Re: [edk2-devel] [PATCH v3] MdePkg: Add registers of boot partition feature
Created PR for the patch : https://github.com/tianocore/edk2/pull/2361
-Original Message-
From: devel@edk2.groups.io On Behalf Of Maggie Chu
Sent: Wednesday, January 5, 2022 6:35 PM
To: devel@edk2.groups.io
Cc: Gao, Liming ; Kinney, Michael D
; Liu, Zhiguang
Subject: [edk2-devel] [PATCH v3] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757
Add registers of boot partition feature which defined in NVM Express 1.4 Spec
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Maggie Chu
---
MdePkg/Include/IndustryStandard/Nvme.h | 108 -
1 file changed, 89 insertions(+), 19 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Nvme.h
b/MdePkg/Include/IndustryStandard/Nvme.h
index 7d4aee9dc8..4a1d92c45d 100644
--- a/MdePkg/Include/IndustryStandard/Nvme.h
+++ b/MdePkg/Include/IndustryStandard/Nvme.h
@@ -2,11 +2,12 @@
Definitions based on NVMe spec. version 1.1.(C) Copyright 2016 Hewlett
Packard Enterprise Development LP- Copyright (c) 2017, Intel Corporation.
All rights reserved.+ Copyright (c) 2017 - 2021, Intel Corporation. All
rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent@par
Specification Reference: NVMe Specification 1.1+ NVMe Specification 1.4 **/
@@ -18,18 +19,21 @@
// // controller register offsets //-#define NVME_CAP_OFFSET0x
// Controller Capabilities-#define NVME_VER_OFFSET0x0008//
Version-#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set-#define
NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear-#define NVME_CC_OFFSET
0x0014// Controller Configuration-#define NVME_CSTS_OFFSET 0x001c
// Controller Status-#define NVME_NSSR_OFFSET 0x0020// NVM
Subsystem Reset-#define NVME_AQA_OFFSET0x0024// Admin Queue
Attributes-#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue
Base Address-#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue
Base Address-#define NVME_SQ0_OFFSET0x1000// Submission Queue 0
(admin) Tail Doorbell-#define NVME_CQ0_OFFSET0x1004// Completion
Queue 0 (admin) Head Doorbell+#define NVME_CAP_OFFSET 0x//
Controller Capabilities+#define NVME_VER_OFFSET 0x0008//
Version+#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set+#define
NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear+#define
NVME_CC_OFFSET 0x0014// Controller Configuration+#define
NVME_CSTS_OFFSET0x001c// Controller Status+#define NVME_NSSR_OFFSET
0x0020// NVM Subsystem Reset+#define NVME_AQA_OFFSET 0x0024
// Admin Queue Attributes+#define NVME_ASQ_OFFSET 0x0028// Admin
Submission Queue Base Address+#define NVME_ACQ_OFFSET 0x0030//
Admin Completion Queue Base Address+#define NVME_BPINFO_OFFSET 0x0040
// Boot Partition Information+#define NVME_BPRSEL_OFFSET 0x0044// Boot
Partition Read Select+#define NVME_BPMBL_OFFSET 0x0048// Boot
Partition Memory Buffer Location+#define NVME_SQ0_OFFSET 0x1000//
Submission Queue 0 (admin) Tail Doorbell+#define NVME_CQ0_OFFSET 0x1004
// Completion Queue 0 (admin) Head Doorbell // // These register offsets
are defined as 0x1000 + (N * (4 << CAP.DSTRD))@@ -51,11 +55,14 @@ typedef
struct {
UINT8 To; // Timeout UINT16Dstrd : 4; UINT16Nssrs : 1;
// NVM Subsystem Reset Supported NSSRS- UINT16Css: 4; // Command Sets
Supported - Bit 37- UINT16Rsvd3 : 7;+ UINT16Css: 8; // Command
Sets Supported - Bit 37+ UINT16Bps: 1; // Boot Partition Support - Bit
45 in NVMe1.4+ UINT16Rsvd3 : 2; UINT8 Mpsmin : 4; UINT8
Mpsmax : 4;- UINT8 Rsvd4;+ UINT8 Pmrs : 1;+ UINT8 Cmbs : 1;+
UINT8 Rsvd4 : 6; } NVME_CAP; //@@ -115,7 +122,36 @@ typedef struct {
#define NVME_ACQ UINT64 //-// 3.1.11 Offset (1000h + ((2y) * (4 <<
CAP.DSTRD))): SQyTDBL - Submission Queue y Tail Doorbell+// 3.1.13 Offset 40h:
BPINFO - Boot Partition Information+//+typedef struct {+ UINT32Bpsz : 15;
// Boot Partition Size+ UINT32Rsvd1 : 9;+ UINT32Brs : 2; // Boot
Read Status+ UINT32Rsvd2 : 5;+ UINT32Abpid : 1; // Active Boot
Partition ID+} NVME_BPINFO;++//+// 3.1.14 Offset 44h: BPRSEL - Boot Partition
Read Select+//+typedef struct {+ UINT32Bprsz : 10; // Boot Partition Read
Size+ UINT32Bprof : 20; // Boot Partition Read Offset+ UINT32Rsvd1 :
1;+ UINT32Bpid : 1; // Boot Partition Identifier+} NVME_BPRSEL;++//+//
3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location
(Optional)+//+typedef struct {+ UINT64Rsvd1 : 12;+ UINT64Bmbba : 52;
// Boot Partition Memory Buffer Base Address+} NVME_BPMBL;++//+// 3.1.25 Offset
(1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submi
[edk2-devel] [PATCH v3] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757
Add registers of boot partition feature which defined in NVM Express 1.4 Spec
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Maggie Chu
---
MdePkg/Include/IndustryStandard/Nvme.h | 108 -
1 file changed, 89 insertions(+), 19 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Nvme.h
b/MdePkg/Include/IndustryStandard/Nvme.h
index 7d4aee9dc8..4a1d92c45d 100644
--- a/MdePkg/Include/IndustryStandard/Nvme.h
+++ b/MdePkg/Include/IndustryStandard/Nvme.h
@@ -2,11 +2,12 @@
Definitions based on NVMe spec. version 1.1.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
- Copyright (c) 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
NVMe Specification 1.1
+ NVMe Specification 1.4
**/
@@ -18,18 +19,21 @@
//
// controller register offsets
//
-#define NVME_CAP_OFFSET0x// Controller Capabilities
-#define NVME_VER_OFFSET0x0008// Version
-#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
-#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
-#define NVME_CC_OFFSET 0x0014// Controller Configuration
-#define NVME_CSTS_OFFSET 0x001c// Controller Status
-#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset
-#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes
-#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address
-#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address
-#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail
Doorbell
-#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head
Doorbell
+#define NVME_CAP_OFFSET 0x// Controller Capabilities
+#define NVME_VER_OFFSET 0x0008// Version
+#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
+#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
+#define NVME_CC_OFFSET 0x0014// Controller Configuration
+#define NVME_CSTS_OFFSET0x001c// Controller Status
+#define NVME_NSSR_OFFSET0x0020// NVM Subsystem Reset
+#define NVME_AQA_OFFSET 0x0024// Admin Queue Attributes
+#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base
Address
+#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base
Address
+#define NVME_BPINFO_OFFSET 0x0040// Boot Partition Information
+#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select
+#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer
Location
+#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail
Doorbell
+#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 (admin) Head
Doorbell
//
// These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD))
@@ -51,11 +55,14 @@ typedef struct {
UINT8 To; // Timeout
UINT16Dstrd : 4;
UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS
- UINT16Css: 4; // Command Sets Supported - Bit 37
- UINT16Rsvd3 : 7;
+ UINT16Css: 8; // Command Sets Supported - Bit 37
+ UINT16Bps: 1; // Boot Partition Support - Bit 45 in NVMe1.4
+ UINT16Rsvd3 : 2;
UINT8 Mpsmin : 4;
UINT8 Mpsmax : 4;
- UINT8 Rsvd4;
+ UINT8 Pmrs : 1;
+ UINT8 Cmbs : 1;
+ UINT8 Rsvd4 : 6;
} NVME_CAP;
//
@@ -115,7 +122,36 @@ typedef struct {
#define NVME_ACQ UINT64
//
-// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission
Queue y Tail Doorbell
+// 3.1.13 Offset 40h: BPINFO - Boot Partition Information
+//
+typedef struct {
+ UINT32Bpsz : 15; // Boot Partition Size
+ UINT32Rsvd1 : 9;
+ UINT32Brs : 2; // Boot Read Status
+ UINT32Rsvd2 : 5;
+ UINT32Abpid : 1; // Active Boot Partition ID
+} NVME_BPINFO;
+
+//
+// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select
+//
+typedef struct {
+ UINT32Bprsz : 10; // Boot Partition Read Size
+ UINT32Bprof : 20; // Boot Partition Read Offset
+ UINT32Rsvd1 : 1;
+ UINT32Bpid : 1; // Boot Partition Identifier
+} NVME_BPRSEL;
+
+//
+// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional)
+//
+typedef struct {
+ UINT64Rsvd1 : 12;
+ UINT64Bmbba : 52; // Boot Partition Memory Buffer Base Address
+} NVME_BPMBL;
+
+//
+// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission
Queue y Tail Doorbell
//
typedef struct {
UINT16Sqt;
@@ -353,7 +389,7 @@ typedef struct {
UINT8Avscc; /* Admin Vendor Specific Command Configuration */
UINT8Apsta; /* Autonomous Power State Transition Attributes
*/
//
- // Below fields before Rs
[edk2-devel] [PATCH v2] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757
Add registers of boot partition feature which defined in NVM Express 1.4 Spec
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Maggie Chu
---
MdePkg/Include/IndustryStandard/Nvme.h | 108 -
1 file changed, 89 insertions(+), 19 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Nvme.h
b/MdePkg/Include/IndustryStandard/Nvme.h
index 7d4aee9dc8..8a2c747a85 100644
--- a/MdePkg/Include/IndustryStandard/Nvme.h
+++ b/MdePkg/Include/IndustryStandard/Nvme.h
@@ -2,11 +2,12 @@
Definitions based on NVMe spec. version 1.1.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
- Copyright (c) 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
NVMe Specification 1.1
+ NVMe Specification 1.4
**/
@@ -18,18 +19,21 @@
//
// controller register offsets
//
-#define NVME_CAP_OFFSET0x// Controller Capabilities
-#define NVME_VER_OFFSET0x0008// Version
-#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
-#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
-#define NVME_CC_OFFSET 0x0014// Controller Configuration
-#define NVME_CSTS_OFFSET 0x001c// Controller Status
-#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset
-#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes
-#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address
-#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address
-#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail
Doorbell
-#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head
Doorbell
+#define NVME_CAP_OFFSET 0x// Controller Capabilities
+#define NVME_VER_OFFSET 0x0008// Version
+#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
+#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
+#define NVME_CC_OFFSET 0x0014// Controller Configuration
+#define NVME_CSTS_OFFSET0x001c// Controller Status
+#define NVME_NSSR_OFFSET0x0020// NVM Subsystem Reset
+#define NVME_AQA_OFFSET 0x0024// Admin Queue Attributes
+#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base
Address
+#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base
Address
+#define NVME_BPINFO_OFFSET 0x0040// Boot Partition Information
+#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select
+#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer
Location
+#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail
Doorbell
+#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 (admin) Head
Doorbell
//
// These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD))
@@ -51,11 +55,14 @@ typedef struct {
UINT8 To; // Timeout
UINT16Dstrd : 4;
UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS
- UINT16Css: 4; // Command Sets Supported - Bit 37
- UINT16Rsvd3 : 7;
+ UINT16Css: 8; // Command Sets Supported - Bit 37
+ UINT16Bps: 1; // Boot Partition Support - Bit 45 in NVMe1.4
+ UINT16Rsvd3 : 2;
UINT8 Mpsmin : 4;
UINT8 Mpsmax : 4;
- UINT8 Rsvd4;
+ UINT8 Pmrs : 1;
+ UINT8 Cmbs : 1;
+ UINT8 Rsvd4 : 6;
} NVME_CAP;
//
@@ -115,7 +122,36 @@ typedef struct {
#define NVME_ACQ UINT64
//
-// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission
Queue y Tail Doorbell
+// 3.1.13 Offset 40h: BPINFO - Boot Partition Information
+//
+typedef struct {
+ UINT32Bpsz : 15; // Boot Partition Size
+ UINT32Rsvd1 : 9;
+ UINT32Brs : 2; // Boot Read Status
+ UINT32Rsvd2 : 5;
+ UINT32Abpid : 1; // Active Boot Partition ID
+} NVME_BPINFO;
+
+//
+// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select
+//
+typedef struct {
+ UINT32Bprsz : 10; // Boot Partition Read Size
+ UINT32Bprof : 20; // Boot Partition Read Offset
+ UINT32Rsvd1 : 1;
+ UINT32Bpid : 1; // Boot Partition Identifier
+} NVME_BPRSEL;
+
+//
+// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional)
+//
+typedef struct {
+ UINT64Rsvd1 : 12;
+ UINT64Bmbba : 52; // Boot Partition Memory Buffer Base Address
+} NVME_BPMBL;
+
+//
+// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission
Queue y Tail Doorbell
//
typedef struct {
UINT16Sqt;
@@ -353,7 +389,7 @@ typedef struct {
UINT8Avscc; /* Admin Vendor Specific Command Configuration */
UINT8Apsta; /* Autonomous Power State Transition Attributes
*/
//
- // Below fields before Rs
Re: [edk2-devel] [PATCH] MdePkg: Add registers of boot partition feature
Hi Liming, Hi Michael,
May I know when will the review process finished and code will be merged ?
-Original Message-
From: devel@edk2.groups.io On Behalf Of gaoliming
Sent: Wednesday, December 15, 2021 1:41 PM
To: devel@edk2.groups.io; Liu, Zhiguang ; Chu, Maggie
Cc: Kinney, Michael D
Subject: 回复: [edk2-devel] [PATCH] MdePkg: Add registers of boot partition
feature
Reviewed-by: Liming Gao
> -邮件原件-
> 发件人: devel@edk2.groups.io 代表 Zhiguang Liu
> 发送时间: 2021年12月15日 12:32
> 收件人: Chu, Maggie ; devel@edk2.groups.io
> 抄送: Gao, Liming ; Kinney, Michael D
>
> 主题: Re: [edk2-devel] [PATCH] MdePkg: Add registers of boot partition
> feature
>
> I have checked that the change follows NVM Express 1.4 Spec
> Reviewed-by: Zhiguang Liu
>
> -Original Message-
> From: Chu, Maggie
> Sent: Wednesday, December 8, 2021 3:18 PM
> To: devel@edk2.groups.io
> Cc: Liming Gao ; Kinney, Michael D
> ; Liu, Zhiguang
> Subject: [PATCH] MdePkg: Add registers of boot partition feature
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757
>
> Add registers of boot partition feature which defined in NVM Express
> 1.4
Spec
>
> Cc: Liming Gao
> Cc: Michael D Kinney
> Cc: Zhiguang Liu
> Signed-off-by: Maggie Chu
> ---
> MdePkg/Include/IndustryStandard/Nvme.h | 113
> -
> 1 file changed, 92 insertions(+), 21 deletions(-)
>
> diff --git a/MdePkg/Include/IndustryStandard/Nvme.h
> b/MdePkg/Include/IndustryStandard/Nvme.h
> index 7d4aee9dc8..8387183e4f 100644
> --- a/MdePkg/Include/IndustryStandard/Nvme.h
> +++ b/MdePkg/Include/IndustryStandard/Nvme.h
> @@ -2,11 +2,12 @@
>Definitions based on NVMe spec. version 1.1.
>
>
>
>(C) Copyright 2016 Hewlett Packard Enterprise Development LP
>
> - Copyright (c) 2017, Intel Corporation. All rights reserved.
>
> + Copyright (c) 2017 - 2021, Intel Corporation. All rights
> + reserved.
>
>SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
>@par Specification Reference:
>
>NVMe Specification 1.1
>
> + NVMe Specification 1.4
>
>
>
> **/
>
>
>
> @@ -18,18 +19,21 @@
> //
>
> // controller register offsets
>
> //
>
> -#define NVME_CAP_OFFSET0x// Controller Capabilities
>
> -#define NVME_VER_OFFSET0x0008// Version
>
> -#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
>
> -#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
>
> -#define NVME_CC_OFFSET 0x0014// Controller
> Configuration
>
> -#define NVME_CSTS_OFFSET 0x001c// Controller Status
>
> -#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset
>
> -#define NVME_AQA_OFFSET0x0024// Admin Queue
> Attributes
>
> -#define NVME_ASQ_OFFSET0x0028// Admin Submission
> Queue Base Address
>
> -#define NVME_ACQ_OFFSET0x0030// Admin Completion
> Queue Base Address
>
> -#define NVME_SQ0_OFFSET0x1000// Submission Queue 0
> (admin) Tail Doorbell
>
> -#define NVME_CQ0_OFFSET0x1004// Completion Queue 0
> (admin) Head Doorbell
>
> +#define NVME_CAP_OFFSET 0x// Controller
> Capabilities
>
> +#define NVME_VER_OFFSET 0x0008// Version
>
> +#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
>
> +#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
>
> +#define NVME_CC_OFFSET 0x0014// Controller
> Configuration
>
> +#define NVME_CSTS_OFFSET0x001c// Controller Status
>
> +#define NVME_NSSR_OFFSET0x0020// NVM Subsystem
> Reset
>
> +#define NVME_AQA_OFFSET 0x0024// Admin Queue
> Attributes
>
> +#define NVME_ASQ_OFFSET 0x0028// Admin Submission
> Queue Base Address
>
> +#define NVME_ACQ_OFFSET 0x0030// Admin Completion
> Queue Base Address
>
> +#define NVME_BPINFO_OFFSET 0x0040// Boot Partition
> Information
>
> +#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read
> Select
>
> +#define NVME_BPMBL_OFFSET 0x0048// Boot Partition
> Memory Buffer Location
>
> +#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0
> (admin) Tail Doorbell
>
> +#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0
> (admin) Head Doorbell
>
>
>
> //
>
> // These register offsets are defined as 0x1000 + (N * (4 <<
> CAP.DSTRD))
>
> @@ -51,11 +55,14 @@ typedef struct {
>UINT8 To; // Timeout
>
>UINT16Dstrd : 4;
>
>UINT16Nssrs : 1;
[edk2-devel] [PATCH] MdePkg: Add registers of boot partition feature
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3757
Add registers of boot partition feature which defined in NVM Express 1.4 Spec
Cc: Liming Gao
Cc: Michael D Kinney
Cc: Zhiguang Liu
Signed-off-by: Maggie Chu
---
MdePkg/Include/IndustryStandard/Nvme.h | 113 -
1 file changed, 92 insertions(+), 21 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Nvme.h
b/MdePkg/Include/IndustryStandard/Nvme.h
index 7d4aee9dc8..8387183e4f 100644
--- a/MdePkg/Include/IndustryStandard/Nvme.h
+++ b/MdePkg/Include/IndustryStandard/Nvme.h
@@ -2,11 +2,12 @@
Definitions based on NVMe spec. version 1.1.
(C) Copyright 2016 Hewlett Packard Enterprise Development LP
- Copyright (c) 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
@par Specification Reference:
NVMe Specification 1.1
+ NVMe Specification 1.4
**/
@@ -18,18 +19,21 @@
//
// controller register offsets
//
-#define NVME_CAP_OFFSET0x// Controller Capabilities
-#define NVME_VER_OFFSET0x0008// Version
-#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
-#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
-#define NVME_CC_OFFSET 0x0014// Controller Configuration
-#define NVME_CSTS_OFFSET 0x001c// Controller Status
-#define NVME_NSSR_OFFSET 0x0020// NVM Subsystem Reset
-#define NVME_AQA_OFFSET0x0024// Admin Queue Attributes
-#define NVME_ASQ_OFFSET0x0028// Admin Submission Queue Base Address
-#define NVME_ACQ_OFFSET0x0030// Admin Completion Queue Base Address
-#define NVME_SQ0_OFFSET0x1000// Submission Queue 0 (admin) Tail
Doorbell
-#define NVME_CQ0_OFFSET0x1004// Completion Queue 0 (admin) Head
Doorbell
+#define NVME_CAP_OFFSET 0x// Controller Capabilities
+#define NVME_VER_OFFSET 0x0008// Version
+#define NVME_INTMS_OFFSET 0x000c// Interrupt Mask Set
+#define NVME_INTMC_OFFSET 0x0010// Interrupt Mask Clear
+#define NVME_CC_OFFSET 0x0014// Controller Configuration
+#define NVME_CSTS_OFFSET0x001c// Controller Status
+#define NVME_NSSR_OFFSET0x0020// NVM Subsystem Reset
+#define NVME_AQA_OFFSET 0x0024// Admin Queue Attributes
+#define NVME_ASQ_OFFSET 0x0028// Admin Submission Queue Base
Address
+#define NVME_ACQ_OFFSET 0x0030// Admin Completion Queue Base
Address
+#define NVME_BPINFO_OFFSET 0x0040// Boot Partition Information
+#define NVME_BPRSEL_OFFSET 0x0044// Boot Partition Read Select
+#define NVME_BPMBL_OFFSET 0x0048// Boot Partition Memory Buffer
Location
+#define NVME_SQ0_OFFSET 0x1000// Submission Queue 0 (admin) Tail
Doorbell
+#define NVME_CQ0_OFFSET 0x1004// Completion Queue 0 (admin) Head
Doorbell
//
// These register offsets are defined as 0x1000 + (N * (4 << CAP.DSTRD))
@@ -51,11 +55,14 @@ typedef struct {
UINT8 To; // Timeout
UINT16Dstrd : 4;
UINT16Nssrs : 1; // NVM Subsystem Reset Supported NSSRS
- UINT16Css: 4; // Command Sets Supported - Bit 37
- UINT16Rsvd3 : 7;
- UINT8 Mpsmin : 4;
- UINT8 Mpsmax : 4;
- UINT8 Rsvd4;
+ UINT16Css:8; // Command Sets Supported - Bit 37
+ UINT16Bps:1; // Boot Partition Support - Bit 45 in NVMe1.4
+ UINT16Rsvd3:2;
+ UINT8 Mpsmin:4;
+ UINT8 Mpsmax:4;
+ UINT8 Pmrs:1;
+ UINT8 Cmbs:1;
+ UINT8 Rsvd4:6;
} NVME_CAP;
//
@@ -115,7 +122,36 @@ typedef struct {
#define NVME_ACQ UINT64
//
-// 3.1.11 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission
Queue y Tail Doorbell
+// 3.1.13 Offset 40h: BPINFO - Boot Partition Information
+//
+typedef struct {
+ UINT32 Bpsz:15;// Boot Partition Size
+ UINT32 Rsvd1:9;
+ UINT32 Brs:2; // Boot Read Status
+ UINT32 Rsvd2:5;
+ UINT32 Abpid:1;// Active Boot Partition ID
+} NVME_BPINFO;
+
+//
+// 3.1.14 Offset 44h: BPRSEL - Boot Partition Read Select
+//
+typedef struct {
+ UINT32 Bprsz:10;// Boot Partition Read Size
+ UINT32 Bprof:20;// Boot Partition Read Offset
+ UINT32 Rsvd1:1;
+ UINT32 Bpid:1; // Boot Partition Identifier
+} NVME_BPRSEL;
+
+//
+// 3.1.15 Offset 48h: BPMBL - Boot Partition Memory Buffer Location (Optional)
+//
+typedef struct {
+ UINT64 Rsvd1:12;
+ UINT64 Bmbba:52;// Boot Partition Memory Buffer Base Address
+} NVME_BPMBL;
+
+//
+// 3.1.25 Offset (1000h + ((2y) * (4 << CAP.DSTRD))): SQyTDBL - Submission
Queue y Tail Doorbell
//
typedef struct {
UINT16Sqt;
@@ -353,7 +389,7 @@ typedef struct {
UINT8Avscc; /* Admin Vendor Specific Command Configuration */
UINT8Apsta; /* Autonomous Power State Transition Attributes
*/
//
- // Below field
Re: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source
Hello,
Please help to catch this patch into edk2 202005 stable tag. Thank you
-Original Message-
From: devel@edk2.groups.io On Behalf Of Maggie Chu
Sent: Monday, May 18, 2020 7:42 PM
To: devel@edk2.groups.io
Cc: Dong, Eric ; Wang, Jian J ;
Zhang, Chao B ; Yao, Jiewen
Subject: [edk2-devel] [PATCH v3] SecurityPkg: Change default value source
https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not
exist, code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Jian J Wang
Cc: Chao Zhang
Cc: Jiewen Yao
---
v3 change:
Remove TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT.
Extend year of copyright.
SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 17 +
.../DxeTcg2PhysicalPresenceLib.c| 6 +++---
.../PeiTcg2PhysicalPresenceLib.c| 4 ++--
.../PeiTcg2PhysicalPresenceLib.inf | 5 -
.../SmmTcg2PhysicalPresenceLib.c| 7 +--
.../SmmTcg2PhysicalPresenceLib.inf | 3 ++-
SecurityPkg/SecurityPkg.dec | 15 +--
7 files changed, 30 insertions(+), 27 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index 39febcb655..e5ff3b1e5e 100644
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -2,7 +2,7 @@
This library is intended to be used by BDS modules. This library will
execute TPM2 request. -Copyright (c) 2015 - 2018, Intel Corporation. All rights
reserved.+Copyright (c) 2015 - 2020, Intel Corporation. All rights
reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -39,21 +39,6
@@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID
BIT17 #define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
BIT18 -//-// Default value-//-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT
(TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \-
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR
| \-
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \-
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)--//-// Default
value-//-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
(TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \-
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\-
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)- /** Check and execute
the pending TPM request. diff --git
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 80e2e37bf4..1e00476509 100644
---
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPres
+++ enceLib.c
@@ -7,7 +7,7 @@
Tpm2ExecutePendingTpmRequest() will receive untrusted input and do
validation. -Copyright (c) 2013 - 2018, Intel Corporation. All rights
reserved.+Copyright (c) 2013 - 2020, Intel Corporation. All rights
reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/@@ -1194,7
+1194,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
&Flags ); if (EFI_ERROR (Status))
{- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+ Flags.PPFlags =
PcdGet32(PcdTcg2PhysicalPresenceFlags); } return
Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags,
RequestParameter); }@@ -1228,7 +1228,7 @@
Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags ); if (EFI_ERROR (Status)) {-
PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;+PpiFlags.PPFlags =
PcdGet32(PcdTcg2PhysicalPresenceFlags); } return PpiFlags.PPFlags; }diff
--git
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
index a111351516..b80129bf7f 100644
---
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPres
+++ enceLib.c
@@ -3,7 +3,7 @@
This
[edk2-devel] [PATCH v3] SecurityPkg: Change default value source
https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable
is not exist, code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Jian J Wang
Cc: Chao Zhang
Cc: Jiewen Yao
---
v3 change:
Remove TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT and
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT.
Extend year of copyright.
SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h | 17 +
.../DxeTcg2PhysicalPresenceLib.c| 6 +++---
.../PeiTcg2PhysicalPresenceLib.c| 4 ++--
.../PeiTcg2PhysicalPresenceLib.inf | 5 -
.../SmmTcg2PhysicalPresenceLib.c| 7 +--
.../SmmTcg2PhysicalPresenceLib.inf | 3 ++-
SecurityPkg/SecurityPkg.dec | 15 +--
7 files changed, 30 insertions(+), 27 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
index 39febcb655..e5ff3b1e5e 100644
--- a/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
+++ b/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h
@@ -2,7 +2,7 @@
This library is intended to be used by BDS modules.
This library will execute TPM2 request.
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -39,21 +39,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID
BIT17
#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID
BIT18
-//
-// Default value
-//
-#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT
(TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF | \
-
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR | \
-
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS | \
-
TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS)
-
-//
-// Default value
-//
-#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT
(TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID | \
-
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID |\
-
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID)
-
/**
Check and execute the pending TPM request.
diff --git
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 80e2e37bf4..1e00476509 100644
---
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -7,7 +7,7 @@
Tpm2ExecutePendingTpmRequest() will receive untrusted input and do
validation.
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1194,7 +1194,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (
&Flags
);
if (EFI_ERROR (Status)) {
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
}
return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest,
Flags.PPFlags, RequestParameter);
}
@@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
-PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}
diff --git
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
index a111351516..b80129bf7f 100644
---
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
@@ -3,7 +3,7 @@
This library will get TPM 2.0 physical presence information.
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagem
[edk2-devel] [PATCH v2] SecurityPkg: Change default value source
https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable
is not exist, code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Jian J Wang
Cc: Chao Zhang
Cc: Jiewen Yao
---
v2 change:
Change patch title.
.../Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 2 +-
.../Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c | 2 +-
.../PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf| 3 +++
.../Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c | 5 -
.../SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf| 1 +
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 80e2e37bf4..bf793555aa 100644
---
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
-PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}
diff --git
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
index a111351516..a2c157d8a7 100644
---
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
@@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
-PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}
diff --git
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
index d34f232022..11ebaa9263 100644
---
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
+++
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
@@ -43,5 +43,8 @@
[Ppis]
gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ##
SOMETIMES_CONSUMES
+
[Depex]
gEfiPeiReadOnlyVariable2PpiGuid
diff --git
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 3827df9663..08ef5416d8 100644
---
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
BOOLEANmIsTcg2PPVerLowerThan_1_3 = FALSE;
+UINT32 mTcg2PhysicalPresenceFlags;
/**
The handler for TPM physical presence function:
@@ -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
&Flags
);
if (EFI_ERROR (Status)) {
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Flags.PPFlags = mTcg2PhysicalPresenceFlags;
}
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction
(*OperationRequest, Flags.PPFlags, *RequestParameter);
}
@@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructor (
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
(VOID**)&mTcg2PpSmmVariable);
ASSERT_EFI_ERROR (Status);
+ mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
+
return EFI_SUCCESS;
}
diff --git
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index e0e5fef5f1..1f40629e3b 100644
---
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -50,6 +50,7 @@
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags##
SOMETIMES_CONSUMES
[Depex]
gEfiSmmVariable
[edk2-devel] [PATCH] SecurityPkg: Get default value from same source for TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE
https://bugzilla.tianocore.org/show_bug.cgi?id=2713
In current code, If TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE variable is not exist,
code will get default value from two places.
This fix is to make the default value comes from the PCD
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Jian J Wang
Cc: Chao Zhang
Cc: Jiewen Yao
---
.../Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c | 2 +-
.../Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c | 2 +-
.../PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf| 3 +++
.../Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c | 5 -
.../SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf| 1 +
5 files changed, 10 insertions(+), 3 deletions(-)
diff --git
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index 80e2e37bf4..bf793555aa 100644
---
a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -1228,7 +1228,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
-PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}
diff --git
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
index a111351516..a2c157d8a7 100644
---
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c
@@ -47,7 +47,7 @@ Tcg2PhysicalPresenceLibGetManagementFlags (
&PpiFlags
);
if (EFI_ERROR (Status)) {
-PpiFlags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
}
return PpiFlags.PPFlags;
}
diff --git
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
index d34f232022..11ebaa9263 100644
---
a/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
+++
b/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
@@ -43,5 +43,8 @@
[Ppis]
gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ##
SOMETIMES_CONSUMES
+
[Depex]
gEfiPeiReadOnlyVariable2PpiGuid
diff --git
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
index 3827df9663..08ef5416d8 100644
---
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
+++
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c
@@ -31,6 +31,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable;
BOOLEANmIsTcg2PPVerLowerThan_1_3 = FALSE;
+UINT32 mTcg2PhysicalPresenceFlags;
/**
The handler for TPM physical presence function:
@@ -162,7 +163,7 @@ Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
&Flags
);
if (EFI_ERROR (Status)) {
- Flags.PPFlags = TCG2_BIOS_TPM_MANAGEMENT_FLAG_DEFAULT |
TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_DEFAULT;
+ Flags.PPFlags = mTcg2PhysicalPresenceFlags;
}
ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction
(*OperationRequest, Flags.PPFlags, *RequestParameter);
}
@@ -396,5 +397,7 @@ Tcg2PhysicalPresenceLibConstructor (
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
(VOID**)&mTcg2PpSmmVariable);
ASSERT_EFI_ERROR (Status);
+ mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags);
+
return EFI_SUCCESS;
}
diff --git
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
index e0e5fef5f1..1f40629e3b 100644
---
a/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
+++
b/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
@@ -50,6 +50,7 @@
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags##
SOMETIMES_CONSUMES
[Depex]
gEfiSmmVariableProtocolGu
Re: [edk2-devel] [PATCH] SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL
Hi Jiewen,
This patch has been added to client bios as override since last year and
validated on WHL/CFL/ICL and also CML.
It was asked by RST team because BLOCK IO protocol is unable to be provided on
each physical device when RAID volume created.
Thanks,
Maggie
-Original Message-
From: devel@edk2.groups.io On Behalf Of Yao, Jiewen
Sent: Monday, November 4, 2019 12:08 PM
To: Chu, Maggie ; devel@edk2.groups.io
Cc: Dong, Eric ; Zhang, Chao B
Subject: Re: [edk2-devel] [PATCH] SecurityPkg/OpalPassword: Remove dependency
on EFI_BLOCK_IO_PROTOCOL
Hello
May I know what test has been done for this patch?
> -Original Message-
> From: Chu, Maggie
> Sent: Monday, November 4, 2019 12:04 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric ; Zhang, Chao B
> ; Yao, Jiewen
> Subject: [PATCH] SecurityPkg/OpalPassword: Remove dependency on
> EFI_BLOCK_IO_PROTOCOL
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=2327
>
> RAID drivers abstract their physical drives that make up the array
> into a single unit, and do not supply individual EFI_BLOCK_IO_PROTOCOL
> instances for each physical drive in the array.
> This breaks support for the Security Storage Command Protocol, which
> currently requires an EFI_BLOCK_IO_PROTOCOL to be associated with the
> same device the protocol is installed on and provide all the same
> parameters.
>
> This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and allows
> access to Opal drive members of a RAID array.
>
> Signed-off-by: Maggie Chu
> Cc: Eric Dong
> Cc: Chao Zhang
> Cc: Jiewen Yao
> ---
> SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 70
> ++--
> --
> 1 file changed, 27 insertions(+), 43 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> index 77905d2bf9..6bec54b932 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
> @@ -2667,7 +2667,6 @@ OpalEfiDriverBindingSupported( {
>
>EFI_STATUS Status;
>
>EFI_STORAGE_SECURITY_COMMAND_PROTOCOL* SecurityCommand;
>
> - EFI_BLOCK_IO_PROTOCOL* BlkIo;
>
>
>
>if (mOpalEndOfDxe) {
>
> return EFI_UNSUPPORTED;
>
> @@ -2703,33 +2702,6 @@ OpalEfiDriverBindingSupported(
>Controller
>
>);
>
>
>
> - //
>
> - // Test EFI_BLOCK_IO_PROTOCOL on controller Handle, required by
> EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
>
> - // function APIs
>
> - //
>
> - Status = gBS->OpenProtocol(
>
> -Controller,
>
> -&gEfiBlockIoProtocolGuid,
>
> -(VOID **)&BlkIo,
>
> -This->DriverBindingHandle,
>
> -Controller,
>
> -EFI_OPEN_PROTOCOL_BY_DRIVER
>
> -);
>
> -
>
> - if (EFI_ERROR(Status)) {
>
> -DEBUG((DEBUG_INFO, "No EFI_BLOCK_IO_PROTOCOL on controller\n"));
>
> -return Status;
>
> - }
>
> -
>
> - //
>
> - // Close protocol and reopen in Start call
>
> - //
>
> - gBS->CloseProtocol(
>
> -Controller,
>
> -&gEfiBlockIoProtocolGuid,
>
> -This->DriverBindingHandle,
>
> -Controller
>
> -);
>
>
>
>return EFI_SUCCESS;
>
> }
>
> @@ -2827,30 +2799,42 @@ OpalEfiDriverBindingStart(
> );
>
>if (EFI_ERROR(Status)) {
>
> //
>
> -// Close storage security that was opened
>
> +// Block_IO not supported on handle
>
> //
>
> -gBS->CloseProtocol(
>
> -Controller,
>
> -&gEfiStorageSecurityCommandProtocolGuid,
>
> -This->DriverBindingHandle,
>
> -Controller
>
> -);
>
> +if(Status == EFI_UNSUPPORTED) {
>
> + BlkIo = NULL;
>
> +} else {
>
> + //
>
> + // Close storage security that was opened
>
> + //
>
> + gBS->CloseProtocol(
>
> + Controller,
>
> + &gEfiStorageSecurityCommandProtocolGuid,
>
> + This->DriverBindingHandle,
>
> + Controller
>
> + );
>
>
>
> -FreePool(Dev);
>
> -return Status;
>
> + FreePool(Dev);
>
> + return Status;
>
> +}
>
>}
>
>
>
>//
>
>// Save mediaId
>
>//
>
> - Dev->MediaId = BlkIo->Media->MediaId;
>
> + if(BlkIo == NULL) {
>
> +// If no Block IO present, use defined MediaId value.
>
> +Dev->Media
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Remove dependency on EFI_BLOCK_IO_PROTOCOL
https://bugzilla.tianocore.org/show_bug.cgi?id=2327
RAID drivers abstract their physical drives that make up
the array into a single unit, and do not supply individual
EFI_BLOCK_IO_PROTOCOL instances for each physical drive in the array.
This breaks support for the Security Storage Command Protocol,
which currently requires an EFI_BLOCK_IO_PROTOCOL to be associated
with the same device the protocol is installed on and provide
all the same parameters.
This patch remove dependency on EFI_BLOCK_IO_PROTOCOL and
allows access to Opal drive members of a RAID array.
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Chao Zhang
Cc: Jiewen Yao
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 70 ++
1 file changed, 27 insertions(+), 43 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 77905d2bf9..6bec54b932 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -2667,7 +2667,6 @@ OpalEfiDriverBindingSupported(
{
EFI_STATUS Status;
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL* SecurityCommand;
- EFI_BLOCK_IO_PROTOCOL* BlkIo;
if (mOpalEndOfDxe) {
return EFI_UNSUPPORTED;
@@ -2703,33 +2702,6 @@ OpalEfiDriverBindingSupported(
Controller
);
- //
- // Test EFI_BLOCK_IO_PROTOCOL on controller Handle, required by
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
- // function APIs
- //
- Status = gBS->OpenProtocol(
-Controller,
-&gEfiBlockIoProtocolGuid,
-(VOID **)&BlkIo,
-This->DriverBindingHandle,
-Controller,
-EFI_OPEN_PROTOCOL_BY_DRIVER
-);
-
- if (EFI_ERROR(Status)) {
-DEBUG((DEBUG_INFO, "No EFI_BLOCK_IO_PROTOCOL on controller\n"));
-return Status;
- }
-
- //
- // Close protocol and reopen in Start call
- //
- gBS->CloseProtocol(
-Controller,
-&gEfiBlockIoProtocolGuid,
-This->DriverBindingHandle,
-Controller
-);
return EFI_SUCCESS;
}
@@ -2827,30 +2799,42 @@ OpalEfiDriverBindingStart(
);
if (EFI_ERROR(Status)) {
//
-// Close storage security that was opened
+// Block_IO not supported on handle
//
-gBS->CloseProtocol(
-Controller,
-&gEfiStorageSecurityCommandProtocolGuid,
-This->DriverBindingHandle,
-Controller
-);
+if(Status == EFI_UNSUPPORTED) {
+ BlkIo = NULL;
+} else {
+ //
+ // Close storage security that was opened
+ //
+ gBS->CloseProtocol(
+ Controller,
+ &gEfiStorageSecurityCommandProtocolGuid,
+ This->DriverBindingHandle,
+ Controller
+ );
-FreePool(Dev);
-return Status;
+ FreePool(Dev);
+ return Status;
+}
}
//
// Save mediaId
//
- Dev->MediaId = BlkIo->Media->MediaId;
+ if(BlkIo == NULL) {
+// If no Block IO present, use defined MediaId value.
+Dev->MediaId = 0x0;
+ } else {
+Dev->MediaId = BlkIo->Media->MediaId;
- gBS->CloseProtocol(
-Controller,
-&gEfiBlockIoProtocolGuid,
-This->DriverBindingHandle,
-Controller
+gBS->CloseProtocol(
+ Controller,
+ &gEfiBlockIoProtocolGuid,
+ This->DriverBindingHandle,
+ Controller
);
+ }
//
// Acquire Ascii printable name of child, if not found, then ignore device
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#49903): https://edk2.groups.io/g/devel/message/49903
Mute This Topic: https://groups.io/mt/41056838/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] MdeModulePkg/NvmExpressPei: Produce NVM Express PassThru PPI
https://bugzilla.tianocore.org/show_bug.cgi?id=1879
This commit will add codes to produce the NVM Express PassThru PPI.
Signed-off-by: Maggie Chu
Cc: Hao A Wu
Cc: Jian J Wang
Cc: Ray Ni
Cc: Star Zeng
---
MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c | 26 +++
MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h | 8 +
.../Bus/Pci/NvmExpressPei/NvmExpressPei.inf| 1 +
.../Bus/Pci/NvmExpressPei/NvmExpressPeiBlockIo.c | 27 +--
.../Bus/Pci/NvmExpressPei/NvmExpressPeiHci.c | 74 ---
.../Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.c | 218 -
.../Bus/Pci/NvmExpressPei/NvmExpressPeiPassThru.h | 159 ++-
.../NvmExpressPei/NvmExpressPeiStorageSecurity.c | 24 +--
8 files changed, 420 insertions(+), 117 deletions(-)
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c
b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c
index 0e79b29f82..987eed420e 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c
+++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.c
@@ -28,6 +28,12 @@ EFI_PEI_PPI_DESCRIPTOR mNvmeStorageSecurityPpiListTemplate
= {
NULL
};
+EFI_PEI_PPI_DESCRIPTOR mNvmePassThruPpiListTemplate = {
+ (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiPeiNvmExpressPassThruPpiGuid,
+ NULL
+};
+
EFI_PEI_NOTIFY_DESCRIPTOR mNvmeEndOfPeiNotifyListTemplate = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEfiEndOfPeiSignalPpiGuid,
@@ -392,6 +398,26 @@ NvmExpressPeimEntry (
Private->BlkIo2PpiList.Ppi = &Private->BlkIo2Ppi;
PeiServicesInstallPpi (&Private->BlkIoPpiList);
+//
+// Nvm Express Pass Thru PPI
+//
+Private->PassThruMode.Attributes=
EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_PHYSICAL |
+
EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_LOGICAL |
+
EFI_NVM_EXPRESS_PASS_THRU_ATTRIBUTES_CMD_SET_NVM;
+Private->PassThruMode.IoAlign = sizeof (UINTN);
+Private->PassThruMode.NvmeVersion =
EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_REVISION;
+Private->NvmePassThruPpi.Mode = &Private->PassThruMode;
+Private->NvmePassThruPpi.GetDevicePath = NvmePassThruGetDevicePath;
+Private->NvmePassThruPpi.GetNextNameSpace = NvmePassThruGetNextNameSpace;
+Private->NvmePassThruPpi.PassThru = NvmePassThru;
+CopyMem (
+ &Private->NvmePassThruPpiList,
+ &mNvmePassThruPpiListTemplate,
+ sizeof (EFI_PEI_PPI_DESCRIPTOR)
+ );
+Private->NvmePassThruPpiList.Ppi= &Private->NvmePassThruPpi;
+PeiServicesInstallPpi (&Private->NvmePassThruPpiList);
+
//
// Check if the NVME controller supports the Security Receive/Send commands
//
diff --git a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h
b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h
index 6b2e2f0326..8cd905191b 100644
--- a/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h
+++ b/MdeModulePkg/Bus/Pci/NvmExpressPei/NvmExpressPei.h
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
@@ -74,6 +75,8 @@ struct _PEI_NVME_NAMESPACE_INFO {
PEI_NVME_CONTROLLER_PRIVATE_DATA *Controller;
};
+#define NVME_CONTROLLER_NSID0
+
//
// Unique signature for private data structure.
//
@@ -85,15 +88,18 @@ struct _PEI_NVME_NAMESPACE_INFO {
struct _PEI_NVME_CONTROLLER_PRIVATE_DATA {
UINT32Signature;
UINTN MmioBase;
+ EFI_NVM_EXPRESS_PASS_THRU_MODEPassThruMode;
UINTN DevicePathLength;
EFI_DEVICE_PATH_PROTOCOL *DevicePath;
EFI_PEI_RECOVERY_BLOCK_IO_PPI BlkIoPpi;
EFI_PEI_RECOVERY_BLOCK_IO2_PPIBlkIo2Ppi;
EDKII_PEI_STORAGE_SECURITY_CMD_PPIStorageSecurityPpi;
+ EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI NvmePassThruPpi;
EFI_PEI_PPI_DESCRIPTORBlkIoPpiList;
EFI_PEI_PPI_DESCRIPTORBlkIo2PpiList;
EFI_PEI_PPI_DESCRIPTORStorageSecurityPpiList;
+ EFI_PEI_PPI_DESCRIPTORNvmePassThruPpiList;
EFI_PEI_NOTIFY_DESCRIPTOR EndOfPeiNotifyList;
//
@@ -145,6 +151,8 @@ struct _PEI_NVME_CONTROLLER_PRIVATE_DATA {
CR (a, PEI_NVME_CONTROLLER_PRIVATE_DATA, BlkIo2Ppi,
NVME_PEI_CONTROLLER_PRIVATE_DATA_SIGNATURE)
#define GET_NVME_PEIM_HC_PRIVATE_DATA_FROM_THIS_STROAGE_SECURITY(a)\
CR (a, PEI_NVME_CONTROLLER_PRIVATE_DATA, StorageSecurityPpi,
NVME_PEI_CONTROLLER_PRIVATE_DATA_SIGNATURE)
+#define GET_NVME_PEIM_HC_PRIVATE_DATA_FROM_THIS_NVME_PASSTHRU(a) \
+ CR (a, PEI_NVME_CONTROLLER_PRIVATE_DATA, NvmePassThruPpi,
NVME_PEI_CONTROLLER_
[edk2-devel] [PATCH] MdeModulePkg: Add definitions for NVM Express Passthru PPI
https://bugzilla.tianocore.org/show_bug.cgi?id=1879
This commit will add the definitions of Nvm Express PassThru PPI.
This PPI will provide services that allow NVM commands to be sent
to NVM Express devices during PEI phase.
More specifically, the PPI will provide services to:
* Sends an NVM Express Command Packet to an NVM Express controller
or namespace (by service 'PassThru');
* Get the list of the attached namespaces on a controller
(by services 'GetNextNameSpace');
* Get the identification information (DevicePath) of the underlying
NVM Express host controller (by service 'GetDevicePath').
Signed-off-by: Maggie Chu
Cc: Hao A Wu
Cc: Jian J Wang
Cc: Ray Ni
Cc: Star Zeng
---
MdeModulePkg/Include/Ppi/NvmExpressPassThru.h | 156 ++
MdeModulePkg/MdeModulePkg.dec | 3 +
2 files changed, 159 insertions(+)
create mode 100644 MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
diff --git a/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
new file mode 100644
index 00..cb5b3b3b18
--- /dev/null
+++ b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
@@ -0,0 +1,156 @@
+/** @file
+
+ Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _EDKII_NVME_PASS_THRU_PPI_H_
+#define _EDKII_NVME_PASS_THRU_PPI_H_
+
+#include
+#include
+
+///
+/// Global ID for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI.
+///
+#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_GUID \
+ { \
+0x6af31b2c, 0x3be, 0x46c1, { 0xb1, 0x2d, 0xea, 0x4a, 0x36, 0xdf, 0xa7,
0x4c } \
+ }
+
+//
+// Forward declaration for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI.
+//
+typedef struct _EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI
EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI;
+
+//
+// Revision The revision to which the Nvme Pass Thru PPI interface adheres.
+// All future revisions must be backwards compatible.
+// If a future version is not back wards compatible it is not the
same GUID.
+//
+#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_REVISION 0x0001
+
+/**
+ Gets the device path information of the underlying NVM Express host
controller.
+
+ @param[in] This The PPI instance pointer.
+ @param[out] DevicePathLength The length of the device path in bytes
specified
+ by DevicePath.
+ @param[out] DevicePath The device path of the underlying NVM
Express
+ host controller.
+ This field re-uses EFI Device Path Protocol
as
+ defined by Section 10.2 EFI Device Path
Protocol
+ of UEFI 2.7 Specification.
+
+ @retval EFI_SUCCESS The operation succeeds.
+ @retval EFI_INVALID_PARAMETERDevicePathLength or DevicePath is NULL.
+ @retval EFI_OUT_OF_RESOURCES The operation fails due to lack of
resources.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_PEI_NVME_PASS_THRU_GET_DEVICE_PATH) (
+ IN EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI *This,
+ OUT UINTN *DevicePathLength,
+ OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath
+ );
+
+/**
+ Used to retrieve the next namespace ID for this NVM Express controller.
+
+ If on input the value pointed to by NamespaceId is 0x, then the first
+ valid namespace ID defined on the NVM Express controller is returned in the
+ location pointed to by NamespaceId and a status of EFI_SUCCESS is returned.
+
+ If on input the value pointed to by NamespaceId is an invalid namespace ID
+ other than 0x, then EFI_INVALID_PARAMETER is returned.
+
+ If on input the value pointed to by NamespaceId is a valid namespace ID, then
+ the next valid namespace ID on the NVM Express controller is returned in the
+ location pointed to by NamespaceId, and EFI_SUCCESS is returned.
+
+ If the value pointed to by NamespaceId is the namespace ID of the last
+ namespace on the NVM Express controller, then EFI_NOT_FOUND is returned.
+
+ @param[in] This The PPI instance pointer.
+ @param[in,out] NamespaceId On input, a pointer to a legal NamespaceId
+ for an NVM Express namespace present on the
+ NVM Express controller. On output, a pointer
+ to the next NamespaceId of an NVM Express
+ namespace on an NVM Express controller. An
+ input value of 0x retrieves the
+ first NamespaceId for an NVM Express
+ namespace present on an NVM Express
+ controller.
+
+ @retval EFI_SUCCESSThe Namespace ID of the next Namespace was
+ returned.
+ @retva
[edk2-devel] [PATCH] MdeModulePkg: Add definitions for NVM Express Passthru PPI
https://bugzilla.tianocore.org/show_bug.cgi?id=1879
This commit will add the definitions of Nvm Express PassThru PPI.
This PPI will provide services that allow NVM commands to be sent
to NVM Express devices during PEI phase.
More specifically, the PPI will provide services to:
* Sends an NVM Express Command Packet to an NVM Express controller
or namespace (by service 'PassThru');
* Get the list of the attached namespaces on a controller
(by services 'GetNextNameSpace');
* Get the identification information (DevicePath) of the underlying
NVM Express host controller (by service 'GetDevicePath').
Signed-off-by: Maggie Chu
Cc: Hao A Wu
Cc: Jian J Wang
Cc: Ray Ni
Cc: Star Zeng
---
MdeModulePkg/Include/Ppi/NvmExpressPassThru.h | 156 ++
MdeModulePkg/MdeModulePkg.dec | 3 +
2 files changed, 159 insertions(+)
create mode 100644 MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
diff --git a/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
new file mode 100644
index 00..cb5b3b3b18
--- /dev/null
+++ b/MdeModulePkg/Include/Ppi/NvmExpressPassThru.h
@@ -0,0 +1,156 @@
+/** @file
+
+ Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _EDKII_NVME_PASS_THRU_PPI_H_
+#define _EDKII_NVME_PASS_THRU_PPI_H_
+
+#include
+#include
+
+///
+/// Global ID for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI.
+///
+#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_GUID \
+ { \
+0x6af31b2c, 0x3be, 0x46c1, { 0xb1, 0x2d, 0xea, 0x4a, 0x36, 0xdf, 0xa7,
0x4c } \
+ }
+
+//
+// Forward declaration for the EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI.
+//
+typedef struct _EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI
EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI;
+
+//
+// Revision The revision to which the Nvme Pass Thru PPI interface adheres.
+// All future revisions must be backwards compatible.
+// If a future version is not back wards compatible it is not the
same GUID.
+//
+#define EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI_REVISION 0x0001
+
+/**
+ Gets the device path information of the underlying NVM Express host
controller.
+
+ @param[in] This The PPI instance pointer.
+ @param[out] DevicePathLength The length of the device path in bytes
specified
+ by DevicePath.
+ @param[out] DevicePath The device path of the underlying NVM
Express
+ host controller.
+ This field re-uses EFI Device Path Protocol
as
+ defined by Section 10.2 EFI Device Path
Protocol
+ of UEFI 2.7 Specification.
+
+ @retval EFI_SUCCESS The operation succeeds.
+ @retval EFI_INVALID_PARAMETERDevicePathLength or DevicePath is NULL.
+ @retval EFI_OUT_OF_RESOURCES The operation fails due to lack of
resources.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_PEI_NVME_PASS_THRU_GET_DEVICE_PATH) (
+ IN EDKII_PEI_NVM_EXPRESS_PASS_THRU_PPI *This,
+ OUT UINTN *DevicePathLength,
+ OUT EFI_DEVICE_PATH_PROTOCOL **DevicePath
+ );
+
+/**
+ Used to retrieve the next namespace ID for this NVM Express controller.
+
+ If on input the value pointed to by NamespaceId is 0x, then the first
+ valid namespace ID defined on the NVM Express controller is returned in the
+ location pointed to by NamespaceId and a status of EFI_SUCCESS is returned.
+
+ If on input the value pointed to by NamespaceId is an invalid namespace ID
+ other than 0x, then EFI_INVALID_PARAMETER is returned.
+
+ If on input the value pointed to by NamespaceId is a valid namespace ID, then
+ the next valid namespace ID on the NVM Express controller is returned in the
+ location pointed to by NamespaceId, and EFI_SUCCESS is returned.
+
+ If the value pointed to by NamespaceId is the namespace ID of the last
+ namespace on the NVM Express controller, then EFI_NOT_FOUND is returned.
+
+ @param[in] This The PPI instance pointer.
+ @param[in,out] NamespaceId On input, a pointer to a legal NamespaceId
+ for an NVM Express namespace present on the
+ NVM Express controller. On output, a pointer
+ to the next NamespaceId of an NVM Express
+ namespace on an NVM Express controller. An
+ input value of 0x retrieves the
+ first NamespaceId for an NVM Express
+ namespace present on an NVM Express
+ controller.
+
+ @retval EFI_SUCCESSThe Namespace ID of the next Namespace was
+ returned.
+ @retva
[edk2-devel] [PATCH] SecurityPkg/HddPassword: Add a PCD to skip Hdd password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1876
Add a PCD for skipping Hdd password prompt.
If device is in the locked status while attempting to skip
password prompt, device will keep locked and system
continue to boot.
If device is in the unlocked status while attempting to skip
password prompt, system will be forced shutdown.
Signed-off-by: Maggie Chu
Cc: Chao Zhang
Cc: Jiewen Yao
Cc: Eric Dong
---
SecurityPkg/HddPassword/HddPasswordDxe.c | 16
SecurityPkg/HddPassword/HddPasswordDxe.inf | 4
SecurityPkg/SecurityPkg.dec| 6 ++
3 files changed, 26 insertions(+)
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c
b/SecurityPkg/HddPassword/HddPasswordDxe.c
index 253af9f78f..b0d795b659 100644
--- a/SecurityPkg/HddPassword/HddPasswordDxe.c
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.c
@@ -1345,6 +1345,22 @@ HddPasswordRequestPassword (
//
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
+
+ //
+ // Add PcdSkipHddPasswordPrompt to determin whether to skip password
prompt.
+ // Due to board design, device may not power off during system warm boot,
which result in
+ // security status remain unlocked status, hence we add device security
status check here.
+ //
+ // If device is in the locked status, device keeps locked and system
continues booting.
+ // If device is in the unlocked status, system is forced shutdown for
security concern.
+ //
+ if (PcdGetBool (PcdSkipHddPasswordPrompt)) {
+ if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
+ return;
+ } else {
+ gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
+}
//
// As soon as the HDD password is in enabled state, we pop up a window to
unlock hdd
// no matter it's really in locked or unlocked state.
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf
b/SecurityPkg/HddPassword/HddPasswordDxe.inf
index f7550079ed..06e8755ffc 100644
--- a/SecurityPkg/HddPassword/HddPasswordDxe.inf
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf
@@ -34,6 +34,7 @@
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
+ SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
@@ -64,6 +65,9 @@
gEfiPciIoProtocolGuid ## CONSUMES
gEdkiiVariableLockProtocolGuid## CONSUMES
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES
+
[Depex]
gEfiVariableWriteArchProtocolGuid
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 3314f1854b..82929fe38e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -428,6 +428,12 @@
# @Prompt Skip Opal DXE driver unlock device flow.
gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020
+ ## Indicates if Hdd Password driver skip password prompt.
+ # TRUE - Skip password prompt.
+ # FALSE - Does not skip password prompt.
+ # @Prompt Skip Hdd Password prompt.
+
gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLEAN|0x00010021
+
[PcdsDynamic, PcdsDynamicEx]
## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly follows
TCG Algorithm Registry.
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42084): https://edk2.groups.io/g/devel/message/42084
Mute This Topic: https://groups.io/mt/32002537/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg: Add a PCD to skip Hdd password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1876
Add a PCD for skipping Hdd password prompt.
If device is in the locked status while attempting to skip
password prompt, device will keep locked and system
continue to boot.
If device is in the unlocked status while attempting to skip
password prompt, system will be forced shutdown for
security concern.
Cc: Chao Zhang
Cc: Jiewen Yao
Cc: Eric Dong
---
SecurityPkg/HddPassword/HddPasswordDxe.c | 16
SecurityPkg/HddPassword/HddPasswordDxe.inf | 4
SecurityPkg/SecurityPkg.dec| 6 ++
3 files changed, 26 insertions(+)
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c
b/SecurityPkg/HddPassword/HddPasswordDxe.c
index 253af9f78f..b97f5d63f6 100644
--- a/SecurityPkg/HddPassword/HddPasswordDxe.c
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.c
@@ -1345,6 +1345,22 @@ HddPasswordRequestPassword (
//
if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) &&
(ConfigFormEntry->IfrData.SecurityStatus.Enabled)) {
+
+ //
+ // Add PcdSkipHddPasswordPrompt to determin whether to skip password
prompt.
+ // Due to board design, device may not power off during system warm boot,
which result in
+ // security status remain unlocked status, hence we add device security
status check here.
+ //
+ // If device is in the locked status, device keeps locked and system
continues booting.
+ // If device is in the unlocked status, system is forced shutdown for
security concern.
+ //
+ if (PcdGetBool (PcdSkipHddPasswordPrompt)) {
+ if (ConfigFormEntry->IfrData.SecurityStatus.Locked) {
+ return;
+ } else {
+ gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
+}
//
// As soon as the HDD password is in enabled state, we pop up a window to
unlock hdd
// no matter it's really in locked or unlocked state.
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf
b/SecurityPkg/HddPassword/HddPasswordDxe.inf
index f7550079ed..06e8755ffc 100644
--- a/SecurityPkg/HddPassword/HddPasswordDxe.inf
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf
@@ -34,6 +34,7 @@
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
+ SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
@@ -64,6 +65,9 @@
gEfiPciIoProtocolGuid ## CONSUMES
gEdkiiVariableLockProtocolGuid## CONSUMES
+[Pcd]
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES
+
[Depex]
gEfiVariableWriteArchProtocolGuid
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 3314f1854b..82929fe38e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -428,6 +428,12 @@
# @Prompt Skip Opal DXE driver unlock device flow.
gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020
+ ## Indicates if Hdd Password driver skip password prompt.
+ # TRUE - Skip password prompt.
+ # FALSE - Does not skip password prompt.
+ # @Prompt Skip Hdd Password prompt.
+
gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLEAN|0x00010021
+
[PcdsDynamic, PcdsDynamicEx]
## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly follows
TCG Algorithm Registry.
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#41863): https://edk2.groups.io/g/devel/message/41863
Mute This Topic: https://groups.io/mt/31926751/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add PCD to skip password prompt
https://bugzilla.tianocore.org/show_bug.cgi?id=1801
Add a PCD for skipping password prompt in device unlocked status.
Previous change only support if storage device is in locked status.
This change is added to support the case that security status of the
storage device is unlocked.
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Chao Zhang
Cc: Jiewen Yao
---
SecurityPkg/SecurityPkg.dec | 10 +-
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c| 16 ++--
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 2 +-
3 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 3314f1854b..96db80c2d2 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -422,11 +422,11 @@
# @Prompt Possible TPM2 Interrupt Number buffer
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00,
0x00}|VOID*|0x0001001D
- ## Indicates if Opal DXE driver skip unlock device flow.
- # TRUE - Skip unlock device flow.
- # FALSE - Does not skip unlock device flow.
- # @Prompt Skip Opal DXE driver unlock device flow.
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020
+ ## Indicates if Opal DXE driver skip password prompt.
+ # TRUE - Skip password prompt.
+ # FALSE - Does not skip password prompt.
+ # @Prompt Skip Opal DXE driver password prompt.
+
gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOLEAN|0x00010020
[PcdsDynamic, PcdsDynamicEx]
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 965205c0b2..e14fa32354 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -899,8 +899,20 @@ OpalDriverRequestPassword (
IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes,
&Dev->OpalDisk.LockingFeature);
-if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {
- return;
+//
+// Add PcdSkipOpalPasswordPrompt to determin whether to skip password
prompt.
+// Due to board design, device may not power off during system warm boot,
which result in
+// security status remain unlocked status, hence we add device security
status check here.
+//
+// If device is in the locked status, device keeps locked and system
continues booting.
+// If device is in the unlocked status, system is forced shutdown to
support security requirement.
+//
+if (PcdGetBool (PcdSkipOpalPasswordPrompt)) {
+ if (IsLocked) {
+return;
+ } else {
+gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
}
while (Count < MAX_PASSWORD_TRY_COUNT) {
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
index e74f147aaa..87519198c0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
@@ -71,7 +71,7 @@
gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ##
UNDEFINED
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES
[Depex]
gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#41194): https://edk2.groups.io/g/devel/message/41194
Mute This Topic: https://groups.io/mt/31717459/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add PCD to skip password prompt in device unlocked status
https://bugzilla.tianocore.org/show_bug.cgi?id=1801
Add a PCD for skipping password prompt.
Previous change only support if storage device is in locked device.
This change is added to support the case that security status of the
storage device is unlocked.
Signed-off-by: Maggie Chu
Cc: Eric Dong
Cc: Chao Zhang
Cc: Jiewen Yao
---
SecurityPkg/SecurityPkg.dec | 10 +-
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c| 16 ++--
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf | 2 +-
3 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 3314f1854b..96db80c2d2 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -422,11 +422,11 @@
# @Prompt Possible TPM2 Interrupt Number buffer
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00,
0x00}|VOID*|0x0001001D
- ## Indicates if Opal DXE driver skip unlock device flow.
- # TRUE - Skip unlock device flow.
- # FALSE - Does not skip unlock device flow.
- # @Prompt Skip Opal DXE driver unlock device flow.
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock|FALSE|BOOLEAN|0x00010020
+ ## Indicates if Opal DXE driver skip password prompt.
+ # TRUE - Skip password prompt.
+ # FALSE - Does not skip password prompt.
+ # @Prompt Skip Opal DXE driver password prompt.
+
gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOLEAN|0x00010020
[PcdsDynamic, PcdsDynamicEx]
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index 965205c0b2..b0f9ca2215 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -899,8 +899,20 @@ OpalDriverRequestPassword (
IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes,
&Dev->OpalDisk.LockingFeature);
-if (IsLocked && PcdGetBool (PcdSkipOpalDxeUnlock)) {
- return;
+//
+// Add PcdSkipOpalPasswordPrompt to determin whether to skip password
prompt.
+// Due to board design, device may not power off during system warm boot,
which result in
+// security status remain unlocked status, hence we add device security
status check here.
+//
+// If device is in the locked status, device keeps locked and system
continues booting.
+// If device is in the unlocked status, system is forced shutdown to
support security requirement.
+//
+if (PcdGetBool (PcdSkipOpalPasswordPrompt)) {
+ if (IsLocked) {
+return;
+ } else {
+gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL);
+ }
}
while (Count < MAX_PASSWORD_TRY_COUNT) {
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
index e74f147aaa..87519198c0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
@@ -71,7 +71,7 @@
gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ##
UNDEFINED
[Pcd]
- gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalDxeUnlock ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES
[Depex]
gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#40493): https://edk2.groups.io/g/devel/message/40493
Mute This Topic: https://groups.io/mt/31605216/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753
Add pop-up warning messages before secure erase action.
In order to notify user the secure erase action will take a longer time.
This change also fix some pop-up windows are unable to show up
complete message due to some strings are too long.
Signed-off-by: Maggie Chu
Cc: Chao Zhang
Cc: Jiewen Yao
Cc: Eric Dong
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 131 ++---
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c| 23 +++--
2 files changed, 112 insertions(+), 42 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index ed7f968255..42999c89f0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -487,6 +487,7 @@ OpalEndOfDxeEventNotify (
OPAL request.
@param[in] PopUpString Pop up string.
@param[in] PopUpString2 Pop up string in line 2.
+ @param[in] PopUpString3 Pop up string in line 3.
@param[out] PressEsc Whether user escape function through Press ESC.
@@ -498,6 +499,7 @@ OpalDriverPopUpPsidInput (
IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString,
IN CHAR16 *PopUpString2,
+ IN CHAR16 *PopUpString3,
OUT BOOLEAN *PressEsc
)
{
@@ -527,15 +529,28 @@ OpalDriverPopUpPsidInput (
NULL
);
} else {
- CreatePopUp (
-EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-&InputKey,
-PopUpString,
-PopUpString2,
-L"-",
-Mask,
-NULL
- );
+ if (PopUpString3 == NULL) {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString,
+ PopUpString2,
+ L"-",
+ Mask,
+ NULL
+);
+ } else {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString,
+ PopUpString2,
+ PopUpString3,
+ L"-",
+ Mask,
+ NULL
+);
+ }
}
//
@@ -625,6 +640,7 @@ OpalDriverPopUpPsidInput (
process OPAL request.
@param[in] PopUpString1 Pop up string 1.
@param[in] PopUpString2 Pop up string 2.
+ @param[in] PopUpString3 Pop up string 3.
@param[out] PressEsc Whether user escape function through Press ESC.
@retval Password string if success. NULL if failed.
@@ -635,6 +651,7 @@ OpalDriverPopUpPasswordInput (
IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString1,
IN CHAR16 *PopUpString2,
+ IN CHAR16 *PopUpString3,
OUT BOOLEAN *PressEsc
)
{
@@ -664,15 +681,28 @@ OpalDriverPopUpPasswordInput (
NULL
);
} else {
- CreatePopUp (
-EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-&InputKey,
-PopUpString1,
-PopUpString2,
-L"-",
-Mask,
-NULL
- );
+ if (PopUpString3 == NULL) {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString1,
+ PopUpString2,
+ L"-",
+ Mask,
+ NULL
+);
+ } else {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString1,
+ PopUpString2,
+ PopUpString3,
+ L"-",
+ Mask,
+ NULL
+);
+ }
}
//
@@ -823,7 +853,7 @@ OpalDriverRequestPassword (
}
while (Count < MAX_PASSWORD_TRY_COUNT) {
- Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL,
&PressEsc);
+ Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL,
&PressEsc);
if (PressEsc) {
if (IsLocked) {
//
@@ -988,7 +1018,7 @@ ProcessOpalRequestEnableFeature (
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
while (Count < MAX_PASSWORD_TRY_COUNT) {
-Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type
in your new password", &PressEsc);
+Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type
in your new password", NULL, &PressEsc);
if (PressEsc) {
do {
CreatePopUp (
@@ -1017,7 +1047,7 @@ ProcessOpalRequestEnableFeature (
}
PasswordLen = (UINT32) AsciiStrLen(Password);
-PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please
confirm your new password", &PressEsc);
+PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753
Add pop-up warning messages before secure erase action.
In order to notify user the secure erase action will take a longer time.
This change also fix some pop-up windows are unable to show up
complete message due to some strings are too long.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu
Cc: Chao Zhang
Cc: Jiewen Yao
Cc: Eric Dong
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 131 ++---
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c| 23 +++--
2 files changed, 112 insertions(+), 42 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index ed7f968255..42999c89f0 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -487,6 +487,7 @@ OpalEndOfDxeEventNotify (
OPAL request.
@param[in] PopUpString Pop up string.
@param[in] PopUpString2 Pop up string in line 2.
+ @param[in] PopUpString3 Pop up string in line 3.
@param[out] PressEsc Whether user escape function through Press ESC.
@@ -498,6 +499,7 @@ OpalDriverPopUpPsidInput (
IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString,
IN CHAR16 *PopUpString2,
+ IN CHAR16 *PopUpString3,
OUT BOOLEAN *PressEsc
)
{
@@ -527,15 +529,28 @@ OpalDriverPopUpPsidInput (
NULL
);
} else {
- CreatePopUp (
-EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-&InputKey,
-PopUpString,
-PopUpString2,
-L"-",
-Mask,
-NULL
- );
+ if (PopUpString3 == NULL) {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString,
+ PopUpString2,
+ L"-",
+ Mask,
+ NULL
+);
+ } else {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString,
+ PopUpString2,
+ PopUpString3,
+ L"-",
+ Mask,
+ NULL
+);
+ }
}
//
@@ -625,6 +640,7 @@ OpalDriverPopUpPsidInput (
process OPAL request.
@param[in] PopUpString1 Pop up string 1.
@param[in] PopUpString2 Pop up string 2.
+ @param[in] PopUpString3 Pop up string 3.
@param[out] PressEsc Whether user escape function through Press ESC.
@retval Password string if success. NULL if failed.
@@ -635,6 +651,7 @@ OpalDriverPopUpPasswordInput (
IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString1,
IN CHAR16 *PopUpString2,
+ IN CHAR16 *PopUpString3,
OUT BOOLEAN *PressEsc
)
{
@@ -664,15 +681,28 @@ OpalDriverPopUpPasswordInput (
NULL
);
} else {
- CreatePopUp (
-EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-&InputKey,
-PopUpString1,
-PopUpString2,
-L"-",
-Mask,
-NULL
- );
+ if (PopUpString3 == NULL) {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString1,
+ PopUpString2,
+ L"-",
+ Mask,
+ NULL
+);
+ } else {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString1,
+ PopUpString2,
+ PopUpString3,
+ L"-",
+ Mask,
+ NULL
+);
+ }
}
//
@@ -823,7 +853,7 @@ OpalDriverRequestPassword (
}
while (Count < MAX_PASSWORD_TRY_COUNT) {
- Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL,
&PressEsc);
+ Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL,
&PressEsc);
if (PressEsc) {
if (IsLocked) {
//
@@ -988,7 +1018,7 @@ ProcessOpalRequestEnableFeature (
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
while (Count < MAX_PASSWORD_TRY_COUNT) {
-Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type
in your new password", &PressEsc);
+Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type
in your new password", NULL, &PressEsc);
if (PressEsc) {
do {
CreatePopUp (
@@ -1017,7 +1047,7 @@ ProcessOpalRequestEnableFeature (
}
PasswordLen = (UINT32) AsciiStrLen(Password);
-PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please
confirm your new password", &PressEsc);
+PasswordConfirm = OpalDriverP
[edk2-devel] [PATCH] SecurityPkg/OpalPassword: Add warning message for Secure Erase
https://bugzilla.tianocore.org/show_bug.cgi?id=1753
Add pop-up warning messages before secure erase action.
In order to notify user the secure erase action will take a longer time.
This change also fix some pop-up windows are unable to show up
complete message due to some strings are too long.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Maggie Chu
Cc: Chao Zhang
Cc: Jiewen Yao
Cc: Eric Dong
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 129 ++---
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c| 23 +++--
2 files changed, 110 insertions(+), 42 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index ed7f968255..ada2a4ca5a 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -498,6 +498,7 @@ OpalDriverPopUpPsidInput (
IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString,
IN CHAR16 *PopUpString2,
+ IN CHAR16 *PopUpString3,
OUT BOOLEAN *PressEsc
)
{
@@ -527,15 +528,28 @@ OpalDriverPopUpPsidInput (
NULL
);
} else {
- CreatePopUp (
-EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-&InputKey,
-PopUpString,
-PopUpString2,
-L"-",
-Mask,
-NULL
- );
+ if (PopUpString3 == NULL) {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString,
+ PopUpString2,
+ L"-",
+ Mask,
+ NULL
+);
+ } else {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString,
+ PopUpString2,
+ PopUpString3,
+ L"-",
+ Mask,
+ NULL
+);
+ }
}
//
@@ -635,6 +649,7 @@ OpalDriverPopUpPasswordInput (
IN OPAL_DRIVER_DEVICE *Dev,
IN CHAR16 *PopUpString1,
IN CHAR16 *PopUpString2,
+ IN CHAR16 *PopUpString3,
OUT BOOLEAN *PressEsc
)
{
@@ -664,15 +679,28 @@ OpalDriverPopUpPasswordInput (
NULL
);
} else {
- CreatePopUp (
-EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
-&InputKey,
-PopUpString1,
-PopUpString2,
-L"-",
-Mask,
-NULL
- );
+ if (PopUpString3 == NULL) {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString1,
+ PopUpString2,
+ L"-",
+ Mask,
+ NULL
+);
+ } else {
+CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &InputKey,
+ PopUpString1,
+ PopUpString2,
+ PopUpString3,
+ L"-",
+ Mask,
+ NULL
+);
+ }
}
//
@@ -823,7 +851,7 @@ OpalDriverRequestPassword (
}
while (Count < MAX_PASSWORD_TRY_COUNT) {
- Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL,
&PressEsc);
+ Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL,
&PressEsc);
if (PressEsc) {
if (IsLocked) {
//
@@ -988,7 +1016,7 @@ ProcessOpalRequestEnableFeature (
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
while (Count < MAX_PASSWORD_TRY_COUNT) {
-Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type
in your new password", &PressEsc);
+Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type
in your new password", NULL, &PressEsc);
if (PressEsc) {
do {
CreatePopUp (
@@ -1017,7 +1045,7 @@ ProcessOpalRequestEnableFeature (
}
PasswordLen = (UINT32) AsciiStrLen(Password);
-PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please
confirm your new password", &PressEsc);
+PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please
confirm your new password", NULL, &PressEsc);
if (PasswordConfirm == NULL) {
ZeroMem (Password, PasswordLen);
FreePool (Password);
@@ -1132,7 +1160,7 @@ ProcessOpalRequestDisableUser (
Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId;
while (Count < MAX_PASSWORD_TRY_COUNT) {
-Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL,
&PressEsc);
+Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL,
&PressEsc);
if (PressEsc) {
do {
CreatePopUp (
@@ -1227,6 +1255,7 @@ ProcessOpalRequestPsidRevert (
TCG_RESULTRe
