SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic.

BlockSid feature can be retrieve from the header info. Update the logic, check BlockSid capability before use it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Feng Tian <feng.tian@intel.com>
author: Eric Dong <eric.dong@intel.com> 2016-05-04 12:48:50 +0800
committer: Liming Gao <liming.gao@intel.com> 2016-05-05 12:52:47 +0800
commit: 69cd129471c3507d6be0b9e993a020ddef38692e (patch)
tree: b0cb30bb455989e1d775c0e8025a270440b28acd /SecurityPkg
parent: be08755355ef16bf86ebed01762c6c9cb319b48a (diff)
download: edk2-69cd129471c3507d6be0b9e993a020ddef38692e.tar.gz
edk2-69cd129471c3507d6be0b9e993a020ddef38692e.tar.bz2
edk2-69cd129471c3507d6be0b9e993a020ddef38692e.zip
1 files changed, 10 insertions, 5 deletions
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
index b7e2d552d5..46311bd8a0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
@@ -180,12 +180,14 @@ ExtractDeviceInfoFromDevicePath (
   TRUE means that the device is partially or fully locked.
   This will perform a Level 0 Discovery and parse the locking feature descriptor
 
-  @param[in]      OpalDev        Opal object to determine if locked
+  @param[in]      OpalDev             Opal object to determine if locked
+  @param[out]     BlockSidSupported   Whether device support BlockSid feature.
 
 **/
 BOOLEAN
 IsOpalDeviceLocked(
-  OPAL_SMM_DEVICE    *OpalDev
+  OPAL_SMM_DEVICE    *OpalDev,
+  BOOLEAN            *BlockSidSupported
   )
 {
   OPAL_SESSION                   Session;
@@ -203,7 +205,8 @@ IsOpalDeviceLocked(
   }
 
   OpalDev->OpalBaseComId = OpalBaseComId;
-  Session.OpalBaseComId = OpalBaseComId;
+  Session.OpalBaseComId  = OpalBaseComId;
+  *BlockSidSupported     = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE;
 
   Ret = OpalGetLockingInfo(&Session, &LockingFeature);
   if (Ret != TcgResultSuccess) {
@@ -346,6 +349,7 @@ SmmUnlockOpalPassword (
   UINTN                          MemoryBase;
   UINTN                          MemoryLength;
   OPAL_SESSION                   Session;
+  BOOLEAN                        BlockSidSupport;
 
   ZeroMem (StorePcieConfDataList, sizeof (StorePcieConfDataList));
   Status = EFI_DEVICE_ERROR;
@@ -431,13 +435,14 @@ SmmUnlockOpalPassword (
     }
 
     Status = EFI_DEVICE_ERROR;
-    if (IsOpalDeviceLocked(OpalDev)) {
+    BlockSidSupport = FALSE;
+    if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) {
       ZeroMem(&Session, sizeof(Session));
       Session.Sscp = &OpalDev->Sscp;
       Session.MediaId = 0;
       Session.OpalBaseComId = OpalDev->OpalBaseComId;
 
-      if (mSendBlockSID) {
+      if (mSendBlockSID && BlockSidSupport) {
         Result = OpalBlockSid (&Session, TRUE);
         if (Result != TcgResultSuccess) {
           break;
author	Eric Dong <eric.dong@intel.com>	2016-05-04 12:48:50 +0800
committer	Liming Gao <liming.gao@intel.com>	2016-05-05 12:52:47 +0800
commit	69cd129471c3507d6be0b9e993a020ddef38692e (patch)
tree	b0cb30bb455989e1d775c0e8025a270440b28acd /SecurityPkg
parent	be08755355ef16bf86ebed01762c6c9cb319b48a (diff)
download	edk2-69cd129471c3507d6be0b9e993a020ddef38692e.tar.gz edk2-69cd129471c3507d6be0b9e993a020ddef38692e.tar.bz2 edk2-69cd129471c3507d6be0b9e993a020ddef38692e.zip