summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
diff options
context:
space:
mode:
authorHao Wu <hao.a.wu@intel.com>2018-08-27 16:52:13 +0800
committerHao Wu <hao.a.wu@intel.com>2019-02-22 08:20:08 +0800
commita3efbc29c45183fe69bcb311c2d974ddc4e7c00a (patch)
treeea31458a38b6bc7e202f8c70a1fd35044932339c /SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
parentb6de92f74eca0f36461a5b96117b1428772e2278 (diff)
downloadedk2-a3efbc29c45183fe69bcb311c2d974ddc4e7c00a.tar.gz
edk2-a3efbc29c45183fe69bcb311c2d974ddc4e7c00a.tar.bz2
edk2-a3efbc29c45183fe69bcb311c2d974ddc4e7c00a.zip
SecurityPkg/OpalPassword: Remove HW init codes and consume SSC PPI
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1409 For the current implementation of OpalPassword drivers, it has a feature to support devices being automatically unlocked in the S3 resume. For this feature, two types of devices are supported: * ATA hard disks working under AHCI mode * NVM Express devices The support of this feature requires the above 2 types of device to be initialized at the PEI phase during S3 resume, which is done by the co-work of the OpalPasswordDxe driver and the OpalPasswordPei driver. More specifically, the OpalPasswordDxe will handle: * Pre-allocate MMIO resource and save it in a driver internal LockBox for OpalPasswordPei to retrieve; * Save the PCI configuration space of ATA controllers into boot script. Meanwhile, the OpalPasswordPei will handle: * Rely on the boot script for the PCI configuration space program of ATA controllers; * Restore the driver internal LockBox to get the MMIO resource; * Complete the PCI configuration space program for ATA and NVME controllers; * Initialize ATA and NVME controllers and devices. This commit will remove these hardware initialization related codes from the OpalPassword drivers. The hardware initialization will be covered by PEI storage device drivers (e.g. NvmExpressPei & AhciPei in the MdeModulePkg). After such codes removal, the OpalPasswordDxe will only handle: * Construct/update the S3StorageDeviceInitList LockBox with the managing ATA and NVME devices. And the OpalPasswordPei will only handle: * Locate Storage Security Command PPI instances to perform the device automatic unlock during the S3 resume. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com> Reviewed-by: Eric Dong <eric.dong@intel.com>
Diffstat (limited to 'SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c')
-rw-r--r--SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c702
1 files changed, 118 insertions, 584 deletions
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
index edb47ca8bc..934c65bcee 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
@@ -1,7 +1,7 @@
/** @file
Opal Password PEI driver which is used to unlock Opal Password for S3.
-Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -14,250 +14,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include "OpalPasswordPei.h"
-EFI_GUID mOpalDeviceAtaGuid = OPAL_DEVICE_ATA_GUID;
-EFI_GUID mOpalDeviceNvmeGuid = OPAL_DEVICE_NVME_GUID;
+EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID;
-#define OPAL_PCIE_ROOTPORT_SAVESIZE (0x40)
-#define STORE_INVALID_ROOTPORT_INDEX ((UINT8) -1)
-
-/**
- Get IOMMU PPI.
-
- @return Pointer to IOMMU PPI.
-
-**/
-EDKII_IOMMU_PPI *
-GetIoMmu (
- VOID
- )
-{
- EFI_STATUS Status;
- EDKII_IOMMU_PPI *IoMmu;
-
- IoMmu = NULL;
- Status = PeiServicesLocatePpi (
- &gEdkiiIoMmuPpiGuid,
- 0,
- NULL,
- (VOID **) &IoMmu
- );
- if (!EFI_ERROR (Status) && (IoMmu != NULL)) {
- return IoMmu;
- }
-
- return NULL;
-}
-
-/**
- Allocates pages that are suitable for an OperationBusMasterCommonBuffer or
- OperationBusMasterCommonBuffer64 mapping.
-
- @param Pages The number of pages to allocate.
- @param HostAddress A pointer to store the base system memory address of the
- allocated range.
- @param DeviceAddress The resulting map address for the bus master PCI controller to use to
- access the hosts HostAddress.
- @param Mapping A resulting value to pass to Unmap().
-
- @retval EFI_SUCCESS The requested memory pages were allocated.
- @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are
- MEMORY_WRITE_COMBINE and MEMORY_CACHED.
- @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
- @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated.
-
-**/
-EFI_STATUS
-IoMmuAllocateBuffer (
- IN UINTN Pages,
- OUT VOID **HostAddress,
- OUT EFI_PHYSICAL_ADDRESS *DeviceAddress,
- OUT VOID **Mapping
- )
-{
- EFI_STATUS Status;
- UINTN NumberOfBytes;
- EFI_PHYSICAL_ADDRESS HostPhyAddress;
- EDKII_IOMMU_PPI *IoMmu;
-
- *HostAddress = NULL;
- *DeviceAddress = 0;
- *Mapping = NULL;
-
- IoMmu = GetIoMmu ();
-
- if (IoMmu != NULL) {
- Status = IoMmu->AllocateBuffer (
- IoMmu,
- EfiBootServicesData,
- Pages,
- HostAddress,
- 0
- );
- if (EFI_ERROR (Status)) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- NumberOfBytes = EFI_PAGES_TO_SIZE (Pages);
- Status = IoMmu->Map (
- IoMmu,
- EdkiiIoMmuOperationBusMasterCommonBuffer,
- *HostAddress,
- &NumberOfBytes,
- DeviceAddress,
- Mapping
- );
- if (EFI_ERROR (Status)) {
- IoMmu->FreeBuffer (IoMmu, Pages, *HostAddress);
- *HostAddress = NULL;
- return EFI_OUT_OF_RESOURCES;
- }
- Status = IoMmu->SetAttribute (
- IoMmu,
- *Mapping,
- EDKII_IOMMU_ACCESS_READ | EDKII_IOMMU_ACCESS_WRITE
- );
- if (EFI_ERROR (Status)) {
- IoMmu->Unmap (IoMmu, *Mapping);
- IoMmu->FreeBuffer (IoMmu, Pages, *HostAddress);
- *Mapping = NULL;
- *HostAddress = NULL;
- return Status;
- }
- } else {
- Status = PeiServicesAllocatePages (
- EfiBootServicesData,
- Pages,
- &HostPhyAddress
- );
- if (EFI_ERROR (Status)) {
- return EFI_OUT_OF_RESOURCES;
- }
- *HostAddress = (VOID *) (UINTN) HostPhyAddress;
- *DeviceAddress = HostPhyAddress;
- *Mapping = NULL;
- }
- return Status;
-}
-
-/**
- Frees memory that was allocated with AllocateBuffer().
-
- @param Pages The number of pages to free.
- @param HostAddress The base system memory address of the allocated range.
- @param Mapping The mapping value returned from Map().
-
-**/
-VOID
-IoMmuFreeBuffer (
- IN UINTN Pages,
- IN VOID *HostAddress,
- IN VOID *Mapping
- )
-{
- EDKII_IOMMU_PPI *IoMmu;
-
- IoMmu = GetIoMmu ();
-
- if (IoMmu != NULL) {
- IoMmu->SetAttribute (IoMmu, Mapping, 0);
- IoMmu->Unmap (IoMmu, Mapping);
- IoMmu->FreeBuffer (IoMmu, Pages, HostAddress);
- } else {
- PeiServicesFreePages (
- (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress,
- Pages
- );
- }
-}
-
-/**
- Provide IO action support.
-
- @param[in] PeiDev The opal device need to perform trusted IO.
- @param[in] IoType OPAL_IO_TYPE indicating whether to perform a Trusted Send or Trusted Receive.
- @param[in] SecurityProtocol Security Protocol
- @param[in] SpSpecific Security Protocol Specific
- @param[in] TransferLength Transfer Length of Buffer (in bytes) - always a multiple of 512
- @param[in] Buffer Address of Data to transfer
-
- @retval EFI_SUCCESS Perform the IO action success.
- @retval Others Perform the IO action failed.
-
-**/
-EFI_STATUS
-PerformTrustedIo (
- OPAL_PEI_DEVICE *PeiDev,
- OPAL_IO_TYPE IoType,
- UINT8 SecurityProtocol,
- UINT16 SpSpecific,
- UINTN TransferLength,
- VOID *Buffer
- )
-{
- EFI_STATUS Status;
- UINTN BufferSizeBlocks;
- EFI_ATA_COMMAND_BLOCK AtaCommandBlock;
- OPAL_DEVICE_ATA *DevInfoAta;
- AHCI_CONTEXT *AhciContext;
- NVME_CONTEXT *NvmeContext;
-
- Status = EFI_DEVICE_ERROR;
- if (PeiDev->DeviceType == OPAL_DEVICE_TYPE_ATA) {
- DevInfoAta = (OPAL_DEVICE_ATA *) PeiDev->Device;
- AhciContext = (AHCI_CONTEXT *) PeiDev->Context;
-
- BufferSizeBlocks = TransferLength / 512;
-
- ZeroMem( &AtaCommandBlock, sizeof( EFI_ATA_COMMAND_BLOCK ) );
- AtaCommandBlock.AtaCommand = ( IoType == OpalSend ) ? ATA_COMMAND_TRUSTED_SEND : ATA_COMMAND_TRUSTED_RECEIVE;
- AtaCommandBlock.AtaSectorCount = ( UINT8 )BufferSizeBlocks;
- AtaCommandBlock.AtaSectorNumber = ( UINT8 )( BufferSizeBlocks >> 8 );
- AtaCommandBlock.AtaFeatures = SecurityProtocol;
- AtaCommandBlock.AtaCylinderLow = ( UINT8 )( SpSpecific >> 8 );
- AtaCommandBlock.AtaCylinderHigh = ( UINT8 )( SpSpecific );
- AtaCommandBlock.AtaDeviceHead = ATA_DEVICE_LBA;
-
-
- ZeroMem( AhciContext->Buffer, HDD_PAYLOAD );
- ASSERT( TransferLength <= HDD_PAYLOAD );
-
- if (IoType == OpalSend) {
- CopyMem( AhciContext->Buffer, Buffer, TransferLength );
- }
-
- Status = AhciPioTransfer(
- AhciContext,
- (UINT8) DevInfoAta->Port,
- (UINT8) DevInfoAta->PortMultiplierPort,
- NULL,
- 0,
- ( IoType == OpalSend ) ? FALSE : TRUE, // i/o direction
- &AtaCommandBlock,
- NULL,
- AhciContext->Buffer,
- (UINT32)TransferLength,
- ATA_TIMEOUT
- );
-
- if (IoType == OpalRecv) {
- CopyMem( Buffer, AhciContext->Buffer, TransferLength );
- }
- } else if (PeiDev->DeviceType == OPAL_DEVICE_TYPE_NVME) {
- NvmeContext = (NVME_CONTEXT *) PeiDev->Context;
- Status = NvmeSecuritySendReceive (
- NvmeContext,
- IoType == OpalSend,
- SecurityProtocol,
- SwapBytes16(SpSpecific),
- TransferLength,
- Buffer
- );
- } else {
- DEBUG((DEBUG_ERROR, "DeviceType(%x) not support.\n", PeiDev->DeviceType));
- }
-
- return Status;
-}
/**
Send a security protocol command to a device that receives data and/or the result
@@ -351,14 +109,16 @@ SecurityReceiveData (
return EFI_DEVICE_ERROR;
}
- return PerformTrustedIo (
- PeiDev,
- OpalRecv,
- SecurityProtocolId,
- SecurityProtocolSpecificData,
- PayloadBufferSize,
- PayloadBuffer
- );
+ return PeiDev->SscPpi->ReceiveData (
+ PeiDev->SscPpi,
+ PeiDev->DeviceIndex,
+ SSC_PPI_GENERIC_TIMEOUT,
+ SecurityProtocolId,
+ SecurityProtocolSpecificData,
+ PayloadBufferSize,
+ PayloadBuffer,
+ PayloadTransferSize
+ );
}
/**
@@ -441,111 +201,15 @@ SecuritySendData (
return EFI_DEVICE_ERROR;
}
- return PerformTrustedIo (
- PeiDev,
- OpalSend,
- SecurityProtocolId,
- SecurityProtocolSpecificData,
- PayloadBufferSize,
- PayloadBuffer
- );
-
-}
-
-/**
- Save/Restore RootPort configuration space.
-
- @param[in] DevInfoNvme Pointer to NVMe device info.
- @param[in] SaveAction TRUE: Save, FALSE: Restore
- @param[in,out] PcieConfBufferList Configuration space data buffer for save/restore
-
- @return PCIE base address of this RootPort
-**/
-UINTN
-SaveRestoreRootportConfSpace (
- IN OPAL_DEVICE_NVME *DevInfoNvme,
- IN BOOLEAN SaveAction,
- IN OUT UINT8 **PcieConfBufferList
- )
-{
- UINTN RpBase;
- UINTN Length;
- OPAL_PCI_DEVICE *DevNode;
- UINT8 *StorePcieConfData;
- UINTN Index;
-
- Length = 0;
- Index = 0;
- RpBase = 0;
-
- while (sizeof (OPAL_DEVICE_NVME) + Length < DevInfoNvme->Length) {
- DevNode = (OPAL_PCI_DEVICE *)((UINT8*)DevInfoNvme->PciBridgeNode + Length);
- RpBase = PCI_LIB_ADDRESS (DevNode->Bus, DevNode->Device, DevNode->Function, 0x0);
-
- if (PcieConfBufferList != NULL) {
- if (SaveAction) {
- StorePcieConfData = (UINT8 *) AllocateZeroPool (OPAL_PCIE_ROOTPORT_SAVESIZE);
- ASSERT (StorePcieConfData != NULL);
- OpalPciRead (StorePcieConfData, RpBase, OPAL_PCIE_ROOTPORT_SAVESIZE);
- PcieConfBufferList[Index] = StorePcieConfData;
- } else {
- // Skip PCIe Command & Status registers
- StorePcieConfData = PcieConfBufferList[Index];
- OpalPciWrite (RpBase, StorePcieConfData, 4);
- OpalPciWrite (RpBase + 8, StorePcieConfData + 8, OPAL_PCIE_ROOTPORT_SAVESIZE - 8);
-
- FreePool (StorePcieConfData);
- }
- }
-
- Length += sizeof (OPAL_PCI_DEVICE);
- Index ++;
- }
-
- return RpBase;
-}
-
-/**
- Configure RootPort for downstream PCIe NAND devices.
-
- @param[in] RpBase - PCIe configuration space address of this RootPort
- @param[in] BusNumber - Bus number
- @param[in] MemoryBase - Memory base address
- @param[in] MemoryLength - Memory size
-
-**/
-VOID
-ConfigureRootPortForPcieNand (
- IN UINTN RpBase,
- IN UINTN BusNumber,
- IN UINT32 MemoryBase,
- IN UINT32 MemoryLength
- )
-{
- UINT32 MemoryLimit;
-
- DEBUG ((DEBUG_INFO, "ConfigureRootPortForPcieNand, BusNumber: %x, MemoryBase: %x, MemoryLength: %x\n",
- BusNumber, MemoryBase, MemoryLength));
-
- if (MemoryLength == 0) {
- MemoryLimit = MemoryBase;
- } else {
- MemoryLimit = MemoryBase + MemoryLength + 0xFFFFF; // 1M
- }
-
- ///
- /// Configue PCIE configuration space for RootPort
- ///
- PciWrite8 (RpBase + NVME_PCIE_BNUM + 1, (UINT8) BusNumber); // Secondary Bus Number registers
- PciWrite8 (RpBase + NVME_PCIE_BNUM + 2, (UINT8) BusNumber); // Subordinate Bus Number registers
- PciWrite8 (RpBase + NVME_PCIE_IOBL, 0xFF); // I/O Base registers
- PciWrite8 (RpBase + NVME_PCIE_IOBL + 1, 0x00); // I/O Limit registers
- PciWrite16 (RpBase + NVME_PCIE_MBL, (UINT16) RShiftU64 ((UINTN)MemoryBase, 16)); // Memory Base register
- PciWrite16 (RpBase + NVME_PCIE_MBL + 2, (UINT16) RShiftU64 ((UINTN)MemoryLimit, 16)); // Memory Limit register
- PciWrite16 (RpBase + NVME_PCIE_PMBL, 0xFFFF); // Prefetchable Memory Base registers
- PciWrite16 (RpBase + NVME_PCIE_PMBL + 2, 0x0000); // Prefetchable Memory Limit registers
- PciWrite32 (RpBase + NVME_PCIE_PMBU32, 0xFFFFFFFF); // Prefetchable Memory Upper Base registers
- PciWrite32 (RpBase + NVME_PCIE_PMLU32, 0x00000000); // Prefetchable Memory Upper Limit registers
+ return PeiDev->SscPpi->SendData (
+ PeiDev->SscPpi,
+ PeiDev->DeviceIndex,
+ SSC_PPI_GENERIC_TIMEOUT,
+ SecurityProtocolId,
+ SecurityProtocolSpecificData,
+ PayloadBufferSize,
+ PayloadBuffer
+ );
}
/**
@@ -651,274 +315,137 @@ UnlockOpalPassword (
}
/**
- Unlock ATA OPAL password for S3.
+ Unlock the OPAL NVM Express and ATA devices for S3.
+
+ @param[in] SscPpi Pointer to the EDKII_PEI_STORAGE_SECURITY_CMD_PPI instance.
**/
VOID
-UnlockOpalPasswordAta (
- VOID
+UnlockOpalPasswordDevices (
+ IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi
)
{
- EFI_STATUS Status;
- UINT8 *DevInfo;
- OPAL_DEVICE_ATA TempDevInfoAta;
- OPAL_DEVICE_ATA *DevInfoAta;
- UINTN DevInfoLengthAta;
- UINT8 Bus;
- UINT8 Device;
- UINT8 Function;
- OPAL_PEI_DEVICE OpalDev;
- UINT8 BaseClassCode;
- UINT8 SubClassCode;
- UINT8 SataCmdSt;
- AHCI_CONTEXT AhciContext;
- UINT32 AhciBar;
-
- DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
+ EFI_STATUS Status;
+ UINT8 *DevInfoBuffer;
+ UINT8 DummyData;
+ OPAL_DEVICE_LOCKBOX_DATA *DevInfo;
+ UINTN DevInfoLength;
+ EFI_DEVICE_PATH_PROTOCOL *SscDevicePath;
+ UINTN SscDevicePathLength;
+ UINTN SscDeviceNum;
+ UINTN SscDeviceIndex;
+ OPAL_PEI_DEVICE OpalDev;
//
- // Get ATA OPAL device info from LockBox.
+ // Get OPAL devices info from LockBox.
//
- DevInfo = (UINT8 *) &TempDevInfoAta;
- DevInfoLengthAta = sizeof (OPAL_DEVICE_ATA);
- Status = RestoreLockBox (&mOpalDeviceAtaGuid, DevInfo, &DevInfoLengthAta);
+ DevInfoBuffer = &DummyData;
+ DevInfoLength = sizeof (DummyData);
+ Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
if (Status == EFI_BUFFER_TOO_SMALL) {
- DevInfo = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLengthAta));
- if (DevInfo != NULL) {
- Status = RestoreLockBox (&mOpalDeviceAtaGuid, DevInfo, &DevInfoLengthAta);
+ DevInfoBuffer = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLength));
+ if (DevInfoBuffer != NULL) {
+ Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
}
}
- if (EFI_ERROR (Status) || (DevInfo == NULL)) {
+ if (DevInfoBuffer == NULL || DevInfoBuffer == &DummyData) {
+ return;
+ } else if (EFI_ERROR (Status)) {
+ FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength));
return;
}
- for (DevInfoAta = (OPAL_DEVICE_ATA *) DevInfo;
- (UINTN) DevInfoAta < ((UINTN) DevInfo + DevInfoLengthAta);
- DevInfoAta = (OPAL_DEVICE_ATA *) ((UINTN) DevInfoAta + DevInfoAta->Length)) {
- Bus = DevInfoAta->Device.Bus;
- Device = DevInfoAta->Device.Device;
- Function = DevInfoAta->Device.Function;
-
- SataCmdSt = PciRead8 (PCI_LIB_ADDRESS (Bus, Device, Function, PCI_COMMAND_OFFSET));
- PciWrite8 (PCI_LIB_ADDRESS (Bus, Device, Function, PCI_COMMAND_OFFSET), 0x6);
-
- BaseClassCode = PciRead8 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x0B));
- SubClassCode = PciRead8 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x0A));
- if ((BaseClassCode != PCI_CLASS_MASS_STORAGE) ||
- ((SubClassCode != PCI_CLASS_MASS_STORAGE_SATADPA) && (SubClassCode != PCI_CLASS_MASS_STORAGE_RAID))) {
- DEBUG ((DEBUG_ERROR, "%a() ClassCode/SubClassCode are not supported\n", __FUNCTION__));
- } else {
- AhciBar = PciRead32 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x24));
- PciWrite32 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x24), DevInfoAta->BarAddr);
-
- ZeroMem (&AhciContext, sizeof (AHCI_CONTEXT));
- AhciContext.AhciBar = DevInfoAta->BarAddr;
- AhciAllocateResource (&AhciContext);
- Status = AhciModeInitialize (&AhciContext, (UINT8)DevInfoAta->Port);
- ASSERT_EFI_ERROR (Status);
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "%a() AhciModeInitialize() error, Status: %r\n", __FUNCTION__, Status));
- } else {
- OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE;
- OpalDev.Sscp.ReceiveData = SecurityReceiveData;
- OpalDev.Sscp.SendData = SecuritySendData;
- OpalDev.DeviceType = OPAL_DEVICE_TYPE_ATA;
- OpalDev.Device = (OPAL_DEVICE_COMMON *) DevInfoAta;
- OpalDev.Context = &AhciContext;
-
- UnlockOpalPassword (&OpalDev);
- }
- AhciFreeResource (&AhciContext);
- PciWrite32 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x24), AhciBar);
- }
- PciWrite8 (PCI_LIB_ADDRESS (Bus, Device, Function, PCI_COMMAND_OFFSET), SataCmdSt);
- }
-
- ZeroMem (DevInfo, DevInfoLengthAta);
- if ((UINTN) DevInfo != (UINTN) &TempDevInfoAta) {
- FreePages (DevInfo, EFI_SIZE_TO_PAGES (DevInfoLengthAta));
- }
-
- DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
-}
-
-/**
- Unlock NVMe OPAL password for S3.
-
-**/
-VOID
-UnlockOpalPasswordNvme (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT8 *DevInfo;
- OPAL_DEVICE_NVME TempDevInfoNvme;
- OPAL_DEVICE_NVME *DevInfoNvme;
- UINTN DevInfoLengthNvme;
- UINT8 Bus;
- UINT8 Device;
- UINT8 Function;
- OPAL_PEI_DEVICE OpalDev;
- UINT8 BaseClassCode;
- UINT8 SubClassCode;
- UINT8 ProgInt;
- UINT8 NvmeCmdSt;
- UINT8 *StorePcieConfDataList[16];
- UINTN RpBase;
- UINTN MemoryBase;
- UINTN MemoryLength;
- NVME_CONTEXT NvmeContext;
-
- DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__));
-
//
- // Get NVMe OPAL device info from LockBox.
+ // Go through all the devices managed by the SSC PPI instance.
//
- DevInfo = (UINT8 *) &TempDevInfoNvme;
- DevInfoLengthNvme = sizeof (OPAL_DEVICE_NVME);
- Status = RestoreLockBox (&mOpalDeviceNvmeGuid, DevInfo, &DevInfoLengthNvme);
- if (Status == EFI_BUFFER_TOO_SMALL) {
- DevInfo = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLengthNvme));
- if (DevInfo != NULL) {
- Status = RestoreLockBox (&mOpalDeviceNvmeGuid, DevInfo, &DevInfoLengthNvme);
- }
+ Status = SscPpi->GetNumberofDevices (SscPpi, &SscDeviceNum);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
}
- if (EFI_ERROR (Status) || (DevInfo == NULL)) {
- return;
- }
-
- for (DevInfoNvme = (OPAL_DEVICE_NVME *) DevInfo;
- (UINTN) DevInfoNvme < ((UINTN) DevInfo + DevInfoLengthNvme);
- DevInfoNvme = (OPAL_DEVICE_NVME *) ((UINTN) DevInfoNvme + DevInfoNvme->Length)) {
- Bus = DevInfoNvme->Device.Bus;
- Device = DevInfoNvme->Device.Device;
- Function = DevInfoNvme->Device.Function;
-
- RpBase = 0;
- NvmeCmdSt = 0;
-
- ///
- /// Save original RootPort configuration space to heap
- ///
- RpBase = SaveRestoreRootportConfSpace (
- DevInfoNvme,
- TRUE, // save
- StorePcieConfDataList
- );
- MemoryBase = DevInfoNvme->BarAddr;
- MemoryLength = 0;
- ConfigureRootPortForPcieNand (RpBase, Bus, (UINT32) MemoryBase, (UINT32) MemoryLength);
-
- ///
- /// Enable PCIE decode for RootPort
- ///
- NvmeCmdSt = PciRead8 (RpBase + NVME_PCIE_PCICMD);
- PciWrite8 (RpBase + NVME_PCIE_PCICMD, 0x6);
-
- BaseClassCode = PciRead8 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x0B));
- SubClassCode = PciRead8 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x0A));
- ProgInt = PciRead8 (PCI_LIB_ADDRESS (Bus, Device, Function, 0x09));
- if ((BaseClassCode != PCI_CLASS_MASS_STORAGE) ||
- (SubClassCode != PCI_CLASS_MASS_STORAGE_NVM) ||
- (ProgInt != PCI_IF_NVMHCI)) {
- DEBUG ((DEBUG_ERROR, "%a() ClassCode/SubClassCode/PI are not supported\n", __FUNCTION__));
- } else {
- ZeroMem (&NvmeContext, sizeof (NVME_CONTEXT));
- NvmeContext.Nbar = DevInfoNvme->BarAddr;
- NvmeContext.PciBase = PCI_LIB_ADDRESS (Bus, Device, Function, 0x0);
- NvmeContext.NvmeInitWaitTime = 0;
- NvmeContext.Nsid = DevInfoNvme->NvmeNamespaceId;
- NvmeAllocateResource (&NvmeContext);
- Status = NvmeControllerInit (&NvmeContext);
-
- OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE;
- OpalDev.Sscp.ReceiveData = SecurityReceiveData;
- OpalDev.Sscp.SendData = SecuritySendData;
- OpalDev.DeviceType = OPAL_DEVICE_TYPE_NVME;
- OpalDev.Device = (OPAL_DEVICE_COMMON *) DevInfoNvme;
- OpalDev.Context = &NvmeContext;
-
- UnlockOpalPassword (&OpalDev);
-
- Status = NvmeControllerExit (&NvmeContext);
- NvmeFreeResource (&NvmeContext);
+ for (SscDeviceIndex = 1; SscDeviceIndex <= SscDeviceNum; SscDeviceIndex++) {
+ Status = SscPpi->GetDevicePath (
+ SscPpi,
+ SscDeviceIndex,
+ &SscDevicePathLength,
+ &SscDevicePath
+ );
+ if (SscDevicePathLength <= sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
+ //
+ // Device path validity check.
+ //
+ continue;
}
- ASSERT (RpBase != 0);
- PciWrite8 (RpBase + NVME_PCIE_PCICMD, 0);
- RpBase = SaveRestoreRootportConfSpace (
- DevInfoNvme,
- FALSE, // restore
- StorePcieConfDataList
- );
- PciWrite8 (RpBase + NVME_PCIE_PCICMD, NvmeCmdSt);
- }
-
- ZeroMem (DevInfo, DevInfoLengthNvme);
- if ((UINTN) DevInfo != (UINTN) &TempDevInfoNvme) {
- FreePages (DevInfo, EFI_SIZE_TO_PAGES (DevInfoLengthNvme));
+ //
+ // Search the device in the restored LockBox.
+ //
+ for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) DevInfoBuffer;
+ (UINTN) DevInfo < ((UINTN) DevInfoBuffer + DevInfoLength);
+ DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) ((UINTN) DevInfo + DevInfo->Length)) {
+ //
+ // Find the matching device.
+ //
+ if ((DevInfo->DevicePathLength >= SscDevicePathLength) &&
+ (CompareMem (
+ DevInfo->DevicePath,
+ SscDevicePath,
+ SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) {
+ OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE;
+ OpalDev.Sscp.ReceiveData = SecurityReceiveData;
+ OpalDev.Sscp.SendData = SecuritySendData;
+ OpalDev.Device = DevInfo;
+ OpalDev.Context = NULL;
+ OpalDev.SscPpi = SscPpi;
+ OpalDev.DeviceIndex = SscDeviceIndex;
+ UnlockOpalPassword (&OpalDev);
+ break;
+ }
+ }
}
- DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__));
-}
-
-/**
- Unlock OPAL password for S3.
+Exit:
+ ZeroMem (DevInfoBuffer, DevInfoLength);
+ FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength));
-**/
-VOID
-OpalPasswordS3 (
- VOID
- )
-{
- UnlockOpalPasswordAta ();
- UnlockOpalPasswordNvme ();
}
/**
- Entry point of the notification callback function itself within the PEIM.
+ One notified function at the installation of EDKII_PEI_STORAGE_SECURITY_CMD_PPI.
It is to unlock OPAL password for S3.
- @param PeiServices Indirect reference to the PEI Services Table.
- @param NotifyDescriptor Address of the notification descriptor data structure.
- @param Ppi Address of the PPI that was installed.
+ @param[in] PeiServices Indirect reference to the PEI Services Table.
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.
+ @param[in] Ppi Address of the PPI that was installed.
@return Status of the notification.
The status code returned from this function is ignored.
+
**/
EFI_STATUS
EFIAPI
-OpalPasswordEndOfPeiNotify(
- IN EFI_PEI_SERVICES **PeiServices,
- IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
- IN VOID *Ppi
+OpalPasswordStorageSecurityPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
)
{
- EFI_STATUS Status;
- EFI_BOOT_MODE BootMode;
-
- Status = PeiServicesGetBootMode (&BootMode);
- ASSERT_EFI_ERROR (Status);
- if (BootMode != BOOT_ON_S3_RESUME) {
- return EFI_UNSUPPORTED;
- }
-
- DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__));
+ DEBUG ((DEBUG_INFO, "%a entered at S3 resume!\n", __FUNCTION__));
- OpalPasswordS3 ();
+ UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *) Ppi);
- DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__));
+ DEBUG ((DEBUG_INFO, "%a exit at S3 resume!\n", __FUNCTION__));
return EFI_SUCCESS;
}
-EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordEndOfPeiNotifyDesc = {
+
+EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
- &gEfiEndOfPeiSignalPpiGuid,
- OpalPasswordEndOfPeiNotify
+ &gEdkiiPeiStorageSecurityCommandPpiGuid,
+ OpalPasswordStorageSecurityPpiNotify
};
+
/**
Main entry for this module.
@@ -935,10 +462,17 @@ OpalPasswordPeiInit (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_BOOT_MODE BootMode;
+
+ Status = PeiServicesGetBootMode (&BootMode);
+ if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) {
+ return EFI_UNSUPPORTED;
+ }
- Status = PeiServicesNotifyPpi (&mOpalPasswordEndOfPeiNotifyDesc);
+ DEBUG ((DEBUG_INFO, "%a: Enters in S3 path.\n", __FUNCTION__));
+
+ Status = PeiServicesNotifyPpi (&mOpalPasswordStorageSecurityPpiNotifyDesc);
ASSERT_EFI_ERROR (Status);
return Status;
}
-