diff options
author | Dong, Eric <eric.dong@intel.com> | 2016-05-05 08:51:28 +0800 |
---|---|---|
committer | Feng Tian <feng.tian@intel.com> | 2016-05-09 16:18:00 +0800 |
commit | 6e7423c3c2ff56c9256b92a845b3e0c959ab0d74 (patch) | |
tree | 8eafb10a6c9ea3a6487394ad2281f8b96057cd35 /SecurityPkg/Library | |
parent | 6e2814c1a1a14787cdf1922c7f7710815dd4f3f9 (diff) | |
download | edk2-6e7423c3c2ff56c9256b92a845b3e0c959ab0d74.tar.gz edk2-6e7423c3c2ff56c9256b92a845b3e0c959ab0d74.tar.bz2 edk2-6e7423c3c2ff56c9256b92a845b3e0c959ab0d74.zip |
SecurityPkg TcgStorageOpalLib: Check the capability before use.
For Pyrite SSC device, it may not supports Active Key, So
add check logic before enable it.
Cc: Feng Tian <feng.tian@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Feng Tian <feng.tian@intel.com>
Diffstat (limited to 'SecurityPkg/Library')
-rw-r--r-- | SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c | 50 |
1 files changed, 28 insertions, 22 deletions
diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c index 7674ee5716..cc8d5ef3f0 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c @@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin( TCG_PARSE_STRUCT ParseStruct;
UINT32 Size;
TCG_UID ActiveKey;
+ TCG_RESULT Ret;
NULL_CHECK(LockingSpSession);
NULL_CHECK(NewPin);
@@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin( ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size));
ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));
- ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey));
-
- ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));
- ERROR_CHECK(TcgCreateSetAce(
- &CreateStruct,
- &Size,
- LockingSpSession->OpalBaseComId,
- LockingSpSession->ComIdExtension,
- LockingSpSession->TperSessionId,
- LockingSpSession->HostSessionId,
- (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,
- OPAL_LOCKING_SP_USER1_AUTHORITY,
- TCG_ACE_EXPRESSION_OR,
- OPAL_LOCKING_SP_ADMINS_AUTHORITY
- ));
+ //
+ // For Pyrite type SSC, it not supports Active Key.
+ // So here add check logic before enable it.
+ //
+ Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey);
+ if (Ret == TcgResultSuccess) {
+ ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));
+ ERROR_CHECK(TcgCreateSetAce(
+ &CreateStruct,
+ &Size,
+ LockingSpSession->OpalBaseComId,
+ LockingSpSession->ComIdExtension,
+ LockingSpSession->TperSessionId,
+ LockingSpSession->HostSessionId,
+ (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,
+ OPAL_LOCKING_SP_USER1_AUTHORITY,
+ TCG_ACE_EXPRESSION_OR,
+ OPAL_LOCKING_SP_ADMINS_AUTHORITY
+ ));
- ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));
+ ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));
- if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
- DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));
- //
- //TODO do we want to disable user1 if all permissions are not granted
- //
- return TcgResultFailure;
+ if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {
+ DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));
+ //
+ // TODO do we want to disable user1 if all permissions are not granted
+ //
+ return TcgResultFailure;
+ }
}
ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));
|