockingFeature Return the Locking info. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalGetLockingInfo( | |
OPAL_SESSION *Session, | |
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature | |
); | |
/** | |
The function determines whether or not all of the requirements for the Opal Feature (not full specification) | |
are met by the specified device. | |
@param[in] SupportedAttributes Opal device attribute. | |
**/ | |
BOOLEAN | |
EFIAPI | |
OpalFeatureSupported( | |
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes | |
); | |
/** | |
The function returns whether or not the device is Opal Enabled. | |
TRUE means that the device is partially or fully locked. | |
This will perform a Level 0 Discovery and parse the locking feature descriptor | |
@param[in] SupportedAttributes Opal device attribute. | |
@param[in] LockingFeature Opal device locking status. | |
**/ | |
BOOLEAN | |
EFIAPI | |
OpalFeatureEnabled( | |
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, | |
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature | |
); | |
/** | |
The function returns whether or not the device is Opal Locked. | |
TRUE means that the device is partially or fully locked. | |
This will perform a Level 0 Discovery and parse the locking feature descriptor | |
@param[in] SupportedAttributes Opal device attribute. | |
@param[in] LockingFeature Opal device locking status. | |
**/ | |
BOOLEAN | |
OpalDeviceLocked( | |
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, | |
TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature | |
); | |
/** | |
Trig the block sid action. | |
@param[in] Session OPAL_SESSION to populate command for, needs comId | |
@param[in] HardwareReset Whether need to do hardware reset. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalBlockSid( | |
OPAL_SESSION *Session, | |
BOOLEAN HardwareReset | |
); | |
/** | |
Get the support attribute info. | |
@param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. | |
@param[in/out] SupportedAttributes Return the support attribute info. | |
@param[out] OpalBaseComId Return the base com id info. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalGetSupportedAttributesInfo( | |
OPAL_SESSION *Session, | |
OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, | |
UINT16 *OpalBaseComId | |
); | |
/** | |
Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method. | |
@param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] Psid PSID of device to revert. | |
@param[in] PsidLength Length of PSID in bytes. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilPsidRevert( | |
OPAL_SESSION *AdminSpSession, | |
const VOID *Psid, | |
UINT32 PsidLength | |
); | |
/** | |
Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, | |
sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password, | |
and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN. | |
@param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] GeneratedSid Generated SID of disk | |
@param[in] SidLength Length of generatedSid in bytes | |
@param[in] Password New admin password to set | |
@param[in] PassLength Length of password in bytes | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilSetAdminPasswordAsSid( | |
OPAL_SESSION *AdminSpSession, | |
const VOID *GeneratedSid, | |
UINT32 SidLength, | |
const VOID *Password, | |
UINT32 PassLength | |
); | |
/** | |
Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY, | |
and updates the specified locking range with the provided column values. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] Password New admin password to set | |
@param[in] PassLength Length of password in bytes | |
@param[in] LockingRangeUid Locking range UID to set values | |
@param[in] RangeStart Value to set RangeStart column for Locking Range | |
@param[in] RangeLength Value to set RangeLength column for Locking Range | |
@param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range | |
@param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range | |
@param[in] ReadLocked Value to set ReadLocked column for Locking Range | |
@param[in] WriteLocked Value to set WriteLocked column for Locking Range | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilSetOpalLockingRange( | |
OPAL_SESSION *LockingSpSession, | |
const VOID *Password, | |
UINT32 PassLength, | |
TCG_UID LockingRangeUid, | |
UINT64 RangeStart, | |
UINT64 RangeLength, | |
BOOLEAN ReadLockEnabled, | |
BOOLEAN WriteLockEnabled, | |
BOOLEAN ReadLocked, | |
BOOLEAN WriteLocked | |
); | |
/** | |
Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, | |
sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password, | |
and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password. | |
@param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] OldPassword Current admin password | |
@param[in] OldPasswordLength Length of current admin password in bytes | |
@param[in] NewPassword New admin password to set | |
@param[in] NewPasswordLength Length of new password in bytes | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilSetAdminPassword( | |
OPAL_SESSION *AdminSpSession, | |
const VOID *OldPassword, | |
UINT32 OldPasswordLength, | |
const VOID *NewPassword, | |
UINT32 NewPasswordLength | |
); | |
/** | |
Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY | |
and sets the User1 SP authority to enabled and sets the User1 password. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] OldPassword Current admin password | |
@param[in] OldPasswordLength Length of current admin password in bytes | |
@param[in] NewPassword New admin password to set | |
@param[in] NewPasswordLength Length of new password in bytes | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilSetUserPassword( | |
OPAL_SESSION *LockingSpSession, | |
const VOID *OldPassword, | |
UINT32 OldPasswordLength, | |
const VOID *NewPassword, | |
UINT32 NewPasswordLength | |
); | |
/** | |
Verify whether user input the correct password. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] Password Admin password | |
@param[in] PasswordLength Length of password in bytes | |
@param[in/out] HostSigningAuthority Use the Host signing authority type. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilVerifyPassword ( | |
OPAL_SESSION *LockingSpSession, | |
const VOID *Password, | |
UINT32 PasswordLength, | |
TCG_UID HostSigningAuthority | |
); | |
/** | |
Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY | |
and generates a new global locking range key to erase the Data. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] Password Admin or user password | |
@param[in] PasswordLength Length of password in bytes | |
@param[in/out] PasswordFailed indicates if password failed (start session didn't work) | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilSecureErase( | |
OPAL_SESSION *LockingSpSession, | |
const VOID *Password, | |
UINT32 PasswordLength, | |
BOOLEAN *PasswordFailed | |
); | |
/** | |
Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] Password Admin password | |
@param[in] PasswordLength Length of password in bytes | |
@param[in/out] PasswordFailed indicates if password failed (start session didn't work) | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilDisableUser( | |
OPAL_SESSION *LockingSpSession, | |
const VOID *Password, | |
UINT32 PasswordLength, | |
BOOLEAN *PasswordFailed | |
); | |
/** | |
Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it | |
@param[in] Password Admin password | |
@param[in] PasswordLength Length of password in bytes | |
@param[in/out] PasswordFailed indicates if password failed (start session didn't work) | |
@param[in] Msid Input Msid info. | |
@param[in] MsidLength Input Msid info length. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilRevert( | |
OPAL_SESSION *LockingSpSession, | |
BOOLEAN KeepUserData, | |
const VOID *Password, | |
UINT32 PasswordLength, | |
BOOLEAN *PasswordFailed, | |
UINT8 *Msid, | |
UINT32 MsidLength | |
); | |
/** | |
After revert success, set SID to MSID. | |
@param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId | |
@param Password, Input password info. | |
@param PasswordLength, Input password length. | |
@param[in] Msid Input Msid info. | |
@param[in] MsidLength Input Msid info length. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilSetSIDtoMSID ( | |
OPAL_SESSION *AdminSpSession, | |
const VOID *Password, | |
UINT32 PasswordLength, | |
UINT8 *Msid, | |
UINT32 MsidLength | |
); | |
/** | |
Update global locking range. | |
@param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId | |
@param Password, Input password info. | |
@param PasswordLength, Input password length. | |
@param ReadLocked, Read lock info. | |
@param WriteLocked write lock info. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilUpdateGlobalLockingRange( | |
OPAL_SESSION *LockingSpSession, | |
const VOID *Password, | |
UINT32 PasswordLength, | |
BOOLEAN ReadLocked, | |
BOOLEAN WriteLocked | |
); | |
/** | |
Update global locking range. | |
@param Session, The session info for one opal device. | |
@param Msid, The data buffer to save Msid info. | |
@param MsidBufferLength, The data buffer length for Msid. | |
@param MsidLength, The actual data length for Msid. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilGetMsid( | |
OPAL_SESSION *Session, | |
UINT8 *Msid, | |
UINT32 MsidBufferLength, | |
UINT32 *MsidLength | |
); | |
/** | |
The function determines who owns the device by attempting to start a session with different credentials. | |
If the SID PIN matches the MSID PIN, the no one owns the device. | |
If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown. | |
@param[in] Session The session info for one opal device. | |
@param Msid, The Msid info. | |
@param MsidLength, The data length for Msid. | |
**/ | |
OPAL_OWNER_SHIP | |
EFIAPI | |
OpalUtilDetermineOwnership( | |
OPAL_SESSION *Session, | |
UINT8 *Msid, | |
UINT32 MsidLength | |
); | |
/** | |
The function returns if admin password exists. | |
@param[in] OwnerShip The owner ship of the opal device. | |
@param[in] LockingFeature The locking info of the opal device. | |
@retval TRUE Admin password existed. | |
@retval FALSE Admin password not existed. | |
**/ | |
BOOLEAN | |
EFIAPI | |
OpalUtilAdminPasswordExists( | |
IN UINT16 OwnerShip, | |
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature | |
); | |
/** | |
Get Active Data Removal Mechanism Value. | |
@param[in] Session, The session info for one opal device. | |
@param[in] GeneratedSid Generated SID of disk | |
@param[in] SidLength Length of generatedSid in bytes | |
@param[out] ActiveDataRemovalMechanism Return the active data removal mechanism. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilGetActiveDataRemovalMechanism ( | |
OPAL_SESSION *Session, | |
const VOID *GeneratedSid, | |
UINT32 SidLength, | |
UINT8 *ActiveDataRemovalMechanism | |
); | |
/** | |
Get the supported Data Removal Mechanism list. | |
@param[in] Session, The session info for one opal device. | |
@param[out] RemovalMechanismLists Return the supported data removal mechanism lists. | |
**/ | |
TCG_RESULT | |
EFIAPI | |
OpalUtilGetDataRemovalMechanismLists ( | |
IN OPAL_SESSION *Session, | |
OUT UINT32 *RemovalMechanismLists | |
); | |
#endif // _OPAL_CORE_H_ |