From 6e7423c3c2ff56c9256b92a845b3e0c959ab0d74 Mon Sep 17 00:00:00 2001 From: "Dong, Eric" Date: Thu, 5 May 2016 08:51:28 +0800 Subject: SecurityPkg TcgStorageOpalLib: Check the capability before use. For Pyrite SSC device, it may not supports Active Key, So add check logic before enable it. Cc: Feng Tian Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong Reviewed-by: Feng Tian --- .../Library/TcgStorageOpalLib/TcgStorageOpalCore.c | 50 ++++++++++++---------- 1 file changed, 28 insertions(+), 22 deletions(-) (limited to 'SecurityPkg') diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c index 7674ee5716..cc8d5ef3f0 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c @@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin( TCG_PARSE_STRUCT ParseStruct; UINT32 Size; TCG_UID ActiveKey; + TCG_RESULT Ret; NULL_CHECK(LockingSpSession); NULL_CHECK(NewPin); @@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin( ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); - ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey)); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetAce( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, - OPAL_LOCKING_SP_USER1_AUTHORITY, - TCG_ACE_EXPRESSION_OR, - OPAL_LOCKING_SP_ADMINS_AUTHORITY - )); + // + // For Pyrite type SSC, it not supports Active Key. + // So here add check logic before enable it. + // + Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey); + if (Ret == TcgResultSuccess) { + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetAce( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + )); - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); - if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { - DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); - // - //TODO do we want to disable user1 if all permissions are not granted - // - return TcgResultFailure; + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); + // + // TODO do we want to disable user1 if all permissions are not granted + // + return TcgResultFailure; + } } ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); -- cgit v1.2.3