Re: [edk2-devel] [PATCH v3] MdePkg: Add registers of boot partition feature
Created PR for the patch : https://github.com/tianocore/edk2/pull/2361 -Original Message- From: devel@edk2.groups.io On Behalf Of Maggie Chu Sent: Wednesday, January 5, 2022 6:35 PM To: devel@edk2.groups.io Cc: Gao, Liming ; Kinney, Michael D ; Liu, Zhiguang Subject: [edk2-devel] [PATCH v3] MdePkg: Add registers of boot partition feature REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757 Add registers of boot partition feature which defined in NVM Express 1.4 Spec Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Signed-off-by: Maggie Chu --- MdePkg/Include/IndustryStandard/Nvme.h | 108 - 1 file changed, 89 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Nvme.h b/MdePkg/Include/IndustryStandard/Nvme.h index 7d4aee9dc8..4a1d92c45d 100644 --- a/MdePkg/Include/IndustryStandard/Nvme.h +++ b/MdePkg/Include/IndustryStandard/Nvme.h @@ -2,11 +2,12 @@ Definitions based on NVMe spec. version 1.1.(C) Copyright 2016 Hewlett Packard Enterprise Development LP- Copyright (c) 2017, Intel Corporation. All rights reserved.+ Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent@par Specification Reference: NVMe Specification 1.1+ NVMe Specification 1.4 **/ @@ -18,18 +19,21 @@ // // controller register offsets //-#define NVME_CAP_OFFSET0x // Controller Capabilities-#define NVME_VER_OFFSET0x0008// Version-#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set-#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear-#define NVME_CC_OFFSET 0x0014// Controller Configuration-#define NVME_CSTS_OFFSET 0x001c // Controller Status-#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset-#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes-#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address-#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address-#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail Doorbell-#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head Doorbell+#define NVME_CAP_OFFSET 0x// Controller Capabilities+#define NVME_VER_OFFSET 0x0008// Version+#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set+#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear+#define NVME_CC_OFFSET 0x0014// Controller Configuration+#define NVME_CSTS_OFFSET0x001c// Controller Status+#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset+#define NVME_AQA_OFFSET 0x0024 // Admin Queue Attributes+#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base Address+#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base Address+#define NVME_BPINFO_OFFSET 0x0040 // Boot Partition Information+#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select+#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer Location+#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail Doorbell+#define NVME_CQ0_OFFSET 0x1004 // Completion Queue 0 (admin) Head Doorbell // // These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD))@@ -51,11 +55,14 @@ typedef struct { UINT8 To; // Timeout UINT16Dstrd : 4; UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS- UINT16Css: 4; // Command Sets Supported - Bit 37- UINT16Rsvd3 : 7;+ UINT16Css: 8; // Command Sets Supported - Bit 37+ UINT16Bps: 1; // Boot Partition Support - Bit 45 in NVMe1.4+ UINT16Rsvd3 : 2; UINT8 Mpsmin : 4; UINT8 Mpsmax : 4;- UINT8 Rsvd4;+ UINT8 Pmrs : 1;+ UINT8 Cmbs : 1;+ UINT8 Rsvd4 : 6; } NVME_CAP; //@@ -115,7 +122,36 @@ typedef struct { #define NVME_ACQ UINT64 //-// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell+// 3.1.13 Offset 40h: BPINFO - Boot Partition Information+//+typedef struct {+ UINT32Bpsz : 15; // Boot Partition Size+ UINT32Rsvd1 : 9;+ UINT32Brs : 2; // Boot Read Status+ UINT32Rsvd2 : 5;+ UINT32Abpid : 1; // Active Boot Partition ID+} NVME_BPINFO;++//+// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select+//+typedef struct {+ UINT32Bprsz : 10; // Boot Partition Read Size+ UINT32Bprof : 20; // Boot Partition Read Offset+ UINT32Rsvd1 : 1;+ UINT32Bpid : 1; // Boot Partition Identifier+} NVME_BPRSEL;++//+// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional)+//+typedef struct {+ UINT64Rsvd1 : 12;+ UINT64Bmbba : 52; // Boot Partition Memory Buffer Base Address+} NVME_BPMBL;++//+// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submi
[edk2-devel] [PATCH v3] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757 Add registers of boot partition feature which defined in NVM Express 1.4 Spec Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Signed-off-by: Maggie Chu --- MdePkg/Include/IndustryStandard/Nvme.h | 108 - 1 file changed, 89 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Nvme.h b/MdePkg/Include/IndustryStandard/Nvme.h index 7d4aee9dc8..4a1d92c45d 100644 --- a/MdePkg/Include/IndustryStandard/Nvme.h +++ b/MdePkg/Include/IndustryStandard/Nvme.h @@ -2,11 +2,12 @@ Definitions based on NVMe spec. version 1.1. (C) Copyright 2016 Hewlett Packard Enterprise Development LP - Copyright (c) 2017, Intel Corporation. All rights reserved. + Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @par Specification Reference: NVMe Specification 1.1 + NVMe Specification 1.4 **/ @@ -18,18 +19,21 @@ // // controller register offsets // -#define NVME_CAP_OFFSET0x// Controller Capabilities -#define NVME_VER_OFFSET0x0008// Version -#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set -#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear -#define NVME_CC_OFFSET 0x0014// Controller Configuration -#define NVME_CSTS_OFFSET 0x001c// Controller Status -#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset -#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes -#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address -#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address -#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail Doorbell -#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head Doorbell +#define NVME_CAP_OFFSET 0x// Controller Capabilities +#define NVME_VER_OFFSET 0x0008// Version +#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set +#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear +#define NVME_CC_OFFSET 0x0014// Controller Configuration +#define NVME_CSTS_OFFSET0x001c// Controller Status +#define NVME_NSSR_OFFSET0x0020// NVM Subsystem Reset +#define NVME_AQA_OFFSET 0x0024// Admin Queue Attributes +#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base Address +#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base Address +#define NVME_BPINFO_OFFSET 0x0040// Boot Partition Information +#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select +#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer Location +#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail Doorbell +#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 (admin) Head Doorbell // // These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD)) @@ -51,11 +55,14 @@ typedef struct { UINT8 To; // Timeout UINT16Dstrd : 4; UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS - UINT16Css: 4; // Command Sets Supported - Bit 37 - UINT16Rsvd3 : 7; + UINT16Css: 8; // Command Sets Supported - Bit 37 + UINT16Bps: 1; // Boot Partition Support - Bit 45 in NVMe1.4 + UINT16Rsvd3 : 2; UINT8 Mpsmin : 4; UINT8 Mpsmax : 4; - UINT8 Rsvd4; + UINT8 Pmrs : 1; + UINT8 Cmbs : 1; + UINT8 Rsvd4 : 6; } NVME_CAP; // @@ -115,7 +122,36 @@ typedef struct { #define NVME_ACQ UINT64 // -// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell +// 3.1.13 Offset 40h: BPINFO - Boot Partition Information +// +typedef struct { + UINT32Bpsz : 15; // Boot Partition Size + UINT32Rsvd1 : 9; + UINT32Brs : 2; // Boot Read Status + UINT32Rsvd2 : 5; + UINT32Abpid : 1; // Active Boot Partition ID +} NVME_BPINFO; + +// +// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select +// +typedef struct { + UINT32Bprsz : 10; // Boot Partition Read Size + UINT32Bprof : 20; // Boot Partition Read Offset + UINT32Rsvd1 : 1; + UINT32Bpid : 1; // Boot Partition Identifier +} NVME_BPRSEL; + +// +// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional) +// +typedef struct { + UINT64Rsvd1 : 12; + UINT64Bmbba : 52; // Boot Partition Memory Buffer Base Address +} NVME_BPMBL; + +// +// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell // typedef struct { UINT16Sqt; @@ -353,7 +389,7 @@ typedef struct { UINT8Avscc; /* Admin Vendor Specific Command Configuration */ UINT8Apsta; /* Autonomous Power State Transition Attributes */ // - // Below fields before Rs
[edk2-devel] [PATCH v2] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757 Add registers of boot partition feature which defined in NVM Express 1.4 Spec Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Signed-off-by: Maggie Chu --- MdePkg/Include/IndustryStandard/Nvme.h | 108 - 1 file changed, 89 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Nvme.h b/MdePkg/Include/IndustryStandard/Nvme.h index 7d4aee9dc8..8a2c747a85 100644 --- a/MdePkg/Include/IndustryStandard/Nvme.h +++ b/MdePkg/Include/IndustryStandard/Nvme.h @@ -2,11 +2,12 @@ Definitions based on NVMe spec. version 1.1. (C) Copyright 2016 Hewlett Packard Enterprise Development LP - Copyright (c) 2017, Intel Corporation. All rights reserved. + Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @par Specification Reference: NVMe Specification 1.1 + NVMe Specification 1.4 **/ @@ -18,18 +19,21 @@ // // controller register offsets // -#define NVME_CAP_OFFSET0x// Controller Capabilities -#define NVME_VER_OFFSET0x0008// Version -#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set -#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear -#define NVME_CC_OFFSET 0x0014// Controller Configuration -#define NVME_CSTS_OFFSET 0x001c// Controller Status -#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset -#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes -#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address -#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address -#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail Doorbell -#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head Doorbell +#define NVME_CAP_OFFSET 0x// Controller Capabilities +#define NVME_VER_OFFSET 0x0008// Version +#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set +#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear +#define NVME_CC_OFFSET 0x0014// Controller Configuration +#define NVME_CSTS_OFFSET0x001c// Controller Status +#define NVME_NSSR_OFFSET0x0020// NVM Subsystem Reset +#define NVME_AQA_OFFSET 0x0024// Admin Queue Attributes +#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base Address +#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base Address +#define NVME_BPINFO_OFFSET 0x0040// Boot Partition Information +#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select +#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer Location +#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail Doorbell +#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 (admin) Head Doorbell // // These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD)) @@ -51,11 +55,14 @@ typedef struct { UINT8 To; // Timeout UINT16Dstrd : 4; UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS - UINT16Css: 4; // Command Sets Supported - Bit 37 - UINT16Rsvd3 : 7; + UINT16Css: 8; // Command Sets Supported - Bit 37 + UINT16Bps: 1; // Boot Partition Support - Bit 45 in NVMe1.4 + UINT16Rsvd3 : 2; UINT8 Mpsmin : 4; UINT8 Mpsmax : 4; - UINT8 Rsvd4; + UINT8 Pmrs : 1; + UINT8 Cmbs : 1; + UINT8 Rsvd4 : 6; } NVME_CAP; // @@ -115,7 +122,36 @@ typedef struct { #define NVME_ACQ UINT64 // -// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell +// 3.1.13 Offset 40h: BPINFO - Boot Partition Information +// +typedef struct { + UINT32Bpsz : 15; // Boot Partition Size + UINT32Rsvd1 : 9; + UINT32Brs : 2; // Boot Read Status + UINT32Rsvd2 : 5; + UINT32Abpid : 1; // Active Boot Partition ID +} NVME_BPINFO; + +// +// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select +// +typedef struct { + UINT32Bprsz : 10; // Boot Partition Read Size + UINT32Bprof : 20; // Boot Partition Read Offset + UINT32Rsvd1 : 1; + UINT32Bpid : 1; // Boot Partition Identifier +} NVME_BPRSEL; + +// +// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional) +// +typedef struct { + UINT64Rsvd1 : 12; + UINT64Bmbba : 52; // Boot Partition Memory Buffer Base Address +} NVME_BPMBL; + +// +// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell // typedef struct { UINT16Sqt; @@ -353,7 +389,7 @@ typedef struct { UINT8Avscc; /* Admin Vendor Specific Command Configuration */ UINT8Apsta; /* Autonomous Power State Transition Attributes */ // - // Below fields before Rs
Re: [edk2-devel] [PATCH] MdePkg: Add registers of boot partition feature
Hi Liming, Hi Michael, May I know when will the review process finished and code will be merged ? -Original Message- From: devel@edk2.groups.io On Behalf Of gaoliming Sent: Wednesday, December 15, 2021 1:41 PM To: devel@edk2.groups.io; Liu, Zhiguang ; Chu, Maggie Cc: Kinney, Michael D Subject: 回复: [edk2-devel] [PATCH] MdePkg: Add registers of boot partition feature Reviewed-by: Liming Gao > -邮件原件- > 发件人: devel@edk2.groups.io 代表 Zhiguang Liu > 发送时间: 2021年12月15日 12:32 > 收件人: Chu, Maggie ; devel@edk2.groups.io > 抄送: Gao, Liming ; Kinney, Michael D > > 主题: Re: [edk2-devel] [PATCH] MdePkg: Add registers of boot partition > feature > > I have checked that the change follows NVM Express 1.4 Spec > Reviewed-by: Zhiguang Liu > > -Original Message- > From: Chu, Maggie > Sent: Wednesday, December 8, 2021 3:18 PM > To: devel@edk2.groups.io > Cc: Liming Gao ; Kinney, Michael D > ; Liu, Zhiguang > Subject: [PATCH] MdePkg: Add registers of boot partition feature > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757 > > Add registers of boot partition feature which defined in NVM Express > 1.4 Spec > > Cc: Liming Gao > Cc: Michael D Kinney > Cc: Zhiguang Liu > Signed-off-by: Maggie Chu > --- > MdePkg/Include/IndustryStandard/Nvme.h | 113 > - > 1 file changed, 92 insertions(+), 21 deletions(-) > > diff --git a/MdePkg/Include/IndustryStandard/Nvme.h > b/MdePkg/Include/IndustryStandard/Nvme.h > index 7d4aee9dc8..8387183e4f 100644 > --- a/MdePkg/Include/IndustryStandard/Nvme.h > +++ b/MdePkg/Include/IndustryStandard/Nvme.h > @@ -2,11 +2,12 @@ >Definitions based on NVMe spec. version 1.1. > > > >(C) Copyright 2016 Hewlett Packard Enterprise Development LP > > - Copyright (c) 2017, Intel Corporation. All rights reserved. > > + Copyright (c) 2017 - 2021, Intel Corporation. All rights > + reserved. > >SPDX-License-Identifier: BSD-2-Clause-Patent > > > >@par Specification Reference: > >NVMe Specification 1.1 > > + NVMe Specification 1.4 > > > > **/ > > > > @@ -18,18 +19,21 @@ > // > > // controller register offsets > > // > > -#define NVME_CAP_OFFSET0x// Controller Capabilities > > -#define NVME_VER_OFFSET0x0008// Version > > -#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set > > -#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear > > -#define NVME_CC_OFFSET 0x0014// Controller > Configuration > > -#define NVME_CSTS_OFFSET 0x001c// Controller Status > > -#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset > > -#define NVME_AQA_OFFSET0x0024// Admin Queue > Attributes > > -#define NVME_ASQ_OFFSET0x0028// Admin Submission > Queue Base Address > > -#define NVME_ACQ_OFFSET0x0030// Admin Completion > Queue Base Address > > -#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 > (admin) Tail Doorbell > > -#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 > (admin) Head Doorbell > > +#define NVME_CAP_OFFSET 0x// Controller > Capabilities > > +#define NVME_VER_OFFSET 0x0008// Version > > +#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set > > +#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear > > +#define NVME_CC_OFFSET 0x0014// Controller > Configuration > > +#define NVME_CSTS_OFFSET0x001c// Controller Status > > +#define NVME_NSSR_OFFSET0x0020// NVM Subsystem > Reset > > +#define NVME_AQA_OFFSET 0x0024// Admin Queue > Attributes > > +#define NVME_ASQ_OFFSET 0x0028// Admin Submission > Queue Base Address > > +#define NVME_ACQ_OFFSET 0x0030// Admin Completion > Queue Base Address > > +#define NVME_BPINFO_OFFSET 0x0040// Boot Partition > Information > > +#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read > Select > > +#define NVME_BPMBL_OFFSET 0x0048// Boot Partition > Memory Buffer Location > > +#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 > (admin) Tail Doorbell > > +#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 > (admin) Head Doorbell > > > > // > > // These register offsets are defined as 0x1000 + (N * (4 << > CAP.DSTRD)) > > @@ -51,11 +55,14 @@ typedef struct { >UINT8 To; // Timeout > >UINT16Dstrd : 4; > >UINT16Nssrs : 1;
[edk2-devel] [PATCH] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757 Add registers of boot partition feature which defined in NVM Express 1.4 Spec Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Signed-off-by: Maggie Chu --- MdePkg/Include/IndustryStandard/Nvme.h | 113 - 1 file changed, 92 insertions(+), 21 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Nvme.h b/MdePkg/Include/IndustryStandard/Nvme.h index 7d4aee9dc8..8387183e4f 100644 --- a/MdePkg/Include/IndustryStandard/Nvme.h +++ b/MdePkg/Include/IndustryStandard/Nvme.h @@ -2,11 +2,12 @@ Definitions based on NVMe spec. version 1.1. (C) Copyright 2016 Hewlett Packard Enterprise Development LP - Copyright (c) 2017, Intel Corporation. All rights reserved. + Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent @par Specification Reference: NVMe Specification 1.1 + NVMe Specification 1.4 **/ @@ -18,18 +19,21 @@ // // controller register offsets // -#define NVME_CAP_OFFSET0x// Controller Capabilities -#define NVME_VER_OFFSET0x0008// Version -#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set -#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear -#define NVME_CC_OFFSET 0x0014// Controller Configuration -#define NVME_CSTS_OFFSET 0x001c// Controller Status -#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset -#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes -#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address -#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address -#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail Doorbell -#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head Doorbell +#define NVME_CAP_OFFSET 0x// Controller Capabilities +#define NVME_VER_OFFSET 0x0008// Version +#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set +#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear +#define NVME_CC_OFFSET 0x0014// Controller Configuration +#define NVME_CSTS_OFFSET0x001c// Controller Status +#define NVME_NSSR_OFFSET0x0020// NVM Subsystem Reset +#define NVME_AQA_OFFSET 0x0024// Admin Queue Attributes +#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base Address +#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base Address +#define NVME_BPINFO_OFFSET 0x0040// Boot Partition Information +#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select +#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer Location +#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail Doorbell +#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 (admin) Head Doorbell // // These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD)) @@ -51,11 +55,14 @@ typedef struct { UINT8 To; // Timeout UINT16Dstrd : 4; UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS - UINT16Css: 4; // Command Sets Supported - Bit 37 - UINT16Rsvd3 : 7; - UINT8 Mpsmin : 4; - UINT8 Mpsmax : 4; - UINT8 Rsvd4; + UINT16Css:8; // Command Sets Supported - Bit 37 + UINT16Bps:1; // Boot Partition Support - Bit 45 in NVMe1.4 + UINT16Rsvd3:2; + UINT8 Mpsmin:4; + UINT8 Mpsmax:4; + UINT8 Pmrs:1; + UINT8 Cmbs:1; + UINT8 Rsvd4:6; } NVME_CAP; // @@ -115,7 +122,36 @@ typedef struct { #define NVME_ACQ UINT64 // -// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell +// 3.1.13 Offset 40h: BPINFO - Boot Partition Information +// +typedef struct { + UINT32 Bpsz:15;// Boot Partition Size + UINT32 Rsvd1:9; + UINT32 Brs:2; // Boot Read Status + UINT32 Rsvd2:5; + UINT32 Abpid:1;// Active Boot Partition ID +} NVME_BPINFO; + +// +// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select +// +typedef struct { + UINT32 Bprsz:10;// Boot Partition Read Size + UINT32 Bprof:20;// Boot Partition Read Offset + UINT32 Rsvd1:1; + UINT32 Bpid:1; // Boot Partition Identifier +} NVME_BPRSEL; + +// +// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional) +// +typedef struct { + UINT64 Rsvd1:12; + UINT64 Bmbba:52;// Boot Partition Memory Buffer Base Address +} NVME_BPMBL; + +// +// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell // typedef struct { UINT16Sqt; @@ -353,7 +389,7 @@ typedef struct { UINT8Avscc; /* Admin Vendor Specific Command Configuration */ UINT8Apsta; /* Autonomous Power State Transition Attributes */ // - // Below field
Re: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source
Hello, Please help to catch this patch into edk2 202005 stable tag. Thank you -Original Message- From: devel@edk2.groups.io On Behalf Of Maggie Chu Sent: Monday, May 18, 2020 7:42 PM To: devel@edk2.groups.io Cc: Dong, Eric ; Wang, Jian J ; Zhang, Chao B ; Yao, Jiewen Subject: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source https://bugzilla.tianocore.org/show_bug.cgi?id=2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Jian J Wang Cc: Chao Zhang Cc: Jiewen Yao --- v3 change: Remove TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT. Extend year of copyright. SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 17 + .../DxeTcg2PhysicalPresenceLib.c| 6 +++--- .../PeiTcg2PhysicalPresenceLib.c| 4 ++-- .../PeiTcg2PhysicalPresenceLib.inf | 5 - .../SmmTcg2PhysicalPresenceLib.c| 7 +-- .../SmmTcg2PhysicalPresenceLib.inf | 3 ++- SecurityPkg/SecurityPkg.dec | 15 +-- 7 files changed, 30 insertions(+), 27 deletions(-) diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h index 39febcb655..e5ff3b1e5e 100644 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -2,7 +2,7 @@ This library is intended to be used by BDS modules. This library will execute TPM2 request. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -39,21 +39,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT17 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT18 -//-// Default value-//-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \- TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \- TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \- TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)--//-// Default value-//-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \- TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\- TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)- /** Check and execute the pending TPM request. diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 80e2e37bf4..1e00476509 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPres +++ enceLib.c @@ -7,7 +7,7 @@ Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation. -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -1194,7 +1194,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( &Flags ); if (EFI_ERROR (Status)) {- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+ Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter); }@@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) {- PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; }diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index a111351516..b80129bf7f 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPres +++ enceLib.c @@ -3,7 +3,7 @@ This
[edk2-devel] [PATCH v3] SecurityPkg: Change default value source
https://bugzilla.tianocore.org/show_bug.cgi?id=2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Jian J Wang Cc: Chao Zhang Cc: Jiewen Yao --- v3 change: Remove TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT. Extend year of copyright. SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 17 + .../DxeTcg2PhysicalPresenceLib.c| 6 +++--- .../PeiTcg2PhysicalPresenceLib.c| 4 ++-- .../PeiTcg2PhysicalPresenceLib.inf | 5 - .../SmmTcg2PhysicalPresenceLib.c| 7 +-- .../SmmTcg2PhysicalPresenceLib.inf | 3 ++- SecurityPkg/SecurityPkg.dec | 15 +-- 7 files changed, 30 insertions(+), 27 deletions(-) diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h index 39febcb655..e5ff3b1e5e 100644 --- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h +++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -2,7 +2,7 @@ This library is intended to be used by BDS modules. This library will execute TPM2 request. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -39,21 +39,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT17 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT18 -// -// Default value -// -#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \ - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \ - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \ - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) - -// -// Default value -// -#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT (TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \ - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\ - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) - /** Check and execute the pending TPM request. diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 80e2e37bf4..1e00476509 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -7,7 +7,7 @@ Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation. -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -1194,7 +1194,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( &Flags ); if (EFI_ERROR (Status)) { - Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; + Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter); } @@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { -PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; +PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index a111351516..b80129bf7f 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c @@ -3,7 +3,7 @@ This library will get TPM 2.0 physical presence information. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagem
[edk2-devel] [PATCH v2] SecurityPkg: Change default value source
https://bugzilla.tianocore.org/show_bug.cgi?id=2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Jian J Wang Cc: Chao Zhang Cc: Jiewen Yao --- v2 change: Change patch title. .../Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 2 +- .../Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c | 2 +- .../PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf| 3 +++ .../Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c | 5 - .../SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf| 1 + 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 80e2e37bf4..bf793555aa 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { -PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; +PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index a111351516..a2c157d8a7 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c @@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { -PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; +PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf index d34f232022..11ebaa9263 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf @@ -43,5 +43,8 @@ [Ppis] gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + [Depex] gEfiPeiReadOnlyVariable2PpiGuid diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c index 3827df9663..08ef5416d8 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; BOOLEANmIsTcg2PPVerLowerThan_1_3 = FALSE; +UINT32 mTcg2PhysicalPresenceFlags; /** The handler for TPM physical presence function: @@ -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &Flags ); if (EFI_ERROR (Status)) { - Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; + Flags.PPFlags = mTcg2PhysicalPresenceFlags; } ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter); } @@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructor ( Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable); ASSERT_EFI_ERROR (Status); + mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf index e0e5fef5f1..1f40629e3b 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf @@ -50,6 +50,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags## SOMETIMES_CONSUMES [Depex] gEfiSmmVariable
[edk2-devel] [PATCH] SecurityPkg: Get default value from same source for TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
https://bugzilla.tianocore.org/show_bug.cgi?id=2713 In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist, code will get default value from two places. This fix is to make the default value comes from the PCD gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Jian J Wang Cc: Chao Zhang Cc: Jiewen Yao --- .../Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 2 +- .../Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c | 2 +- .../PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf| 3 +++ .../Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c | 5 - .../SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf| 1 + 5 files changed, 10 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index 80e2e37bf4..bf793555aa 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { -PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; +PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c index a111351516..a2c157d8a7 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c @@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags ( &PpiFlags ); if (EFI_ERROR (Status)) { -PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; +PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; } diff --git a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf index d34f232022..11ebaa9263 100644 --- a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf @@ -43,5 +43,8 @@ [Ppis] gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + [Depex] gEfiPeiReadOnlyVariable2PpiGuid diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c index 3827df9663..08ef5416d8 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c @@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; BOOLEANmIsTcg2PPVerLowerThan_1_3 = FALSE; +UINT32 mTcg2PhysicalPresenceFlags; /** The handler for TPM physical presence function: @@ -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( &Flags ); if (EFI_ERROR (Status)) { - Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT | TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT; + Flags.PPFlags = mTcg2PhysicalPresenceFlags; } ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter); } @@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructor ( Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable); ASSERT_EFI_ERROR (Status); + mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + return EFI_SUCCESS; } diff --git a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf index e0e5fef5f1..1f40629e3b 100644 --- a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf +++ b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf @@ -50,6 +50,7 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags## SOMETIMES_CONSUMES [Depex] gEfiSmmVariableProtocolGu
Re: [edk2-devel] [PATCH] SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL
Hi Jiewen, This patch has been added to client bios as override since last year and validated on WHL/CFL/ICL and also CML. It was asked by RST team because BLOCK IO protocol is unable to be provided on each physical device when RAID volume created. Thanks, Maggie -Original Message- From: devel@edk2.groups.io On Behalf Of Yao, Jiewen Sent: Monday, November 4, 2019 12:08 PM To: Chu, Maggie ; devel@edk2.groups.io Cc: Dong, Eric ; Zhang, Chao B Subject: Re: [edk2-devel] [PATCH] SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL Hello May I know what test has been done for this patch? > -Original Message- > From: Chu, Maggie > Sent: Monday, November 4, 2019 12:04 PM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Zhang, Chao B > ; Yao, Jiewen > Subject: [PATCH] SecurityPkg/OpalPassword: Remove dependency on > EFI_BLOCK_IO_PROTOCOL > > https://bugzilla.tianocore.org/show_bug.cgi?id=2327 > > RAID drivers abstract their physical drives that make up the array > into a single unit, and do not supply individual EFI_BLOCK_IO_PROTOCOL > instances for each physical drive in the array. > This breaks support for the Security Storage Command Protocol, which > currently requires an EFI_BLOCK_IO_PROTOCOL to be associated with the > same device the protocol is installed on and provide all the same > parameters. > > This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and allows > access to Opal drive members of a RAID array. > > Signed-off-by: Maggie Chu > Cc: Eric Dong > Cc: Chao Zhang > Cc: Jiewen Yao > --- > SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 70 > ++-- > -- > 1 file changed, 27 insertions(+), 43 deletions(-) > > diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > index 77905d2bf9..6bec54b932 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > @@ -2667,7 +2667,6 @@ OpalEfiDriverBindingSupported( { > >EFI_STATUS Status; > >EFI_STORAGE_SECURITY_COMMAND_PROTOCOL* SecurityCommand; > > - EFI_BLOCK_IO_PROTOCOL* BlkIo; > > > >if (mOpalEndOfDxe) { > > return EFI_UNSUPPORTED; > > @@ -2703,33 +2702,6 @@ OpalEfiDriverBindingSupported( >Controller > >); > > > > - // > > - // Test EFI_BLOCK_IO_PROTOCOL on controller Handle, required by > EFI_STORAGE_SECURITY_COMMAND_PROTOCOL > > - // function APIs > > - // > > - Status = gBS->OpenProtocol( > > -Controller, > > -&gEfiBlockIoProtocolGuid, > > -(VOID **)&BlkIo, > > -This->DriverBindingHandle, > > -Controller, > > -EFI_OPEN_PROTOCOL_BY_DRIVER > > -); > > - > > - if (EFI_ERROR(Status)) { > > -DEBUG((DEBUG_INFO, "No EFI_BLOCK_IO_PROTOCOL on controller\n")); > > -return Status; > > - } > > - > > - // > > - // Close protocol and reopen in Start call > > - // > > - gBS->CloseProtocol( > > -Controller, > > -&gEfiBlockIoProtocolGuid, > > -This->DriverBindingHandle, > > -Controller > > -); > > > >return EFI_SUCCESS; > > } > > @@ -2827,30 +2799,42 @@ OpalEfiDriverBindingStart( > ); > >if (EFI_ERROR(Status)) { > > // > > -// Close storage security that was opened > > +// Block_IO not supported on handle > > // > > -gBS->CloseProtocol( > > -Controller, > > -&gEfiStorageSecurityCommandProtocolGuid, > > -This->DriverBindingHandle, > > -Controller > > -); > > +if(Status == EFI_UNSUPPORTED) { > > + BlkIo = NULL; > > +} else { > > + // > > + // Close storage security that was opened > > + // > > + gBS->CloseProtocol( > > + Controller, > > + &gEfiStorageSecurityCommandProtocolGuid, > > + This->DriverBindingHandle, > > + Controller > > + ); > > > > -FreePool(Dev); > > -return Status; > > + FreePool(Dev); > > + return Status; > > +} > >} > > > >// > >// Save mediaId > >// > > - Dev->MediaId = BlkIo->Media->MediaId; > > + if(BlkIo == NULL) { > > +// If no Block IO present, use defined MediaId value. > > +Dev->Media
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL
https://bugzilla.tianocore.org/show_bug.cgi?id=2327 RAID drivers abstract their physical drives that make up the array into a single unit, and do not supply individual EFI_BLOCK_IO_PROTOCOL instances for each physical drive in the array. This breaks support for the Security Storage Command Protocol, which currently requires an EFI_BLOCK_IO_PROTOCOL to be associated with the same device the protocol is installed on and provide all the same parameters. This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and allows access to Opal drive members of a RAID array. Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Chao Zhang Cc: Jiewen Yao --- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 70 ++ 1 file changed, 27 insertions(+), 43 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index 77905d2bf9..6bec54b932 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -2667,7 +2667,6 @@ OpalEfiDriverBindingSupported( { EFI_STATUS Status; EFI_STORAGE_SECURITY_COMMAND_PROTOCOL* SecurityCommand; - EFI_BLOCK_IO_PROTOCOL* BlkIo; if (mOpalEndOfDxe) { return EFI_UNSUPPORTED; @@ -2703,33 +2702,6 @@ OpalEfiDriverBindingSupported( Controller ); - // - // Test EFI_BLOCK_IO_PROTOCOL on controller Handle, required by EFI_STORAGE_SECURITY_COMMAND_PROTOCOL - // function APIs - // - Status = gBS->OpenProtocol( -Controller, -&gEfiBlockIoProtocolGuid, -(VOID **)&BlkIo, -This->DriverBindingHandle, -Controller, -EFI_OPEN_PROTOCOL_BY_DRIVER -); - - if (EFI_ERROR(Status)) { -DEBUG((DEBUG_INFO, "No EFI_BLOCK_IO_PROTOCOL on controller\n")); -return Status; - } - - // - // Close protocol and reopen in Start call - // - gBS->CloseProtocol( -Controller, -&gEfiBlockIoProtocolGuid, -This->DriverBindingHandle, -Controller -); return EFI_SUCCESS; } @@ -2827,30 +2799,42 @@ OpalEfiDriverBindingStart( ); if (EFI_ERROR(Status)) { // -// Close storage security that was opened +// Block_IO not supported on handle // -gBS->CloseProtocol( -Controller, -&gEfiStorageSecurityCommandProtocolGuid, -This->DriverBindingHandle, -Controller -); +if(Status == EFI_UNSUPPORTED) { + BlkIo = NULL; +} else { + // + // Close storage security that was opened + // + gBS->CloseProtocol( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); -FreePool(Dev); -return Status; + FreePool(Dev); + return Status; +} } // // Save mediaId // - Dev->MediaId = BlkIo->Media->MediaId; + if(BlkIo == NULL) { +// If no Block IO present, use defined MediaId value. +Dev->MediaId = 0x0; + } else { +Dev->MediaId = BlkIo->Media->MediaId; - gBS->CloseProtocol( -Controller, -&gEfiBlockIoProtocolGuid, -This->DriverBindingHandle, -Controller +gBS->CloseProtocol( + Controller, + &gEfiBlockIoProtocolGuid, + This->DriverBindingHandle, + Controller ); + } // // Acquire Ascii printable name of child, if not found, then ignore device -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49903): https://edk2.groups.io/g/devel/message/49903 Mute This Topic: https://groups.io/mt/41056838/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] MdeModulePkg/NvmExpressPei: Produce NVM Express PassThru PPI
https://bugzilla.tianocore.org/show_bug.cgi?id=1879 This commit will add codes to produce the NVM Express PassThru PPI. Signed-off-by: Maggie Chu Cc: Hao A Wu Cc: Jian J Wang Cc: Ray Ni Cc: Star Zeng --- MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c | 26 +++ MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h | 8 + .../Bus/Pci/NvmExpressPei/NvmExpressPei.inf| 1 + .../Bus/Pci/NvmExpressPei/NvmExpressPeiBlockIo.c | 27 +-- .../Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c | 74 --- .../Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c | 218 - .../Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.h | 159 ++- .../NvmExpressPei/NvmExpressPeiStorageSecurity.c | 24 +-- 8 files changed, 420 insertions(+), 117 deletions(-) diff --git a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c index 0e79b29f82..987eed420e 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c +++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c @@ -28,6 +28,12 @@ EFI_PEI_PPI_DESCRIPTOR mNvmeStorageSecurityPpiListTemplate = { NULL }; +EFI_PEI_PPI_DESCRIPTOR mNvmePassThruPpiListTemplate = { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEdkiiPeiNvmExpressPassThruPpiGuid, + NULL +}; + EFI_PEI_NOTIFY_DESCRIPTOR mNvmeEndOfPeiNotifyListTemplate = { (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), &gEfiEndOfPeiSignalPpiGuid, @@ -392,6 +398,26 @@ NvmExpressPeimEntry ( Private->BlkIo2PpiList.Ppi = &Private->BlkIo2Ppi; PeiServicesInstallPpi (&Private->BlkIoPpiList); +// +// Nvm Express Pass Thru PPI +// +Private->PassThruMode.Attributes= EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_PHYSICAL | + EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_LOGICAL | + EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_CMD_SET_NVM; +Private->PassThruMode.IoAlign = sizeof (UINTN); +Private->PassThruMode.NvmeVersion = EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_REVISION; +Private->NvmePassThruPpi.Mode = &Private->PassThruMode; +Private->NvmePassThruPpi.GetDevicePath = NvmePassThruGetDevicePath; +Private->NvmePassThruPpi.GetNextNameSpace = NvmePassThruGetNextNameSpace; +Private->NvmePassThruPpi.PassThru = NvmePassThru; +CopyMem ( + &Private->NvmePassThruPpiList, + &mNvmePassThruPpiListTemplate, + sizeof (EFI_PEI_PPI_DESCRIPTOR) + ); +Private->NvmePassThruPpiList.Ppi= &Private->NvmePassThruPpi; +PeiServicesInstallPpi (&Private->NvmePassThruPpiList); + // // Check if the NVME controller supports the Security Receive/Send commands // diff --git a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h index 6b2e2f0326..8cd905191b 100644 --- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h +++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -74,6 +75,8 @@ struct _PEI_NVME_NAMESPACE_INFO { PEI_NVME_CONTROLLER_PRIVATE_DATA *Controller; }; +#define NVME_CONTROLLER_NSID0 + // // Unique signature for private data structure. // @@ -85,15 +88,18 @@ struct _PEI_NVME_NAMESPACE_INFO { struct _PEI_NVME_CONTROLLER_PRIVATE_DATA { UINT32Signature; UINTN MmioBase; + EFI_NVM_EXPRESS_PASS_THRU_MODEPassThruMode; UINTN DevicePathLength; EFI_DEVICE_PATH_PROTOCOL *DevicePath; EFI_PEI_RECOVERY_BLOCK_IO_PPI BlkIoPpi; EFI_PEI_RECOVERY_BLOCK_IO2_PPIBlkIo2Ppi; EDKII_PEI_STORAGE_SECURITY_CMD_PPIStorageSecurityPpi; + EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI NvmePassThruPpi; EFI_PEI_PPI_DESCRIPTORBlkIoPpiList; EFI_PEI_PPI_DESCRIPTORBlkIo2PpiList; EFI_PEI_PPI_DESCRIPTORStorageSecurityPpiList; + EFI_PEI_PPI_DESCRIPTORNvmePassThruPpiList; EFI_PEI_NOTIFY_DESCRIPTOR EndOfPeiNotifyList; // @@ -145,6 +151,8 @@ struct _PEI_NVME_CONTROLLER_PRIVATE_DATA { CR (a, PEI_NVME_CONTROLLER_PRIVATE_DATA, BlkIo2Ppi, NVME_PEI_CONTROLLER_PRIVATE_DATA_SIGNATURE) #define GET_NVME_PEIM_HC_PRIVATE_DATA_FROM_THIS_STROAGE_SECURITY(a)\ CR (a, PEI_NVME_CONTROLLER_PRIVATE_DATA, StorageSecurityPpi, NVME_PEI_CONTROLLER_PRIVATE_DATA_SIGNATURE) +#define GET_NVME_PEIM_HC_PRIVATE_DATA_FROM_THIS_NVME_PASSTHRU(a) \ + CR (a, PEI_NVME_CONTROLLER_PRIVATE_DATA, NvmePassThruPpi, NVME_PEI_CONTROLLER_
[edk2-devel] [PATCH] MdeModulePkg: Add definitions for NVM Express Passthru PPI
https://bugzilla.tianocore.org/show_bug.cgi?id=1879 This commit will add the definitions of Nvm Express PassThru PPI. This PPI will provide services that allow NVM commands to be sent to NVM Express devices during PEI phase. More specifically, the PPI will provide services to: * Sends an NVM Express Command Packet to an NVM Express controller or namespace (by service 'PassThru'); * Get the list of the attached namespaces on a controller (by services 'GetNextNameSpace'); * Get the identification information (DevicePath) of the underlying NVM Express host controller (by service 'GetDevicePath'). Signed-off-by: Maggie Chu Cc: Hao A Wu Cc: Jian J Wang Cc: Ray Ni Cc: Star Zeng --- MdeModulePkg/Include/Ppi/NvmExpressPassThru.h | 156 ++ MdeModulePkg/MdeModulePkg.dec | 3 + 2 files changed, 159 insertions(+) create mode 100644 MdeModulePkg/Include/Ppi/NvmExpressPassThru.h diff --git a/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h new file mode 100644 index 00..cb5b3b3b18 --- /dev/null +++ b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h @@ -0,0 +1,156 @@ +/** @file + + Copyright (c) 2019, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _EDKII_NVME_PASS_THRU_PPI_H_ +#define _EDKII_NVME_PASS_THRU_PPI_H_ + +#include +#include + +/// +/// Global ID for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI. +/// +#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_GUID \ + { \ +0x6af31b2c, 0x3be, 0x46c1, { 0xb1, 0x2d, 0xea, 0x4a, 0x36, 0xdf, 0xa7, 0x4c } \ + } + +// +// Forward declaration for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI. +// +typedef struct _EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI; + +// +// Revision The revision to which the Nvme Pass Thru PPI interface adheres. +// All future revisions must be backwards compatible. +// If a future version is not back wards compatible it is not the same GUID. +// +#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_REVISION 0x0001 + +/** + Gets the device path information of the underlying NVM Express host controller. + + @param[in] This The PPI instance pointer. + @param[out] DevicePathLength The length of the device path in bytes specified + by DevicePath. + @param[out] DevicePath The device path of the underlying NVM Express + host controller. + This field re-uses EFI Device Path Protocol as + defined by Section 10.2 EFI Device Path Protocol + of UEFI 2.7 Specification. + + @retval EFI_SUCCESS The operation succeeds. + @retval EFI_INVALID_PARAMETERDevicePathLength or DevicePath is NULL. + @retval EFI_OUT_OF_RESOURCES The operation fails due to lack of resources. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_PEI_NVME_PASS_THRU_GET_DEVICE_PATH) ( + IN EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI *This, + OUT UINTN *DevicePathLength, + OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath + ); + +/** + Used to retrieve the next namespace ID for this NVM Express controller. + + If on input the value pointed to by NamespaceId is 0x, then the first + valid namespace ID defined on the NVM Express controller is returned in the + location pointed to by NamespaceId and a status of EFI_SUCCESS is returned. + + If on input the value pointed to by NamespaceId is an invalid namespace ID + other than 0x, then EFI_INVALID_PARAMETER is returned. + + If on input the value pointed to by NamespaceId is a valid namespace ID, then + the next valid namespace ID on the NVM Express controller is returned in the + location pointed to by NamespaceId, and EFI_SUCCESS is returned. + + If the value pointed to by NamespaceId is the namespace ID of the last + namespace on the NVM Express controller, then EFI_NOT_FOUND is returned. + + @param[in] This The PPI instance pointer. + @param[in,out] NamespaceId On input, a pointer to a legal NamespaceId + for an NVM Express namespace present on the + NVM Express controller. On output, a pointer + to the next NamespaceId of an NVM Express + namespace on an NVM Express controller. An + input value of 0x retrieves the + first NamespaceId for an NVM Express + namespace present on an NVM Express + controller. + + @retval EFI_SUCCESSThe Namespace ID of the next Namespace was + returned. + @retva
[edk2-devel] [PATCH] MdeModulePkg: Add definitions for NVM Express Passthru PPI
https://bugzilla.tianocore.org/show_bug.cgi?id=1879 This commit will add the definitions of Nvm Express PassThru PPI. This PPI will provide services that allow NVM commands to be sent to NVM Express devices during PEI phase. More specifically, the PPI will provide services to: * Sends an NVM Express Command Packet to an NVM Express controller or namespace (by service 'PassThru'); * Get the list of the attached namespaces on a controller (by services 'GetNextNameSpace'); * Get the identification information (DevicePath) of the underlying NVM Express host controller (by service 'GetDevicePath'). Signed-off-by: Maggie Chu Cc: Hao A Wu Cc: Jian J Wang Cc: Ray Ni Cc: Star Zeng --- MdeModulePkg/Include/Ppi/NvmExpressPassThru.h | 156 ++ MdeModulePkg/MdeModulePkg.dec | 3 + 2 files changed, 159 insertions(+) create mode 100644 MdeModulePkg/Include/Ppi/NvmExpressPassThru.h diff --git a/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h new file mode 100644 index 00..cb5b3b3b18 --- /dev/null +++ b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h @@ -0,0 +1,156 @@ +/** @file + + Copyright (c) 2019, Intel Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _EDKII_NVME_PASS_THRU_PPI_H_ +#define _EDKII_NVME_PASS_THRU_PPI_H_ + +#include +#include + +/// +/// Global ID for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI. +/// +#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_GUID \ + { \ +0x6af31b2c, 0x3be, 0x46c1, { 0xb1, 0x2d, 0xea, 0x4a, 0x36, 0xdf, 0xa7, 0x4c } \ + } + +// +// Forward declaration for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI. +// +typedef struct _EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI; + +// +// Revision The revision to which the Nvme Pass Thru PPI interface adheres. +// All future revisions must be backwards compatible. +// If a future version is not back wards compatible it is not the same GUID. +// +#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_REVISION 0x0001 + +/** + Gets the device path information of the underlying NVM Express host controller. + + @param[in] This The PPI instance pointer. + @param[out] DevicePathLength The length of the device path in bytes specified + by DevicePath. + @param[out] DevicePath The device path of the underlying NVM Express + host controller. + This field re-uses EFI Device Path Protocol as + defined by Section 10.2 EFI Device Path Protocol + of UEFI 2.7 Specification. + + @retval EFI_SUCCESS The operation succeeds. + @retval EFI_INVALID_PARAMETERDevicePathLength or DevicePath is NULL. + @retval EFI_OUT_OF_RESOURCES The operation fails due to lack of resources. + +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_PEI_NVME_PASS_THRU_GET_DEVICE_PATH) ( + IN EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI *This, + OUT UINTN *DevicePathLength, + OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath + ); + +/** + Used to retrieve the next namespace ID for this NVM Express controller. + + If on input the value pointed to by NamespaceId is 0x, then the first + valid namespace ID defined on the NVM Express controller is returned in the + location pointed to by NamespaceId and a status of EFI_SUCCESS is returned. + + If on input the value pointed to by NamespaceId is an invalid namespace ID + other than 0x, then EFI_INVALID_PARAMETER is returned. + + If on input the value pointed to by NamespaceId is a valid namespace ID, then + the next valid namespace ID on the NVM Express controller is returned in the + location pointed to by NamespaceId, and EFI_SUCCESS is returned. + + If the value pointed to by NamespaceId is the namespace ID of the last + namespace on the NVM Express controller, then EFI_NOT_FOUND is returned. + + @param[in] This The PPI instance pointer. + @param[in,out] NamespaceId On input, a pointer to a legal NamespaceId + for an NVM Express namespace present on the + NVM Express controller. On output, a pointer + to the next NamespaceId of an NVM Express + namespace on an NVM Express controller. An + input value of 0x retrieves the + first NamespaceId for an NVM Express + namespace present on an NVM Express + controller. + + @retval EFI_SUCCESSThe Namespace ID of the next Namespace was + returned. + @retva
[edk2-devel] [PATCH] SecurityPkg/HddPassword: Add a PCD to skip Hdd password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1876 Add a PCD for skipping Hdd password prompt. If device is in the locked status while attempting to skip password prompt, device will keep locked and system continue to boot. If device is in the unlocked status while attempting to skip password prompt, system will be forced shutdown. Signed-off-by: Maggie Chu Cc: Chao Zhang Cc: Jiewen Yao Cc: Eric Dong --- SecurityPkg/HddPassword/HddPasswordDxe.c | 16 SecurityPkg/HddPassword/HddPasswordDxe.inf | 4 SecurityPkg/SecurityPkg.dec| 6 ++ 3 files changed, 26 insertions(+) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 253af9f78f..b0d795b659 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -1345,6 +1345,22 @@ HddPasswordRequestPassword ( // if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) && (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) { + + // + // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt. + // Due to board design, device may not power off during system warm boot, which result in + // security status remain unlocked status, hence we add device security status check here. + // + // If device is in the locked status, device keeps locked and system continues booting. + // If device is in the unlocked status, system is forced shutdown for security concern. + // + if (PcdGetBool (PcdSkipHddPasswordPrompt)) { + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + return; + } else { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } +} // // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd // no matter it's really in locked or unlocked state. diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index f7550079ed..06e8755ffc 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -34,6 +34,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -64,6 +65,9 @@ gEfiPciIoProtocolGuid ## CONSUMES gEdkiiVariableLockProtocolGuid## CONSUMES +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES + [Depex] gEfiVariableWriteArchProtocolGuid diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 3314f1854b..82929fe38e 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -428,6 +428,12 @@ # @Prompt Skip Opal DXE driver unlock device flow. gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020 + ## Indicates if Hdd Password driver skip password prompt. + # TRUE - Skip password prompt. + # FALSE - Does not skip password prompt. + # @Prompt Skip Hdd Password prompt. + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLEAN|0x00010021 + [PcdsDynamic, PcdsDynamicEx] ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly follows TCG Algorithm Registry. -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42084): https://edk2.groups.io/g/devel/message/42084 Mute This Topic: https://groups.io/mt/32002537/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg: Add a PCD to skip Hdd password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1876 Add a PCD for skipping Hdd password prompt. If device is in the locked status while attempting to skip password prompt, device will keep locked and system continue to boot. If device is in the unlocked status while attempting to skip password prompt, system will be forced shutdown for security concern. Cc: Chao Zhang Cc: Jiewen Yao Cc: Eric Dong --- SecurityPkg/HddPassword/HddPasswordDxe.c | 16 SecurityPkg/HddPassword/HddPasswordDxe.inf | 4 SecurityPkg/SecurityPkg.dec| 6 ++ 3 files changed, 26 insertions(+) diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 253af9f78f..b97f5d63f6 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -1345,6 +1345,22 @@ HddPasswordRequestPassword ( // if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) && (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) { + + // + // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt. + // Due to board design, device may not power off during system warm boot, which result in + // security status remain unlocked status, hence we add device security status check here. + // + // If device is in the locked status, device keeps locked and system continues booting. + // If device is in the unlocked status, system is forced shutdown for security concern. + // + if (PcdGetBool (PcdSkipHddPasswordPrompt)) { + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + return; + } else { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } +} // // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd // no matter it's really in locked or unlocked state. diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index f7550079ed..06e8755ffc 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -34,6 +34,7 @@ MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec [LibraryClasses] BaseLib @@ -64,6 +65,9 @@ gEfiPciIoProtocolGuid ## CONSUMES gEdkiiVariableLockProtocolGuid## CONSUMES +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES + [Depex] gEfiVariableWriteArchProtocolGuid diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 3314f1854b..82929fe38e 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -428,6 +428,12 @@ # @Prompt Skip Opal DXE driver unlock device flow. gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020 + ## Indicates if Hdd Password driver skip password prompt. + # TRUE - Skip password prompt. + # FALSE - Does not skip password prompt. + # @Prompt Skip Hdd Password prompt. + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLEAN|0x00010021 + [PcdsDynamic, PcdsDynamicEx] ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly follows TCG Algorithm Registry. -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41863): https://edk2.groups.io/g/devel/message/41863 Mute This Topic: https://groups.io/mt/31926751/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add PCD to skip password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1801 Add a PCD for skipping password prompt in device unlocked status. Previous change only support if storage device is in locked status. This change is added to support the case that security status of the storage device is unlocked. Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Chao Zhang Cc: Jiewen Yao --- SecurityPkg/SecurityPkg.dec | 10 +- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c| 16 ++-- SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 2 +- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 3314f1854b..96db80c2d2 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -422,11 +422,11 @@ # @Prompt Possible TPM2 Interrupt Number buffer gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00, 0x00}|VOID*|0x0001001D - ## Indicates if Opal DXE driver skip unlock device flow. - # TRUE - Skip unlock device flow. - # FALSE - Does not skip unlock device flow. - # @Prompt Skip Opal DXE driver unlock device flow. - gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020 + ## Indicates if Opal DXE driver skip password prompt. + # TRUE - Skip password prompt. + # FALSE - Does not skip password prompt. + # @Prompt Skip Opal DXE driver password prompt. + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOLEAN|0x00010020 [PcdsDynamic, PcdsDynamicEx] diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index 965205c0b2..e14fa32354 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -899,8 +899,20 @@ OpalDriverRequestPassword ( IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature); -if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) { - return; +// +// Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt. +// Due to board design, device may not power off during system warm boot, which result in +// security status remain unlocked status, hence we add device security status check here. +// +// If device is in the locked status, device keeps locked and system continues booting. +// If device is in the unlocked status, system is forced shutdown to support security requirement. +// +if (PcdGetBool (PcdSkipOpalPasswordPrompt)) { + if (IsLocked) { +return; + } else { +gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } } while (Count < MAX_PASSWORD_TRY_COUNT) { diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf index e74f147aaa..87519198c0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf @@ -71,7 +71,7 @@ gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES [Depex] gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#41194): https://edk2.groups.io/g/devel/message/41194 Mute This Topic: https://groups.io/mt/31717459/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add PCD to skip password prompt in device unlocked status
https://bugzilla.tianocore.org/show_bug.cgi?id=1801 Add a PCD for skipping password prompt. Previous change only support if storage device is in locked device. This change is added to support the case that security status of the storage device is unlocked. Signed-off-by: Maggie Chu Cc: Eric Dong Cc: Chao Zhang Cc: Jiewen Yao --- SecurityPkg/SecurityPkg.dec | 10 +- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c| 16 ++-- SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 2 +- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 3314f1854b..96db80c2d2 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -422,11 +422,11 @@ # @Prompt Possible TPM2 Interrupt Number buffer gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00, 0x00}|VOID*|0x0001001D - ## Indicates if Opal DXE driver skip unlock device flow. - # TRUE - Skip unlock device flow. - # FALSE - Does not skip unlock device flow. - # @Prompt Skip Opal DXE driver unlock device flow. - gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020 + ## Indicates if Opal DXE driver skip password prompt. + # TRUE - Skip password prompt. + # FALSE - Does not skip password prompt. + # @Prompt Skip Opal DXE driver password prompt. + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOLEAN|0x00010020 [PcdsDynamic, PcdsDynamicEx] diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index 965205c0b2..b0f9ca2215 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -899,8 +899,20 @@ OpalDriverRequestPassword ( IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature); -if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) { - return; +// +// Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt. +// Due to board design, device may not power off during system warm boot, which result in +// security status remain unlocked status, hence we add device security status check here. +// +// If device is in the locked status, device keeps locked and system continues booting. +// If device is in the unlocked status, system is forced shutdown to support security requirement. +// +if (PcdGetBool (PcdSkipOpalPasswordPrompt)) { + if (IsLocked) { +return; + } else { +gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } } while (Count < MAX_PASSWORD_TRY_COUNT) { diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf index e74f147aaa..87519198c0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf @@ -71,7 +71,7 @@ gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED [Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES [Depex] gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#40493): https://edk2.groups.io/g/devel/message/40493 Mute This Topic: https://groups.io/mt/31605216/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753 Add pop-up warning messages before secure erase action. In order to notify user the secure erase action will take a longer time. This change also fix some pop-up windows are unable to show up complete message due to some strings are too long. Signed-off-by: Maggie Chu Cc: Chao Zhang Cc: Jiewen Yao Cc: Eric Dong --- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 131 ++--- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c| 23 +++-- 2 files changed, 112 insertions(+), 42 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index ed7f968255..42999c89f0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -487,6 +487,7 @@ OpalEndOfDxeEventNotify ( OPAL request. @param[in] PopUpString Pop up string. @param[in] PopUpString2 Pop up string in line 2. + @param[in] PopUpString3 Pop up string in line 3. @param[out] PressEsc Whether user escape function through Press ESC. @@ -498,6 +499,7 @@ OpalDriverPopUpPsidInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -527,15 +529,28 @@ OpalDriverPopUpPsidInput ( NULL ); } else { - CreatePopUp ( -EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, -&InputKey, -PopUpString, -PopUpString2, -L"-", -Mask, -NULL - ); + if (PopUpString3 == NULL) { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + L"-", + Mask, + NULL +); + } else { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + PopUpString3, + L"-", + Mask, + NULL +); + } } // @@ -625,6 +640,7 @@ OpalDriverPopUpPsidInput ( process OPAL request. @param[in] PopUpString1 Pop up string 1. @param[in] PopUpString2 Pop up string 2. + @param[in] PopUpString3 Pop up string 3. @param[out] PressEsc Whether user escape function through Press ESC. @retval Password string if success. NULL if failed. @@ -635,6 +651,7 @@ OpalDriverPopUpPasswordInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString1, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -664,15 +681,28 @@ OpalDriverPopUpPasswordInput ( NULL ); } else { - CreatePopUp ( -EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, -&InputKey, -PopUpString1, -PopUpString2, -L"-", -Mask, -NULL - ); + if (PopUpString3 == NULL) { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + L"-", + Mask, + NULL +); + } else { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + PopUpString3, + L"-", + Mask, + NULL +); + } } // @@ -823,7 +853,7 @@ OpalDriverRequestPassword ( } while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { if (IsLocked) { // @@ -988,7 +1018,7 @@ ProcessOpalRequestEnableFeature ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { -Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", &PressEsc); +Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1017,7 +1047,7 @@ ProcessOpalRequestEnableFeature ( } PasswordLen = (UINT32) AsciiStrLen(Password); -PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", &PressEsc); +PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753 Add pop-up warning messages before secure erase action. In order to notify user the secure erase action will take a longer time. This change also fix some pop-up windows are unable to show up complete message due to some strings are too long. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu Cc: Chao Zhang Cc: Jiewen Yao Cc: Eric Dong --- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 131 ++--- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c| 23 +++-- 2 files changed, 112 insertions(+), 42 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index ed7f968255..42999c89f0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -487,6 +487,7 @@ OpalEndOfDxeEventNotify ( OPAL request. @param[in] PopUpString Pop up string. @param[in] PopUpString2 Pop up string in line 2. + @param[in] PopUpString3 Pop up string in line 3. @param[out] PressEsc Whether user escape function through Press ESC. @@ -498,6 +499,7 @@ OpalDriverPopUpPsidInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -527,15 +529,28 @@ OpalDriverPopUpPsidInput ( NULL ); } else { - CreatePopUp ( -EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, -&InputKey, -PopUpString, -PopUpString2, -L"-", -Mask, -NULL - ); + if (PopUpString3 == NULL) { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + L"-", + Mask, + NULL +); + } else { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + PopUpString3, + L"-", + Mask, + NULL +); + } } // @@ -625,6 +640,7 @@ OpalDriverPopUpPsidInput ( process OPAL request. @param[in] PopUpString1 Pop up string 1. @param[in] PopUpString2 Pop up string 2. + @param[in] PopUpString3 Pop up string 3. @param[out] PressEsc Whether user escape function through Press ESC. @retval Password string if success. NULL if failed. @@ -635,6 +651,7 @@ OpalDriverPopUpPasswordInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString1, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -664,15 +681,28 @@ OpalDriverPopUpPasswordInput ( NULL ); } else { - CreatePopUp ( -EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, -&InputKey, -PopUpString1, -PopUpString2, -L"-", -Mask, -NULL - ); + if (PopUpString3 == NULL) { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + L"-", + Mask, + NULL +); + } else { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + PopUpString3, + L"-", + Mask, + NULL +); + } } // @@ -823,7 +853,7 @@ OpalDriverRequestPassword ( } while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { if (IsLocked) { // @@ -988,7 +1018,7 @@ ProcessOpalRequestEnableFeature ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { -Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", &PressEsc); +Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1017,7 +1047,7 @@ ProcessOpalRequestEnableFeature ( } PasswordLen = (UINT32) AsciiStrLen(Password); -PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", &PressEsc); +PasswordConfirm = OpalDriverP
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753 Add pop-up warning messages before secure erase action. In order to notify user the secure erase action will take a longer time. This change also fix some pop-up windows are unable to show up complete message due to some strings are too long. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Maggie Chu Cc: Chao Zhang Cc: Jiewen Yao Cc: Eric Dong --- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 129 ++--- SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c| 23 +++-- 2 files changed, 110 insertions(+), 42 deletions(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index ed7f968255..ada2a4ca5a 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -498,6 +498,7 @@ OpalDriverPopUpPsidInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -527,15 +528,28 @@ OpalDriverPopUpPsidInput ( NULL ); } else { - CreatePopUp ( -EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, -&InputKey, -PopUpString, -PopUpString2, -L"-", -Mask, -NULL - ); + if (PopUpString3 == NULL) { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + L"-", + Mask, + NULL +); + } else { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + PopUpString3, + L"-", + Mask, + NULL +); + } } // @@ -635,6 +649,7 @@ OpalDriverPopUpPasswordInput ( IN OPAL_DRIVER_DEVICE *Dev, IN CHAR16 *PopUpString1, IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, OUT BOOLEAN *PressEsc ) { @@ -664,15 +679,28 @@ OpalDriverPopUpPasswordInput ( NULL ); } else { - CreatePopUp ( -EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, -&InputKey, -PopUpString1, -PopUpString2, -L"-", -Mask, -NULL - ); + if (PopUpString3 == NULL) { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + L"-", + Mask, + NULL +); + } else { +CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + PopUpString3, + L"-", + Mask, + NULL +); + } } // @@ -823,7 +851,7 @@ OpalDriverRequestPassword ( } while (Count < MAX_PASSWORD_TRY_COUNT) { - Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { if (IsLocked) { // @@ -988,7 +1016,7 @@ ProcessOpalRequestEnableFeature ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { -Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", &PressEsc); +Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1017,7 +1045,7 @@ ProcessOpalRequestEnableFeature ( } PasswordLen = (UINT32) AsciiStrLen(Password); -PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", &PressEsc); +PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); if (PasswordConfirm == NULL) { ZeroMem (Password, PasswordLen); FreePool (Password); @@ -1132,7 +1160,7 @@ ProcessOpalRequestDisableUser ( Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; while (Count < MAX_PASSWORD_TRY_COUNT) { -Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, &PressEsc); +Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); if (PressEsc) { do { CreatePopUp ( @@ -1227,6 +1255,7 @@ ProcessOpalRequestPsidRevert ( TCG_RESULTRe