From 69cd129471c3507d6be0b9e993a020ddef38692e Mon Sep 17 00:00:00 2001 From: Eric Dong Date: Wed, 4 May 2016 12:48:50 +0800 Subject: SecurityPkg OpalPasswordSmm: Enhance BlockSid Logic. BlockSid feature can be retrieve from the header info. Update the logic, check BlockSid capability before use it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Reviewed-by: Feng Tian --- SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'SecurityPkg') diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c index b7e2d552d5..46311bd8a0 100644 --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c @@ -180,12 +180,14 @@ ExtractDeviceInfoFromDevicePath ( TRUE means that the device is partially or fully locked. This will perform a Level 0 Discovery and parse the locking feature descriptor - @param[in] OpalDev Opal object to determine if locked + @param[in] OpalDev Opal object to determine if locked + @param[out] BlockSidSupported Whether device support BlockSid feature. **/ BOOLEAN IsOpalDeviceLocked( - OPAL_SMM_DEVICE *OpalDev + OPAL_SMM_DEVICE *OpalDev, + BOOLEAN *BlockSidSupported ) { OPAL_SESSION Session; @@ -203,7 +205,8 @@ IsOpalDeviceLocked( } OpalDev->OpalBaseComId = OpalBaseComId; - Session.OpalBaseComId = OpalBaseComId; + Session.OpalBaseComId = OpalBaseComId; + *BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE; Ret = OpalGetLockingInfo(&Session, &LockingFeature); if (Ret != TcgResultSuccess) { @@ -346,6 +349,7 @@ SmmUnlockOpalPassword ( UINTN MemoryBase; UINTN MemoryLength; OPAL_SESSION Session; + BOOLEAN BlockSidSupport; ZeroMem (StorePcieConfDataList, sizeof (StorePcieConfDataList)); Status = EFI_DEVICE_ERROR; @@ -431,13 +435,14 @@ SmmUnlockOpalPassword ( } Status = EFI_DEVICE_ERROR; - if (IsOpalDeviceLocked(OpalDev)) { + BlockSidSupport = FALSE; + if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) { ZeroMem(&Session, sizeof(Session)); Session.Sscp = &OpalDev->Sscp; Session.MediaId = 0; Session.OpalBaseComId = OpalDev->OpalBaseComId; - if (mSendBlockSID) { + if (mSendBlockSID && BlockSidSupport) { Result = OpalBlockSid (&Session, TRUE); if (Result != TcgResultSuccess) { break; -- cgit v1.2.3