diff options
Diffstat (limited to 'Core/EM/HddSecurity')
26 files changed, 11110 insertions, 0 deletions
diff --git a/Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c b/Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c new file mode 100644 index 0000000..90c9a4d --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c @@ -0,0 +1,158 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2010, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/ForceHddPassword.c 2 10/11/10 6:19p Krishnakumarg $ +// +// $Revision: 2 $ +// +// $Date: 10/11/10 6:19p $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/ForceHddPassword.c $ +// +// 2 10/11/10 6:19p Krishnakumarg +// [TAG] - EIP 45593 +// [Category] - IMPROVEMENT +// [Severity] - Minor +// [Symptom] - Build Errors in ForceHDDPassword.c on new core 4.6.4.1 +// label +// [RootCause]- IDE_CONTROLLER_PROTOCOL structure defined header not +// included +// [Solution] - Include the respective header(PIDEController.h) +// [Files] - ForceHddPassword.c +// +// 1 8/19/10 2:44a Rameshr +// Issue:Need do HDD PSW reset when warmboot +// EIP 40528 +// +// +//********************************************************************** + +//<AMI_FHDR_START> +//---------------------------------------------------------------------------- +// +// Name: ForceHddPassword.c +// +// Description: Send Disable Software Preservation command when the +// FORCE_HDD_PASSWORD_PROMPT token is set to 1 +// +//---------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#include "Efi.h" +#include "token.h" +#include <AmiLib.h> +#include <AmiDxeLib.h> +#include "Protocol\PciIo.h" +#include "Protocol\DevicePath.h" +#include "protocol\DriverBinding.h" +#include "protocol\BlockIo.h" +#include "Protocol\PDiskInfo.h" +#include "Protocol\PIDEController.h" +#include "Protocol\PIDEBus.h" +#include "Protocol\PAhciBus.h" +#include "Protocol\PIDEBus.h" + + +EFI_RUNTIME_SERVICES *gRT; +EFI_BOOT_SERVICES *gBS; + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: DisableSoftwarePreservation +// +// Description: Send the Disable software Preservation +// +// Input: None +// +// Output: None +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID +DisableSoftwarePreservation ( ) +{ +#if FORCE_HDD_PASSWORD_PROMPT + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + UINT8 i; + AHCI_BUS_PROTOCOL *AhciBusInterface; + EFI_GUID gEfiAhciBusProtocolGuid = AHCI_BUS_INIT_PROTOCOL_GUID; + SATA_DEVICE_INTERFACE *SataDeviceInterface; + DLINK *dlink; + COMMAND_STRUCTURE CommandStructure = {0}; + EFI_STATUS Status; + + + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiAhciBusProtocolGuid, + NULL, + &HandleCount, + &HandleBuffer + ); + + if(EFI_ERROR(Status) || HandleCount == 0 ) { + return; + } + + // + // Issue Disable Software Preservation command all the Sata Devices connected. + // + for (i = 0; i < HandleCount; i++) { + Status = gBS->HandleProtocol (HandleBuffer[i], &gEfiAhciBusProtocolGuid, &AhciBusInterface); + if (!EFI_ERROR(Status)) { + dlink = AhciBusInterface->SataDeviceList.pHead; + if (dlink){ + do { + SataDeviceInterface = OUTTER(dlink, SataDeviceLink, SATA_DEVICE_INTERFACE); + + if ((SataDeviceInterface->IdentifyData.Reserved_76_79[0] != 0xFFFF )&& + (SataDeviceInterface->IdentifyData.Reserved_76_79[2] & 0x0040)&& // Software Preservation support + (SataDeviceInterface->IdentifyData.Security_Status_128 & 0x0002)&& // Security enabled + (!(SataDeviceInterface->IdentifyData.Security_Status_128 & 0x0004))) { // Security not locked + + // + // Send Disable Software Preservation command. + // + CommandStructure.Features = DISABLE_SATA2_SOFTPREV; + CommandStructure.SectorCount = 6; + CommandStructure.Command = SET_FEATURE_COMMAND; + Status = AhciBusInterface->ExecuteNonDataCommand(SataDeviceInterface, CommandStructure); + } + dlink = dlink-> pNext; + }while (dlink); + } + } + } +#endif + return; +} + + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2010, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//**********************************************************************
\ No newline at end of file diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.c b/Core/EM/HddSecurity/Hddpassword/HddPassword.c new file mode 100644 index 0000000..1de9072 --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.c @@ -0,0 +1,2631 @@ +//**************************************************************************** +//**************************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Norcross, GA 30093 ** +//** ** +//** Phone (770)-246-8600 ** +//** ** +//**************************************************************************** +//**************************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.c 43 3/26/15 2:01a Rameshr $ +// +// $Revision: 43 $ +// +// $Date: 3/26/15 2:01a $ +// +//***************************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.c $ +// +// 43 3/26/15 2:01a Rameshr +// [TAG] EIP208331 +// [Category] New Feature +// [Description] Avoid sending freeze Lock command to the device if the +// HDD already in frozen state +// [Files] HddPassword.c +// +// 42 3/16/15 5:51a Rameshr +// [TAG] EIP208331 +// [Category] Improvement +// [Description] Avoid sending freeze Lock command to the device if the +// HDD already in frozen state +// [Files] IdeSecurity.c, HddPassword.c +// +// 41 9/10/14 3:07a Divyac +// [TAG] EIP182213 +// [Category] Improvement +// [Description] Use System table conout Clearscreen instead of +// ClearScreen() from TSE to avoid active buffer updation. +// [Files] HddPassword.c +// +// 40 9/10/14 2:58a Divyac +// [TAG] EIP181548 +// [Category] Improvement +// [Description] Implement event signaling during HDD Passwords Prompt. +// [Files] HddPassword.c +// HddPassword.h +// +// 39 12/18/13 4:09a Srikantakumarp +// [TAG] EIP127356 +// [Category] Improvement +// [Description] Flash NVRAM seems to cause HDD can't be unlocked when +// S3 resume. +// [Files] IdeSecurity.c, IDESMM.c, HddPassword.c, AhciBus.c, AhciBus.h +// +// 38 6/06/13 4:10a Rameshr +// [TAG] EIP106423 +// [Category] Improvement +// [Description] HddPassword Support in UEFI Raid and Legacy Raid. And +// also taken care where there is no Conin Device avilable in the post +// [Files] IdeSecurity.cif,IdeSecurity.sdl,IdeSecurity.mak,IdeSecurityB +// dsCall.c,HddPassword.c, Ahcibus.c, Pidebus.h +// +// 37 5/29/13 8:08a Srikantakumarp +// [TAG] EIP123088 +// [Category] Improvement +// [Description] Added the Wrapper function to pass HDD status and flag +// to show maximum unlocking attempt is reached. +// [Files] HddPassword.c +// +// 36 4/29/13 2:30a Kapilporwal +// fixing build errors, when tse soruce is not present, from last check-in +// +// 35 4/25/13 9:28a Kapilporwal +// [TAG] EIP108583 +// [Category] New Feature +// [Description] support set HDD password in same page +// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl, +// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c, +// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl +// +// 34 3/25/13 6:01a Rameshr +// [TAG] EIP113655 +// [Category] Improvement +// [Description] Invoke TSEIDEPasswordCheck() function only if password +// is set to the HDD and also to remove the unnecessary save screen in +// IDEPasswordCheck() of HDD security module. +// [Files] HddPassword.c +// +// 33 3/25/13 5:14a Rameshr +// [TAG] EIP117159 +// [Category] Improvement +// [Description] Proper error message displayed when the Password count +// expired +// [Files] HddPassword.c, HddPassword.uni, HddSecTokens.c +// +// 32 9/03/12 1:49a Srilathasc +// [TAG] EIP99649 +// [Category] Improvement +// [Description] Made IDEPasswordUpdateHdd() symmetric with +// IDEPasswordAuthenticateHdd() when +// token SETUP_PASSWORD_NON_CASE_SENSITIVE is set +// +// +// [Files] HddPassword.c +// +// 31 6/07/12 12:34a Jittenkumarp +// [TAG] EIP89271 +// [Category] Bug Fix +// [Symptom] HDD Security string not displayed properly on multilanguage +// [RootCause] Languages not initilized by AMITSE +// [Solution] Languages is now initilized .Hddsecurity string is +// displayed properly for multilanguage. +// +// [Files] HddPassword.c +// +// 30 2/13/12 1:39a Deepthins +// [TAG] EIP81680 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] The password set for DEFAULT_MASTER_PASSWORD_TAG token is +// not authenticated when the token SETUP_PASSWORD_NON_CASE_SENSITIVE is +// set to 1. +// [RootCause] When the master password is not installed, Master +// password Prompt window should not displayed +// [Solution] Removed master password prompt window, when the master +// password is not installed +// [Files] HddPassword.c +// +// 29 1/10/12 4:41a Deepthins +// [TAG] EIP76872 +// [Category] Improvement +// [Description] If user password are all wrong, then try master +// password(no need to press 'ESC'). +// [Files] HddPassword.c, HddPassword.sdl +// +// 28 11/16/11 1:19a Rameshr +// [TAG] EIP75245 +// [Category] Improvement +// [Description] RegisterHddNotification does not match AMITSE hook +// return values. Modified the function to match the AMITSE hook return +// values. +// [Files] Hddpassword.c +// +// 27 11/09/11 12:30a Rameshr +// [TAG] EIP62381 +// [Category] Improvement +// [Description] SB template version checking added to avoid the build +// error on old SB template project +// [Files] HddPassword.c +// +// 26 11/08/11 3:33a Rameshr +// [TAG] EIP72999 +// [Category] Improvement +// [Description] Modified the function to support the +// OVERRIDE_TSEIDEPasswordCheck SDL token +// [Files] Hddpassword.c +// +// 25 10/11/11 1:41a Rameshr +// [TAG] EIP69244 +// [Category] Improvement +// [Description] The number of retry count for user and master password +// added based on the MAXIMUM_HDD_UNLOCK_ATTEMPTS SDL token value. +// [Files] HddPassword.c , HddPassword.Sdl +// +// 24 10/07/11 7:01a Rajeshms +// [TAG] EIP71205 +// [Description] Idesecurity module throws build error with AMITSE +// Bootonly flavour. +// [Files] HddPassword.c +// +// 23 9/09/11 4:58a Rameshr +// [TAG] - EIP 69521 +// [Category]- IMPROVEMENT +// [Description]- Idesecurity module to be compatible with AMITSE BootOnly +// flavor +// [Files] - HddPassword.c +// +// 22 9/02/11 4:07a Rameshr +// [TAG] - EIP 67674 +// [Category]- IMPROVEMENT +// [Description]- All buffers allocated from heap during password checking +// should be zeroed before freeing - security requirement +// [Files] - HddPassword.c +// +// 21 7/15/11 7:26a Rameshr +// [TAG] - EIP 63320 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - Port1 HDD's password setting item is disappeared, if the +// device is connected to another controller. +// [RootCause]- When the second controller HDD detected and comes for the +// Password verfication, the already password validated HDD information is +// lost. +// [Solution] - Saved the existing data if it's already password verified +// and added to the new data +// [Files] - Hddpassword.c +// +// 20 6/28/11 6:31a Anandv +// [TAG] EIP62381 +// [Category] Improvement +// [Description] In IdeSecurity Module, display HDD number in Setup +// based on +// results from WhichIde() function of DiskInfoProtocol. +// [Files] HddPassword.c, HddPassword.h, SBDxe.c, PIDEController.h +// +// 19 2/18/11 5:45a Rameshr +// [TAG]- EIP 37975 +// [Category]-IMPROVEMENT +// [Description]- Klocwork Issues II - IDE/Ahci module +// [Files]- HddPassword.c +// +// 18 2/01/11 6:22a Lavanyap +// [TAG] - EIP52585 +// [Category] - BUG FIX +// [Severity] - N/A +// [Symptom] - HDD password can not be disabled in setup menu when turn on +// token "ALL_HDD_SAME_PW" +// [RootCause] - Authenticate HDD only if it is locked,which fails when +// ALL_HDD_SAME_PW is set. +// [Solution] - Removed the code that checks HDD locked state in +// IDEPasswordAuthenticateAllHdd(). +// [Files] - HddPassword.c +// +// 17 1/10/11 9:54a Rameshr +// [TAG] EIP49732 +// [Category] Improvement +// [Description] Build problem Resolved with Old AMITSE version. +// [Files] Build problem Resolved with Old AMITSE version. +// +// 16 1/07/11 12:08a Rameshr +// [TAG]- EIP 49732 +// [Category]-IMPROVEMENT +// [Description]- Supported added for SETUP_PASSWORD_NON_CASE_SENSITIVE +// [Files]- Hddpassword.c +// +// 15 12/28/10 4:31a Lavanyap +// [TAG] - EIP50988 +// [Category] - BUG FIX +// [Severity] - Important +// [Symptom] - Hddpassword doesn't work properly with more than 1 HDD with +// ALL_HDD_SAME_PW set to 0. +// [RootCause] - Not added the AMITSE changes for the implementation of +// ALL_HDD_SAME_PW token. +// [Solution] - Changes in AMITSE module for the implementation of token +// ALL_HDD_SAME_PW moved to AmitseHddpassword. +// [Files] - HddPassword.c +// +// 14 12/07/10 6:36a Rameshr +// [TAG] - EIP 46116 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - When enter the BIOS Setup :"security" page ,it will hang +// up. +// [RootCause]- 1. Freepool function doesn't have proper input +// 2. Size variable not initilized. +// [Solution] - 1. Removed using gBs pointer and used Lib Function +// 2. Size variable initilized with 0. +// [Files] - Hddpassword.c +// +// 13 8/27/10 2:30p Yul +// [TAG] EIP40151 +// [Category] NEW FEATURE +// [Description] If system has two HDDs, User need set two HDDs password +// separately with master and user password. +// We want to simply the procedure, if user set master or user password, +// it will set two HDDs with same password. +// While un-lock the HDD password, user just need input one Master/User +// password to un-lock HDD. +// [Files] HddPassword.c +// HddPassword.sdl +// IdeSecurity.sd +// IdeSecurity.uni +// Same as v12. No code update. +// +// 12 8/27/10 10:05a Yul +// EIP 40151 - One Master/User password for all attach HDDs +// +// 11 8/27/10 12:15a Rameshr +// [TAG] - EIP 43059 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom]- Build Errors in HddPassword.c on non INTEL_IDE_PROTOCOL +// Projects. +// [RootCause]- Hddpassword.c included the PIdebus.h . PIdebus.h uses the +// IDE_CONTROLLER_PROTOCOL protocol. +// [Solution]- Before Pidebus.h included, included the PIDEController.h +// also. . +// [Files] - Hddpassword.c +// +// 10 8/26/10 2:43a Rameshr +// [TAG] - EIP42594 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom]- [IdeSecurity]IdeSecConfig variable not set when there is on +// HDD connected +// [RootCause]- IdeSecConfig variable is not set when no HDD is present, +// thus the HDD count value (IdeSecConfig.Count) checking fails in +// IdeSecurity.sd and displays the label always. +// [Solution]- Initialised the structure IdeSecConfig to zero if no HDD is +// present. +// [Files]- HddPassword.c +// +// 9 6/07/10 7:20p Krishnakumarg +// Build error in "4.6.3_HddSecurity_011" label.EIP#39531 +// +// 8 5/21/10 2:58p Aaronp +// Fix for EIP 38473 - Device names are not displayed when built in UEFI +// 2.1 mode +// +// 7 5/11/10 3:57p Krishnakumarg +// Coding standard. +// +// 6 3/29/10 2:24p Yul +// Refer to EIP 36288. +// Once SETUP_SAME_SYS_HDD_PW is ON, AHCI mode fails to boot OS +// with specific Hard Drive. +// +// 5 3/26/10 5:42p Krishnakumarg +// UEFI2.1 compliance change EIP#34744. +// +// 4 3/11/10 3:49a Rameshr +// Issue: Same Structure definied in Hddpassword and Amitse. +// Solution: Amitse created tsecommon.h with all the common definition. +// EIP: 27339 +// +// 3 1/15/10 10:10a Yul +// Coding Standard +// +// 2 9/28/09 4:59p Rameshr +// The data structure AMI_IFR_MSGBOX in HddPassword.h and MessageBox.h are +// not the same +// EIP 27157 +// +// 1 5/01/09 11:09a Rameshr +// Initial Check-in +//*****************************************************************************// + +//<AMI_FHDR_START> +//--------------------------------------------------------------------------- +// +// Name: Hddpassword.c +// +// Description: Provides the Hddpassword Screen support in the setup. +// +//--------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#include "AmiDxeLib.h" +#include "token.h" +#if EFI_SPECIFICATION_VERSION > 0x20000 +#include "Include\UefiHii.h" +#include "Protocol\HiiDatabase.h" +#include "Protocol\HiiString.h" +#else +#include <Protocol/Hii.h> +#endif +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE +#include "minisetup.h" +#endif +#include "Protocol\PciIo.h" +#include "Protocol\BlockIo.h" +#include "Protocol\PDiskInfo.h" +#include "Protocol\PIDEController.h" +#include "Protocol\PIDEBus.h" +#include "Protocol\PAhciBus.h" +#include <Protocol/SimpleTextIn.h> +#include <Protocol/SimpleTextOut.h> +#include <Protocol/AMIPostMgr.h> +#include "AMITSEStrTokens.h" +#include "AmiVfr.h" +#include "HddPassword.h" +#include "Protocol\DevicePath.h" +#if SETUP_SAME_SYS_HDD_PW +#include "Core\EM\AMITSE\Inc\PwdLib.h" +#include "Core\EM\AMITSE\Inc\Variable.h" +#endif + +#ifdef SB_TEMPLATE_VER +#if SB_TEMPLATE_VER > 6 +SB_HDD_POLICY_PROTOCOL *gSbHddPolicyPtr=NULL; +EFI_GUID gSbHddPolicyProtocolGuid = SB_HDD_POLICY_PROTOCOL_GUID; +#endif +#endif + + +EFI_GUID gDiskInfoProtocolGuid = EFI_DISK_INFO_PROTOCOL_GUID; +EFI_GUID gDevicePathProtocolGuid = EFI_DEVICE_PATH_PROTOCOL_GUID; +EFI_GUID gHddSecurityEndProtocolGuid = HDD_SECURITY_END_PROTOCOL_GUID; +EFI_GUID gHddPasswordVerifiedGuid = HDD_PASSWORD_VERIFIED_GUID; +EFI_GUID gIDESecGuid = IDE_SECURITY_CONFIG_GUID; +EFI_GUID gIDESecurityProtocolGuid = IDE_SECURITY_INTERFACE_GUID; +EFI_GUID gHddPasswordPromptEnterGuid = HDD_PASSWORD_PROMPT_ENTER_GUID; +EFI_GUID gHddPasswordPromptExitGuid = HDD_PASSWORD_PROMPT_EXIT_GUID; + +static EFI_HII_STRING_PROTOCOL *HiiString = NULL; +static CHAR8 *SupportedLanguages=NULL; + + +typedef struct +{ + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity; + UINT16 NameToken; + UINT16 PromptToken; + BOOLEAN Locked; + BOOLEAN LoggedInAsMaster; + BOOLEAN Validated; + UINT8 PWD[IDE_PASSWORD_LENGTH + 1]; +} IDE_SECURITY_DATA; + +#if TSE_BUILD > 0x1206 +BOOLEAN IsPasswordSupportNonCaseSensitive(); +VOID UpdatePasswordToNonCaseSensitive(CHAR16 *Password, UINTN PwdLength); +#endif + +VOID HddNotificationFunction(EFI_EVENT Event, VOID *HddRegContext); +VOID IDEPasswordCheck(VOID); +UINT16 IDEPasswordGetName(UINT16 Index); +UINT16 IDESecurityProtocolInit(); +BOOLEAN HddPasswordGetDeviceName(EFI_HANDLE Controller,CHAR16 **wsName); +BOOLEAN CheckSecurityStatus ( + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity, + BOOLEAN *Locked, + UINT16 Mask ); +EFI_STATUS IDEPasswordAuthenticateHdd( + CHAR16 *Password, + VOID * Ptr, + BOOLEAN bCheckUser ); + +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE +VOID IDEUpdateConfig( + VOID *TempideSecConfig, + UINTN value ); + +VOID SearchTseHardDiskField ( + BOOLEAN *pbCheckUser, BOOLEAN *pEnabledBit, + UINT8 *pHardDiskNumber, VOID *data ); + +EFI_STRING_ID ConfigPromptToken = 0; +extern UINTN gInvalidPasswordFailMsgBox; +#else +UINTN gCurrIDESecPage; +#endif + +IDE_SECURITY_DATA *IDEPasswordSecurityData = NULL; +EFI_HANDLE gHddSecEndHandle = NULL; +EFI_HANDLE HddNotifyHandle; +static EFI_HANDLE *gHandleBuffer = NULL; +EFI_EVENT HddNotifyEvent; +VOID *HddNotifyRegistration; +BOOLEAN HddFreeze = FALSE; +UINT16 gIDESecurityCount = 0; +BOOLEAN gFlag = FALSE; + + +VOID EfiStrCpy (IN CHAR16 *Destination,IN CHAR16 *Source); +UINTN EfiStrLen (IN CHAR16 *String); +extern VOID TSEIDEPasswordCheck(); + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddSecuritySignalProtocolEvent +// +// Description: Internal function that installs/uninstall protocol +// with a specified GUID and NULL interface. +// Such protocols can be used as event signaling mechanism. +// +// +// Input: ProtocolGuid Pointer to the protocol GUID. +// +// Output: None. +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +VOID +HddSecuritySignalProtocolEvent ( + IN EFI_GUID *ProtocolGuid +) +{ + + EFI_HANDLE Handle = NULL; + + pBS->InstallProtocolInterface ( + &Handle, + ProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL ); + + pBS->UninstallProtocolInterface ( + Handle, + ProtocolGuid, + NULL); + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: RegisterHddNotification +// +// Description: Register the Protocol call back event +// +// +// Input: VOID +// +// Output: VOID +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN RegisterHddNotification( VOID ) +{ + EFI_STATUS Status = EFI_UNSUPPORTED; + + Status = gBS->CreateEvent( EFI_EVENT_NOTIFY_SIGNAL, + TPL_CALLBACK, + HddNotificationFunction, + &HddNotifyRegistration, + &HddNotifyEvent); + + Status = gBS->RegisterProtocolNotify( &gHddSecurityEndProtocolGuid, + HddNotifyEvent, + &HddNotifyRegistration); + + // + // get any of these events that have occured in the past + // + gBS->SignalEvent( HddNotifyEvent ); + + return FALSE; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddNotificationFunction +// +// Description: Hdd notification function gets called when HddSecurityEnd Protocol get installed. +// +// Input: +// EFI_EVENT Event - Event to signal +// void HddRegContext - Event specific context (pointer to NotifyRegisteration +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID HddNotificationFunction( EFI_EVENT Event, VOID *HddRegContext ) +{ + EFI_STATUS Status; + EFI_HANDLE *HandleBuffer = NULL; + IDE_SECURITY_CONFIG *IdeSecConfig = NULL; + IDE_SECURITY_CONFIG ideSecConfig; + IDE_SECURITY_DATA *DataPtr=NULL; + UINTN NumHandles; + UINTN IdeSecConfigSize = 0; + UINTN Index=0; + + if ( HddRegContext == NULL ) + return; + // + // Initialise IdeSecConfig information if this variable is not set already. + // + IdeSecConfig = VarGetNvramName( L"IDESecDev", &gIDESecGuid, NULL, &IdeSecConfigSize ); + + if ( !IdeSecConfig ) { + + IdeSecConfig = EfiLibAllocateZeroPool( sizeof(IDE_SECURITY_CONFIG)); + + if ( IdeSecConfig == NULL ) { + return; + } + MemSet( IdeSecConfig, sizeof(IDE_SECURITY_CONFIG), 0); + VarSetNvramName( L"IDESecDev", + &gIDESecGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS, + IdeSecConfig, + sizeof(IDE_SECURITY_CONFIG)); + } else { + MemFreePointer( (VOID **)&IdeSecConfig ); + } + + // + //Locate the handle + // + Status = gBS->LocateHandleBuffer( ByRegisterNotify, + NULL, + *(VOID**)HddRegContext, + &NumHandles, + &HandleBuffer); + + // + // If protocol not installed return + // + if ( EFI_ERROR( Status )) + return; + + gHddSecEndHandle = HandleBuffer[0]; + + // + //Locate the Security Protocols + // + gIDESecurityCount = IDESecurityProtocolInit(); + + for(Index=0; Index<gIDESecurityCount; Index++){ + // + //Initialize the DataPtr + // + DataPtr = (IDE_SECURITY_DATA *) IDEPasswordGetDataPtr(Index); + + // + // Search for locked Hard disc and not password verification done + // + if(DataPtr->Locked && !DataPtr->Validated){ + break; + } + } + + // + // Validate the password only if HDD is locked + // + if( (gIDESecurityCount != 0 ) && (NULL != DataPtr ) && + (DataPtr->Locked ) && (!DataPtr->Validated ) ){ + TSEIDEPasswordCheck(); + } else { + // + // Update the IdeSecConfig information . + // + MemSet( &ideSecConfig, sizeof(ideSecConfig), 0 ); + ideSecConfig.Count = gIDESecurityCount; + VarSetNvramName( L"IDESecDev", + &gIDESecGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS, + &ideSecConfig, + sizeof(ideSecConfig)); + } + + // + // Install the Unlocked Protocol to nitify HDD has been unlocked + // + if ( gHddSecEndHandle != NULL ) { + Status = gBS->InstallProtocolInterface( &gHddSecEndHandle, + &gHddPasswordVerifiedGuid, + EFI_NATIVE_INTERFACE, + NULL); + } + + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: PrivateHiiAddString +// +// Description: Add the String to Hii Database using HiiString Protocol +// +// Input: +// IN EFI_HII_HANDLE HiiHandle, +// IN CHAR16 * String +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STRING_ID PrivateHiiAddString( + IN EFI_HII_HANDLE HiiHandle, + IN CHAR16 * String) +{ + EFI_STATUS Status; + CHAR8* Languages = NULL; + UINTN LangSize = 0; + CHAR8* CurrentLanguage; + BOOLEAN LastLanguage = FALSE; + EFI_STRING_ID StringId = 0; + + if(HiiString == NULL) { + Status = pBS->LocateProtocol(&gEfiHiiStringProtocolGuid, NULL, (VOID **) &HiiString); + if(EFI_ERROR(Status)) { + return 0; + } + } + + if(SupportedLanguages == NULL) { + Status = HiiString->GetLanguages(HiiString, HiiHandle, Languages, &LangSize); + if(Status == EFI_BUFFER_TOO_SMALL) { + Status = pBS->AllocatePool(EfiBootServicesData, LangSize, &Languages); + if(EFI_ERROR(Status)) { + // + //not enough resources to allocate string + // + return NULL; + } + Status = HiiString->GetLanguages(HiiString, HiiHandle, Languages, &LangSize); + } + SupportedLanguages=Languages; + } else { + Languages=SupportedLanguages; + } + + while(!LastLanguage) { + // + //point CurrentLanguage to start of new language + // + CurrentLanguage = Languages; + while(*Languages != ';' && *Languages != 0) + Languages++; + + // + //Last language in language list + // + if(*Languages == 0) { + LastLanguage = TRUE; + if(StringId == 0) { + Status = HiiString->NewString(HiiString, HiiHandle, &StringId, CurrentLanguage, NULL, String, NULL); + } else { + Status = HiiString->SetString(HiiString, HiiHandle, StringId, CurrentLanguage, String, NULL); + } + if(EFI_ERROR(Status)) { + return 0; + } + } else { + // + //put null-terminator + // + *Languages = 0; + if(StringId == 0) { + Status = HiiString->NewString(HiiString, HiiHandle, &StringId, CurrentLanguage, NULL, String, NULL); + } else { + Status = HiiString->SetString(HiiString, HiiHandle, StringId, CurrentLanguage, String, NULL); + } + *Languages = ';'; //restore original character + Languages++; + if(EFI_ERROR(Status)) { + return 0; + } + } + } + return StringId; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: PasswordHiiAddString +// +// Description: Add the String to HiiDatabase +// +// Input: +// IN EFI_HII_HANDLE HiiHandle, +// IN CHAR16 * String +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STRING_ID PasswordHiiAddString( + IN EFI_HII_HANDLE HiiHandle, + IN CHAR16 * String ) +{ + EFI_STRING_ID StringId = 0; + + StringId=PrivateHiiAddString( HiiHandle, String ); + + // + // Error in Adding String. Try with Default function that AMITSE has. + // + if(StringId == 0) { + StringId= HiiAddString( HiiHandle, String ); + } + + return StringId; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDESecurityProtocolInit +// +// Description: Locate the Security Protocols and return the information +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +UINT16 IDESecurityProtocolInit( ) +{ + EFI_STATUS Status; + EFI_HANDLE *HandleBuffer = NULL; + UINT16 i, j, HDDCount = 0; + UINTN Count; + CHAR16 * Name, *Temp1; + CHAR16 Temp[60]; + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL; + IDE_SECURITY_DATA *DataPtr = NULL; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; + PCI_DEVICE_PATH *PciDevicePath; + SECURITY_PROTOCOL *Security = NULL; + UINT32 HddPortNumber; + CHAR16 *Buff=L"P"; + EFI_DISK_INFO_PROTOCOL *DiskInfoPtr=NULL; + UINT32 PortNumber; + UINT32 PMPortNumber; + IDE_SECURITY_DATA *TempIDEPasswordSecurityData = NULL; + +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + if(ConfigPromptToken == 0) + ConfigPromptToken = PasswordHiiAddString( gHiiHandle, L"HDD Security Configuration" ); +#endif + + Status = gBS->LocateHandleBuffer( ByProtocol, + &gIDESecurityProtocolGuid, + NULL, + &Count, + &HandleBuffer); + + // + // If already data has been found return with that information + // + if ( gIDESecurityCount != 0 && IDEPasswordSecurityData != NULL ) { + if ( gIDESecurityCount == Count ) { + return gIDESecurityCount; //the IDE struct is valid + } + + // + // New HDD device found. Need to validate the password for the new HDD + // and skip the HDD that has been already validated. + // + TempIDEPasswordSecurityData = IDEPasswordSecurityData; + IDEPasswordSecurityData = EfiLibAllocateZeroPool( Count * sizeof(IDE_SECURITY_DATA)); + // + // Copy the Existing HDD data + // + MemCopy( IDEPasswordSecurityData, TempIDEPasswordSecurityData, sizeof(IDE_SECURITY_DATA) * gIDESecurityCount ); + MemFreePointer((VOID**)&TempIDEPasswordSecurityData ); + DataPtr = IDEPasswordSecurityData; + // + // DataPtr moved to free Entry + // + DataPtr+=gIDESecurityCount; + HDDCount=gIDESecurityCount; + + } else { + // + // Allocate the buffer for DataPtr + // + IDEPasswordSecurityData = EfiLibAllocateZeroPool( Count * sizeof(IDE_SECURITY_DATA)); + DataPtr = IDEPasswordSecurityData; + } + + if ( EFI_ERROR( Status )) { + return 0; + } + + + if(DataPtr == NULL) { + return 0; + } + + + if ( gHandleBuffer != NULL ) { + MemFreePointer( (VOID **)&gHandleBuffer ); + } + + gHandleBuffer = EfiLibAllocateZeroPool( sizeof(EFI_HANDLE) * Count ); + + for ( i = 0; i < Count; i++ ) { + // + // Check if already Validate or not. If already validate don't verify the password again. + // + if ( gHandleBuffer != NULL && gIDESecurityCount != 0 ) { + j = gIDESecurityCount; + + do { + if ( HandleBuffer[i] == gHandleBuffer[j - 1] ) { + break; + } + j--; + } while ( j != 0 ); + + if ( j != 0 ) + continue; + } + + // + // Get the PasswordSecurity Protocol + // + Status = gBS->OpenProtocol( HandleBuffer[i], + &gIDESecurityProtocolGuid, + (VOID**) &IDEPasswordSecurity, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + + if ( EFI_ERROR( Status )) + continue; + // + // Handle the DiskInfo Protocol + // + Status = gBS->OpenProtocol( HandleBuffer[i], + &gDiskInfoProtocolGuid, + (VOID**) &DiskInfoPtr, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + + if ( EFI_ERROR( Status )){ + continue; + } + // + // Locate the device path Protocol + // + Status = gBS->OpenProtocol( HandleBuffer[i], + &gDevicePathProtocolGuid, + (VOID**)&DevicePath, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + + if ( EFI_ERROR( Status )){ + continue; + } + + DevicePathNode = DevicePath; + + // + // Traverse the Device Path structure till we reach HARDWARE_DEVICE_PATH + // + while (!isEndNode (DevicePathNode)) { + + if ((DevicePathNode->Type == HARDWARE_DEVICE_PATH) && + (DevicePathNode->SubType == HW_PCI_DP)){ + + PciDevicePath = (PCI_DEVICE_PATH *) DevicePathNode; + break; + } + + DevicePathNode = NEXT_NODE (DevicePathNode); + } + + if (PciDevicePath == NULL) continue; + + Security=(SECURITY_PROTOCOL *)IDEPasswordSecurity; + + if(Security->ModeFlag){ + // + // Controller is in Ahci Mode, Call WhichIde function to find out Port Number + // + DiskInfoPtr->WhichIde(DiskInfoPtr,&PortNumber,&PMPortNumber); + // + // Assign the PortNumber to HddPortNumber.This Port Number is displayed in Setup. + // + HddPortNumber=PortNumber; + + gFlag=TRUE; + + }else{ + +#ifdef SB_TEMPLATE_VER +#if SB_TEMPLATE_VER > 6 +{ + UINT32 IdeChannel; + UINT32 IdeDevice; + + if(gSbHddPolicyPtr==NULL){ + Status=gBS->LocateProtocol(&gSbHddPolicyProtocolGuid, + NULL, \ + &gSbHddPolicyPtr); + } + + if(gSbHddPolicyPtr!=NULL){ + + // + // Find out the Primary/Secondary,Master/Slave Info from WhichIde function + // + DiskInfoPtr->WhichIde(DiskInfoPtr,&IdeChannel,&IdeDevice); + // + // Get the Port Number to which the HDD is connected + // + gSbHddPolicyPtr->GeneratePortNumber(PciDevicePath->Device,PciDevicePath->Function, + IdeChannel,IdeDevice,&PortNumber); + + HddPortNumber=PortNumber; + + gFlag=TRUE; + + }else{ + + // + // SB HDD Policy Protocol is not Present. + // + gFlag=FALSE; + } +} +#endif +#endif + + } + if ( CheckSecurityStatus( IDEPasswordSecurity, &(DataPtr->Locked), SecurityLockedMask )) { + DataPtr->IDEPasswordSecurity = IDEPasswordSecurity; + + if ( HddPasswordGetDeviceName( HandleBuffer[i], &Name )) { + DataPtr->NameToken = PasswordHiiAddString( gHiiHandle, Name ); + Name[12] = 0; + if(gFlag){ + // + // Display the the Port Number in Setup + // + SPrint( Temp, 60, L"%s%d:%s", Buff, HddPortNumber, Name ); + DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp ); + }else{ + // + // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT + // token to display the String Information. + // + Temp1 = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT )); + SPrint( Temp, 60, L"%s%d:%s", Temp1,HDDCount,Name); + DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp ); + } + } else { + if(gFlag){ + // + // Display the the Port Number in Setup + // + SPrint( Temp, 60, L"%s%d", Buff, HddPortNumber ); + DataPtr->NameToken = PasswordHiiAddString( gHiiHandle, Temp ); + DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp ); + }else{ + // + // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT + // token to display the String Information. + // + Temp1 = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT )); + SPrint( Temp, 60, L"%s%d", Temp1, HDDCount); + DataPtr->NameToken = PasswordHiiAddString( gHiiHandle, Temp ); + DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp ); + } + } + DataPtr->Validated = FALSE; + + if(DataPtr->Locked) { + gHandleBuffer[i]=HandleBuffer[i]; + } + + DataPtr++; + HDDCount++; + }// end if + + }// end of for + + // + //if no hd is supported + // + if ( HDDCount == 0 ) { + MemFreePointer((VOID**)&IDEPasswordSecurityData ); + IDEPasswordSecurityData=NULL; + } + + MemFreePointer((VOID**)&HandleBuffer ); + + return HDDCount; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordGetLocked +// +// Description: Return Hdd Locked Information +// +// Input: UINTN Index +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN IDEPasswordGetLocked( + UINTN Index ) +{ + IDE_SECURITY_DATA *DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( Index ); + + if(DataPtr == NULL) { + return 0; + } + return DataPtr->Locked; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: CheckSecurityStatus +// +// Description: return the Security Status Information +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN CheckSecurityStatus( + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity, + BOOLEAN *ReqStatus, + UINT16 Mask ) +{ + UINT16 SecurityStatus = 0; + EFI_STATUS Status; + + // + //get the security status of the device + // + Status = IDEPasswordSecurity->ReturnSecurityStatus( IDEPasswordSecurity, &SecurityStatus ); + + if ( EFI_ERROR( Status )) + return FALSE; + + *ReqStatus = (BOOLEAN)((SecurityStatus & Mask) ? TRUE : FALSE ); + return TRUE; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddPasswordDPLength +// +// Description: return the Device path Length +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +UINTN HddPasswordDPLength( EFI_DEVICE_PATH_PROTOCOL *pDp ) +{ + UINTN Size = 0; + + for (; !(IsDevicePathEnd( pDp )); pDp = NextDevicePathNode( pDp )) + Size += DevicePathNodeLength( pDp ); + + // + // add size of END_DEVICE_PATH node + // + return Size + END_DEVICE_PATH_LENGTH; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddPasswordDPGetLastNode +// +// Description: Returns pointer on very last DP node before END_OF_DEVICE_PATH node +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID* HddPasswordDPGetLastNode( EFI_DEVICE_PATH_PROTOCOL *pDp ) +{ + EFI_DEVICE_PATH_PROTOCOL *dp = NULL; + + for (; !IsDevicePathEnd( pDp ); pDp = NextDevicePathNode( pDp )) + dp = pDp; + + return dp; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddPasswordDPCopy +// +// Description: Copy the Device path to another Memory buffer +// +// Input: +// EFI_DEVICE_PATH_PROTOCOL *pDp +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID* HddPasswordDPCopy( EFI_DEVICE_PATH_PROTOCOL *pDp ) +{ + UINTN l = HddPasswordDPLength( pDp ); + UINT8 *p = EfiLibAllocateZeroPool( l ); + + MemCopy( p, pDp, l ); + return p; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddPasswordGetDeviceName +// +// Description: Return the Drive String Name +// +// Input: EFI_HANDLE Controller - the handle of the drive +// CHAR16 **wsName - returned pointer to the drive string +// +// Output: BOOLEAN - TRUE - drive string has been found and is in wsName +// - FALSE - drive string has not been found +// +// Notes: it is the caller's responsibility to deallocate the space used for +// wsName +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN HddPasswordGetDeviceName(EFI_HANDLE Controller, CHAR16 **wsName) +{ + EFI_STATUS Status; + SECURITY_PROTOCOL *Security = NULL; + + CHAR16 *DeviceName; + BOOLEAN ReturnStatus = FALSE; + + // Get the SECURITY_PROTOCOL (actually getting the IDE_SECURITY_PROTOCOL, but + // the SECURITY_PROTOCOL is an extended version with more information) + Status = gBS->HandleProtocol(Controller, &gIDESecurityProtocolGuid, &Security); + if ( !EFI_ERROR(Status) ) { + // Check the SATA controller operating mode, and based on the mode, get the UnicodeString + // name of the device + if ( Security->ModeFlag ) { + DeviceName = ((SATA_DEVICE_INTERFACE*)Security->BusInterface)->UDeviceName->UnicodeString; + } else { + DeviceName = ((IDE_BUS_PROTOCOL*)Security->BusInterface)->IdeDevice.UDeviceName->UnicodeString; + } + + // Allocate space to copy the unicode device name string + *wsName = EfiLibAllocateZeroPool( sizeof(CHAR16)*(EfiStrLen(DeviceName)+1)); + + if ( *wsName!=NULL ) { + EfiStrCpy( *wsName, DeviceName); + ReturnStatus = TRUE; + } + } + + // Return true to signify that a device name was discovered + return ReturnStatus; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: AMI_CheckIDEPassword +// +// Description: Get the password and Validate the HDD password +// +// Input: +// UINT16 PromptToken, +// VOID *DataPtr +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID AMI_CheckIDEPassword(UINT16 PromptToken, VOID *DataPtr) +{ + UINTN CurrXPos, CurrYPos, i; + CHAR16 *PasswordEntered; + EFI_STATUS Status = EFI_ACCESS_DENIED; + UINT32 IdePasswordFlags = 0; + UINTN BoxLength = IDE_PASSWORD_LENGTH; + CHAR16 *DescToken = NULL; + + UINT16 SecurityStatus=0; + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL; + CHAR16 *UnlckHddCBToken = NULL; + UINTN CB_BoxLength=0; + + CheckForKeyHook((EFI_EVENT)NULL, NULL ); + gST->ConIn->Reset( gST->ConIn, FALSE ); + DescToken = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_ENTER_USER )); + + if ( DescToken ) { + if ( (TestPrintLength( DescToken ) / NG_SIZE) > BoxLength ) { + BoxLength = TestPrintLength( DescToken ) / NG_SIZE; + } + } + MemFreePointer((VOID**) &DescToken ); + + UnlckHddCBToken = HiiGetString( gHiiHandle, STRING_TOKEN(STR_IDE_UNLCK_COLD)); + if ( UnlckHddCBToken ) { + if ( (TestPrintLength( UnlckHddCBToken ) / NG_SIZE) > CB_BoxLength ) { + CB_BoxLength = TestPrintLength( UnlckHddCBToken ) / NG_SIZE; + } + } + MemFreePointer((VOID**) &UnlckHddCBToken ); + + + HddSecuritySignalProtocolEvent(&gHddPasswordPromptEnterGuid); + // + //Draw password window + // +#if ALL_HDD_SAME_PW + PromptToken = STRING_TOKEN( STR_IDE_SECURITY_PROMPT ); +#endif + + _DrawPasswordWindow( PromptToken, BoxLength, &CurrXPos, &CurrYPos ); + PasswordEntered = EfiLibAllocateZeroPool((IDE_PASSWORD_LENGTH + 1) * sizeof(CHAR16)); + IDEPasswordSecurity=((IDE_SECURITY_DATA* )DataPtr)->IDEPasswordSecurity; + // + //Give four chances to enter user password + // + for ( i = 0; i < USER_PASSWORD_RETRY_ATTEMPTS; i++ ) { + Status = IDEPasswordSecurity->ReturnSecurityStatus(IDEPasswordSecurity, &SecurityStatus ); + if(Status == EFI_SUCCESS && (SecurityStatus>>4)& 0x1){ + _DrawPasswordWindow( PromptToken, CB_BoxLength, &CurrXPos, &CurrYPos ); + _ReportInBox(CB_BoxLength,STRING_TOKEN(STR_IDE_UNLCK_COLD),CurrXPos,CurrYPos,TRUE); + HddSecuritySignalProtocolEvent(&gHddPasswordPromptExitGuid); + if (gST->ConOut != NULL) { + //Disable cursor, set desired attributes and clear screen + gST->ConOut->EnableCursor( gST->ConOut, FALSE ); + gST->ConOut->SetAttribute( gST->ConOut, (EFI_BACKGROUND_BLACK | EFI_WHITE)); + gST->ConOut->ClearScreen( gST->ConOut); + } + return ; + } + _ReportInBox( BoxLength, STRING_TOKEN(STR_IDE_ENTER_USER), CurrXPos, CurrYPos - 1, FALSE ); + + if ( EFI_SUCCESS !=_GetPassword( + PasswordEntered, + IDE_PASSWORD_LENGTH, + CurrXPos, + CurrYPos, + NULL )) { + break; + } // end if + + // + // Validate the Password + // + Status = IDEPasswordAuthenticate( PasswordEntered, DataPtr, TRUE ); + + if ( EFI_SUCCESS == Status ) { + break; + } else if ((i + 1) != USER_PASSWORD_RETRY_ATTEMPTS ) { + _ReportInBox( IDE_PASSWORD_LENGTH, STRING_TOKEN(STR_ERROR_PSWD), CurrXPos, CurrYPos, TRUE ); + } + }// end of for + + + #if SETUP_ASK_MASTER_PASSWORD + + if ( EFI_SUCCESS != Status ) { + _ReportInBox( IDE_PASSWORD_LENGTH, STRING_TOKEN(STR_ERROR_PSWD), CurrXPos, CurrYPos, TRUE ); + // + // Checking if the master password is installed + // + Status=((IDE_SECURITY_DATA*)DataPtr)->IDEPasswordSecurity->ReturnIdePasswordFlags( + ((IDE_SECURITY_DATA*)DataPtr)->IDEPasswordSecurity, + &IdePasswordFlags ); + + if((Status == EFI_SUCCESS)&&((IdePasswordFlags>>16)&1)) { + if ( i < MAXIMUM_HDD_UNLOCK_ATTEMPTS ) { + BoxLength = IDE_PASSWORD_LENGTH; + DescToken = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_ENTER_MASTER )); + + if ( DescToken ) { + if (( TestPrintLength( DescToken ) / NG_SIZE) > BoxLength ) { + BoxLength = TestPrintLength( DescToken ) / NG_SIZE; + } + } + MemFreePointer((VOID**) &DescToken ); + + ClearScreen( EFI_BACKGROUND_BLACK | EFI_LIGHTGRAY ); + + // + //Draw password window + // + _DrawPasswordWindow( PromptToken, BoxLength, &CurrXPos, &CurrYPos ); + } + + // + //Give remaining chances to enter Master password + // + for (; i < MAXIMUM_HDD_UNLOCK_ATTEMPTS; i++ ) { + Status = IDEPasswordSecurity->ReturnSecurityStatus(IDEPasswordSecurity, &SecurityStatus ); + if(Status == EFI_SUCCESS && (SecurityStatus>>4)& 0x1){ + _DrawPasswordWindow( PromptToken, CB_BoxLength, &CurrXPos, &CurrYPos ); + _ReportInBox(CB_BoxLength,STRING_TOKEN(STR_IDE_UNLCK_COLD),CurrXPos,CurrYPos,TRUE); + HddSecuritySignalProtocolEvent(&gHddPasswordPromptExitGuid); + if (gST->ConOut != NULL) { + //Disable cursor, set desired attributes and clear screen + gST->ConOut->EnableCursor( gST->ConOut, FALSE ); + gST->ConOut->SetAttribute( gST->ConOut, (EFI_BACKGROUND_BLACK | EFI_WHITE)); + gST->ConOut->ClearScreen( gST->ConOut); + } + return ; + } + _ReportInBox( BoxLength, STRING_TOKEN( + STR_IDE_ENTER_MASTER ), CurrXPos, CurrYPos - 1, + FALSE ); + + if ( EFI_SUCCESS != + _GetPassword( PasswordEntered, IDE_PASSWORD_LENGTH, CurrXPos, + CurrYPos, NULL )) { + break; + } + + // + // Vaidate the Master password + // + Status = IDEPasswordAuthenticate( PasswordEntered, DataPtr, FALSE ); + + if ( EFI_SUCCESS == Status ) { + break; + } else { + if ( (i + 1) != MAXIMUM_HDD_UNLOCK_ATTEMPTS ) { + _ReportInBox( IDE_PASSWORD_LENGTH, + STRING_TOKEN( + STR_ERROR_PSWD ), CurrXPos, CurrYPos, + TRUE ); + } + } + }// end of for + }// end if + }// end if + #endif + + MemSet( PasswordEntered, (IDE_PASSWORD_LENGTH + 1) * sizeof(CHAR16), 0); + + MemFreePointer((VOID**)&PasswordEntered ); + + if ( EFI_SUCCESS != Status ) { + //Report Invalid password + _ReportInBox( IDE_PASSWORD_LENGTH, STRING_TOKEN( + STR_IDE_ERROR_PSWD ), CurrXPos, CurrYPos, TRUE ); + // Unlock failed. + EfiLibReportStatusCode( EFI_ERROR_CODE | EFI_ERROR_MAJOR, + DXE_INVALID_IDE_PASSWORD, + 0, + NULL, + NULL ); + } + + HddSecuritySignalProtocolEvent(&gHddPasswordPromptExitGuid); + if (gST->ConOut != NULL) { + //Disable cursor, set desired attributes and clear screen + gST->ConOut->EnableCursor( gST->ConOut, FALSE ); + gST->ConOut->SetAttribute( gST->ConOut, (EFI_BACKGROUND_BLACK | EFI_WHITE)); + gST->ConOut->ClearScreen( gST->ConOut); + } + + + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordvices +// +// Description: Send Frezze command all the HDD +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID IDEPasswordFreezeDevices( ) +{ + EFI_STATUS Status; + EFI_HANDLE *HandleBuffer; + UINT16 i; + UINTN Count; + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL; + + // Return if Hdd FreezeLock command is already sent + if( HddFreeze ) { + return; + } + + if(IDEPasswordSecurityData != NULL) { + // + // Clear the Password + // + MemSet( IDEPasswordSecurityData, sizeof(IDE_SECURITY_DATA) * gIDESecurityCount, 0); + // + // Free up the Memory + // + MemFreePointer((VOID**)&IDEPasswordSecurityData ); + IDEPasswordSecurityData=NULL; + } + + Status = gBS->LocateHandleBuffer( + ByProtocol, + &gIDESecurityProtocolGuid, + NULL, + &Count, + &HandleBuffer + ); + + if ( EFI_ERROR( Status )) { + return; + } + + for ( i = 0; i < Count; i++ ) { + // + // get password security protocol + // + Status = gBS->OpenProtocol( + HandleBuffer[i], + &gIDESecurityProtocolGuid, + (VOID**) &IDEPasswordSecurity, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + + if ( EFI_ERROR( Status )) { + continue; + } + + // + //Send Freeze lock command + // + Status=IDEPasswordSecurity->SecurityFreezeLock( IDEPasswordSecurity ); + + if(Status == EFI_SUCCESS) { + HddFreeze = TRUE; + } + + }// end of for + MemFreePointer((VOID**)&HandleBuffer ); + + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordUpdateHdd +// +// Description: Updates the HDD password for the current HDD alone. +// +// Input: +// UINT32 Index, +// CHAR16 *Password, +// BOOLEAN bCheckUser +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN IDEPasswordUpdateHdd(UINT32 Index,CHAR16 *Password,BOOLEAN bCheckUser) +{ + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL; + UINT16 Control = bCheckUser ? 0 : 1; + UINT8 RevisionCode = 0; + BOOLEAN Locked, Enabled; + EFI_STATUS Status = EFI_UNSUPPORTED; + UINT8 Buffer[IDE_PASSWORD_LENGTH + 1]; + UINT8 Selection; + #if !SETUP_SAME_SYS_HDD_PW + UINTN ii; + #endif + IDE_SECURITY_DATA *DataPtr; + +// +// While password is set via hook in tse to perfom some OEM feature +// and SETUP_PASSWORD_NON_CASE_SENSITIVE is set, even then the +// password will be updated as if it is case sensitive but Authenticates +// as non case sensitive so in order to avoid such situation making +// IDEPasswordUpdateHdd() symmetric with IDEPasswordAuthenticateHdd() +// to update case sensivity {EIP99649} +// +#if TSE_BUILD > 0x1206 +{ + UINTN NewPwLen = 0; + if( IsPasswordSupportNonCaseSensitive() ) { + NewPwLen = EfiStrLen(Password); + UpdatePasswordToNonCaseSensitive(Password, NewPwLen); + } +} +#endif + + DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( Index ); + + if ( DataPtr == NULL ) { + ShowPostMsgBox( + NULL, + HiiGetString( + gHiiHandle, + STRING_TOKEN(STR_IDE_SECURITY_UNSUPPORTED) + ), + MSGBOX_TYPE_OK, + &Selection + ); // ShowPostMsgBox + + return FALSE; + } + IDEPasswordSecurity = DataPtr->IDEPasswordSecurity; + + // + //get the status of the device + // + if ( !( + CheckSecurityStatus( + IDEPasswordSecurity, &Locked, + SecurityLockedMask ) + && CheckSecurityStatus( IDEPasswordSecurity, &Enabled, + SecurityEnabledMask ))) { + return FALSE; + } + + if ( !Locked ) { + if ( Password[0] == 0 ) { + // + //empty string is entered -> disable password + // + Status = IDEPasswordSecurity->SecurityDisablePassword( + IDEPasswordSecurity, + Control, + IDEPasswordSecurityData[Index].PWD ); + } else { + // + //set new password + // + MemSet( &Buffer, IDE_PASSWORD_LENGTH + 1, 0 ); + #if !SETUP_SAME_SYS_HDD_PW + + for ( ii = 0; ii < IDE_PASSWORD_LENGTH + 1; ii++ ) { + Buffer[ii] = (UINT8)Password[ii]; + + if ( Password[ii] == L'\0' ) { + break; + } + }// end of for + #else + MemCopy( Buffer, Password, IDE_PASSWORD_LENGTH + 1 ); + #endif + + Status = IDEPasswordSecurity->SecuritySetPassword( + IDEPasswordSecurity, + Control, + Buffer, + RevisionCode ); + } + }// end if(!Locked) + + if ( EFI_ERROR( Status )) { + return FALSE; + } + + return TRUE; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordUpdateAllHdd +// +// Description: Updates the HDD password for all the HDDs present. +// +// Input: +// UINT32 Index, +// CHAR16 *Password, +// BOOLEAN bCheckUser +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN IDEPasswordUpdateAllHdd( + UINT32 Index, + CHAR16 *Password, + BOOLEAN bCheckUser ) +{ + UINTN i; + BOOLEAN Status = FALSE; + for ( i = 0; i < gIDESecurityCount; i++ ) { + Status = IDEPasswordUpdateHdd( (UINT32)i, Password, bCheckUser); + } + return Status; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordUpdate +// +// Description: Hook function to update the password for the HDDs based +// on the token ALL_HDD_SAME_PW. +// Input: +// UINT32 Index, +// CHAR16 *Password, +// BOOLEAN bCheckUser +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN IDEPasswordUpdate( + UINT32 Index, + CHAR16 *Password, + BOOLEAN bCheckUser ) +{ + #if ALL_HDD_SAME_PW + return IDEPasswordUpdateAllHdd( Index, Password, bCheckUser); + #else + return IDEPasswordUpdateHdd( Index, Password, bCheckUser); + #endif + +} +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: UnlockHDD +// +// Description: Unlock the HDD +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID UnlockHDD( + VOID ) +{ + #if SETUP_SAME_SYS_HDD_PW + UINTN Size=0, i; + AMITSESETUP *TSESetup; + IDE_SECURITY_DATA *DataPtr; + EFI_STATUS Status; + EFI_GUID AmiTseSetupGuid = AMITSESETUP_GUID; + + // + //Do not proceed if admin pssword is not set + // + if ( !(AMI_PASSWORD_USER & PasswordCheckInstalled()) ) { + return; + } + + // + //Get password from NVRAM + // + Size = 0; + TSESetup = VarGetNvramName (L"AMITSESetup", &AmiTseSetupGuid, NULL, &Size); + + if ( Size ) { + // + //For all drives + // + DataPtr = IDEPasswordSecurityData; + + for ( i = 0; i < gIDESecurityCount; i++ ) { + if ( DataPtr->Locked ) { + // + //ask fot the password if locked + // + Status = IDEPasswordAuthenticateHdd( TSESetup->UserPassword, + DataPtr, + TRUE ); + + if ( EFI_SUCCESS != Status ) { + // + // Unlock failed. + // + EfiLibReportStatusCode( EFI_ERROR_CODE | EFI_ERROR_MAJOR, + DXE_INVALID_IDE_PASSWORD, + 0, + NULL, + NULL ); + } + } + DataPtr++; + } // end of for + } // end if + + MemFreePointer((VOID**) &TSESetup ); + return; + #endif //#if SETUP_SAME_SYS_HDD_PW +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SetHDDPassword +// +// Description: Set the HDD password +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID SetHDDPassword(VOID) +{ + #if SETUP_SAME_SYS_HDD_PW + UINTN Size=0, i; + AMITSESETUP *TSESetup; + BOOLEAN Status; + EFI_GUID AmiTseSetupGuid = AMITSESETUP_GUID; + + // + //Get password from NVRAM + // + Size = 0; + TSESetup = VarGetNvramName (L"AMITSESetup", &AmiTseSetupGuid, NULL, &Size); + + if ( Size ) { + // + //For all drives + // + for ( i = 0; i < gIDESecurityCount; i++ ) { + Status = IDEPasswordUpdateHdd( (UINT32)i, TSESetup->UserPassword, TRUE); + } + } + + MemFreePointer((VOID**) &TSESetup ); + #endif //#if SETUP_SAME_SYS_HDD_PW +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordCheck +// +// Description: Validate the HDD password +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID IDEPasswordCheck() +{ + #if !SETUP_SAME_SYS_HDD_PW + IDE_SECURITY_DATA *DataPtr; +#if !ALL_HDD_SAME_PW + UINT16 i; +#endif +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + UINTN IDE_idex = 0; +#endif + BOOLEAN ScreenCorrupted = FALSE; + #endif + IDE_SECURITY_CONFIG ideSecConfig; + + // + // build IDESecurity data + // + + gIDESecurityCount = IDESecurityProtocolInit( ); + + if ( IDEPasswordSecurityData == NULL || gIDESecurityCount == 0 ) { + return; + } + + #if SETUP_SAME_SYS_HDD_PW + UnlockHDD(); + #else + DataPtr = IDEPasswordSecurityData; +#if !ALL_HDD_SAME_PW + for ( i = 0; i < gIDESecurityCount; i++ ) { +#endif + if ( DataPtr->Locked && (!DataPtr->Validated)) { + // + //ask fot the password if locked + // + DataPtr->Validated = TRUE; + AMI_CheckIDEPassword( DataPtr->PromptToken, (VOID*)DataPtr ); + ScreenCorrupted = TRUE; + } +#if !ALL_HDD_SAME_PW + DataPtr++; + }// end of for +#endif + // + // If the Screen Corrupted , Redraw the Screen + // + // if(ScreenCorrupted) { + // DrawScreenAgain(OldScreen); + // } + #endif + + MemSet( &ideSecConfig, sizeof(ideSecConfig), 0 ); + ideSecConfig.Count = gIDESecurityCount; +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + for( IDE_idex = 0 ; IDE_idex < gIDESecurityCount ; IDE_idex++ ) + { + IDEUpdateConfig( &ideSecConfig, IDE_idex ); + } +#endif + VarSetNvramName( L"IDESecDev", + &gIDESecGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS, + &ideSecConfig, + sizeof(ideSecConfig)); + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEUpdateConfigHdd +// +// Description: Initializes the structure IDE_SECURITY_CONFIG for the current +// HDD if the data pointer to the structure IDE_SECURITY_DATA is +// initialized already. +// +// Input: +// IDE_SECURITY_CONFIG *ideSecConfig +// UINTN value +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID IDEUpdateConfigHdd( + VOID *TempideSecConfig, + UINTN value ) +{ + IDE_SECURITY_DATA *DataPtr = NULL; + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL; + BOOLEAN Status; + UINT32 IdePasswordFlags = 0; + EFI_STATUS ReturnStatus; + IDE_SECURITY_CONFIG *ideSecConfig + = (IDE_SECURITY_CONFIG*)TempideSecConfig; + + + // + //Set current IDE security page + // +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + + DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( value ); + + if ( DataPtr ) { + IDEPasswordSecurity = DataPtr->IDEPasswordSecurity; + + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecuritySupportedMask ); + ideSecConfig->Supported[value] = Status ? 1 : 0; + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecurityEnabledMask ); + ideSecConfig->Enabled[value] = Status ? 1 : 0; + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecurityLockedMask ); + ideSecConfig->Locked[value] = Status ? 1 : 0; + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecurityFrozenMask ); + ideSecConfig->Frozen[value] = Status ? 1 : 0; + ReturnStatus = IDEPasswordSecurity->ReturnIdePasswordFlags( + IDEPasswordSecurity, + &IdePasswordFlags ); + + if ( EFI_ERROR( ReturnStatus )) { + return; + } + + ideSecConfig->UserPasswordStatus[value] + = (IdePasswordFlags & 0x00020000) ? 1 : 0; + ideSecConfig->MasterPasswordStatus[value] + = (IdePasswordFlags & 0x00010000) ? 1 : 0; + + ideSecConfig->ShowMaster[value] = 0x0000; + + if ( ideSecConfig->Locked[value] ) { + ideSecConfig->ShowMaster[value] = 0x0001; + } else if ( (DataPtr->LoggedInAsMaster)) { + ideSecConfig->ShowMaster[value] = 0x0001; + } else if ( !(ideSecConfig->UserPasswordStatus[value])) { + ideSecConfig->ShowMaster[value] = 0x0001; + } + }// end if +#else + gCurrIDESecPage = value; + + DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( value ); + + if ( DataPtr ) { + IDEPasswordSecurity = DataPtr->IDEPasswordSecurity; + + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecuritySupportedMask ); + ideSecConfig->Supported = Status ? 1 : 0; + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecurityEnabledMask ); + ideSecConfig->Enabled = Status ? 1 : 0; + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecurityLockedMask ); + ideSecConfig->Locked = Status ? 1 : 0; + CheckSecurityStatus( + IDEPasswordSecurity, + &Status, + SecurityFrozenMask ); + ideSecConfig->Frozen = Status ? 1 : 0; + ReturnStatus = IDEPasswordSecurity->ReturnIdePasswordFlags( + IDEPasswordSecurity, + &IdePasswordFlags ); + + if ( EFI_ERROR( ReturnStatus )) { + return; + } + + ideSecConfig->UserPasswordStatus + = (IdePasswordFlags & 0x00020000) ? 1 : 0; + ideSecConfig->MasterPasswordStatus + = (IdePasswordFlags & 0x00010000) ? 1 : 0; + + ideSecConfig->ShowMaster = 0x0000; + + if ( ideSecConfig->Locked ) { + ideSecConfig->ShowMaster = 0x0001; + } else if ( (DataPtr->LoggedInAsMaster)) { + ideSecConfig->ShowMaster = 0x0001; + } else if ( !(ideSecConfig->UserPasswordStatus)) { + ideSecConfig->ShowMaster = 0x0001; + } + }// end if +#endif + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEUpdateConfigAllHdd +// +// Description: Initializes the structure IDE_SECURITY_CONFIG for all the +// HDDs present if the data pointer to the structure +// IDE_SECURITY_DATA is initialized already. +// +// Input: +// IDE_SECURITY_CONFIG *ideSecConfig +// UINTN value +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID IDEUpdateConfigAllHdd( + VOID *TempideSecConfig, + UINTN value ) +{ + UINTN i; + + for ( i = 0; i < gIDESecurityCount; i++ ) { + IDEUpdateConfigHdd( TempideSecConfig, i); + } + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEUpdateConfig +// +// Description: Hook function to Initialize the structure IDE_SECURITY_CONFIG +// for the HDDs based on the token ALL_HDD_SAME_PW. +// +// Input: +// IDE_SECURITY_CONFIG *ideSecConfig +// UINTN value +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID IDEUpdateConfig( + VOID *TempideSecConfig, + UINTN value ) +{ + #if ALL_HDD_SAME_PW + IDEUpdateConfigAllHdd( TempideSecConfig, value); + #else + IDEUpdateConfigHdd( TempideSecConfig, value); + #endif + +} +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordGetName +// +// Description: Get the Hdd name +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +UINT16 IDEPasswordGetName( + UINT16 Index ) +{ +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + // workaround for code in special.c which fills "goto string" token with + // hdd name string token. In our case we dont need that. + return ConfigPromptToken; +#else + UINTN size=0; + IDE_SECURITY_CONFIG *ideSecConfig; + IDE_SECURITY_DATA *DataPtr; + + ideSecConfig = VarGetNvramName (L"IDESecDev", &gIDESecGuid, NULL, &size); + IDEUpdateConfigHdd (ideSecConfig, Index); + VarSetNvramName (L"IDESecDev", + &gIDESecGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS, + ideSecConfig, + size); + + MemFreePointer((VOID **)&ideSecConfig); + + DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( Index ); + + if(DataPtr == NULL) { + return 0; + } + + return DataPtr->PromptToken; +#endif +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordAuthenticateHdd +// +// Description: Validates the Ide password for the current HDD alone. +// +// Input: +// CHAR16 *Password, +// VOID* Ptr, +// BOOLEAN bCheckUser +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS IDEPasswordAuthenticateHdd( + CHAR16 *Password, + VOID * Ptr, + BOOLEAN bCheckUser ) +{ + UINT16 Control = 0; + EFI_STATUS Status; + UINT8 Buffer[IDE_PASSWORD_LENGTH + 1]; + + #if !SETUP_SAME_SYS_HDD_PW + UINTN i; + #endif + + IDE_SECURITY_DATA * DataPtr = (IDE_SECURITY_DATA*)Ptr; + + MemSet( &Buffer, IDE_PASSWORD_LENGTH + 1, 0 ); + +#if TSE_BUILD > 0x1206 +{ + UINTN NewPwLen = 0; + if( IsPasswordSupportNonCaseSensitive() ) { + NewPwLen = EfiStrLen(Password); + UpdatePasswordToNonCaseSensitive(Password, NewPwLen); + } +} +#endif + + #if !SETUP_SAME_SYS_HDD_PW + + for ( i = 0; i < IDE_PASSWORD_LENGTH + 1; i++ ) { + Buffer[i] = (UINT8)Password[i]; + + if ( Password[i] == L'\0' ) { + break; + } + } + #else + MemCopy( Buffer, Password, IDE_PASSWORD_LENGTH + 1 ); + #endif + + Control = bCheckUser ? 0 : 1; + + Status = (DataPtr->IDEPasswordSecurity)->SecurityUnlockPassword( + DataPtr->IDEPasswordSecurity, + Control, + Buffer ); + + if ( EFI_ERROR( Status )) { + return EFI_ACCESS_DENIED; + } + + // + //save password in case we need to disable it during the setup + // + MemCopy( &(DataPtr->PWD), &Buffer, IDE_PASSWORD_LENGTH + 1 ); +// DataPtr->Locked = FALSE; + + if ( !bCheckUser ) { + DataPtr->LoggedInAsMaster = TRUE; + } + + return EFI_SUCCESS; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordAuthenticateAllHdd +// +// Description: Validates the Ide password for all the HDDs Present. +// +// Input: +// CHAR16 *Password, +// VOID* Ptr, +// BOOLEAN bCheckUser +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS IDEPasswordAuthenticateAllHdd( + CHAR16 *Password, + VOID * Ptr, + BOOLEAN bCheckUser ) +{ + IDE_SECURITY_DATA *DataPtr; + UINTN i; + EFI_STATUS Status=EFI_NOT_FOUND; + + // + //For all drives + // + DataPtr = IDEPasswordSecurityData; + + if(DataPtr == NULL) { + return EFI_NOT_FOUND; + } + + for ( i = 0; i < gIDESecurityCount; i++ ) { + + Status = IDEPasswordAuthenticateHdd( Password, + DataPtr, + bCheckUser ); + if ( EFI_SUCCESS != Status ) { + // + // Unlock failed. + // + EfiLibReportStatusCode( EFI_ERROR_CODE | EFI_ERROR_MAJOR, + DXE_INVALID_IDE_PASSWORD, + 0, + NULL, + NULL ); + } + DataPtr++; + } + return Status; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordAuthenticate +// +// Description: Hook function to validate IDE Password for the HDDs based on +// the token ALL_HDD_SAME_PW +// Input: +// CHAR16 *Password, +// VOID* Ptr, +// BOOLEAN bCheckUser +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS IDEPasswordAuthenticate( + CHAR16 *Password, + VOID * Ptr, + BOOLEAN bCheckUser ) +{ + #if ALL_HDD_SAME_PW + return IDEPasswordAuthenticateAllHdd( Password, Ptr, bCheckUser); + #else + return IDEPasswordAuthenticateHdd( Password, Ptr, bCheckUser); + #endif + +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IDEPasswordGetDataPtr +// +// Description: Get the Ide password Data pointer +// +// Input: none +// +// Output: none +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID* IDEPasswordGetDataPtr( UINTN Index ) +{ + IDE_SECURITY_DATA *DataPtr; + + if ( gIDESecurityCount == 0 || IDEPasswordSecurityData == NULL ) { + // + //try to initialize, if not initialized + // + gIDESecurityCount = IDESecurityProtocolInit( ); + } + + if ( gIDESecurityCount == 0 || IDEPasswordSecurityData == NULL || Index >= + gIDESecurityCount ) { + return NULL; + } + + DataPtr = (IDE_SECURITY_DATA*)IDEPasswordSecurityData; + + if(DataPtr == NULL) { + return 0; + } + + return (VOID*)&DataPtr[Index]; +} + +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: FramePwdCallbackIdePasswordUpdate +// +// Description: function to update the ide password +// +// Input: CONTROL_DATA *control : Selected password control data, +// VOID *saveData : New password +// +// Output: EFI_STATUS +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS FramePwdCallbackIdePasswordUpdate ( CONTROL_DATA *control, CHAR16 *saveData) +{ + BOOLEAN bCheckUser = FALSE; + VOID * data =control->ControlData.ControlPtr; + UINT8 HardDiskNumber = 0xFF; + + // Check whether selected password control is a HDD Password control + if (control->ControlData.ControlVariable == VARIABLE_ID_IDE_SECURITY ) + { + // find index of currently selected HDD and type of password(user/master) to update + SearchTseHardDiskField( &bCheckUser, NULL, &HardDiskNumber, data ); + + if( HardDiskNumber != 0xFF ) // If HDD index is valid + { + IDEPasswordUpdate( (UINT32)HardDiskNumber, (CHAR16*) saveData, bCheckUser ); //update it + } + return EFI_SUCCESS; + } + else + return EFI_UNSUPPORTED; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: PopupPwdAuthenticateIDEPwd +// +// Description: Function to authenticate the IDE password +// +// Input: POPUP_PASSWORD_DATA *popuppassword, +// BOOLEAN *AbortUpdate, +// VOID *data +// +// Output: EFI_STATUS +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS PopupPwdAuthenticateIDEPwd(POPUP_PASSWORD_DATA *popuppassword, BOOLEAN *AbortUpdate,VOID *data) +{ + EFI_STATUS Status = EFI_UNSUPPORTED; + CHAR16 *Text=NULL; + UINT8 HardDiskNumber = 0xFF; + + // Check whether selected password control is a HDD Password control + if(popuppassword->ControlData.ControlVariable == VARIABLE_ID_IDE_SECURITY ) + { + BOOLEAN bCheckUser = FALSE; + BOOLEAN EnabledBit = FALSE; + UINTN size = 0; + IDE_SECURITY_CONFIG *ideSecConfig; + + ideSecConfig = VarGetVariable( VARIABLE_ID_IDE_SECURITY, &size ); // Get the data from setup page + if (NULL == ideSecConfig) { + return EFI_NOT_FOUND; + } + // find index of currently selected HDD and type of password(user/master) to authenticate + SearchTseHardDiskField( &bCheckUser, &EnabledBit, &HardDiskNumber, data ); + // Check if password has been set for selected HDD + if( ( HardDiskNumber != 0xFF ) && ideSecConfig->Enabled[HardDiskNumber] ) + { + EnabledBit = TRUE; + } + + // If password has been set then proceed + if(EnabledBit) + { + if( bCheckUser || ideSecConfig->MasterPasswordStatus[HardDiskNumber] ) + { + // Ask for the password + Status = _DoPopupEdit( popuppassword, STRING_TOKEN(STR_OLD_PSWD), &Text); + if(EFI_SUCCESS != Status ) + { + *AbortUpdate = TRUE; // Status: Password not updated + } + else + { + // Get IDE_SECURITY_PROTOCOL instance for current HDD + void* DataPtr = TSEIDEPasswordGetDataPtr( HardDiskNumber ); + Status = TSEIDEPasswordAuthenticate( Text, DataPtr, bCheckUser ); //Authenticate it + if(EFI_ERROR( Status )) + { + // Show error message if password is wrong + CallbackShowMessageBox( (UINTN)gInvalidPasswordFailMsgBox, MSGBOX_TYPE_OK ); + *AbortUpdate = TRUE; // Status: Password not updated + } + StringZeroFreeMemory ((VOID **)&Text); // Erase string and free allocated memory + } + } + } + + MemFreePointer((VOID **) &ideSecConfig); // Free setup data memory + return EFI_SUCCESS; + } + return EFI_UNSUPPORTED; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: PopupPwdUpdateIDEPwd +// +// Description: function to update the setup config page after IDE password update +// +// Input: None +// +// Output: None +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +VOID PopupPwdUpdateIDEPwd (VOID) +{ + UINTN size = 0; + IDE_SECURITY_CONFIG *ideSecConfig; + UINT8 HardDiskNumber = 0xFF; + + // Get the old setup config data + ideSecConfig = VarGetVariable( VARIABLE_ID_IDE_SECURITY, &size ); + if (NULL == ideSecConfig) { + return; + } + // Update setup data for all HDDs + for( HardDiskNumber = 0 ; HardDiskNumber < ideSecConfig->Count ; HardDiskNumber++ ) + { + IDEUpdateConfig( (VOID*)ideSecConfig, HardDiskNumber ); + } + // Set the new setup config data + VarSetValue (VARIABLE_ID_IDE_SECURITY, 0, size, ideSecConfig); + if (gApp != NULL) + gApp->CompleteRedraw = TRUE; // redraw setup config page to reflect updated configuration + MemFreePointer((VOID **)&ideSecConfig); +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SearchTseHardDiskField +// +// Description: function to search TSE hard disk field. +// +// Input: IN OUT BOOLEAN *pbCheckUser : Password type - User/Master, +// IN OUT BOOLEAN *pEnabledBit : Password is set / not, +// IN OUT UINT8 *pHardDiskNumber : HDD index, +// IN VOID *data +// +// Output: None +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID SearchTseHardDiskField ( + IN OUT BOOLEAN *pbCheckUser, IN OUT BOOLEAN *pEnabledBit, + IN OUT UINT8 *pHardDiskNumber, IN VOID *data + ) +{ + UINTN size = 0; + IDE_SECURITY_CONFIG *ideSecConfig; + + ideSecConfig = VarGetVariable( VARIABLE_ID_IDE_SECURITY, &size ); + + // + // Check if User password field is selected, if yes then set HDD index + // + if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword) ) + { + *pHardDiskNumber = 0; + *pbCheckUser = TRUE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD2) ) + { + *pHardDiskNumber = 1; + *pbCheckUser = TRUE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD3) ) + { + *pHardDiskNumber = 2; + *pbCheckUser = TRUE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD4) ) + { + *pHardDiskNumber = 3; + *pbCheckUser = TRUE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD5) ) + { + *pHardDiskNumber = 4; + *pbCheckUser = TRUE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD6) ) + { + *pHardDiskNumber = 5; + *pbCheckUser = TRUE; + } + // + // Check if Master password field is selected, if yes then set HDD index + // + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword) ) + { + *pHardDiskNumber = 0; + *pbCheckUser = FALSE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD2) ) + { + *pHardDiskNumber = 1; + *pbCheckUser = FALSE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD3) ) + { + *pHardDiskNumber = 2; + *pbCheckUser = FALSE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD4) ) + { + *pHardDiskNumber = 3; + *pbCheckUser = FALSE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD5) ) + { + *pHardDiskNumber = 4; + *pbCheckUser = FALSE; + } + else if( UefiGetQuestionOffset(data) /*data->QuestionId*/ + == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD6) ) + { + *pHardDiskNumber = 5; + *pbCheckUser = FALSE; + } + else // Question offset is not from any of the password fields + { + *pHardDiskNumber = 0xFF; // No HDD selected + if( pEnabledBit != NULL ) + { + *pEnabledBit = FALSE; // No HDD ie no password is set + } + } + // if HDD index is invalid, set it to 0xFF + if( *pHardDiskNumber >= ideSecConfig->Count ) + { + *pHardDiskNumber = 0xFF; + } + + MemFreePointer( (VOID **) &ideSecConfig ); + return; +} + +#endif +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HDDStatus +// +// Description: Returns EFI_SUCCESS and sets *bHddStatus = TRUE if number of +// attempt to unlock HDD has reached MAXIMUM_HDD_UNLOCK_ATTEMPTS. +// +// Input: VOID *DataPtr +// +// Output: BOOLEAN *bHddStatus +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS HDDStatus(VOID *DataPtr, BOOLEAN *bHddStatus) +{ + EFI_STATUS Status = 0; + UINT16 SecurityStatus = 0; + IDE_SECURITY_DATA *Ptr = (IDE_SECURITY_DATA *)DataPtr; + + *bHddStatus = FALSE; + + Status = Ptr->IDEPasswordSecurity->ReturnSecurityStatus( Ptr->IDEPasswordSecurity, &SecurityStatus ); + if ( EFI_ERROR( Status )) + return Status; + + if (SecurityStatus & 0x10) { + *bHddStatus = TRUE; + } + + return EFI_SUCCESS; +} +//**************************************************************************** +//**************************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Norcross, GA 30093 ** +//** ** +//** Phone (770)-246-8600 ** +//** ** +//**************************************************************************** +//**************************************************************************** diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.cif b/Core/EM/HddSecurity/Hddpassword/HddPassword.cif new file mode 100644 index 0000000..5529e64 --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.cif @@ -0,0 +1,14 @@ +<component> + name = "AmiTseHddPassword" + category = ModulePart + LocalRoot = "Core\EM\HddSecurity\Hddpassword" + RefName = "AmiTseHddPassword" +[files] +"HddPassword.mak" +"HddPassword.sdl" +"HddPassword.c" +"HddPassword.h" +"HddPassword.uni" +"HddSecTokens.c" +"ForceHddPassword.c" +<endComponent> diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.h b/Core/EM/HddSecurity/Hddpassword/HddPassword.h new file mode 100644 index 0000000..ccfdffb --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.h @@ -0,0 +1,185 @@ +//**************************************************************************** +//**************************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Norcross, GA 30093 ** +//** ** +//** Phone (770)-246-8600 ** +//** ** +//**************************************************************************** +//**************************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.h 11 9/10/14 2:59a Divyac $ +// +// $Revision: 11 $ +// +// $Date: 9/10/14 2:59a $ +// +//***************************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.h $ +// +// 11 9/10/14 2:59a Divyac +// [TAG] EIP181548 +// [Category] Improvement +// [Description] Implement event signaling during HDD Passwords Prompt. +// [Files] HddPassword.c +// HddPassword.h +// +// 10 4/29/13 2:30a Kapilporwal +// fixing build errors, when tse soruce is not present, from last check-in +// +// 9 4/25/13 9:28a Kapilporwal +// [TAG] EIP108583 +// [Category] New Feature +// [Description] support set HDD password in same page +// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl, +// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c, +// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl +// +// 8 6/28/11 6:24a Anandv +// [TAG] EIP62381 +// [Category] Improvement +// [Description] In IdeSecurity Module, display HDD number in Setup +// based +// on results from WhichIde() function of +// DiskInfo Protocol. +// +// [Files] HddPassword.c, HddPassword.h, SBDxe.c, PIDEController.h +// +// 7 5/21/10 2:58p Aaronp +// Fix for EIP 38473 - Device names are not displayed when built in UEFI +// 2.1 mode +// +// 6 3/11/10 3:50a Rameshr +// Issue: Same Structure definied in Hddpassword and Amitse. +// Solution: Amitse created tsecommon.h with all the common definition. +// EIP: 27339 +// +// 5 1/15/10 10:11a Yul +// Coding Standard +// +// 4 9/28/09 4:59p Rameshr +// +// 3 9/21/09 3:48p Rameshr +// The data structure AMI_IFR_MSGBOX in HddPassword.h and MessageBox.h are +// not the same +// EIP 27157 +// +// 2 7/27/09 5:37p Pats +// EIP 22925: Request to set HDD password length by token. +// Solution: Token added to IdeSecurity.sdl, and definition removed from +// HddPassword.h +// +// 1 5/01/09 11:09a Rameshr +// Initial Check-in +//*****************************************************************************// + +//<AMI_FHDR_START> +//--------------------------------------------------------------------------- +// +// Name: HddPassword.h +// +// Description: Header file for the HddPassword +// +//--------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#ifndef _IDEPASSWORD_H_ +#define _IDEPASSWORD_H_ + +#include "AmiStatusCodes.h" + +#define IDE_SECURITY_INTERFACE_GUID \ + { 0xF4F63529, 0x281E, 0x4040, 0xA3, 0x13, 0xC1, 0xD6, 0x76, 0x63, 0x84,\ + 0xBE } + +#define HDD_SECURITY_END_PROTOCOL_GUID \ + { 0xad77ae29, 0x4c20, 0x4fdd, 0x85, 0x04, 0x81, 0x76, 0x61, 0x9b, 0x67,\ + 0x6a } + +#define HDD_UNLOCKED_GUID \ + { 0x1fd29be6, 0x70d0, 0x42a4, 0xa6, 0xe7, 0xe5, 0xd1, 0xe, 0x6a, 0xc3, 0x76}; + +#define HDD_PASSWORD_PROMPT_ENTER_GUID \ + { 0x8e8d584a, 0x6e32, 0x44bf, { 0xb9, 0x6e, 0x1d, 0x27, 0x7, 0xc4, 0xeb, 0x5c } } + +#define HDD_PASSWORD_PROMPT_EXIT_GUID \ + { 0xe22af903, 0xfd6f, 0x4d22, { 0x94, 0xce, 0xf8, 0x49, 0xc6, 0x14, 0xc3, 0x45 } } + +#define SECURITY_SET_PASSWORD 0xF1 +#define SECURITY_UNLOCK 0xF2 +#define SECURITY_ERASE_PREPARE 0xF3 +#define SECURITY_ERASE_UNIT 0xF4 +#define SECURITY_FREEZE_LOCK 0xF5 +#define SECURITY_DISABLE_PASSWORD 0xF6 +#define SECURITY_BUFFER_LENGTH 512 // Bytes + +#define SecuritySupportedMask 0x0001 +#define SecurityEnabledMask 0x0002 +#define SecurityLockedMask 0x0004 +#define SecurityFrozenMask 0x0008 + + +#ifndef AMI_DXE_BS_EC_INVALID_IDE_PASSWORD + #define AMI_DXE_BS_EC_INVALID_IDE_PASSWORD (AMI_STATUS_CODE_CLASS\ + | 0x00000005) +#endif + +#ifndef DXE_INVALID_IDE_PASSWORD + #define DXE_INVALID_IDE_PASSWORD (EFI_SOFTWARE_DXE_BS_DRIVER\ + | AMI_DXE_BS_EC_INVALID_IDE_PASSWORD) +#endif + +#define NG_SIZE 19 +#define VARIABLE_ID_AMITSESETUP 5 +#if !defined(SECUITY_SETUP_ON_SAME_PAGE) || SECUITY_SETUP_ON_SAME_PAGE == 0 +#define INVALID_HANDLE ((VOID*)-1) +#endif +#include "tsecommon.h" + +#define EFI_DP_TYPE_MASK 0x7F +#define EFI_DP_TYPE_UNPACKED 0x80 +#if !defined(SECUITY_SETUP_ON_SAME_PAGE) || SECUITY_SETUP_ON_SAME_PAGE == 0 +#define END_DEVICE_PATH_TYPE 0x7f +#define END_ENTIRE_DEVICE_PATH_SUBTYPE 0xff + +#define DevicePathType( a ) (((a)->Type) & EFI_DP_TYPE_MASK) +#define DevicePathSubType( a ) ((a)->SubType) +#define DevicePathNodeLength( a ) (((a)->Length[0]) | ((a)->Length[1] << 8)) +#define NextDevicePathNode( a ) ((EFI_DEVICE_PATH_PROTOCOL*) (((UINT8*) (\ + a))\ + +\ + DevicePathNodeLength( a ))) +#define IsDevicePathEndType( a ) (\ + DevicePathType( \ + a ) == END_DEVICE_PATH_TYPE) +#define IsDevicePathEndSubType( a ) ((a)->SubType ==\ + END_ENTIRE_DEVICE_PATH_SUBTYPE) +#define IsDevicePathEnd( a ) (IsDevicePathEndType( a )\ + && IsDevicePathEndSubType( a )) +VOID +HddSecuritySignalProtocolEvent ( + IN EFI_GUID *ProtocolGuid +); + +#endif + +#endif /* _PASSWORD_H_ */ + +//**************************************************************************** +//**************************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Norcross, GA 30093 ** +//** ** +//** Phone (770)-246-8600 ** +//** ** +//**************************************************************************** +//**************************************************************************** diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.mak b/Core/EM/HddSecurity/Hddpassword/HddPassword.mak new file mode 100644 index 0000000..445a4a8 --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.mak @@ -0,0 +1,96 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.mak 5 4/25/13 9:29a Kapilporwal $ +# +# $Revision: 5 $ +# +# $Date: 4/25/13 9:29a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.mak $ +# +# 5 4/25/13 9:29a Kapilporwal +# [TAG] EIP108583 +# [Category] New Feature +# [Description] support set HDD password in same page +# [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl, +# IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c, +# HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl +# +# 4 8/19/10 2:46a Rameshr +# Issue:Need do HDD PSW reset when warmboot +# EIP 40528 +# +# 3 6/30/10 4:15a Rameshr +# Modified the Hddpassword build procedure, so that customer can add +# their password oem files and build without modifying the Mak file +# +# 2 3/11/10 3:50a Rameshr +# Issue: Same Structure definied in Hddpassword and Amitse. +# Solution: Amitse created tsecommon.h with all the common definition. +# EIP: 27339 +# +# 1 5/01/09 11:09a Rameshr +# Initial Check-in +# +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: HddPassword.mak +# +# Description: Make file for the Hddpassword.obj +# +#<AMI_FHDR_END> +#********************************************************************** +EDK_TSE_INCLUDES = \ + -I EDK\MiniSetup\TseLite \ + -I EDK\MiniSetup\Ezport \ + -I EDK\MiniSetup\BootOnly \ + -I EDK\MiniSetup\BootOnly\AMILogo \ + -I EDK\MiniSetup\uefi2.1 \ + /DTSE_FOR_APTIO_4_50 + +AMITSEBin : $(BUILD_DIR)\HddPassword.obj $(BUILD_DIR)\ForceHddPassword.obj + +{$(AMITSE_HDD_PASSWORD_DIR)}.c{$(BUILD_DIR)}.obj :: + $(CC) $(CFLAGS) $(EDK_TSE_INCLUDES) -I $(TSEBIN_DIR)\Inc -I $(TSEBIN_DIR) /Fo$(BUILD_DIR)\ $< + +$(BUILD_DIR)\HddPassword.mak : $(AMITSE_HDD_PASSWORD_DIR)\$(@B).cif $(AMITSE_HDD_PASSWORD_DIR)\$(@B).mak $(BUILD_RULES) + $(CIF2MAK) $(AMITSE_HDD_PASSWORD_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS) + +AMITSESDB : HddPassWordSDB + +HddPassWordSDB : $(BUILD_DIR)\HddPassword.mak + $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\ + /f $(BUILD_DIR)\HddPassword.mak all\ + "UNI_INCLUDE_PATH=$(TSEBIN_DIR) $(TSE_UNI_INCLUDE_PATH)"\ + "STRING_CONSUMERS=$(AMITSE_HDD_PASSWORD_DIR)\HddSecTokens.c"\ + TYPE=SDB NAME=HddPassword +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.sdl b/Core/EM/HddSecurity/Hddpassword/HddPassword.sdl new file mode 100644 index 0000000..a020c63 --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.sdl @@ -0,0 +1,136 @@ +TOKEN + Name = "SETUP_IDE_SECURITY_SUPPORT" + Value = "1" + Help = "Main switch to enable Hdd password Screen in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Master = Yes +End + +TOKEN + Name = "SETUP_ASK_MASTER_PASSWORD" + Value = "0" + Help = "Enable / Disable IDE Master password support" + TokenType = Boolean + TargetH = Yes +End + +TOKEN + Name = "SETUP_SAME_SYS_HDD_PW" + Value = "0" + Help = "Enable to have User password as IDE password" + TokenType = Boolean + TargetMAK = Yes + TargetH = Yes +End + + +TOKEN + Name = "USER_PASSWORD_RETRY_ATTEMPTS" + Value = "3" + Help = "Maximum number of attempts allowed to the HDD User Password. This token value should be less than or equal to MAXIMUM_HDD_UNLOCK_ATTEMPTS token. If all the attempts by user password failed then (MAXIMUM_HDD_UNLOCK_ATTEMPTS - USER_PASSWORD_RETRY_ATTEMPTS) attempts will be given to Master password" + TokenType = Integer + TargetH = Yes + TargetMAK = Yes + Range = "1 - MAXIMUM_HDD_UNLOCK_ATTEMPTS" +End + +TOKEN + Name = "MAXIMUM_HDD_UNLOCK_ATTEMPTS" + Value = "5" + Help = "Maximum number of attempts in POST in which the user has to enter the HDD User Password/Master Password to unlock the HDD.This token value should not exceed 5 times because the ATA SECURITY UNLOCK command fails even if the correct User/Master password is entered on the sixth time because the ATA Security Expire Count is 5" + TokenType = Integer + TargetH = Yes + TargetMAK = Yes + Range = "1 - 5" +End + +TOKEN + Name = "ALL_HDD_SAME_PW" + Value = "0" + Help = "1-Enable to have one password for all HDD drives,0-Different HDD could have different password" + TokenType = Boolean + TargetMAK = Yes + TargetH = Yes +End +PATH + Name = "AMITSE_HDD_PASSWORD_DIR" +End + +MODULE + Help = "Includes HddPassword.mak to Project" + File = "HddPassword.mak" +End + +ELINK + Name = "RegisterHddNotification," + Parent = "ProcessConInAvailability," + InvokeOrder = AfterParent +End + +ELINK + Name = "$(BUILD_DIR)\HddPassword.obj" + Parent = "AMITSE_Objects" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(AMITSE_HDD_PASSWORD_DIR)\HddSecTokens.c" + Parent = "TSE_STRING_CONSUMERS_LIST" + InvokeOrder = AfterParent +End + +ELINK + Name = "-i $(AMITSE_HDD_PASSWORD_DIR)" + Parent = "TSE_UNI_INCLUDE_PATH" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(BUILD_DIR)\HddPassword.sdb" + Parent = "TSE_SDBS" + InvokeOrder = AfterParent +End + +ELINK + Name = "DisableSoftwarePreservation," + Parent = "PreSystemResetHookHook," + InvokeOrder = AfterParent + Token = "FORCE_HDD_PASSWORD_PROMPT" "=" "1" +End + +ELINK + Name = "$(BUILD_DIR)\ForceHddPassword.obj" + Parent = "AMITSE_Objects" + InvokeOrder = AfterParent + Token = "FORCE_HDD_PASSWORD_PROMPT" "=" "1" +End + +TOKEN + Name = "OVERRIDE_FramePwdCallbackIdePasswordUpdate" + Value = "1" + Help = "set to 1 if oem wants to override the FramePwdCallbackIdePasswordUpdate function from Board module." + TokenType = Boolean + Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1" + TargetH = Yes +End + +TOKEN + Name = "OVERRIDE_PopupPwdAuthenticateIDEPwd" + Value = "1" + Help = "set to 1 if oem wants to override the PopupPwdAuthenticateIDEPwd function from Board module." + TokenType = Boolean + Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1" + TargetH = Yes +End + +TOKEN + Name = "OVERRIDE_PopupPwdUpdateIDEPwd" + Value = "1" + Help = "set to 1 if oem wants to override the PopupPwdUpdateIDEPwd function from Board module." + TokenType = Boolean + Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1" + TargetH = Yes +End diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.uni b/Core/EM/HddSecurity/Hddpassword/HddPassword.uni Binary files differnew file mode 100644 index 0000000..8fdd12d --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.uni diff --git a/Core/EM/HddSecurity/Hddpassword/HddSecTokens.c b/Core/EM/HddSecurity/Hddpassword/HddSecTokens.c new file mode 100644 index 0000000..082fae5 --- /dev/null +++ b/Core/EM/HddSecurity/Hddpassword/HddSecTokens.c @@ -0,0 +1,79 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddSecTokens.c 2 3/25/13 5:16a Rameshr $ +// +// $Revision: 2 $ +// +// $Date: 3/25/13 5:16a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddSecTokens.c $ +// +// 2 3/25/13 5:16a Rameshr +// [TAG] EIP117159 +// [Category] Improvement +// [Description] Proper error message displayed when the Password count +// expired +// [Files] HddPassword.c, HddPassword.uni, HddSecTokens.c +// +// 1 3/11/10 3:51a Rameshr +// Issue: Same Structure definied in Hddpassword and Amitse. +// Solution: Amitse created tsecommon.h with all the common definition. +// EIP: 27339 +// +// Initial check-in +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: HddSecTokens.c +// +// Description: +// This file does not add any code. It has, all the string tokens that +// are used by Minisetup, to fake the usage to strgather.exe. Add to +// this list, the new string tokens that are defined in +// AmiTSEStrstr.uni and to be used by Minisetup +// +//<AMI_FHDR_END> +//********************************************************************** + + +//Following code is to force strgatherer to include these strings +#if 0 + +STRING_TOKEN(STR_IDE_SECURITY_UNSUPPORTED) +STRING_TOKEN(STR_IDE_SECURITY_LOCKED) +STRING_TOKEN(STR_IDE_ERROR_PSWD) +STRING_TOKEN(STR_IDE_SECURITY_PROMPT) +STRING_TOKEN(STR_IDE_ENTER_USER) +STRING_TOKEN(STR_IDE_ENTER_MASTER) +STRING_TOKEN(STR_IDE_UNLCK_COLD) + +#endif + +//*****************************************************************// +//*****************************************************************// +//** **// +//** (C)Copyright 2013, American Megatrends, Inc. **// +//** **// +//** All Rights Reserved. **// +//** **// +//** 5555 Oakbrook Pkwy, Norcross, Georgia 30093 **// +//** **// +//** Phone (770)-246-8600 **// +//** **// +//*****************************************************************// +//*****************************************************************// diff --git a/Core/EM/HddSecurity/IDESMM.DXS b/Core/EM/HddSecurity/IDESMM.DXS new file mode 100644 index 0000000..26ab424 --- /dev/null +++ b/Core/EM/HddSecurity/IDESMM.DXS @@ -0,0 +1,84 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.DXS 4 1/08/13 12:40a Rameshr $ +// +// $Revision: 4 $ +// +// $Date: 1/08/13 12:40a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.DXS $ +// +// 4 1/08/13 12:40a Rameshr +// [TAG] EIP109495 +// [Category] Improvement +// [Description] HddSecurity driver needs to be updated for PI +// specification 1.2 +// [Files] IdeSmm.c, IdeSmm.dxs, IdeSmm.h, IdeSmm.cif +// +// 3 6/01/10 7:11p Krishnakumarg +// Removed Tab spaces +// +// 2 4/28/09 6:56p Rameshr +// HDD password support in RAID mode +// EIP:20421 +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// 2 13/04/07 3:07p Anandakrishnanl +// Ide Bus Module - Update source files to comply with AMI coding +// standard"!!! +// +// 1 12/14/05 2:57p Srinin +// +// +//********************************************************************** + +//<AMI_FHDR_START> +//--------------------------------------------------------------------------- +// +// Name: IDESMM.DXS +// +// Description: Dependency file for the IDE SMM +// +//--------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#include "IDESMM.h" + +DEPENDENCY_START +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) + EFI_SMM_SW_DISPATCH2_PROTOCOL_GUID +#else + EFI_SMM_SW_DISPATCH_PROTOCOL_GUID +#endif +DEPENDENCY_END + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Core/EM/HddSecurity/IDESMM.c b/Core/EM/HddSecurity/IDESMM.c new file mode 100644 index 0000000..f898455 --- /dev/null +++ b/Core/EM/HddSecurity/IDESMM.c @@ -0,0 +1,1553 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2015, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.c 24 4/29/15 3:41a Anbuprakashp $ +// +// $Revision: 24 $ +// +// $Date: 4/29/15 3:41a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.c $ +// +// 24 4/29/15 3:41a Anbuprakashp +// [TAG] EIP215937 +// [Category] Bug Fix +// [Severity] Important +// [Symptom] System hang while SmmCommunication SMI trigger after enable +// SmmChkEn bit +// [RootCause] Bootservice call is used inside IDESMM driver +// [Solution] Avoided using BootService call inide IDESMM driver +// [Files] IDESMM.c +// +// 23 4/22/15 4:01a Anbuprakashp +// [TAG] EIP212319 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] System hang while SW_SMI_AHCI_LOCATE_AHCI_SMM SMI trigger +// after enable SmmChkEn bit +// [RootCause] Bootservice call used inside IdeSmm driver which causes +// the Exception +// [Solution] Changes made not to use BootService calls inside IdeSmm +// driver +// [Files] IdeSecurity.h +// IdeSecurity.c +// IDESMM.c +// +// 22 12/09/14 1:41a Anbuprakashp +// [TAG] EIP193600 +// [Category] Improvement +// [Description] Security Enhancement for SMIHandler in HddSecurity +// module +// [Files] IDESMM.mak, IDESMM.h, IDESMM.c +// +// 21 8/11/14 6:54a Anbuprakashp +// [TAG] EIP178239 +// [Category] Improvement +// [Description] S3 Resume fails when HDD password is set where platform +// have more than one AHCI controller +// [Files] AhciSmm.c,AhciSmm.sdl,IDESMM.c +// +// 20 12/18/13 4:07a Srikantakumarp +// [TAG] EIP127356 +// [Category] Improvement +// [Description] Flash NVRAM seems to cause HDD can't be unlocked when +// S3 resume. +// [Files] IdeSecurity.c, IDESMM.c, HddPassword.c, AhciBus.c, AhciBus.h +// +// 19 1/08/13 12:39a Rameshr +// [TAG] EIP109495 +// [Category] Improvement +// [Description] HddSecurity driver needs to be updated for PI +// specification 1.2 +// [Files] IdeSmm.c, IdeSmm.dxs, IdeSmm.h, IdeSmm.cif +// +// 18 8/22/11 2:06a Anandakrishnanl +// [TAG] EIP67738 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] IdeSmm.c File has been changed in the previous version to +// remove AHCI Controller Init programming that issue controller reset in +// S3. This causes various AMD platforms to not resume from S3 properly. +// [RootCause] IdeSmm.c File has been changed in the previous version to +// remove AHCI Controller Init programming that issue controller reset in +// S3. This causes various AMD platforms to not resume from S3 properly. +// [Solution] Reverted the Idesmm.c file to previous version that will +// bring back the Ahci Controller initialization by issuing Controller +// reset +// [Files] IDESMM.C +// +// 17 12/22/10 11:52a Krishnakumarg +// [TAG] - EIP 46081 +// [Category] - Action Item +// [Description] - 64 bit PCI config space exception in AHCI driver. +// [Files] - IDESmm.c +// +// 16 10/11/10 11:02a Krishnakumarg +// [TAG]- EIP 43249 +// [Category]-IMPROVEMENT +// [Description]- Non-Ascii character in comments causing build problem in +// japanese XP +// [Files]- IdeSecurity.c,IDESMM.c, InstallIdeSmi, Ata.c, Atapi.c, +// IDEBusComponentName.c, IdeBusMaster.c, IdeHPA.c, IdePowerManagement.c +// +// 15 9/20/10 4:19a Rameshr +// [TAG]- EIP 44182 +// [Category]-IMPROVEMENT +// [Description]- Unable to build the project with HDDSecurity module and +// without AHCI module. +// [Files]- IdeSecurity.h, IdeSmm.c +// +// 14 9/13/10 1:40a Rameshr +// [TAG]- EIP 43299 +// [Category]-IMPROVEMENT +// [Description]- About IdeSecurity module. It use soft smi port 0xb2 +// directly.It will need to re-modify on all of AMD project. +// 1) Added the SDL token for Sw SMI port address. +// 2) Used Pciio protocol to get the device location and passed this +// information to SMM driver. +// [Files]- IdeSecurity.c, IdeSmm.c, PideBus.h +// +// 13 6/01/10 7:07p Krishnakumarg +// Removed Tab spaces. +// +// 12 1/15/10 10:14a Yul +// Coding Standard +// +// 11 11/02/09 6:04p Davidd +// - Correct S3 resume hanging problem when IDE_PASSWORD_LENGTH is set to +// some value other than 32 (EIP 27989). +// - Correct S3 resume hanging problem in AHCI mode (EIP 29827). +// +// 10 6/05/09 2:47p Rameshr +// x64 mode compilation error Resolved. +// Eip:22710 +// +// 9 5/11/09 9:39a Rameshr +// Symptom: Unable to clear the HDD password. +// Solution: SmmProtocols located on the remove HDD password SMI also. +// EIP: 21668 +// +// 8 4/28/09 6:56p Rameshr +// HDD password support in RAID mode +// EIP:20421 +// +// 7 3/31/09 6:52p Davidd +// Added Device Configuration Freeze Lock programming. +// +// 6 3/05/09 11:34a Rameshr +// RemovedHddpassword doesn't work for Ahci mode- EIP 19935. +// +// 5 4/11/08 4:26p Rameshraju +// s3 Resume time improved when is security not enabled. +// +// 2 3/24/08 6:37p Fasihm +// Updated some missed protocols inside the build switchs. +// +// 4 24/03/08 6:34p Anandakrishnanl +// Removed unwanted comment. +// +// 3 24/03/08 6:31p Anandakrishnanl +// Corrected the SMM Thunk Protocols to Extended Thunk Protocols. +// +// 1 3/11/08 2:40p Fasihm +// Changed the structure names to match with the new SMM module labeled. +// Will have to remove this after updating the IdeSecurity module with +// this change. +// +// 2 10/03/08 6:47p Anandakrishnanl +// Removed FreezeLock related code from SMI for improving the S3 resume +// time. +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// 1 2/20/08 8:13p Fasihm +// Added the code to fix the SATA freeze problem. +// +// 8 22/06/07 12:44p Anandakrishnanl +// HardDisk Security Support Module Added. +// Need ACPI Module and SB Module and under Core\Include we updated +// Setup.h. +// Also New IdeBus bin module. +// +// 7 13/04/07 3:06p Anandakrishnanl +// Ide Bus Module - Update source files to comply with AMI coding +// standard"!!! +// +// 6 12/18/06 11:53a Srinin +// Fixed issues with unlocking HDD password during S3 resume. +// +// 5 8/24/06 5:08p Felixp +// +// 4 8/24/06 5:07p Felixp +// x64 support (warnings/errors fixed) +// +// 3 8/24/06 9:31a Felixp +// x64 support (asm code removed) +// +// 2 1/04/06 9:36a Srinin +// Access to Boot services during Runtime removed. +// +// 1 12/14/05 2:57p Srinin +// +// +// +//********************************************************************** + +//<AMI_FHDR_START> +//--------------------------------------------------------------------------- +// +// Name: IdeSMM.C +// +// Description: Provide functions to unlock HDD password during S3 resume +// +//--------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#include "IDESMM.h" + +#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) ) +EFI_GUID gAhciSmmProtocolGuid = AHCI_SMM_PROTOCOL_GUID; +UINT8 *AhciSecurityBuffer = NULL; +AHCI_BUS_SMM_PROTOCOL *mAhciSmm = NULL; +#endif + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION>=0x4028B) +#define RETURN(status) {return status;} +#else +#define RETURN(status) {return ;} +#endif + +EFI_GUID gSecurityModeProtocolGuid = IDE_SECURITY_INTERFACE_GUID; +DLIST gPasswordList; + +COMMAND_BUFFER *mCmdBuffer; +UINT8 *mDataBuffer = NULL; +UINT8 *mDataSmmBuffer = NULL; +UINT8 *SecurityBuffer = NULL; +BOOLEAN AhciInit = FALSE; + +SECURITY_PROTOCOL *IdeSecurityInterface = NULL; + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) + EFI_SMM_SYSTEM_TABLE2 *gSmst; +#else + EFI_SMM_SYSTEM_TABLE *gSmst; +#endif + +#define PCI_CFG_ADDR( bus, dev, func, reg ) \ + ((VOID*)(UINTN) (PCIEX_BASE_ADDRESS\ + + ((bus) << 20) + ((dev) << 15) + ((func) << 12) + reg)) + +#define AHCI_BAR 0x24 +#define PCI_SCC 0x000A // Sub Class Code Register + + +#if defined(EFI64) || defined(EFIx64) +static UINT64 DivU64x32( + IN UINT64 Dividend, + IN UINTN Divisor, + OUT UINTN*Remainder OPTIONAL ) +{ + UINT64 Result = Dividend / Divisor; + + if ( Remainder ) + { + *Remainder = Dividend % Divisor; + } + return Result; +} + +#else + +static UINT64 DivU64x32( + IN UINT64 Dividend, + IN UINTN Divisor, //Can only be 31 bits. + OUT UINTN*Remainder OPTIONAL ) +{ + UINT64 Result; + UINT32 Rem; + + _asm + { + mov eax, dword ptr Dividend[0] + mov edx, dword ptr Dividend[4] + mov esi, Divisor + xor edi, edi ; Remainder + mov ecx, 64 ; 64 bits +Div64_loop: + shl eax, 1 ;Shift dividend left. This clears bit 0. + rcl edx, 1 + rcl edi, 1 ;Shift remainder left. Bit 0 = previous dividend bit 63. + + cmp edi, esi ; If Rem >= Divisor, don't adjust + cmc ; else adjust dividend and subtract divisor. + sbb ebx, ebx ; if Rem >= Divisor, ebx = 0, else ebx = -1. + sub eax, ebx ; if adjust, bit 0 of dividend = 1 + and ebx, esi ; if adjust, ebx = Divisor, else ebx = 0. + sub edi, ebx ; if adjust, subtract divisor from remainder. + loop Div64_loop + + mov dword ptr Result[0], eax + mov dword ptr Result[4], edx + mov Rem, edi + } + + if (Remainder) *Remainder = Rem; + + return Result; +} + +#endif + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: Stall +// +// Description: Stalls for the Required Amount of MicroSeconds +// +// Input: +// UINTN Usec // Number of microseconds to delay +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID +Stall ( + UINTN Usec + ) +{ + UINTN Counter, i; + UINT32 Data32, PrevData; + UINTN Remainder; + + Counter = (UINTN)DivU64x32 ((Usec * 10), 3, &Remainder); + + if (Remainder != 0) { + Counter++; + } + + // + // Call WaitForTick for Counter + 1 ticks to try to guarantee Counter tick + // periods, thus attempting to ensure Microseconds of stall time. + // + if (Counter != 0) { + + PrevData = IoRead32(PM_BASE_ADDRESS + 8); + for (i=0; i < Counter; ) { + Data32 = IoRead32(PM_BASE_ADDRESS + 8); + if (Data32 < PrevData) { // Reset if there is a overlap + PrevData=Data32; + continue; + } + i += (Data32 - PrevData); + PrevData = Data32; + } + } +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: ZeromemorySmm +// +// Description: Clears the buffer +// +// Input: void *Buffer, +// UINTN Size +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +void +ZeroMemorySmm ( + void *Buffer, + UINTN Size + ) +{ + UINT8 *Ptr; + Ptr = Buffer; + while (Size--) { + *(Ptr++) = 0; + } +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SMMWaitforBitClear +// +// Description: Waits for the given bit to be clear +// +// Input: HDD_PASSWORD *pHddPassword, +// UINT8 BitClear, +// UINT32 Timeout +// +// Output: EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS +SMMWaitforBitClear ( + HDD_PASSWORD *pHddPassword, + UINT8 BitClear, + UINT32 Timeout + ) +{ + UINT8 Delay; + UINT8 Data8; + + for ( ; Timeout > 0; Timeout--) { + for ( Delay = 100; Delay > 0; Delay--) { + Data8 = IoRead8(pHddPassword->DeviceControlReg); + if (!(Data8 & BitClear)) return EFI_SUCCESS; + Stall(10); // 10 Usec + } + } + return EFI_TIMEOUT; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SMMWaitforBitSet +// +// Description: Checks for a particular Bit to be set for a given amount +// of time +// +// Input: HDD_PASSWORD *pHddPassword, +// UINT8 BitSet, +// UINT32 Timeout +// +// Output: EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS +SMMWaitforBitSet ( + HDD_PASSWORD *pHddPassword, + UINT8 BitSet, + UINT32 TimeOut + ) +{ + UINT8 Delay; + UINT8 Data8; + + for ( ; TimeOut > 0; TimeOut--) { + for ( Delay = 100; Delay > 0; Delay--) { + Data8 = IoRead8(pHddPassword->DeviceControlReg); + if (Data8 & BitSet) return EFI_SUCCESS; + Stall(10); // 10 Usec + } + } + return EFI_TIMEOUT; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SMMWaitForCmdCompletion +// +// Description: Waits for BSY bit to get clear +// +// Input: HDD_PASSWORD *pHddPassword +// +// Output: EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: Wait for BSY bit to get clear. Check for any errors. +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS +SMMWaitForCmdCompletion ( + HDD_PASSWORD *pHddPassword + ) +{ + UINT8 Data8; + EFI_STATUS Status; + +// Read ATL_STATUS and ignore the result. Just a delay + Data8 = IoRead8(pHddPassword->DeviceControlReg); + +// Check for BSY bit to be clear + Status = SMMWaitforBitClear ( pHddPassword, + BSY, + DMA_ATAPI_COMMAND_COMPLETE_TIMEOUT); + + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + +// Check for errors. + Data8 = IoRead8(pHddPassword->BaseAddress + 7); + + if (Data8 & (ERR | DF)) return EFI_DEVICE_ERROR; + + return EFI_SUCCESS; +} + +#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) ) + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SMMAhciSecurityUnlockCommand +// +// Description: This Function unlocks HDD password during S3 resume in +// Ahci Mode Using Int 13. +// +// Input: HDD_PASSWORD *pHddPassword +// +// Output: EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS +SMMAhciSecurityUnlockCommand ( + HDD_PASSWORD *pHddPassword + ) +{ + UINT8 i; + UINT64 AhciBar = 0; + UINT8 SccReg; + BOOLEAN ControllerinAhciMode = FALSE; + UINT32 GlobalControl; + COMMAND_STRUCTURE CommandStructure; + UINT32 NoofPorts=0; + + if(mAhciSmm == NULL || !AhciSecurityBuffer) { + return EFI_NOT_FOUND; + } + + // 1. Check if Controller is in AHCI Mode. + // 2. Read ABAR Offset and Get HbaAddress. + // 3. Disable AHCI_ENABLE. + // 4. Issue Controller Reset. + // 5. Wait for HBA Reset to Complete. + // 6. Enable AHCI_ENABLE. + + AhciBar = *(UINT32*)PCI_CFG_ADDR( pHddPassword->BusNo, + pHddPassword->DeviceNo, + pHddPassword->FunctionNo, + AHCI_BAR); + AhciBar &= 0xFFFFFFF0; + + // Store AhciBase address of HDD Drive before calling AhciSmmInitPortOnS3Resume() function + // of the "AHCI_BUS_SMM_PROTOCOL" + mAhciSmm->AhciBaseAddress=AhciBar; + + // Find Number of Ports from BIT0:BIT4 of the HBA_CAP register + NoofPorts = ((MMIO_READ32(AhciBar + HBA_CAP)) & HBA_CAP_NP_MASK) + 1; + + // Check if AHCI MMIO address space resides in SMRAM region. If yes, don't proceed. + if( AmiValidateMmioBuffer( (VOID*)mAhciSmm->AhciBaseAddress, HBA_PORTS_START + (NoofPorts * HBA_PORTS_REG_WIDTH) ) ) { + return EFI_NOT_FOUND; + } + + if(!AhciInit) { + SccReg = *(UINT8*)PCI_CFG_ADDR(pHddPassword->BusNo, + pHddPassword->DeviceNo, + pHddPassword->FunctionNo, + PCI_SCC); // Get Scc Register; + + if((SccReg & 0x06) || (SccReg & 0x04)) { + ControllerinAhciMode = TRUE; + } + + if(ControllerinAhciMode) { + + GlobalControl = MMIO_READ32(AhciBar + 0x04); + + GlobalControl &= 0x7FFFFFFF; + MMIO_WRITE32(AhciBar + 0x04, GlobalControl); + + GlobalControl = 0x01; + MMIO_WRITE32(AhciBar + 0x04, GlobalControl); + + Stall(5000); // 5 milli Sec Delay + + GlobalControl = 0x80000000; + MMIO_WRITE32(AhciBar + 0x04, GlobalControl); + + Stall(1000000); // 1 Sec Delay + } + AhciInit=TRUE; + } + + // Clear the Buffer + ZeroMemorySmm (AhciSecurityBuffer, 512); + AhciSecurityBuffer[0] = pHddPassword->Control & 1;; + if(AhciSecurityBuffer[0]) { + //Copy 32 Bytes of Password + for (i = 0; i < IDE_PASSWORD_LENGTH; i++) { + ((UINT8 *)AhciSecurityBuffer)[i + 2] = pHddPassword->MasterPassword[i]; + } + } else { + //Copy 32 Bytes of Password + for (i = 0; i < IDE_PASSWORD_LENGTH; i++) { + ((UINT8 *)AhciSecurityBuffer)[i + 2] = pHddPassword->UserPassword[i]; + } + } + // + //Resuming from S3. So bring back the AHCI controller to working state + // + mAhciSmm->AhciSmmInitPortOnS3Resume(mAhciSmm,pHddPassword->PortNumber); + + // + //Setup the Unlock command + // + ZeroMemorySmm(&CommandStructure, sizeof(COMMAND_STRUCTURE)); + CommandStructure.SectorCount = 1; + CommandStructure.LBALow = 0; + CommandStructure.LBAMid = 0; + CommandStructure.LBAHigh = 0; + CommandStructure.Device = 0x40; + CommandStructure.Command = SECURITY_UNLOCK; + CommandStructure.Buffer = AhciSecurityBuffer; + CommandStructure.ByteCount = 512; + // + //Issue the unlock command + // + mAhciSmm->AhciSmmExecutePioDataCommand( mAhciSmm, + &CommandStructure, + pHddPassword->PortNumber, + 0xFF, + ATA, + TRUE); + +#if DISABLE_SOFT_SET_PREV + ZeroMemorySmm (&CommandStructure, sizeof(COMMAND_STRUCTURE)); + CommandStructure.Features = DISABLE_SATA2_SOFTPREV; // Disable Software Preservation + CommandStructure.SectorCount = 6; + CommandStructure.Command = SET_FEATURE_COMMAND; + + mAhciSmm->AhciSmmExecuteNonDataCommand( mAhciSmm, + CommandStructure, + pHddPassword->PortNumber, + 0xFF, + ATA + ); +#endif + + // + //Issue the Security Freeze lock command + // + ZeroMemorySmm(&CommandStructure, sizeof(COMMAND_STRUCTURE)); + CommandStructure.Command = SECURITY_FREEZE_LOCK; + mAhciSmm->AhciSmmExecuteNonDataCommand( mAhciSmm, + CommandStructure, + pHddPassword->PortNumber, + 0xFF, + ATA + ); + + // + //Issue the Device config Freeze lock command + // + ZeroMemorySmm (&CommandStructure, sizeof(COMMAND_STRUCTURE)); + CommandStructure.Command = DEV_CONFIG_FREEZE_LOCK; + CommandStructure.Features = DEV_CONFIG_FREEZE_LOCK_FEATURES; + mAhciSmm->AhciSmmExecuteNonDataCommand( mAhciSmm, + CommandStructure, + pHddPassword->PortNumber, + 0xFF, + ATA + ); + + return EFI_SUCCESS; + +} +#endif + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SMMSecurityUnlockCommand +// +// Description: This Function unlocks HDD password during S3 resume. +// +// Input: HDD_PASSWORD *pHddPassword +// +// Output: EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS +SMMSecurityUnlockCommand ( + HDD_PASSWORD *pHddPassword + ) +{ + EFI_STATUS Status; + UINT8 Data8; + UINT8 i; + UINT16 Reg; + + // Disable Interrupt + IoWrite8(pHddPassword->DeviceControlReg, 2); + + // Select the drive + IoWrite8(pHddPassword->BaseAddress + 6, pHddPassword->Device << 4); + + // Wait for BSY to go low + Status = SMMWaitforBitClear (pHddPassword, BSY, S3_BUSY_CLEAR_TIMEOUT); + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + + // Clear the Buffer + ZeroMemorySmm (SecurityBuffer, 512); + + SecurityBuffer[0] = pHddPassword->Control & 1;; + + if(SecurityBuffer[0]) { + + // Copy 32 Bytes of Password + + for (i = 0; i < IDE_PASSWORD_LENGTH; i++) { + ((UINT8 *)SecurityBuffer)[i + 2] = pHddPassword->MasterPassword[i]; + } + } else { + + // Copy 32 Bytes of Password + for (i = 0; i < IDE_PASSWORD_LENGTH; i++) { + ((UINT8 *)SecurityBuffer)[i + 2] = pHddPassword->UserPassword[i]; + } + } + + Status = SMMIdeNonDataCommand (pHddPassword, + 0, + 0, + 0, + 0, + 0, + SECURITY_UNLOCK); + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + + // Wait for Command completion + Status = SMMWaitForCmdCompletion (pHddPassword); + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + + // Check for DRQ + Status = SMMWaitforBitSet(pHddPassword, DRQ, DRQ_TIMEOUT); + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + + Reg = pHddPassword->BaseAddress; + + // Status = IdeWriteMultipleWord (pHddPassword->BaseAddress, 256, &SecurityBuffer); + IoWrite( + CpuIoWidthFifoUint16, + Reg, + 256, + SecurityBuffer + ); + + // Check for errors + Status = SMMWaitForCmdCompletion (pHddPassword); + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + + // Check for errors. + Data8 = IoRead8 ( pHddPassword->BaseAddress + 7); + if(Data8 & 0x21) { // ERR OR DF bit set ? + return EFI_DEVICE_ERROR; + } + +//IA32_DEBUG +#if DISABLE_SOFT_SET_PREV || FORCE_HDD_PASSWORD_PROMPT + Status = SMMIdeNonDataCommand (pHddPassword, + DISABLE_SATA2_SOFTPREV, + 6, + 0, + 0, + 0, + SET_FEATURE_COMMAND); + + // Check for errors + Status = SMMWaitForCmdCompletion (pHddPassword); + if (EFI_ERROR(Status)) return Status; +#endif + + Status = SMMIdeNonDataCommand (pHddPassword, + DEV_CONFIG_FREEZE_LOCK_FEATURES, + 0, + 0, + 0, + 0, + DEV_CONFIG_FREEZE_LOCK); + + // Check for errors + Status = SMMWaitForCmdCompletion (pHddPassword); + return Status; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SMMIdeNonDataCommand +// +// Description: Issues Set Feature command (Non Data) +// +// Input: HDD_PASSWORD *pHddPassword +// UINT8 Command +// +// Output: EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS +SMMIdeNonDataCommand ( + HDD_PASSWORD *pHddPassword, + IN UINT8 Features, + IN UINT8 SectorCount, + IN UINT8 LBALow, + IN UINT8 LBAMid, + IN UINT8 LBAHigh, + IN UINT8 Command +) +{ + + EFI_STATUS Status; + UINT8 Data8; + +// Select the drive + IoWrite8(pHddPassword->BaseAddress + 6, pHddPassword->Device << 4); + +// Check for Controller presence + Data8 = IoRead8(pHddPassword->DeviceControlReg); + if (Data8 == 0xFF) { + ASSERT(Data8 == 0xFF); + return EFI_DEVICE_ERROR; + } + +// Before Writing to Sector Count Reg, BSY and DRQ bit should be zero + Status = SMMWaitforBitClear(pHddPassword, BSY, S3_BUSY_CLEAR_TIMEOUT); + if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR; + +// Check for DRDY + Status = SMMWaitforBitSet(pHddPassword, DRDY, DRDY_TIMEOUT); + if (EFI_ERROR(Status)) return EFI_TIMEOUT; + +// Issue command + + IoWrite8 ( pHddPassword->BaseAddress + 1, Features); + IoWrite8 ( pHddPassword->BaseAddress + 2, SectorCount); + IoWrite8 ( pHddPassword->BaseAddress + 3, LBALow); + IoWrite8 ( pHddPassword->BaseAddress + 4, LBAMid); + IoWrite8 ( pHddPassword->BaseAddress + 5, LBAHigh); + IoWrite8 ( pHddPassword->BaseAddress + 7, Command); + + return EFI_SUCCESS; + +} +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: LocateSMMServices +// +// Description: This function Locates the AhciSmm protocl from the Smm +// +// Input: None +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS LocateSMMServices( + IN EFI_GUID *VariableGuid, + IN VOID **VariablePointer +) +{ + UINTN Index; + + for (Index = 0; Index < gSmst->NumberOfTableEntries; ++Index) { + if (guidcmp(&gSmst->SmmConfigurationTable[Index].VendorGuid,VariableGuid) == 0) { + break; + } + } + + if (Index != gSmst->NumberOfTableEntries) { + *VariablePointer = gSmst->SmmConfigurationTable[Index].VendorTable; + return EFI_SUCCESS; + } + + return EFI_NOT_FOUND; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: LocateIdeSmmProtocols +// +// Description: This function Locates the protocols and saves in global pointe +// +// Input: None +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID LocateIdeSmmProtocols() +{ + +#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) ) + if(mAhciSmm == NULL && gSmst ) { + LocateSMMServices(&gAhciSmmProtocolGuid,(VOID **)&mAhciSmm); + } +#endif + return; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: SaveHDDPassword +// +// Description: This function saves the HDD password and other information +// necessary to unlock HDD password during S3 Resume. +// +// Input: DispatchHandle Handle to the Dispatcher +// DispatchContext SW SMM dispatcher context +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) +EFI_STATUS SaveHDDPassword ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *DispatchContext OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL +#else +VOID SaveHDDPassword ( + IN EFI_HANDLE DispatchHandle, + IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext +#endif +) +{ + + HDD_PASSWORD *pHddPassword=NULL, *StoredHDDList; + DLINK *dlink; + UINT8 i; + BOOLEAN UserOrMaster = FALSE; + BOOLEAN CheckFlag; + EFI_STATUS Status=EFI_SUCCESS; + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + pHddPassword = (HDD_PASSWORD *)CommBuffer; +#else + Status = pBS->LocateProtocol(&gSecurityModeProtocolGuid, NULL, &IdeSecurityInterface); + if(!EFI_ERROR(Status)) { + pHddPassword = IdeSecurityInterface->pHDDPasswordBuffer; + } +#endif + + if (!pHddPassword) { + RETURN(Status); + } + + // Check if signature is present or not + if ((UINT32) pHddPassword->Signature != '$HDD') { + RETURN(Status); + } + + // Check whether info about the HDD is already present + dlink = gPasswordList.pHead; + for ( ; dlink; dlink = dlink->pNext) { + StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD); + CheckFlag = FALSE; + if(StoredHDDList->ModeFlag) { + if (StoredHDDList->PortNumber == pHddPassword->PortNumber) { + CheckFlag = TRUE; + } + } else { + if ((StoredHDDList->BaseAddress == pHddPassword->BaseAddress) && + (StoredHDDList->Device == pHddPassword->Device)) { + CheckFlag = TRUE; + } + } + + if (CheckFlag) { + UserOrMaster = (BOOLEAN)((pHddPassword->Control) & 0x01); + + if(UserOrMaster){ + // Match has been found. Just copy the Password buffer + for (i = 0; i < sizeof (pHddPassword->MasterPassword); i++) { + StoredHDDList->MasterPassword[i] = pHddPassword->MasterPassword[i]; + } + } else { + // Match has been found. Just copy the Password buffer + for (i = 0; i < sizeof (pHddPassword->UserPassword); i++) { + StoredHDDList->UserPassword[i] = pHddPassword->UserPassword[i]; + } + } + RETURN(Status); + } + } + + // Allocate memory needed while unlocking the Password. Done only once. + // Same buffer will be reused. + if (SecurityBuffer == NULL) { + pSmst->SmmAllocatePool(0, 512, &SecurityBuffer); + } + + // Match has not been found. Allocate memory and copy the buffer. + if (pSmst->SmmAllocatePool(0, sizeof(HDD_PASSWORD), &StoredHDDList) != EFI_SUCCESS) { + RETURN(Status); + } + for (i = 0; i < sizeof (HDD_PASSWORD); i++) ((UINT8 *)StoredHDDList)[i] = ((UINT8 *)pHddPassword)[i]; + DListAdd(&gPasswordList, &StoredHDDList->LinkList); + + RETURN(Status); +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: UnlockHDDPassword +// +// Description: This Function unlocks HDD password during S3 resume. +// +// Input: DispatchHandle Handle to the Dispatcher +// DispatchContext SW SMM dispatcher context +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) +EFI_STATUS UnlockHDDPassword ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *DispatchContext OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL +#else +VOID UnlockHDDPassword ( + IN EFI_HANDLE DispatchHandle, + IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext +#endif +) +{ + HDD_PASSWORD *StoredHDDList; + DLINK *dlink; + EFI_STATUS Status=EFI_SUCCESS; + + dlink = gPasswordList.pHead; + for ( ; dlink; dlink = dlink->pNext) { + StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD); + if (StoredHDDList->Signature == '$HDD') { + if(!StoredHDDList->ModeFlag) { + SMMSecurityUnlockCommand (StoredHDDList); + } else { +#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) ) + SMMAhciSecurityUnlockCommand (StoredHDDList); +#endif + } + } + } + AhciInit=FALSE; + + RETURN(Status); +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: RemoveHDDPassword +// +// Description: This Function removes HDD password from the internal database +// +// Input: DispatchHandle Handle to the Dispatcher +// DispatchContext SW SMM dispatcher context +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) +EFI_STATUS RemoveHDDPassword ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *DispatchContext OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL +#else +VOID RemoveHDDPassword ( + IN EFI_HANDLE DispatchHandle, + IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext +#endif +) +{ + HDD_PASSWORD *pHddPassword, *StoredHDDList; + DLINK *dlink; + EFI_STATUS Status=EFI_SUCCESS; + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + pHddPassword = (HDD_PASSWORD *)CommBuffer; +#else + Status = pBS->LocateProtocol(&gSecurityModeProtocolGuid, NULL, &IdeSecurityInterface); + if(!EFI_ERROR(Status)) { + pHddPassword = IdeSecurityInterface->pHDDPasswordBuffer; + } +#endif + + if (!pHddPassword) { + RETURN(Status); + } + +// Check if signature is present or not + if ((UINT32) pHddPassword->Signature != '$HDD') { + RETURN(Status); + } + +// Check whether info about the HDD is already present + dlink = gPasswordList.pHead; + for ( ; dlink; dlink = dlink->pNext) { + StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD); + if(StoredHDDList->ModeFlag) { + if (StoredHDDList->PortNumber == pHddPassword->PortNumber) { + DListDelete(&gPasswordList, &StoredHDDList->LinkList); + } + } else { + if ((StoredHDDList->BaseAddress == pHddPassword->BaseAddress) && + (StoredHDDList->Device == pHddPassword->Device)) { + DListDelete(&gPasswordList, &StoredHDDList->LinkList); + } + } + + } + RETURN(Status); +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IdeSmmMiscSmiPassword +// +// Description: This Function Freeze locks HDD, Issues Disable/Enable Software +// Settings preservation Feature for Security Supported HDDs. +// Input: DispatchHandle Handle to the Dispatcher +// DispatchContext SW SMM dispatcher context +// +// Output: None +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) +EFI_STATUS IdeSmmMiscSmiPassword ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *DispatchContext OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL +#else +VOID IdeSmmMiscSmiPassword ( + IN EFI_HANDLE DispatchHandle, + IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext +#endif +) +{ + EFI_STATUS Status; + HDD_PASSWORD *StoredHDDList; + DLINK *dlink; + + dlink = gPasswordList.pHead; + for ( ; dlink; dlink = dlink->pNext) { + StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD); + if (StoredHDDList->Signature == '$HDD') { + + Status = SMMIdeNonDataCommand (StoredHDDList, + 0, + 0, + 0, + 0, + 0, + SECURITY_FREEZE_LOCK); + + // Check for errors + Status = SMMWaitForCmdCompletion (StoredHDDList); + if (EFI_ERROR(Status)) { + RETURN(Status); + } + +#if DISABLE_SOFT_SET_PREV || FORCE_HDD_PASSWORD_PROMPT + + Status = SMMIdeNonDataCommand (StoredHDDList, + DISABLE_SATA2_SOFTPREV, + 6, + 0, + 0, + 0, + SET_FEATURE_COMMAND); + + // Check for errors + Status = SMMWaitForCmdCompletion (StoredHDDList); + if (EFI_ERROR(Status)) { + RETURN(Status); + } +#endif + } + } + + RETURN(Status); +} + + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: LocateAhciSMM +// +// Description: This function Locates the AhciSMM driver and save pointer globally. +// +// Input: DispatchHandle Handle to the Dispatcher +// DispatchContext SW SMM dispatcher context +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) +EFI_STATUS LocateAhciSMM ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *DispatchContext OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL +#else +VOID LocateAhciSMM ( + IN EFI_HANDLE DispatchHandle, + IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext +#endif +) +{ + EFI_STATUS Status=EFI_SUCCESS; + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + // Unlock command Buffer + AhciSecurityBuffer = (UINT8 *)(*(UINTN *)CommBuffer); +#else + if(!AhciSecurityBuffer) { + Status = pBS->AllocatePool ( EfiReservedMemoryType, + 512, + (VOID**)&AhciSecurityBuffer ); + } +#endif + + LocateIdeSmmProtocols(); + RETURN(Status); +} + + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IdeSmmInSmmFunction +// +// Description: Called from InstallSmiHandler +// +// Input: +// +// +// Output: None +// +// Modified: +// +// Referrals: +// +// Notes: +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS IdeSmmInSmmFunction( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + EFI_SMM_SW_REGISTER_CONTEXT Unlock_HDD_Password = {SW_SMI_HDD_UNLOCK_PASSWORD}; + EFI_SMM_SW_REGISTER_CONTEXT IdeSmm_MiscSmi_Password = {SW_SMI_HDD_MISC_SMM_FEATURES}; + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) + EFI_SMM_BASE2_PROTOCOL *pSmmBase2; + EFI_SMM_SW_DISPATCH2_PROTOCOL *pSwDispatch = NULL; + +#else + EFI_SMM_BASE_PROTOCOL *pSmmBase; + EFI_SMM_SW_DISPATCH_PROTOCOL *pSwDispatch = NULL; +#endif + +#if defined(PI_SPECIFICATION_VERSION)&&!(PI_SPECIFICATION_VERSION>=0x00010014) + EFI_SMM_SW_REGISTER_CONTEXT Save_HDD_Password = {SW_SMI_HDD_PASSWORD_SAVE}; + EFI_SMM_SW_REGISTER_CONTEXT Remove_HDD_Password = {SW_SMI_HDD_PASSWORD_REMOVE}; + EFI_SMM_SW_REGISTER_CONTEXT Locate_Ahci_SMM = {SW_SMI_AHCI_LOCATE_AHCI_SMM}; +#endif + + InitAmiBufferValidationLib(ImageHandle, SystemTable); + Status = InitAmiSmmLib( ImageHandle, SystemTable ); + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B) + + Status = pBS->LocateProtocol(&gEfiSmmBase2ProtocolGuid, NULL, &pSmmBase2); + + if (EFI_ERROR(Status)) { + return Status; + } + + // + // We are in SMM, retrieve the pointer to SMM System Table + // + Status = pSmmBase2->GetSmstLocation( pSmmBase2, &gSmst); + if (EFI_ERROR(Status)) { + return EFI_UNSUPPORTED; + } + + Status = gSmst->SmmLocateProtocol( &gEfiSmmSwDispatch2ProtocolGuid, \ + NULL, \ + &pSwDispatch ); + +#else + + Status = pBS->LocateProtocol(&gEfiSmmBaseProtocolGuid, NULL, &pSmmBase); + if (EFI_ERROR(Status)) { + return Status; + } + + Status = pSmmBase->GetSmstLocation(pSmmBase,&gSmst); + if (EFI_ERROR(Status)) { + return Status; + } + + Status = pBS->LocateProtocol(&gEfiSmmSwDispatchProtocolGuid, NULL, &pSwDispatch); +#endif + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + DListInit(&gPasswordList); + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + + Status = gSmst->SmiHandlerRegister( + (VOID *)SaveHDDPassword, + &gSaveHddPasswordGuid, + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + Status = gSmst->SmiHandlerRegister( + (VOID *)RemoveHDDPassword, + &gRemoveHddPasswordGuid, + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + Status = gSmst->SmiHandlerRegister( + (VOID *)LocateAhciSMM, + &gLocateIdeAhciSmmProtocolGuid, + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + } + +#else + Status = pSwDispatch->Register( + pSwDispatch, + SaveHDDPassword, + &Save_HDD_Password, + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + Status = pSwDispatch->Register( + pSwDispatch, + RemoveHDDPassword, + &Remove_HDD_Password, + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + Status = pSwDispatch->Register( + pSwDispatch, + LocateAhciSMM , + &Locate_Ahci_SMM , + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + +#endif + + Status = pSwDispatch->Register( + pSwDispatch, + UnlockHDDPassword, + &Unlock_HDD_Password, + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + + Status = pSwDispatch->Register( + pSwDispatch, + IdeSmmMiscSmiPassword , + &IdeSmm_MiscSmi_Password , + &Handle + ); + + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return Status; + } + + return EFI_SUCCESS; +} + + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IdeHDDPasswordSMMInit +// +// Description: Initializes HDD Password SMM Drivers. +// +// Input: +// +// Output: +// EFI_STATUS +// +// Modified: +// +// Referrals: +// +// Notes: +// Here is the control flow of this function: +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS +IdeHDDPasswordSMMInit( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + InitAmiLib(ImageHandle,SystemTable); + return InitSmmHandler(ImageHandle, SystemTable, IdeSmmInSmmFunction, NULL); +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2015, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + diff --git a/Core/EM/HddSecurity/IDESMM.cif b/Core/EM/HddSecurity/IDESMM.cif new file mode 100644 index 0000000..f64fdff --- /dev/null +++ b/Core/EM/HddSecurity/IDESMM.cif @@ -0,0 +1,12 @@ +<component> + name = "IDESMM" + category = ModulePart + LocalRoot = "Core\EM\HddSecurity\" + RefName = "IDESMM" +[files] +"IDESMM.sdl" +"IDESMM.mak" +"IDESMM.h" +"IDESMM.c" +"IDESMM.DXS" +<endComponent> diff --git a/Core/EM/HddSecurity/IDESMM.h b/Core/EM/HddSecurity/IDESMM.h new file mode 100644 index 0000000..e3850a4 --- /dev/null +++ b/Core/EM/HddSecurity/IDESMM.h @@ -0,0 +1,198 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.h 7 12/09/14 1:41a Anbuprakashp $ +// +// $Revision: 7 $ +// +// $Date: 12/09/14 1:41a $ +// +//********************************************************************* +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.h $ +// +// 7 12/09/14 1:41a Anbuprakashp +// [TAG] EIP193600 +// [Category] Improvement +// [Description] Security Enhancement for SMIHandler in HddSecurity +// module +// [Files] IDESMM.mak, IDESMM.h, IDESMM.c +// +// 6 1/08/13 12:41a Rameshr +// [TAG] EIP109495 +// [Category] Improvement +// [Description] HddSecurity driver needs to be updated for PI +// specification 1.2 +// [Files] IdeSmm.c, IdeSmm.dxs, IdeSmm.h, IdeSmm.cif +// +// 5 9/27/11 3:04a Rajeshms +// [TAG] EIP69295 +// [Category] Improvement +// [Description] The Timeout values used by IDE and AHCI drivers are +// made as SDL tokens, so that the timeout values can be varied. +// [Files] IdeBusBoard.c, CORE_DXE.sdl, AhciSmm.h, AhciBus.h, IDESMM.h, +// Ata.c, Atapi.c, IdeBus.c, IdeBus.h, IdeBusMaster.c, IdeBusBoard.h +// +// 4 3/24/11 5:24a Rameshr +// [TAG] - EIP 56827 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - Buld error from IdeSmm.h +// [RootCause]- Invalid characters in IdeSmm.h +// [Solution] - Removed the Invalid Charater from IdeSmm.h +// [Files] - IdeSmm.h +// +// 3 1/15/10 10:16a Yul +// Coding Standard +// +// 2 4/28/09 6:57p Rameshr +// HDD password support in RAID mode +// EIP:20421 +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// 2 22/06/07 12:44p Anandakrishnanl +// HardDisk Security Support Module Added. +// Need ACPI Module and SB Module and under Core\Include we updated +// Setup.h. +// Also New IdeBus bin module. +// +// 1 13/04/07 3:08p Anandakrishnanl +// Ide Bus Module - Update source files to comply with AMI coding +// standard"!!! +// +//********************************************************************* + +//<AMI_FHDR_START> +//---------------------------------------------------------------------------- +// +// Name: <IDESMM.h> +// +// Description: This file contains the Includes, Definitions, typedefs, +// Variable and External Declarations, Structure and +// function prototypes needed for the IDESMM Component +// +//---------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#ifndef _IDESMM_H_ +#define _IDESMM_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <Token.h> +#include <AmiDxeLib.h> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION>=0x4028B) +#include <Protocol\SmmCpu.h> +#include <Protocol\SmmBase2.h> +#include <Protocol\SmmSwDispatch2.h> +#else +#include <Protocol\SmmBase.h> +#include <Protocol\SmmSwDispatch.h> +#endif +#include "IdeSecurity.h" +#include <AmiBufferValidationLib.h> + +#ifndef DMA_ATAPI_COMMAND_COMPLETE_TIMEOUT +#define DMA_ATAPI_COMMAND_COMPLETE_TIMEOUT 16000 // 16Sec +#endif + +#ifndef S3_BUSY_CLEAR_TIMEOUT +#define S3_BUSY_CLEAR_TIMEOUT 10000 // 10Sec +#endif + +#ifndef HBA_CAP +#define HBA_CAP 0x0000 +#endif + +#ifndef HBA_CAP_NP_MASK +#define HBA_CAP_NP_MASK 0x1F +#endif + +#ifndef HBA_PORTS_START +#define HBA_PORTS_START 0x0100 +#endif + +#ifndef HBA_PORTS_REG_WIDTH +#define HBA_PORTS_REG_WIDTH 0x0080 +#endif + +#define BUSY_CLEAR_TIMEOUT 1000 // 1Sec +#define DRDY_TIMEOUT 1000 // 1Sec +#define DRQ_TIMEOUT 10 // 10msec +#pragma pack(1) + +typedef struct +{ + UINT8 bFeature; + UINT8 bSectorCount; + UINT8 bLbaLow; + UINT8 bLbaMid; + UINT8 bLbaHigh; + UINT8 bDevice; + UINT8 bCommand; +} COMMAND_BUFFER; + +#pragma pack() + +EFI_STATUS SMMSecurityUnlockCommand ( + HDD_PASSWORD *pHddPassword +); + +EFI_STATUS SMMIdeNonDataCommand ( + HDD_PASSWORD *pHddPassword, + IN UINT8 Features, + IN UINT8 SectorCount, + IN UINT8 LBALow, + IN UINT8 LBAMid, + IN UINT8 LBAHigh, + IN UINT8 Command ); + +void ZeroMemorySmm ( + void *Buffer, + UINTN Size ); + +EFI_STATUS +IdeSmmInSmmFunction( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ); + + +/****** DO NOT WRITE BELOW THIS LINE *******/ +#ifdef __cplusplus +} +#endif + +#endif // _IDESMM_H_ + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Core/EM/HddSecurity/IDESMM.mak b/Core/EM/HddSecurity/IDESMM.mak new file mode 100644 index 0000000..723b4f4 --- /dev/null +++ b/Core/EM/HddSecurity/IDESMM.mak @@ -0,0 +1,95 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2005, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.mak 4 12/09/14 1:41a Anbuprakashp $ +# +# $Revision: 4 $ +# +# $Date: 12/09/14 1:41a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.mak $ +# +# 4 12/09/14 1:41a Anbuprakashp +# [TAG] EIP193600 +# [Category] Improvement +# [Description] Security Enhancement for SMIHandler in HddSecurity +# module +# [Files] IDESMM.mak, IDESMM.h, IDESMM.c +# +# 3 6/06/13 2:24a Rameshr +# [TAG] EIP122239 +# [Category] Improvement +# [Description] IdeSmm should be part of the SMM driver +# [Files] IdeSmm.mak +# +# 2 6/01/10 12:28p Krishnakumarg +# Removed Tab spaces +# +# 1 28/02/08 6:40p Anandakrishnanl +# Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +# IdeBus driver to be compatable with the AHCI Bus driver. +# +# 2 13/04/07 3:08p Anandakrishnanl +# Ide Bus Module - Update source files to comply with “AMI coding +# standard"!!! +# +# 1 12/14/05 2:57p Srinin +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: IDESMM.mak +# +# Description: Make file for the Idesmm component +# +#<AMI_FHDR_END> +#********************************************************************** +all : IdeSMM + +IdeSMM : $(BUILD_DIR)\IdeSMM.mak IdeSMMBin + +$(BUILD_DIR)\IdeSMM.mak : $(IDESMM_DIR)\$(@B).cif $(IDESMM_DIR)\$(@B).mak $(BUILD_RULES) + $(CIF2MAK) $(IDESMM_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS) + +IDE_SMM_INCLUDES = $(AMIDXELIB) \ + $(BUILD_DIR)\AmiBufferValidationLib.lib + +IdeSMMBin : $(IDE_SMM_INCLUDES) + @set INCLUDE=%%INCLUDE%% + $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\ + /f $(BUILD_DIR)\IdeSMM.mak all\ + GUID=316B1230-0500-4592-8C09-EABA0FB6B07F\ + ENTRY_POINT=IdeHDDPasswordSMMInit\ +!IF $(PI_SPECIFICATION_VERSION)<0x00001000A + TYPE=BS_DRIVER\ +!ELSE + TYPE=SMM_DRIVER\ +!ENDIF + COMPRESS=1\ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2005, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#**********************************************************************
\ No newline at end of file diff --git a/Core/EM/HddSecurity/IDESMM.sdl b/Core/EM/HddSecurity/IDESMM.sdl new file mode 100644 index 0000000..d6ddda5 --- /dev/null +++ b/Core/EM/HddSecurity/IDESMM.sdl @@ -0,0 +1,66 @@ +TOKEN + Name = "IDESMM_SUPPORT" + Value = "1" + Help = "Main switch to enable IDESMM support in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + Master = Yes + Token = "HDD_SECURITY_SUPPORT" "=" "1" +End + +TOKEN + Name = "SW_SMI_HDD_PASSWORD_SAVE" + Value = "0D0h" + TokenType = Integer + TargetEQU = Yes + TargetH = Yes +End + +TOKEN + Name = "SW_SMI_HDD_UNLOCK_PASSWORD" + Value = "0D1h" + TokenType = Integer + TargetEQU = Yes + TargetH = Yes +End + +TOKEN + Name = "SW_SMI_HDD_PASSWORD_REMOVE" + Value = "0D2h" + TokenType = Integer + TargetEQU = Yes + TargetH = Yes +End + +TOKEN + Name = "SW_SMI_HDD_MISC_SMM_FEATURES" + Value = "0D3h" + TokenType = Integer + TargetEQU = Yes + TargetH = Yes +End + +TOKEN + Name = "SW_SMI_AHCI_LOCATE_AHCI_SMM" + Value = "0D4h" + TokenType = Integer + TargetEQU = Yes + TargetH = Yes +End + +PATH + Name = "IDESMM_DIR" +End + +MODULE + Help = "Includes IDESMM.mak to Project" + File = "IDESMM.mak" +End + +ELINK + Name = "$(BUILD_DIR)\IDESMM.ffs" + Parent = "FV_MAIN" + Token = "IDESMM_SUPPORT" "=" "1" + InvokeOrder = AfterParent +End
\ No newline at end of file diff --git a/Core/EM/HddSecurity/IdeSecurity.c b/Core/EM/HddSecurity/IdeSecurity.c new file mode 100644 index 0000000..cfa9d89 --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.c @@ -0,0 +1,2939 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2015, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.c 43 4/22/15 3:57a Anbuprakashp $ +// +// $Revision: 43 $ +// +// $Date: 4/22/15 3:57a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.c $ +// +// 43 4/22/15 3:57a Anbuprakashp +// [TAG] EIP212319 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] System hang while SW_SMI_AHCI_LOCATE_AHCI_SMM SMI trigger +// after enable SmmChkEn bit +// [RootCause] Bootservice call used inside IdeSmm driver which causes +// the Exception +// [Solution] Changes made not to use BootService calls inside IdeSmm +// driver +// [Files] IdeSecurity.h +// IdeSecurity.c +// IDESMM.c +// +// 42 3/16/15 5:50a Rameshr +// [TAG] EIP208331 +// [Category] Improvement +// [Description] Avoid sending freeze Lock command to the device if the +// HDD already in frozen state +// [Files] IdeSecurity.c, HddPassword.c +// +// 41 6/09/14 9:30a Anbuprakashp +// [TAG] EIP172445 +// [Category] Improvement +// [Description] Runtime attribute set for the some of the variable used +// by Aptio-4 HddSecurity driver and needs to be reviewed +// [Files] IdeSecurity.c +// +// 40 4/07/14 2:39a Nimishsv +// [TAG] EIP151848 +// [Category] Improvement +// [Description] [HDD security]Clear HDD security data related variable +// when secuirty disabled +// [Files] IdeSecurity.c +// +// 39 3/25/14 6:21a Rameshr +// [TAG] EIP160499 +// [Category] Improvement +// [Description] Do not get HDD password variable if HDD is in lock +// state +// [Files] IdeSecurity.c +// +// 38 3/25/14 6:12a Rameshr +// [TAG] EIP124591 +// [Category] Improvement +// [Description] Before sending the freeze lock command for the HDD, +// check the Hdd security status (locked or unlocked) and if the hdd is +// unlocked state, send the freeze lock command to hdd +// [Files] IdeSecurity.c +// +// 37 12/18/13 4:05a Srikantakumarp +// [TAG] EIP127356 +// [Category] Improvement +// [Description] Flash NVRAM seems to cause HDD can't be unlocked when +// S3 resume. +// [Files] IdeSecurity.c, IDESMM.c, HddPassword.c, AhciBus.c, AhciBus.h +// +// 36 1/17/12 12:50a Jittenkumarp +// [TAG] EIP78432 +// [Category] Bug Fix +// [Symptom] The password set for OEM_MASTER_PASSWORD_TAG token is not +// authenticated when the token SETUP_PASSWORD_NON_CASE_SENSITIVE is set +// to 1. +// [RootCause] When SETUP_PASSWORD_NON_CASE_SENSITIVE token is 1, input +// password is always converted to Uppercase but OEM_MASTER_PASSWORD_TAG +// is in lower case. +// [Solution] OEM_MASTER_PASSWORD_TAG is converted into Uppercase before +// storing in memory. +// [Files] IdSecurity.c +// +// 35 1/05/12 6:25a Anandakrishnanl +// [TAG] EIP79637 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] Enhanced Erase Mode not Working +// [RootCause] IdeSecurity Module SecurityEraseUnit did not handle Bit1 +// of Control Word to identify if it is a normal erase or Enhanced erase +// [Solution] [IdeSecurity Module]SIECURITY ERASE UNIT command needs +// Enhanced mode support +// Code changed from Control &= 0x1; // Bit0 is valid to Control &= 0x3; +// // Bit0 and Bit 1 is valid +// to make EnhancedErase functional. +// [Files] IdeSecurity.c +// +// 34 12/19/11 1:06a Rameshr +// [TAG] EIP77527 +// [Category] Improvement +// [Description] IdeSecurity, IdeAcoustic and IdeSmart changes should be +// done based on the Core Version checking. +// [Files] IdeSecurity.c, IdeSmart.c , Acoustic.c +// +// 33 12/05/11 6:24p Rajkumarkc +// [TAG] EIP77142 +// [Category] Improvement +// [Description] Added the function 'IdeNonDataCommandExp' in the +// 'IDE_BUS_PROTOCOL' and removed the existing function +// 'IdeNonDataCommand' for supporting the upper 24bits of LBA. +// [Files] +// Ata.c, IdeBus.c, Idebus.h, PIDEBus.h, Acoustic.c, IdeSecurity.c, +// IdeSMART.c +// +// 32 10/21/11 4:11a Rameshr +// [TAG] EIP69247 +// [Category] Bug Fix +// [Severity] Minor +// [Symptom] Several IdeSecurity.sdl tokens are not working properly +// [RootCause] Several IdeSecurity.sdl tokens are not working properly +// [Solution] Removed unwanted SDL token and verified all the SDL token +// function. +// [Files] IdeSecurity.c, IdeSecurity.sdl, IdeSecurity.sdl +// +// 31 10/21/11 2:22a Rameshr +// [TAG] EIP70395 +// [Category] Bug Fix +// [Severity] Minor +// [Symptom] When an Empty Master Password string is entered for the +// first time(when no password was installed before), the +// IDEPasswordUpdateHdd returns a Boolean "TRUE" +// [RootCause] SecurityDisablePassword function returns the status of +// SetDefaultMasterPassword function which is EFI_SUCCESS instead of +// returning the status of SecurityCommonRoutine which will fail. +// [Solution] SecurityCommonRoutine function status returned as the +// status for SecurityDisablePassword function. +// [Files] IdeSecurity.c +// +// 30 10/11/11 1:54a Rameshr +// [TAG] EIP69246 +// [Category] Improvement +// [Description] Made the SECURITY_SUPPORT as the Master token and +// removed the IdeSecurity_Support token. +// +// [Files] IdeSecurity.c, IdeSecurity.h, IdeSecurity.mak, +// IdeSecurity.sdl +// +// 29 10/11/11 1:34a Rameshr +// [TAG] EIP70918 +// [Category] Bug Fix +// [Severity] Minor +// [Symptom] On S3 resume system will throw blue screen error, when HDD +// password is set +// [RootCause] Ld assume that the data is UINT64. But the actual data is +// UINT32. +// [Solution] To display d should be enough as the DataId is UINT32 +// [Files] IdeSecurity.c +// +// 28 4/27/11 6:03a Anandakrishnanl +// [TAG] EIP54315 +// [Category] Bug Fix +// [Severity] Important +// [Symptom] SugarBay IdeSecurity increase S3 Resume time +// [RootCause] Setting the MASTER_PASSWORD_ENABLE sdl token in Ide +// security Module saves the password in Smm all the time in reboots. This +// causes the system to ask for master password even when it is not locked +// which causes Long Timeout in S3 resume. +// [Solution] Fix by not saving the master pasword in SMM at the time +// of Set password. Only Unlock password will save validated password in +// SMM area. +// [Files] IdeSecurity.c +// +// 27 4/06/11 12:52a Rameshr +// [TAG]- EIP 57341 +// [Category]-IMPROVEMENT +// [Description]- Added Support for SMM PI 1.1 in HDDSecurity eModule. +// [Files]- IdeSecurity.c , IdeSecurity.h, IdeSecurity.dxs +// +// 26 12/03/10 12:23a Rameshr +// [TAG] - EIP 48770 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - HddSecurity build error when disable the IDEBUS module.. +// [RootCause]- IdebusLib used with IdeSecurity Module. +// [Solution] - Removed IdebusLib usage from source and mak file. +// [Files] - Idesecurity.c, IdeSecurity.mak +// +// 25 10/20/10 2:49a Rameshr +// [TAG]- EIP 43492 +// [Category]-IMPROVEMENT +// [Description]- Added the INTEL_IDE_PROTOCOL also to support old Core +// and drivers. +// [Files]- IdeSecurity.c +// +// 24 10/11/10 6:36p Krishnakumarg +// [TAG] - EIP 44603 +// [Category] - Enhancement +// [Severity] - Minor +// [Symptom] - No Hdd Password in Nvram once enable +// FORCE_HDD_PASSWORD_PROMPT +// [RootCause]- Password not stored in NVRAM on enabling the +// FORCE_HDD_PASSWORD_PROMPT token. +// [Solution] - Password will be stored in nvram based on +// HDD_PASSWORD_ON_NVRAM token. +// [Files] - IdeSecurity.c, IdeSecurity.sdl +// +// 23 10/11/10 10:59a Krishnakumarg +// [TAG]- EIP 43249 +// [Category]-IMPROVEMENT +// [Description]- Non-Ascii character in comments causing build problem in +// japanese XP +// [Files]- IdeSecurity.c,IDESMM.c, InstallIdeSmi, Ata.c, Atapi.c, +// IDEBusComponentName.c, IdeBusMaster.c, IdeHPA.c, IdePowerManagement.c +// +// 22 9/13/10 1:37a Rameshr +// [TAG]- EIP 43299 +// [Category]-IMPROVEMENT +// [Description]- About IdeSecurity module. It use soft smi port 0xb2 +// directly.It will need to re-modify on all of AMD project. +// 1) Added the SDL token for Sw SMI port address. +// 2) Used Pciio protocol to get the device location and +// passed this information to SMM driver. +// [Files]- IdeSecurity.c, IdeSmm.c, PideBus.h +// +// 21 9/13/10 1:31a Rameshr +// [TAG]- EIP 43492 +// [Category]-IMPROVEMENT +// [Description]- Change the INTEL_IDE_PROTOCOL into EFI_IDE_PROTOCOL in +// IdeSecurity.c +// [Files]- IdeSecurity.c +// +// 20 6/07/10 7:18p Krishnakumarg +// Build error in "4.6.3_HddSecurity_011" label.EIP#39531 +// +// 19 5/06/10 4:39p Yul +// Refer to EIP 37975 IdeSecurity related fixes. +// +// 18 2/19/10 12:47p Yul +// Delete the comment out codes +// +// 17 1/21/10 12:06p Yul +// Refer to EIP 33848. +// LegacyBios protocol is not needed here. +// +// 16 1/15/10 10:20a Yul +// Coding Standard +// +// 15 12/22/09 3:22p Krishnakumarg +// Update for chm file. Added some more comments in function headers +// +// 14 12/09/09 12:17p Krishnakumarg +// EIP 31797 : IDE Security API documentation. Added comments whereever +// possible and modified files for coding standard +// +// 13 11/25/09 6:02p Krishnakumarg +// Updated the file with comments to comply with AMI coding standard. +// +// 12 10/14/09 12:49p Krishnakumarg +// CloseEvent funtion used instead of a static variable in callback +// routines - EIP 27065 +// +// 11 7/09/09 4:52p Fasihm +// Update Identify Data before checking the Security Status of the Hard +// Disk. +// +// 10 4/28/09 6:52p Rameshr +// HDD password support in RAID mode +// EIP:20421 +// +// 9 3/31/09 7:02p Davidd +// Added FORCE_HDD_PASSWORD_PROMPT token and Device Configuration Freeze +// Lock programming. +// +// 8 3/29/09 11:11a Rameshr +// Security Erase command timeout value should be from the Identify packet +// command word 89. Added code in Ahci and IDE drivers. So removed the +// Extra timeout checking code from here. +// EIP 20630 +// +// 7 3/18/09 11:24a Fredericko +// EIP19618 removed dependency on foundation.lib +// +// 6 3/13/09 3:41p Fredericko +// +// 1 10/17/08 7:28p Fasihm +// This is the Initial check-in for the complete AMI Aptio source for the +// Calpella Crb platform based on Clarksfield and Ibex Peak - M chipsets. +// +// 5 9/15/08 9:01p Rameshraju +// Password Buffer is cleard before saving the password. +// +// 4 4/11/08 4:24p Rameshraju +// 1)Enter the Emptry string for the master password, will set the default +// OEM password and in setup password status will be not installed. +// 2)If the revision code is not 0, then SecuritySetPassword will use +// revision code from the input parameters. +// 3)HddSecutiyData Nvram variable master password cleared when we set +// user password and user password cleared when we set master password. +// 4)When we disable the password, HddSecutiyData Nvram variable also +// updated properly. +// 5)Password lenght stored in HddSecData structure. +// +// 3 4/09/08 4:22p Rameshraju +// Build error resolved when the MASTER_PASSWORD_ENABLED. +// +// 2 10/03/08 6:47p Anandakrishnanl +// Removed FreezeLock related code from SMI for improving the S3 resume +// time. +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// 15 10/23/07 4:17p Felixp +// IDE Security support moved from Sources to Binary +// +// 14 9/25/07 3:24p Rameshraju +// Set the OEM default master password when the HDD is in unlocked and Not +// Frozen State +// +// 13 14/08/07 1:57p Anandakrishnanl +// Changes made for: +// 1. Prompt for current password inside setup. +// 2. Display HardDisk Security Status information. +// 3. Master Password Verification Logic modified. +// 4. Added Password install status in ReturnIdePasswordFlags +// protocol function. +// +// 12 22/06/07 12:40p Anandakrishnanl +// HardDisk Security Support Module Added. +// Need ACPI Module and SB Module and under Core\Include we updated +// Setup.h. +// Also New IdeBus bin module. +// +// 11 13/04/07 3:05p Anandakrishnanl +// Ide Bus Module - Update source files to comply with AMI coding +// standard"!!! +// +// 10 12/20/06 1:25p Felixp +// Warning fixed +// +// 9 12/18/06 11:59a Srinin +// Moved CreateReadytoBootEvent little later so that Ide Controller is +// restored first before HDD is unlocked during S3 Resume. +// +// 8 11/17/06 3:41p Ambikas +// +// 7 10/12/06 9:42a Felixp +// UEFI2.0 compliance: use CreateReadyToBootEvent instead of CreateEvent +// +// 6 3/21/06 4:47p Srinin +// Build error fixed. +// +// 5 3/13/06 2:21a Felixp +// +// 4 1/09/06 11:36a Felixp +// +// 2 12/14/05 3:09p Srinin +// HDD password unlock during S3 resume support added. +// +// 1 12/01/05 9:43a Felixp +// +// 6 3/04/05 11:35a Mandal +// +// 5 1/18/05 3:22p Felixp +// PrintDebugMessage renamed to Trace +// +// 3 1/13/05 4:25p Srinin +// Procedure names modified. +// +// 2 1/10/05 11:31a Srinin +// IDESecurity Interface changed. +// +// 1 1/05/05 11:22a Srinin +// IDE Password Support added. +// +// +//<AMI_FHDR_START> +//--------------------------------------------------------------------------- +// +// Name: IDESecurityServices.c +// +// Description: IDE Security Support +// +//--------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#include "IdeSecurity.h" + + + +static EFI_GUID gHddSecurityInitProtocolGuid + = HDD_SECURITY_INIT_PROTOCOL_GUID; +static EFI_GUID gEfiBootScriptSaveGuid + = EFI_BOOT_SCRIPT_SAVE_GUID; +static EFI_GUID gIdeSecurityPwNvguid + = IDE_SECURITY_PWNV_GUID; +static EFI_GUID gSecurityModeProtocolGuid + = IDE_SECURITY_INTERFACE_GUID; +static EFI_GUID gEfiBlockIoProtocolGuid + = EFI_BLOCK_IO_PROTOCOL_GUID; + +extern EFI_DRIVER_BINDING_PROTOCOL gIdeBusDriverBinding; +extern EFI_EVENT gIDEBusEvtMiscSmmFeatures; +EFI_EVENT BootEvent = NULL; +EFI_EVENT gIDEBusEvtBootScript = NULL; + +const CHAR16 *sOemMasterPasswordTag + = CONVERT_TO_WSTRING( OEM_MASTER_PASSWORD_TAG ); +const CHAR16 *sDefaultMasterPasswordTag + = CONVERT_TO_WSTRING( DEFAULT_MASTER_PASSWORD_TAG ); + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) +EFI_SMM_CONTROL2_PROTOCOL *mSmmCtl=NULL; +#else +EFI_SMM_CONTROL_PROTOCOL *mSmmCtl=NULL; +#endif + +HDD_PASSWORD *gHDDPasswordBuffer = NULL; +EFI_SMM_COMMUNICATION_PROTOCOL *gSmmCommunication = NULL; + +#ifdef SW_SMI_IO_ADDRESS +UINT8 SwSmiPort=SW_SMI_IO_ADDRESS; +#else +// +// Default Sw Smi port +// +UINT8 SwSmiPort=0xB2; +#endif + +EFI_STATUS +HDDPortReset( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag +); + + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: InstallSecurityInterface +// +// Description: Checks whether the device supports Security mode or not. +// If yes, installs SecurityProtocol. +// +// Input: +// IN VOID *BusInterface, +// IN BOOLEAN ModeFlag +// +// Output: +// EFI_SUCCESS : Security Mode supported. +// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS InstallSecurityInterface( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + SECURITY_PROTOCOL *IdeSecurityInterface; + EFI_HANDLE IdeDeviceHandle; + IDENTIFY_DATA IdentifyData; + + #if MASTER_PASSWORD_ENABLE + UINT32 IdePasswordFlags = 0; + #endif + + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + IdentifyData = IdeBusInterface->IdeDevice.IdentifyData; + IdeDeviceHandle = IdeBusInterface->IdeDeviceHandle; + } + else { + IdentifyData = SataDevInterface->IdentifyData; + IdeDeviceHandle = SataDevInterface->IdeDeviceHandle; + } + + if ((IdentifyData.Command_Set_Supported_82 & 0x2) == 0 ) + { + return EFI_UNSUPPORTED; + } + + Status = pBS->AllocatePool( EfiBootServicesData, + sizeof(SECURITY_PROTOCOL), + (VOID**)&IdeSecurityInterface ); + + if ( EFI_ERROR( Status )) + { + return Status; + } + + // + // gHDDPasswordBuffer is allocated only once. The same buffer will be used for all devices. + // + if ( gHDDPasswordBuffer == NULL ) + { + Status = pBS->AllocatePool( EfiBootServicesData, + sizeof(HDD_PASSWORD), + (VOID**)&gHDDPasswordBuffer ); + + if ( EFI_ERROR( Status )) + { + return Status; + } + } + + if ( ModeFlag == FALSE ) + { + IdeBusInterface->IdeSecurityInterface = IdeSecurityInterface; + IdeSecurityInterface->BusInterface = IdeBusInterface; + } + else { + SataDevInterface->IdeSecurityInterface = IdeSecurityInterface; + IdeSecurityInterface->BusInterface = SataDevInterface; + } + + IdeSecurityInterface->ReturnSecurityStatus = ReturnSecurityStatus; + IdeSecurityInterface->SecuritySetPassword = SecuritySetPassword; + IdeSecurityInterface->SecurityUnlockPassword = SecurityUnlockPassword; + IdeSecurityInterface->SecurityDisablePassword = SecurityDisablePassword; + IdeSecurityInterface->SecurityFreezeLock = SecurityFreezeLock; + IdeSecurityInterface->SecurityEraseUnit = SecurityEraseUnit; + IdeSecurityInterface->ReturnIdePasswordFlags = ReturnIdePasswordFlags; + IdeSecurityInterface->pHDDPasswordBuffer = gHDDPasswordBuffer; + + // + // Set ModeFlag to FALSE if IdeBus else TRUE for Ahci Bus. + // + IdeSecurityInterface->ModeFlag = ModeFlag; // Ide Bus + + // + // Install the protocol on the device + // + Status = pBS->InstallMultipleProtocolInterfaces( + &IdeDeviceHandle, + &gSecurityModeProtocolGuid, IdeSecurityInterface, + NULL ); + + if ( gIDEBusEvtBootScript == NULL ) + { + // + // Create event for boot script + // + Status = CreateReadyToBootEvent( + TPL_CALLBACK, + IdeBusCallbackBootScript, + NULL, + &gIDEBusEvtBootScript + ); + ASSERT_EFI_ERROR( Status ); + } + + // + // Install the Readytoboot event to locate the AhciSMM protocol interface for IdeSmm driver. + // AhciSmm protocol is valid only on AHCI mode. Other mode Callback is not needed + // + if ((BootEvent == NULL) && (ModeFlag)) + { + + // Send data to SMM. + Status = pBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &gSmmCommunication); + if (EFI_ERROR(Status)) { + gSmmCommunication=NULL; + } + + // + // Create event for boot script + // + Status = CreateReadyToBootEvent( + TPL_CALLBACK, + LocateAhciSmmServiceEvent, + NULL, + &BootEvent + ); + ASSERT_EFI_ERROR( Status ); + } + + #if MASTER_PASSWORD_ENABLE + // + // Check if OEM_DEFAULT_MASTER_PASSWORD is enabled and + // DISPLAY_MASTER_PASSWORD is Disabled + // + Status = ReturnIdePasswordFlags( + (IDE_SECURITY_PROTOCOL*)IdeSecurityInterface, + &IdePasswordFlags + ); + + ASSERT_EFI_ERROR( Status ); + + if ((IdePasswordFlags & 0x0800) && (!(IdePasswordFlags & 0x0008))) + { + Status = OEMSetMasterPassword( + (IDE_SECURITY_PROTOCOL*)IdeSecurityInterface ); + ASSERT_EFI_ERROR( Status ); + } + #endif + + return EFI_SUCCESS; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: StopSecurityModeSupport +// +// Description: Stops the security mode support by uninstalling the +// security interface. +// +// Input: +// IN VOID *BusInterface, +// IN BOOLEAN ModeFlag +// +// Output: +// EFI_SUCCESS : Security Mode supported +// EFI_DEVICE_ERROR : Not supported +// +// Referrals: ReturnSecurityStatus +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS StopSecurityModeSupport( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + EFI_HANDLE IdeDeviceHandle; + SECURITY_PROTOCOL *IdeSecurityInterface; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + IdeSecurityInterface = IdeBusInterface->IdeSecurityInterface; + IdeDeviceHandle = IdeBusInterface->IdeDeviceHandle; + } + else { + IdeSecurityInterface = SataDevInterface->IdeSecurityInterface; + IdeDeviceHandle = SataDevInterface->IdeDeviceHandle; + } + + if ( IdeSecurityInterface == NULL ) + { + return EFI_SUCCESS; + } + + // + // Install Devicepath and BLOCK_IO on a new handle + // + Status = pBS->UninstallMultipleProtocolInterfaces( + IdeDeviceHandle, + &gSecurityModeProtocolGuid, + IdeSecurityInterface, + NULL ); + + if ( Status == EFI_SUCCESS ) + { + pBS->FreePool( IdeSecurityInterface ); + IdeSecurityInterface = NULL; + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: IdeBusCallbackBootScript +// +// Description: Saves the IDE registers in a boot script. +// +// Input: +// IN EFI_EVENT Event +// IN VOID *Context +// +// Output: +// None +// +// Referrals: SmmHDDPasswordInterface +// +// Notes: Will be called only if HDD loses power in S3 state. A SW SMI will +// be created during S3 resume, to unlock the HDD and put it in +// Freeze state. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID IdeBusCallbackBootScript( + IN EFI_EVENT Event, + IN VOID *Context ) +{ + EFI_BOOT_SCRIPT_SAVE_PROTOCOL *BootScriptSave; + EFI_STATUS Status; + UINT8 Value = SW_SMI_HDD_UNLOCK_PASSWORD; + + + Status = pBS->LocateProtocol( + &gEfiBootScriptSaveGuid, + NULL, + &BootScriptSave + ); + + if ( EFI_ERROR( Status )) + { + return; + } + + BOOT_SCRIPT_S3_IO_WRITE_MACRO( + BootScriptSave, + EfiBootScriptWidthUint8, + SwSmiPort, + 1, + &Value + ); + + // + //Kill the Event + // + pBS->CloseEvent( Event ); +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: IdeBusMiscSmmFeatureCallback +// +// Description: Saves the IDE registers in a boot script. +// +// Input: +// IN EFI_EVENT Event +// IN VOID *Context +// +// Output: +// None +// +// Referrals: SmmHDDPasswordInterface +// +// Notes: Will be called only if HDD is in AHCI Mode or SWSP is Disabled +// A SW SMI will be created during S3 resume, to Freeze the HDD in AHCI +// or Disable SWSP command through Set feature command is Issued. +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +VOID IdeBusMiscSmmFeatureCallback( + IN EFI_EVENT Event, + IN VOID *Context ) +{ + EFI_BOOT_SCRIPT_SAVE_PROTOCOL *BootScriptSave; + EFI_STATUS Status; + UINT8 Value = SW_SMI_HDD_MISC_SMM_FEATURES; + + static BOOLEAN S3DataSaved = FALSE; + + if ( S3DataSaved ) + { + return; + } + + Status = pBS->LocateProtocol( + &gEfiBootScriptSaveGuid, + NULL, + &BootScriptSave + ); + + if ( EFI_ERROR( Status )) + { + return; + } + + BOOT_SCRIPT_S3_IO_WRITE_MACRO( + BootScriptSave, + EfiBootScriptWidthUint8, + SwSmiPort, + 1, + &Value + ); + + S3DataSaved = TRUE; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: IdeSecurityEntryPoint +// +// Description: This function is the entry point for IDE SECURITY Driver. +// +// Input: +// EFI_HANDLE ImageHandle Image handle. +// EFI_SYSTEM_TABLE *SystemTable Pointer to the EFI system table. +// +// Output: +// EFI_SUCCESS Security interface installed. +// EFI_ERROR Security interface not installed or unable to locate +// some protocol. +// +// Notes: +// Entry Points are used to locate or install protocol interfaces and +// notification events. +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS IdeSecurityEntryPoint( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable ) +{ + EFI_HANDLE Handle = NULL; + EFI_STATUS Status; + + InitAmiLib( ImageHandle, SystemTable ); + + Status = pBS->AllocatePool( EfiBootServicesData, + sizeof(HDD_SECURITY_INIT_PROTOCOL), + (VOID**)&gHddSecurityInitProtocol ); + + if ( EFI_ERROR( Status )) + { + return Status; + } + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) + Status = pBS->LocateProtocol(&gEfiSmmControl2ProtocolGuid, NULL, &mSmmCtl); +#else + Status = pBS->LocateProtocol(&gEfiSmmControlProtocolGuid, NULL, &mSmmCtl); +#endif + + if ( EFI_ERROR( Status )) { + return EFI_UNSUPPORTED; + } + + gHddSecurityInitProtocol->InstallSecurityInterface + = InstallSecurityInterface; + gHddSecurityInitProtocol->StopSecurityModeSupport + = StopSecurityModeSupport; + + Status = pBS->InstallProtocolInterface( + &Handle, + &gHddSecurityInitProtocolGuid, + EFI_NATIVE_INTERFACE, + gHddSecurityInitProtocol + ); + ASSERT_EFI_ERROR( Status ); + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: ReturnSecurityStatus +// +// Description: Returns whether the Device supports Security Mode or not. +// If supported, the current status of the device is returned. +// Security status information will be retrieved from buffer +// updated by IDENTIFY DEVICE(Command Code : 0xEC) command. +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT16 *SecurityStatus +// +// Output: +// EFI_SUCCESS : Security Mode supported +// EFI_UNSUPPORTED : Not supported +// +// UINT16 *SecurityStatus +// Bit 0 : Security Supported +// Bit 1 : Security Enabled +// Bit 2 : Security Locked +// Bit 3 : Security Frozen +// Bit 4 : Security Count Expired +// Bit 5 : Enhanced Security Erase supported +// Bit 6 : Enhanced Security Erase supported +// Bit 8 : Security Level 0:High, 1:Maximum +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS ReturnSecurityStatus( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 *SecurityStatus ) +{ + EFI_STATUS Status = EFI_UNSUPPORTED; + IDENTIFY_DATA IdentifyData; + VOID *BusInterface + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + IdentifyData = IdeBusInterface->IdeDevice.IdentifyData; + } + else { + IdentifyData = SataDevInterface->IdentifyData; + } + + // + // Check if Word 82 Bit 1 is set + // + if ( IdentifyData.Command_Set_Supported_82 & 0x2 ) + { + Status = EFI_SUCCESS; + *SecurityStatus = IdentifyData.Security_Status_128; + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecuritySetPassword +// +// Description: Sets User/Master Password using SECURITY_SET_PASSWORD +// (Commnd Code : 0xF1) security command. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT16 Control, +// UINT8 *Buffer (32 Bytes) +// UINT8 RevisionCode (Valid when Control +// Bit 0 = 1 of Master Password) +// +// Control : Bit 0 : 0/1 User/Master Password +// Bit 8 : 0/1 High/Maximum Security level +// +// Output: +// EFI_SUCCESS : Password set. +// EFI_ERROR : Error in setting Password. +// +// Notes: +// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not 32 +// bytes long,pad it with zeros to create a buffer of 32 bytes. +// 2. If a MasterPassword with a valid Revision code(0x0001 through 0xFFFE) +// already exists, a new MasterPassword with a different revisioncode +// cannot be installed.MasterPassword needs to be unlocked, disabled and +// then a new password can be installed. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS SecuritySetPassword( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer, + UINT16 RevisionCode ) +{ + EFI_STATUS Status; + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + UINT32 HddDataId = 0; + UINT16 UserMaster = 0; + #endif + UINT16 Temp = 1; + + VOID *BusInterface + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag; + IDENTIFY_DATA IdentifyData; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + Control &= 0x0101; // Bit0 and Bit 8 are valid + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + if ( ModeFlag == FALSE ) + { + IdentifyData = IdeBusInterface->IdeDevice.IdentifyData; + } + else { + IdentifyData = SataDevInterface->IdentifyData; + } + + if ((Control & 1) && (RevisionCode == 0)) + { + RevisionCode = DEFAULT_MASTER_PASSWORD_REVISION; + + #if MASTER_PASSWORD_REVISION_SWITCH == 1 + RevisionCode = CHANGED_MASTER_PASSWORD_REVISION; + #endif + + #if MASTER_PASSWORD_REVISION_SWITCH == 2 + Temp = (IdentifyData.Master_Password_Rev_92)++; + + if ((Temp == 0) || (Temp == 0xFFFF)) + { + Temp++; + + if ( Temp == 0xFFFF ) + { + Temp++; + } + } + RevisionCode = Temp; + #endif + + if ( RevisionCode == DISABLED_MASTER_PASSWORD_REVISION ) + { + RevisionCode++; + + if ((RevisionCode == 0) || (RevisionCode == 0xFFFF)) + { + RevisionCode++; + + if ( RevisionCode == 0xFFFF ) + { + RevisionCode++; + } + } + } + } + + Status = SecurityCommonRoutine( + BusInterface, + Control, + Buffer, + SECURITY_SET_PASSWORD, + RevisionCode, + ModeFlag + ); + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + // + // If Password is set successfully, save it. + // + if ( !EFI_ERROR( Status )) + { + if(!(Control & 1)) { + SmmHDDPasswordInterface( This, + Control, + Buffer, + SW_SMI_HDD_PASSWORD_SAVE ); + } + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId ); + ASSERT_EFI_ERROR( Status ); + + Status = SetHddSecDataInNvram( BusInterface, + &HddDataId, + Control, + Buffer ); + ASSERT_EFI_ERROR( Status ); + #endif + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecurityUnlockPassword +// +// Description: Unlocks the devices for media access using +// SECURITY_UNLOCK(Command Code : 0xF2) security command. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT16 Control, +// UINT8 *Buffer (32 Bytes). +// +// Control : Bit 0 : 0/1 User/Master Password +// Buffer : Pointer to password buffer which will be used to unlock the +// drive. +// +// Output: +// EFI_SUCCESS : Hard disk is unlocked. +// EFI_DEVICE_ERROR : Failed to unlock the drive. +// +// Notes: +// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not +// 32 bytes long, pad it with zeros to create a buffer of 32 bytes. +// 2. If the password compare fails then the device returns command aborted +// to the host and decrements the unlock counter. This counter is initially +// set to five and is decremented for each password mismatch when SECURITY +// UNLOCK is issued and the device is locked. When this counter reaches +// zero then SECURITY UNLOCK and SECURITY ERASE UNIT commands are command +// aborted until a power-on reset or a hardware reset.SECURITY UNLOCK +// commands issued when the device is unlocked have no effect on the unlock +// counter. +// 3. SECURITY_DISABLE_PASSWORD and SECURITY_SET_PASSWORD commands used when +// security password is set and HDD is in unlocked state. This is done to +// have consistency of output from this function. +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS SecurityUnlockPassword( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer ) +{ + EFI_STATUS Status; + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + UINT32 HddDataId = 0; + UINT16 UserMaster = 0; + #endif + UINT16 RevisionCode = 0; + EFI_STATUS Status1; + VOID *BusInterface \ + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag \ + = ((SECURITY_PROTOCOL* )This)->ModeFlag; + UINT16 SecurityStatus = 0; + #if MASTER_PASSWORD_ENABLE + UINT32 IdePasswordFlags = 0; + #endif + + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + Status = ReturnSecurityStatus( This, &SecurityStatus ); + + Control &= 0x1; // Bit0 is valid + // + // When in Setup, Current Password is prompted for consistency when Setting a New Password + // Or Disabling the Existing Password. Follow a Special Path only in this case. + //*****This Case Applies on only when (1)Password is Set & Security Enabled + // (2)Unlocked + + + if ((SecurityStatus & BIT01) && (!(SecurityStatus & BIT02))) + { + if ( !(Control & 1)) + { + // + // (a)For Changing or Clearing User Password. + // 1.Send a disable Password Command from the String Obtained from user. + // 2.If Success Set the Password Same Password. + // 3.Suitable if Logged in as Both User or Master + // + Status = SecurityCommonRoutine( + BusInterface, + Control, + Buffer, + SECURITY_DISABLE_PASSWORD, + 0, + ModeFlag + ); + + if ( !EFI_ERROR( Status )) + { + SecurityCommonRoutine( + BusInterface, + Control, + Buffer, + SECURITY_SET_PASSWORD, + RevisionCode, + ModeFlag + ); + } + return Status; + } + + } + + Status = SecurityCommonRoutine( + BusInterface, + Control, + Buffer, + SECURITY_UNLOCK, + 0, + ModeFlag + ); + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + if ( !EFI_ERROR( Status )) + { + // + // Save the Password if unlocked Successfully. + // + SmmHDDPasswordInterface( This, + Control, + Buffer, + SW_SMI_HDD_PASSWORD_SAVE ); + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId ); + ASSERT_EFI_ERROR( Status ); + + Status = SetHddSecDataInNvram( BusInterface, + &HddDataId, + Control, + Buffer ); + ASSERT_EFI_ERROR( Status ); + #endif + + // + // After unlock the HDD set the OEM default master password + // Check if OEM_DEFAULT_MASTER_PASSWORD is enabled and + // DISPLAY_MASTER_PASSWORD is Disabled. + // + #if MASTER_PASSWORD_ENABLE + Status = ReturnIdePasswordFlags( This, &IdePasswordFlags ); + ASSERT_EFI_ERROR( Status ); + + if ((IdePasswordFlags & 0x0800) && (!(IdePasswordFlags & 0x0008))) + { + Status = OEMSetMasterPassword( This ); + ASSERT_EFI_ERROR( Status ); + } + #endif + + if ( ModeFlag == FALSE ) { + + // + // Check if BlockIO Protocol is already present on this device. + // + Status1 = pBS->HandleProtocol(IdeBusInterface->IdeDeviceHandle, + &gEfiBlockIoProtocolGuid, + &BlockIo + ); + + // + // Connect only if BloCkIO protocol is not installed on the device. + // + if ( EFI_ERROR( Status1 )) { + #if EFI_IDE_PROTOCOL || INTEL_IDE_PROTOCOL + pBS->ConnectController( + IdeBusInterface->IdeControllerInterfaceHandle, + NULL, + NULL, + TRUE + ); + #else + pBS->ConnectController( + IdeBusInterface->IdeControllerInterface->ControllerHandle, + NULL, + NULL, + TRUE + ); + #endif + } + } + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecurityDisablePassword +// +// Description: Disables Password authentification before media access. +// SECURITY_DISABLE_PASSWORD(Command Code : 0xF6) security +// command is used to remove the user password. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT16 Control, +// UINT8 *Buffer (32 Bytes) +// +// Control : Bit 0 : 0/1 User/Master Password +// +// Buffer : Pointer to password buffer which will be used to when sending +// SECURITY_DISABLE_PASSWORD command. +// +// +// Output: +// EFI_SUCCESS : Security mode feature disabled. +// EFI_DEVICE_ERROR : Security command failed. +// +// Notes: +// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not +// 32 bytes long,pad it with zeros to create a buffer of 32 bytes. +// 2. Password should be unlocked before disabling it. +// 3. SECURITY_DISABLE_PASSWORD command does not change the Master password +// that may be reactivated later by setting a User password. +// 4. Normal erase mode is selected, the SECURITY ERASE UNIT command writes +// binary zeroes to all user data areas. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS SecurityDisablePassword( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer ) +{ + EFI_STATUS Status; + VOID *BusInterface \ + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag \ + = ((SECURITY_PROTOCOL* )This)->ModeFlag; + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + UINT32 HddDataId = 0; + UINT8 EmptyBuffer[IDE_PASSWORD_LENGTH]; + #endif + + Control &= 0x1; // Bit0 is valid + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + // + //Update the Nvram buffer with NULL string. + // + pBS->SetMem( EmptyBuffer, IDE_PASSWORD_LENGTH, 0 ); + + Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId ); + ASSERT_EFI_ERROR( Status ); + + Status = SetHddSecDataInNvram( BusInterface, &HddDataId, Control, EmptyBuffer ); + ASSERT_EFI_ERROR( Status ); + #endif + + Status = SecurityCommonRoutine( BusInterface, + Control, + Buffer, + SECURITY_DISABLE_PASSWORD, + 0, + ModeFlag + ); + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + if ( !EFI_ERROR( Status )) + { + SmmHDDPasswordInterface( This, + Control, + Buffer, + SW_SMI_HDD_PASSWORD_REMOVE ); + } + + // + // If the Empty string entered for the master password, Set the OEM + // disable password with Disabled revision code. + // + if ( Control & 01 ) + { + EFI_STATUS DefaultStatus; + DefaultStatus = SetDefaultMasterPassword( This ); + ASSERT_EFI_ERROR( DefaultStatus ); + } + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SetDefaultMasterPassword +// +// Description: Sets the Default Password String provided by OEM as +// Master Password. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This +// +// Output: +// EFI_SUCCESS : Default master password is set. +// EFI_ERROR : Default master password is not set. +// +// Notes: +// DEFAULT_MASTER_PASSWORD_TAG token string will be set as master password. +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS SetDefaultMasterPassword( + IN IDE_SECURITY_PROTOCOL *This ) +{ + EFI_STATUS Status; + UINT8 Buffer[IDE_PASSWORD_LENGTH]; + UINT16 Control = 1; + UINT16 RevisionCode = DISABLED_MASTER_PASSWORD_REVISION; + UINTN i; + UINT16 SecurityStatus = 0; + + MemSet( &Buffer, IDE_PASSWORD_LENGTH, 0 ); + + for ( i = 0; i < IDE_PASSWORD_LENGTH; i++ ) + { + Buffer[i] = (UINT8)sDefaultMasterPasswordTag[i]; + + if ( sDefaultMasterPasswordTag[i] == L'\0' ) + { + break; + } + } + // + // Set the OEM master password if the HDD is not in Frozen or locked state. + // + Status = ReturnSecurityStatus( This, &SecurityStatus ); + + if ( !((SecurityStatus & 0x04) || (SecurityStatus & 0x08))) + { + Status = SecuritySetDefaultMasterPassword( This, + Control, + Buffer, + RevisionCode ); + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecuritySetDefaultMasterPassword +// +// Description: Sets default Master Password with disabled revision code. +// SECURITY_SET_PASSWORD(Command code : 0xF1) security command +// used to set default master password. +// +// Input: +// IN IDE_BUS_PROTOCOL *This, +// UINT16 Control, +// UINT8 *Buffer (32 Bytes) +// UINT8 RevisionCode (Valid when +// Control Bit 0 = 1 of Master Password) +// +// Control : Bit 0 : 0/1 User/Master Password +// Bit 8 : 0/1 High/Maximum Security level +// +// Output: +// EFI_SUCCESS : Password set +// EFI_ERROR : Error in setting Password +// +// Notes: +// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not +// 32 bytes long,pad it with zeros to create a buffer of 32 bytes. +// +// 2. If a MasterPassword with a valid Revision code already exists, a new +// MasterPassword with a different revisioncode cannot be installed. +// MasterPassword needs to be unlocked, disabled and then a new password +// can be installed. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS SecuritySetDefaultMasterPassword( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer, + UINT16 RevisionCode ) +{ + VOID *BusInterface = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag; + EFI_STATUS Status; + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + UINT32 HddDataId = 0; + UINT16 UserMaster = 0; + #endif + + Control &= 0x0101; // Bit0 and Bit 8 are valid + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + Status = SecurityCommonRoutine( + BusInterface, + Control, + Buffer, + SECURITY_SET_PASSWORD, + RevisionCode, + ModeFlag + ); + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + // + // If Password is set successfully, save it. + // + if ( !EFI_ERROR( Status )) + { + SmmHDDPasswordInterface( + This, + Control, + Buffer, + SW_SMI_HDD_PASSWORD_SAVE + ); + + #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM + Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId ); + ASSERT_EFI_ERROR( Status ); + + Status = SetHddSecDataInNvram( BusInterface, + &HddDataId, + Control, + Buffer ); + ASSERT_EFI_ERROR( Status ); + #endif + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecurityFreezeLock +// +// Description: Prevents any further alteration of security status on the +// device leaving the hard disk in Frozen mode. Frozen mode is +// disabled by power-off or hardware reset. SECURITY_FREEZE_LOCK +// (Command Code : 0xF5)security command is used to freeze hard disk. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// +// Output: +// EFI_SUCCESS : Hard disk is successdully kept in FROZEN state. +// EFI_ERROR : Security Freeze command failed. +// +// Notes: +// Commands disabled by SECURITY FREEZE LOCK are: +// - SECURITY SET PASSWORD +// - SECURITY UNLOCK +// - SECURITY DISABLE PASSWORD +// - SECURITY ERASE PREPARE +// - SECURITY ERASE UNIT +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS SecurityFreezeLock( + IN IDE_SECURITY_PROTOCOL *This ) +{ + EFI_STATUS Status; + VOID *BusInterface + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag + = ((SECURITY_PROTOCOL* )This)->ModeFlag; + UINT16 SecurityStatus = 0; + + COMMAND_STRUCTURE CommandStructure; +#if !DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT + IDENTIFY_DATA IdentifyData; +#endif + + Status=ReturnSecurityStatus( This, &SecurityStatus ); + if(EFI_ERROR(Status)) { + return Status; + } + + // Freeze Lock command will not work with the HDD is in Locked State. + // So return with success if the HDD is locked state or already frozen state + if ( SecurityStatus & 0xc ) { + return EFI_SUCCESS; + } + + ZeroMemory( &CommandStructure, sizeof(COMMAND_STRUCTURE)); + CommandStructure.Command = SECURITY_FREEZE_LOCK; + +#if !DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT + if ( ModeFlag == FALSE ) { + IdentifyData = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDevice.IdentifyData; + } else { + IdentifyData = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdentifyData; + } + if ( SecurityStatus & 2 ) + { + if ( IdentifyData.Reserved_76_79[3] & 0x0040 ) + { + Status = TransferPwDataFromNvramToSmram( This ); + ASSERT_EFI_ERROR( Status ); + } + } +#endif + + Status = CommonNonDataHook( BusInterface, + CommandStructure, + ModeFlag ); + ASSERT_EFI_ERROR (Status); + CommandStructure.Features = DEV_CONFIG_FREEZE_LOCK_FEATURES; + CommandStructure.Command = DEV_CONFIG_FREEZE_LOCK; + Status = CommonNonDataHook( BusInterface, + CommandStructure, + ModeFlag ); + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecurityEraseUnit +// +// Description: Erases the Device content.SECURITY_ERASE_UNIT +// (Command code : 0xF4) security command is used for device +// erasing. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT16 Control, +// UINT8 *Buffer +// +// Control : Bit 0 : 0/1 User/Master Password +// Bit 1 : 0/1 Normal Erase/ Enhanced Erase +// Buffer : Pointer to password buffer which will be used to when sending +// SECURITY_ERASE_UNIT command. +// +// Output: +// EFI_SUCCESS : Successfull completion of Erase command. +// EFI_DEVICE_ERROR : EraseUnit command failed to complete. +// +// Notes: +// If a device is locked with USER PASSWORD and Maximum security level set +// then only way to unlock the device with MASTER password is to erase the +// contents of the device. +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS SecurityEraseUnit( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer ) +{ + EFI_STATUS Status; + + VOID *BusInterface \ + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag \ + = ((SECURITY_PROTOCOL* )This)->ModeFlag; + COMMAND_STRUCTURE CommandStructure; + + ZeroMemory( &CommandStructure, sizeof(COMMAND_STRUCTURE)); + CommandStructure.Command = SECURITY_ERASE_PREPARE; + + Status = CommonNonDataHook( BusInterface, CommandStructure, ModeFlag ); + + // + // Issue Security Erase Unit + // + Control &= 0x3; // Bit0 and Bit 1 is valid + Status = SecurityCommonRoutine( + BusInterface, + Control, + Buffer, + SECURITY_ERASE_UNIT, + 0, + ModeFlag + ); + + // + // Update the Identify device buffer + // + UpdateIdentifyData( BusInterface, ModeFlag ); + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: ReturnIdePasswordFlags +// +// Description: Returns Ide Password Variables and Flags. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT32 *IdePasswordFlags +// +// Output: +// EFI_SUCCESS : IDEPassword Status Flag is returned in IdePasswordFlags. +// EFI_ERROR : Error while retrieving the SecurityStatus. +// +// +// Referrals: +// +// IdePasswordFlags: +// **TBD Only Bit0, Bit03, Bit11, Bit16, Bit17 are Supported Currently +// +// BIT0 User Password Support; +// BIT1 Master Password Support; +// BIT2 Display User Password; +// BIT3 Display Master Password; +// BIT4 Display User Password Status; +// BIT5 Display Master Password Status; +// BIT6 Freeze Lock Hdds; +// BIT7 Single User Password; +// BIT8 Single Master Password; +// BIT9 System User Password as Hdd User Password; +// BIT10 System Admin Password as Hdd Master Password; +// BIT11 OEM Default Master Password +// BIT12 Prompt for User Password in Post +// BIT13 Prompt for Master Password in Post +// BIT14 Display Security Status in Setup +// BIT15 DUMMY Security Token. +// BIT16 MasterPassword Set Status. +// BIT17 UserPassword Set Status. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS ReturnIdePasswordFlags( + IN IDE_SECURITY_PROTOCOL *This, + UINT32 *IdePasswordFlags ) +{ + EFI_STATUS Status = EFI_SUCCESS; + UINT32 Temp = 0; + UINT16 MasterPwdRev = 0; + UINT16 SecurityStatus = 0; + VOID *BusInterface + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag + = ((SECURITY_PROTOCOL* )This)->ModeFlag; + IDENTIFY_DATA IdentifyData; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + IdentifyData = IdeBusInterface->IdeDevice.IdentifyData; + } + else { + IdentifyData = SataDevInterface->IdentifyData; + } + + + + #if MASTER_PASSWORD_ENABLE + Temp |= BIT01; + #endif + + + #if DISPLAY_MASTER_PASSWORD + Temp |= BIT03; + #endif + + #if OEM_DEFAULT_MASTER_PASSWORD + Temp |= BIT11; + #endif + + + MasterPwdRev = IdentifyData.Master_Password_Rev_92; + + if ((MasterPwdRev != 0x0000) && (MasterPwdRev != 0xFFFF) \ + && (MasterPwdRev != DISABLED_MASTER_PASSWORD_REVISION)) + { + Temp |= BIT16; + } + + Status = ReturnSecurityStatus( This, &SecurityStatus ); + + if ( EFI_ERROR( Status )) + { + return Status; + } + + if ( SecurityStatus & BIT01 ) + { + Temp |= BIT17; + } + + *IdePasswordFlags = (UINT32)Temp; + return EFI_SUCCESS; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SecurityCommonRoutine +// +// Description: This is common security routine which will be called from +// security routines. It is from this routine most of the security +// commands are sent to the drive. +// +// Input: +// IN VOID *BusInterface, +// UINT16 Control, +// UINT8 *Buffer (32 Bytes), +// UINT8 SecurityCommand +// UINT8 RevisionCode +// (Valid for Master password) +// +// Control : Bit 0 : 0/1 User/Master Password +// Bit 1 : 0/1 Normal/Enhanced Erase +// Bit 8 : 0/1 High/Maximum Security level +// +// Buffer : Pointer to password buffer which will be used to when sending +// SecurityCommand. +// +// +// Output: +// EFI_STATUS : EFI_SUCCESS/EFI_DEVICE_ERROR +// +// Notes: +// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not +// 32 bytes long, pad it with zeros to create a buffer of 32 bytes. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS SecurityCommonRoutine( + IN VOID *BusInterface, + UINT16 Control, + UINT8 *Buffer, + UINT8 SecurityCommand, + UINT16 RevisionCode, + BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + UINT16 *SecurityBuffer; + + // + // Allocate 512 Bytes + // + Status = pBS->AllocatePool( EfiBootServicesData, + SECURITY_BUFFER_LENGTH, + (VOID**)&SecurityBuffer ); + + if ( EFI_ERROR( Status )) + { + return Status; + } + + // + // Clear the Buffer + // + ZeroMemory( SecurityBuffer, SECURITY_BUFFER_LENGTH ); + + SecurityBuffer[0] = Control; + + // + // Copy 32 Bytes + // + pBS->CopyMem( &(SecurityBuffer[1]), Buffer, IDE_PASSWORD_LENGTH ); + + // + // If Security Set password command is for Master, then update the + // revision code. + // + if ((SecurityCommand == SECURITY_SET_PASSWORD) & (Control & 1)) + { + if ((RevisionCode != 0) || (RevisionCode != 0xFFFF)) + { + SecurityBuffer[17] = RevisionCode; + } + } + + // + // Write 512 Bytes + // + Status = CommonReadWritePioHook( + BusInterface, + SecurityBuffer, + SECURITY_BUFFER_LENGTH, + 0, + SecurityCommand, + TRUE, + ModeFlag + ); + + pBS->FreePool( SecurityBuffer ); + return Status; +} + + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SmmHDDPasswordInterface +// +// Description: Manages HDD Password in SMM area. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// UINT16 Control, +// UINT8 *Buffer +// UINT8 Action +// +// +// Control : Bit 0 : 0/1 User/Master Password +// +// Buffer : Pointer to password buffer which will be used to when sending +// SecurityCommand. +// +// Output: +// EFI_SUCCESS : Password saved which will be used to unlock the drive +// during S3 resume. +// EFI_DEVICE_ERROR : Error in saving Password. +// +// Notes: +// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not +// 32 bytes long, pad it with zeros to create a buffer of 32 bytes. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS SmmHDDPasswordInterface( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer, + UINT8 Action ) +{ +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) + UINT8 DataSize = 1; +#else + UINTN DataSize = 1; +#endif + UINT8 SwSmiValue = Action; + UINTN i; + HDD_PASSWORD *HDDPasswordBuffer = gHDDPasswordBuffer; + VOID *BusInterface \ + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag \ + = ((SECURITY_PROTOCOL* )This)->ModeFlag; + EFI_PCI_IO_PROTOCOL *PciIo; + UINTN SegNum; + UINTN BusNum; + UINTN DevNum; + UINTN FuncNum; + EFI_STATUS Status; + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicationHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(HDD_PASSWORD)]; + UINTN CommBufferSize; +#endif + + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + // + // If HDD is not going to lose power in S3, no need to unlock password and put it in + // Freeze state during S3 resume. + // + if ( !(IdeBusInterface->IdeBusInitInterface->Flags \ + & S3_RESUME_UNLOCK_HDD_PASSWORD)) + { + return EFI_SUCCESS; + } + + HDDPasswordBuffer->BaseAddress + = IdeBusInterface->IdeDevice.Regs.CommandBlock.DataReg; + HDDPasswordBuffer->Device = IdeBusInterface->IdeDevice.Device; + HDDPasswordBuffer->DeviceControlReg + = IdeBusInterface->IdeDevice.Regs.ControlBlock.DeviceControlReg; + PciIo = IdeBusInterface->PciIO; + + } + else { + + PciIo=SataDevInterface->AhciBusInterface->PciIO; + HDDPasswordBuffer->PortNumber = SataDevInterface->PortNumber; + HDDPasswordBuffer->PMPortNumber = SataDevInterface->PMPortNumber; + } + + // + // Get PCI Bus/Device/Function number + // + Status = PciIo->GetLocation ( PciIo, + &SegNum, + &BusNum, + &DevNum, + &FuncNum + ); + + // + // Save it for IdeSmm to initilize the controller. + // + HDDPasswordBuffer->BusNo=(UINT8)BusNum; + HDDPasswordBuffer->DeviceNo=(UINT8)DevNum; + HDDPasswordBuffer->FunctionNo=(UINT8)FuncNum; + + HDDPasswordBuffer->Signature = '$HDD'; // 0x44444824; // + HDDPasswordBuffer->Control = Control; + HDDPasswordBuffer->ModeFlag = ModeFlag; + + // + // HDDPasswordBuffer->RevisionCode = RevisionCode; + // + if ( Control & 0x01 ) + { + for ( i = 0; i < sizeof (HDDPasswordBuffer->MasterPassword); i++ ) + { + HDDPasswordBuffer->MasterPassword[i] = Buffer[i]; + } // end of for + } + else { + for ( i = 0; i < sizeof (HDDPasswordBuffer->UserPassword); i++ ) + { + HDDPasswordBuffer->UserPassword[i] = Buffer[i]; + } // end of for + } + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + + if(!gSmmCommunication) { + Status = pBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&gSmmCommunication + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + + SmmCommunicationHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + + if(SwSmiValue == SW_SMI_HDD_PASSWORD_SAVE) { + pBS->CopyMem( &SmmCommunicationHeader->HeaderGuid, &gSaveHddPasswordGuid, sizeof( EFI_GUID ) ); + } else if( SwSmiValue == SW_SMI_HDD_PASSWORD_REMOVE ) { + pBS->CopyMem( &SmmCommunicationHeader->HeaderGuid, &gRemoveHddPasswordGuid, sizeof( EFI_GUID ) ); + } else { + // Unknown SwSmiValue + return EFI_UNSUPPORTED; + } + + SmmCommunicationHeader->MessageLength = sizeof(HDD_PASSWORD); + pBS->CopyMem( &SmmCommunicationHeader->Data, HDDPasswordBuffer, sizeof(HDD_PASSWORD) ); + + CommBufferSize = sizeof(CommBuffer); + Status = gSmmCommunication->Communicate (gSmmCommunication, &CommBuffer[0], &CommBufferSize); +#else + // Now Generate a SW SMI to log this data + mSmmCtl->Trigger( mSmmCtl, &SwSmiValue, &DataSize, 0, 0 ); +#endif + + return EFI_SUCCESS; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// +// Procedure: UpdateIdentifyData +// +// Description: Updates Identify command data.IDENTIFY_DATA(Command Code: 0xEC) +// command used to update the Identifydata buffer. +// +// Input: +// IN IDE_BUS_PROTOCOL *IdeBusInterface, +// IN BOOLEAN ModeFlag +// +// Output: +// EFI_SUCCESS : Identifydata updated successfully. +// EFI_ERROR : Failed to update the identifydata. +// +// Notes: ATA/ATAPI device type should have beeen known already. +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS UpdateIdentifyData( + IN IDE_BUS_PROTOCOL *BusInterface, + IN BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + COMMAND_STRUCTURE CommandStructure; + + ZeroMemory( &CommandStructure, sizeof(COMMAND_STRUCTURE)); + + CommandStructure.ByteCount = sizeof(IDENTIFY_DATA); + CommandStructure.Command = IDENTIFY_COMMAND; + + Status = CommonPioDataHook( BusInterface, CommandStructure, ModeFlag ); + + return Status; +} + +#if MASTER_PASSWORD_ENABLE +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: OEMSetMasterPassword +// +// Description: Sets the Default Password String provided by OEM as +// Master Password. SECURITY_SET_PASSWORD(Command Code : 0xF1) +// security command is used to set the master password. +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// +// Output: +// EFI_SUCCESS : OEM Master password set successfully. +// EFI_ERROR : Failed to set OEM Master passord to the hard disk. +// +// Notes: +// OEM_MASTER_PASSWORD_TAG token string will be set as oem master password. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> + +EFI_STATUS OEMSetMasterPassword( + IN IDE_SECURITY_PROTOCOL *This ) +{ + EFI_STATUS Status = 0; + UINT8 Buffer[IDE_PASSWORD_LENGTH]; + UINT16 Control = 1; + UINT16 RevisionCode = 0xFFFE; + UINTN i; + UINT16 SecurityStatus = 0; + + MemSet( &Buffer, IDE_PASSWORD_LENGTH, 0 ); + + for ( i = 0; i < IDE_PASSWORD_LENGTH; i++ ) + { + Buffer[i] = (UINT8)sOemMasterPasswordTag[i]; + +#if defined SETUP_PASSWORD_NON_CASE_SENSITIVE && SETUP_PASSWORD_NON_CASE_SENSITIVE + Buffer[i] = ((Buffer[i]>='a')&&(Buffer[i]<='z'))?(Buffer[i]+'A'-'a'):Buffer[i]; +#endif + if ( sOemMasterPasswordTag[i] == L'\0' ) + { + break; + } + } + + // + //Set the OEM master password if the HDD is not in Frozen or locked state. + // + ReturnSecurityStatus( This, &SecurityStatus ); + + if ( !((SecurityStatus & 0x04) || (SecurityStatus & 0x08))) + { + Status = SecuritySetPassword( This, Control, Buffer, RevisionCode ); + } + + return Status; +} + +#endif + +#if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: GatherIdeInfo +// +// Description: Gathers Ide Device's Bus,Func,Device & PM/PS/SM/SS Info. +// +// Input: +// IN VOID *BusInterface, +// OUT UINT32 *HddDataId +// +// Output: +// EFI_SUCCESS : IDE info retrieved successfully. +// EFI_ERROR : Failed to get IDE info. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS GatherIdeInfo( + IN VOID *BusInterface, + BOOLEAN ModeFlag, + OUT UINT32 *HddDataId ) +{ + EFI_STATUS Status; + UINTN SegNum; + UINTN BusNum; + UINTN DevNum; + UINTN FuncNum; + UINT16 wBDF; + UINT16 wPortPMModeFlag; + UINT8 ChannelorPort; + UINT8 DeviceorPMPort; + EFI_PCI_IO_PROTOCOL *PciIo; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + PciIo = IdeBusInterface->PciIO; + ChannelorPort = IdeBusInterface->IdeDevice.Channel; + DeviceorPMPort = IdeBusInterface->IdeDevice.Device; + } + else { + PciIo = SataDevInterface->AhciBusInterface->PciIO; + ChannelorPort = SataDevInterface->PortNumber; + DeviceorPMPort = SataDevInterface->PMPortNumber; + } + + Status = PciIo->GetLocation( PciIo, &SegNum, &BusNum, &DevNum, &FuncNum ); + + wBDF = (UINT16)((BusNum << 8) | (DevNum << 3) | FuncNum ); + wPortPMModeFlag = (UINT16)((ChannelorPort << 12) \ + | (DeviceorPMPort << 4) \ + | ((UINT8)ModeFlag)); + + *HddDataId = (UINT32)(((UINT16)wBDF << 16) + ((UINT16)wPortPMModeFlag)); + + return EFI_SUCCESS; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: SetHddSecDataInNvram +// +// Description: Sets Hdd Security Data in NVRAM Area. +// +// Input: +// IN VOID *BusInterface, +// UINT32 *HddDataId +// UINT16 Control, +// UINT8 *Buffer +// +// Control : Bit 0 : 0/1 User/Master Password +// +// Buffer : Pointer to password buffer which will be used to when sending +// SecurityCommand. +// Output: +// EFI_SUCCESS : HDDPassword saved in NVram which later will be transfered to +// SMRAM. +// EFI_ERROR : Failed to save the HDD password in nvram. +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS SetHddSecDataInNvram( + IN VOID *BusInterface, + UINT32 *HddDataId, + UINT16 Control, + UINT8 *Buffer ) +{ + EFI_STATUS Status; + HDDSECDATA *HddSecData=NULL; + UINTN i; + CHAR16 *HddSecutiyData = NULL; + UINT8 CryptBuffer[IDE_PASSWORD_LENGTH]; + UINTN HddSecDataSize = sizeof (HDDSECDATA); + UINT32 ParseIndex; + UINT32 Attribute = 0; + + pBS->AllocatePool( EfiBootServicesData, sizeof (HDDSECDATA), &HddSecData ); + pBS->SetMem( HddSecData, sizeof(HDDSECDATA), 0 ); + pBS->AllocatePool( EfiBootServicesData, + IDE_PASSWORD_LENGTH, + &HddSecutiyData ); + pBS->SetMem( HddSecutiyData, IDE_PASSWORD_LENGTH, 0 ); + ConvertHddDataIdToString( *HddDataId, HddSecutiyData ); + + // + // Get the password variable so that other password will be + // maintained in the nvram variable. + // + Status = pRS->GetVariable( + HddSecutiyData, + &gIdeSecurityPwNvguid, + &Attribute, + &HddSecDataSize, + HddSecData + ); + + if ( EFI_ERROR( Status )) + { + pBS->SetMem( HddSecData, sizeof(HDDSECDATA), 0 ); + if(Attribute == 0) { + Attribute = (UINT32)(EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); + } + } + + + for ( ParseIndex = 0; ParseIndex < IDE_PASSWORD_LENGTH; ParseIndex++ ) + { + if ( Buffer[ParseIndex] == 0 ) + { + break; + } + } + + HddSecData->UserMaster = Control; + HddSecData->PasswordLength = ParseIndex; + + if ( Control & 0x01 ) + { + EncodeDecodePassword( Buffer, CryptBuffer, ParseIndex ); + + for ( i = 0; i < ParseIndex; i++ ) + { + HddSecData->HddMasterPassword[i] = CryptBuffer[i]; + } + + for ( i = ParseIndex; i < sizeof (HddSecData->HddMasterPassword); i++ ) + { + HddSecData->HddMasterPassword[i] = 00; + } + } + else { + EncodeDecodePassword( Buffer, CryptBuffer, ParseIndex ); + + for ( i = 0; i < ParseIndex; i++ ) + { + HddSecData->HddUserPassword[i] = CryptBuffer[i]; + } + + for ( i = ParseIndex; i < sizeof (HddSecData->HddUserPassword); i++ ) + { + HddSecData->HddUserPassword[i] = 00; + } + } + + Status = pRS->SetVariable( + HddSecutiyData, + &gIdeSecurityPwNvguid, + Attribute, + HddSecDataSize, + HddSecData + ); + + ASSERT_EFI_ERROR( Status ); + pBS->FreePool( HddSecData ); + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: TransferPwDataFromNvramToSmram +// +// Description: Transfers Stored Data from NVRAM to SMRAM. +// +// Input: +// IN IDE_SECURITY_PROTOCOL *This, +// +// Output: +// EFI_SUCCESS : Password saved in SMRAM. +// EFI_DEVICE_ERROR : Password not saved in SMRAM. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS TransferPwDataFromNvramToSmram( + IN IDE_SECURITY_PROTOCOL *This +) +{ + UINT32 HddDataId = 0; + UINT16 UserMaster = 0; + CHAR16 *HddSecutiyData = NULL; + HDDSECDATA *HddSecData = NULL; + VOID *BusInterface \ + = ((SECURITY_PROTOCOL* )This)->BusInterface; + BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag; + EFI_STATUS Status; + UINT16 Control; + UINTN i; + UINTN HddSecDataSize = sizeof (HDDSECDATA); + UINT8 CryptBuffer[IDE_PASSWORD_LENGTH]; + UINT8 Buffer[IDE_PASSWORD_LENGTH]; + UINT16 SecurityStatus = 0; + + Status=ReturnSecurityStatus( This, &SecurityStatus ); + + if(EFI_ERROR(Status)) { + return Status; + } + + // Hdd Password Nvram Variable will not be avilable if the HDD is in locked state. + // So return without copying the password to Smram as the password + // data is not avilable + + if ( SecurityStatus & 4 ) { + return EFI_SUCCESS; + } + + Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId ); + ASSERT_EFI_ERROR( Status ); + + pBS->AllocatePool( EfiBootServicesData, + IDE_PASSWORD_LENGTH, + &HddSecutiyData ); + pBS->SetMem( HddSecutiyData, IDE_PASSWORD_LENGTH, 0 ); + ConvertHddDataIdToString( HddDataId, HddSecutiyData ); + + pBS->AllocatePool( EfiBootServicesData, sizeof (HDDSECDATA), &HddSecData ); + pBS->SetMem( HddSecData, sizeof(HDDSECDATA), 0 ); + + pBS->SetMem( Buffer, IDE_PASSWORD_LENGTH, 0 ); + + Status = pRS->GetVariable( + HddSecutiyData, + &gIdeSecurityPwNvguid, + NULL, + &HddSecDataSize, + HddSecData + ); + + if(Status){ + Status = HDDPortReset(BusInterface,ModeFlag); + return Status; + } + + Control = HddSecData->UserMaster; + + if ( Control & 0x01 ) + { + for ( i = 0; i < sizeof (HddSecData->HddMasterPassword); i++ ) + { + CryptBuffer[i] = HddSecData->HddMasterPassword[i]; + } + + EncodeDecodePassword( CryptBuffer, Buffer, HddSecData->PasswordLength ); + } + else { + for ( i = 0; i < sizeof (HddSecData->HddUserPassword); i++ ) + { + CryptBuffer[i] = HddSecData->HddUserPassword[i]; + } + + EncodeDecodePassword( CryptBuffer, Buffer, HddSecData->PasswordLength ); + } + + SmmHDDPasswordInterface( This, + Control, + Buffer, + SW_SMI_HDD_PASSWORD_SAVE ); + + pBS->FreePool( HddSecData ); + + return Status; +} + + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: ConvertHddDataIdToString +// +// Description: Converts Integer HDD Data Id to String. +// +// Input: +// IN UINT32 DataId, +// OUT CHAR16 *String +// Output: +// None +// +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID ConvertHddDataIdToString( + IN UINT32 DataId, + OUT CHAR16 *String ) +{ + Swprintf( String, L"%*d", 0, DataId ); + return; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: EncodeDecodePassword +// +// Description: Encodes/Decodes Password. +// +// Input: +// IN UINT8 *InputString, +// OUT UINT8 *OutputString, +// IN UINT32 StringLen +// Output: +// None +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID EncodeDecodePassword( + IN UINT8 *InputString, + OUT UINT8 *OutputString, + IN UINT32 StringLength ) +{ + UINT8 *Key; + UINT32 i; + UINT32 KeyIndex; + UINT32 KeyLength; + + if ((InputString == NULL) || (StringLength == 0)) + { + return; + } + + KeyLength = (UINT32)( Strlen( HDD_PWD_ENCRYPTION_KEY )); + pBS->AllocatePool( EfiBootServicesData, KeyLength, (VOID**)&Key ); + pBS->SetMem( Key, KeyLength, 0 ); + pBS->CopyMem( Key, HDD_PWD_ENCRYPTION_KEY, KeyLength ); + ASSERT( Key != NULL ); + + for ( i = 0, KeyIndex = 0; i < StringLength; i++, KeyIndex++ ) + { + if ( KeyIndex == (KeyLength - 1)) + { + KeyIndex = 0; + } + OutputString[i] = (UINT8) ( InputString[i] ^ Key[KeyIndex] ); + } + + pBS->FreePool( Key ); + return; +} + +#endif + + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: CommonNonDataHook +// +// Description: Common Hook which Calls Non Data Command. +// +// Input: IN VOID* BusInterface, +// IN COMMAND_STRUCTURE CommandStructure, +// IN BOOLEAN ModeFlag +// +// Output: +// EFI_SUCCESS : Non Data command completed successfully. +// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS CommonNonDataHook( + IN VOID *BusInterface, + IN COMMAND_STRUCTURE CommandStructure, + IN BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + CommandStructure.Device = IdeBusInterface->IdeDevice.Device << 4; + + // + // Idebus API changed from Core 4.6.5.2. Added Core Version check for the OLD + // Core support. + // +#if defined CORE_COMBINED_VERSION && (CORE_COMBINED_VERSION > 0x4028b) + Status = IdeBusInterface->IdeNonDataCommand( + IdeBusInterface, + CommandStructure.Features, + (UINT8)CommandStructure.SectorCount, + (UINT8)(CommandStructure.SectorCount >> 8), + CommandStructure.LBALow, + CommandStructure.LBALowExp, + CommandStructure.LBAMid, + CommandStructure.LBAMidExp, + CommandStructure.LBAHigh, + CommandStructure.LBAHighExp, + CommandStructure.Device, + CommandStructure.Command + ); +#else + Status = IdeBusInterface->IdeNonDataCommand( + IdeBusInterface, + CommandStructure.Features, + (UINT8)CommandStructure.SectorCount, + CommandStructure.LBALow, + CommandStructure.LBAMid, + CommandStructure.LBAHigh, + CommandStructure.Device, + CommandStructure.Command + ); + +#endif + } + else { + Status = SataDevInterface->AhciBusInterface->ExecuteNonDataCommand( + SataDevInterface, + CommandStructure + ); + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: CommonPioDataHook +// +// Description: Common Hook which Calls Pio Data Command. +// +// Input: IN VOID* BusInterface, +// IN COMMAND_STRUCTURE CommandStructure, +// IN BOOLEAN ModeFlag +// +// Output: +// EFI_SUCCESS : Pio data command completed. +// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS CommonPioDataHook( + IN VOID *BusInterface, + IN COMMAND_STRUCTURE CommandStructure, + IN BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + VOID *IdentifyBuffer = NULL; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + Status = pBS->AllocatePool( EfiBootServicesData, + sizeof(IDENTIFY_DATA), + (VOID**)&IdentifyBuffer + ); + // + // Read Identifydata + // + CommandStructure.Buffer = IdentifyBuffer; + + if ( ModeFlag == FALSE ) + { + CommandStructure.Device = IdeBusInterface->IdeDevice.Device << 4; + Status = IdeBusInterface->AtaPioDataIn( + IdeBusInterface, + CommandStructure + .Buffer, + CommandStructure + .ByteCount, + CommandStructure + .Features, + (UINT8) + CommandStructure.SectorCount, + CommandStructure + .LBALow, + CommandStructure + .LBAMid, + CommandStructure + .LBAHigh, + CommandStructure + .Device, + CommandStructure + .Command, + FALSE + ); + // + // Copy Identify Data + // + pBS->CopyMem( &(IdeBusInterface->IdeDevice.IdentifyData), + IdentifyBuffer, + sizeof(IDENTIFY_DATA) + ); + } + else { + Status = SataDevInterface->AhciBusInterface->ExecutePioDataCommand( + SataDevInterface, + &CommandStructure, + FALSE + ); + + // + // Copy Identify Data + // + pBS->CopyMem( &(SataDevInterface->IdentifyData), + IdentifyBuffer, + sizeof(IDENTIFY_DATA) + ); + } + + pBS->FreePool( IdentifyBuffer ); + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// +// Procedure: CommonReadWritePioHook +// +// Description: Common Hook which Calls Read Write PIO. +// +// Input: +// IN VOID *BusInterface, +// VOID *Buffer, +// UINTN ByteCount, +// UINT64 LBA +// IN UINT8 ReadWriteCommand, +// IN BOOLEAN ReadWrite Read/Write = 0/1 +// IN BOOLEAN ModeFlag +// +// Output: +// *Buffer updated from PIO command. +// +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STATUS CommonReadWritePioHook( + IN VOID *BusInterface, + IN OUT VOID *Buffer, + IN UINTN ByteCount, + IN UINT64 LBA, + IN UINT8 ReadWriteCommand, + IN BOOLEAN ReadWrite, + IN BOOLEAN ModeFlag ) +{ + EFI_STATUS Status; + IDE_BUS_PROTOCOL *IdeBusInterface; + SATA_DEVICE_INTERFACE *SataDevInterface; + + IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface; + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + + if ( ModeFlag == FALSE ) + { + Status = IdeBusInterface->AtaReadWritePio( + IdeBusInterface, + Buffer, + ByteCount, + 0, + ReadWriteCommand, + TRUE + ); + } + else { + Status = SataDevInterface->AhciBusInterface->SataReadWritePio( + SataDevInterface, + Buffer, + ByteCount, + 0, + ReadWriteCommand, + TRUE + ); + } + + return Status; +} + +//<AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Procedure: LocateAhciSmmServiceEvent +// +// Description: Generates the SwSMI to Locate the AhciSMM Protocol +// that is used by IdeSMM. +// +// Input: +// EFI_EVENT Event, +// VOID *Context +// +// Output: +// None +//--------------------------------------------------------------------------- +//<AMI_PHDR_END> +VOID LocateAhciSmmServiceEvent( + EFI_EVENT Event, + VOID *Context ) +{ +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(UINT8*)]; + UINTN CommBufferSize; + EFI_STATUS Status; +#elif defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) + UINT8 DataSize = 1; +#else + UINTN DataSize = 1; +#endif + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014) + + if(gSmmCommunication != NULL) { + Status = pBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &gSmmCommunication); + if (EFI_ERROR(Status)) { + ASSERT_EFI_ERROR(Status); + return ; + } + } + + // Copy Smm Communicate Header Here + SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)CommBuffer; + pBS->CopyMem( &SmmCommunicateHeader->HeaderGuid, &gLocateIdeAhciSmmProtocolGuid, sizeof( EFI_GUID ) ); + SmmCommunicateHeader->MessageLength = sizeof(UINT8 *); + + // Allocate the Buffer for the Passing the Password Data to + // Unlock command in SMM + Status = pBS->AllocatePool( EfiReservedMemoryType, + 512, + (VOID**)&SmmCommunicateHeader->Data ); + + // Calculate Size of Communication buffer + CommBufferSize = sizeof (CommBuffer); + + // Send data to SMM. + Status = gSmmCommunication->Communicate (gSmmCommunication, &CommBuffer[0], &CommBufferSize); + ASSERT_EFI_ERROR(Status); + +#else + UINT8 SwSmiValue = SW_SMI_AHCI_LOCATE_AHCI_SMM; + + // Now Generate a SW SMI to Locate all the SMM protocols used by IDESMM + mSmmCtl->Trigger( mSmmCtl, &SwSmiValue, &DataSize, 0, 0 ); +#endif + + return; +} + + +EFI_STATUS +HDDPortReset( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag +) +{ + + EFI_STATUS Status; + AHCI_BUS_PROTOCOL *AhciBusInterface; + SATA_DEVICE_INTERFACE *SataDeviceInterface; + DLINK *dlink; + COMMAND_STRUCTURE CommandStructure = {0}; + SATA_DEVICE_INTERFACE *SataDevInterface; + EFI_OPEN_PROTOCOL_INFORMATION_ENTRY *Entries = NULL; + + + SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface; + AhciBusInterface = SataDevInterface->AhciBusInterface; + + if ( ModeFlag == FALSE ) { + return EFI_UNSUPPORTED; + } + + // Issue Disable Software Preservation command all the Sata Devices connected. + dlink = AhciBusInterface->SataDeviceList.pHead; + if (dlink){ + do { + SataDeviceInterface = OUTTER(dlink, SataDeviceLink, SATA_DEVICE_INTERFACE); + if(SataDevInterface->PortNumber == SataDeviceInterface->PortNumber && + SataDevInterface->PMPortNumber == SataDeviceInterface->PMPortNumber) { + + // Send Disable Software Preservation command. + CommandStructure.Features = DISABLE_SATA2_SOFTPREV; + CommandStructure.SectorCount = 6; + CommandStructure.Command = SET_FEATURE_COMMAND; + Status = AhciBusInterface->ExecuteNonDataCommand(SataDeviceInterface, + CommandStructure); + break; + } + dlink = dlink-> pNext; + }while (dlink); + } + + // Reset the port to restore the initial State + Status = AhciBusInterface->GeneratePortReset( + AhciBusInterface, + SataDevInterface, + SataDevInterface->PortNumber, + SataDevInterface->PMPortNumber, + 0, + 0 + ); + + + // Disconnect the Controller Handle + Status = pBS->DisconnectController( + AhciBusInterface->ControllerHandle, + NULL, + NULL); + + // Connect Controller handle again to invoke the HDD Password Verfication + Status = pBS->ConnectController( + AhciBusInterface->ControllerHandle, + NULL, + NULL, + TRUE); + + // Send Enable Software Preservation command. + CommandStructure.Features = 0x10; + CommandStructure.SectorCount = 6; + CommandStructure.Command = SET_FEATURE_COMMAND; + Status = AhciBusInterface->ExecuteNonDataCommand(SataDeviceInterface, + CommandStructure); + + return Status; +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Core/EM/HddSecurity/IdeSecurity.chm b/Core/EM/HddSecurity/IdeSecurity.chm Binary files differnew file mode 100644 index 0000000..abc643a --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.chm diff --git a/Core/EM/HddSecurity/IdeSecurity.cif b/Core/EM/HddSecurity/IdeSecurity.cif new file mode 100644 index 0000000..bcdd7df --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.cif @@ -0,0 +1,22 @@ +<component> + name = "IdeSecurity" + category = eModule + Rank = 31 + LocalRoot = "Core\EM\HddSecurity\" + RefName = "IdeSecurity" +[files] +"IdeSecurity.sdl" +"IdeSecurity.mak" +"IdeSecurity.h" +"IdeSecurity.c" +"IdeSecuritySetup.c" +"IdeSecurityBdsCall.c" +"IdeSecurity.sd" +"IdeSecurity.uni" +"IdeSecurity.dxs" +"IdeSecurity.chm" +"IdeSecurityCommon.sd" +[parts] +"IDESMM" +"AmiTseHddPassword" +<endComponent> diff --git a/Core/EM/HddSecurity/IdeSecurity.dxs b/Core/EM/HddSecurity/IdeSecurity.dxs new file mode 100644 index 0000000..0d3347d --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.dxs @@ -0,0 +1,86 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2007, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.dxs 5 4/06/11 12:53a Rameshr $ +// +// $Revision: 5 $ +// +// $Date: 4/06/11 12:53a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.dxs $ +// +// 5 4/06/11 12:53a Rameshr +// [TAG]- EIP 57341 +// [Category]-IMPROVEMENT +// [Description]- Added Support for SMM PI 1.1 in HDDSecurity eModule. +// [Files]- IdeSecurity.c , IdeSecurity.h, IdeSecurity.dxs +// +// 4 2/19/10 12:51p Yul +// Delete comment out codes +// +// 3 1/21/10 12:08p Yul +// Refer to EIP 33848 +// LegacyBios is not needed here. +// +// 2 12/09/09 12:19p Krishnakumarg +// EIP 31797 : IDE Security API documentation. Added comments whereever +// possible and modified files for coding standard +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// +// +//********************************************************************** + +//<AMI_FHDR_START> +//--------------------------------------------------------------------------- +// +// Name: IdeSecurity.DXS +// +// Description: Dependency expression for IDESecurity driver. +// +//--------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) +#include <Protocol/SmmControl2.h> +#else +#include <Protocol/SmmControl.h> +#endif + +DEPENDENCY_START +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) + EFI_SMM_CONTROL2_PROTOCOL_GUID +#else + EFI_SMM_CONTROL_PROTOCOL_GUID +#endif +DEPENDENCY_END + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2007, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Core/EM/HddSecurity/IdeSecurity.h b/Core/EM/HddSecurity/IdeSecurity.h new file mode 100644 index 0000000..dbc6a18 --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.h @@ -0,0 +1,470 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2015, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.h 13 4/22/15 3:57a Anbuprakashp $ +// +// $Revision: 13 $ +// +// $Date: 4/22/15 3:57a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.h $ +// +// 13 4/22/15 3:57a Anbuprakashp +// [TAG] EIP212319 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] System hang while SW_SMI_AHCI_LOCATE_AHCI_SMM SMI trigger +// after enable SmmChkEn bit +// [RootCause] Bootservice call used inside IdeSmm driver which causes +// the Exception +// [Solution] Changes made not to use BootService calls inside IdeSmm +// driver +// [Files] IdeSecurity.h +// IdeSecurity.c +// IDESMM.c +// +// 12 10/11/11 1:54a Rameshr +// [TAG] EIP69246 +// [Category] Improvement +// [Description] Made the SECURITY_SUPPORT as the Master token and +// removed the IdeSecurity_Support token. +// [Files] IdeSecurity.c, IdeSecurity.h, IdeSecurity.mak, +// IdeSecurity.sdl +// +// 11 4/06/11 12:53a Rameshr +// [TAG]- EIP 57341 +// [Category]-IMPROVEMENT +// [Description]- Added Support for SMM PI 1.1 in HDDSecurity eModule. +// [Files]- IdeSecurity.c , IdeSecurity.h, IdeSecurity.dxs +// +// 10 10/13/10 4:26a Rameshr +// [TAG] - EIP 43790 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - The IDE_SECURITY_PWNV_GUID in IdeSecurity.h will cause +// compile failed in some case +// [RootCause] - The definition of IDE_SECURITY_PWNV_GUID contains a +// semicolon in the end of line +// [Solution] - Removed the SemiColon in the end of line +// [Files] - IdeSecurity.h +// +// 9 9/20/10 4:16a Rameshr +// [TAG]- EIP 44182 +// [Category]-IMPROVEMENT +// [Description]- Unable to build the project with HDDSecurity module and +// without AHCI module. +// [Files]- IdeSecurity.h, IdeSmm.c +// +// 8 2/19/10 12:48p Yul +// Delete the comment out codes. +// +// 7 1/21/10 12:07p Yul +// Refer to EIP 33848 +// LegacyBios protocol is not needed here. +// +// 6 1/15/10 10:21a Yul +// Coding Standard +// +// 5 11/25/09 6:03p Krishnakumarg +// Removed Tab spaces to comply with AMI coding standard. +// +// 4 7/14/09 1:55p Pats +// EIP 22925: Request to set HDD password length by token. +// Solution: Token added to IdeSecurity.sdl, and definition removed from +// IdeSecurity.h +// +// 3 4/28/09 6:46p Rameshr +// HDD password support in RAID mode +// EIP:20421 +// +// 2 4/11/08 4:28p Rameshraju +// 1)Enter the Emptry string for the master password, will set the default +// OEM password and in setup password status will be not installed. +// 2)If the revision code is not 0, then SecuritySetPassword will use +// revision code from the input parameters. +// 3)HddSecutiyData Nvram variable master password cleared when we set +// user password and user password cleared when we set master password. +// 4)When we disable the password, HddSecutiyData Nvram variable also +// updated properly. +// 5)Password lenght stored in HddSecData structure. +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// +//<AMI_FHDR_START> +//---------------------------------------------------------------------------- +// +// Name: <IdeSecurity.h> +// +// Description: This file contains the Includes, Definitions, typedefs, +// Variable and External Declarations, Structure and +// function prototypes needed for the IdeSecurity driver +// +//---------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#ifndef _IdeSecurity_ +#define _IdeSecurity_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <Efi.h> +#include <Token.h> +#include <Dxe.h> +#include <AmiDxeLib.h> +#include "Protocol\PciIo.h" +#include "Protocol\DevicePath.h" +#include "protocol\DriverBinding.h" +#include "protocol\BlockIo.h" +#include "Protocol\PDiskInfo.h" +#include "Protocol\PIDEController.h" +#include "Protocol\PIDEBus.h" +#include "Protocol\PAhciBus.h" +#include <Protocol\ComponentName.h> +#include <Protocol\BootScriptSave.h> +#include <Protocol\SmmBase.h> +#include <Protocol\SmmCommunication.h> +#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A) +#include <Protocol\SmmControl2.h> +#else +#include <Protocol\SmmControl.h> +#endif +#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) ) +#include <Protocol\AhciSmmProtocol.h> +#endif + +#define IDE_SECURITY_PWNV_GUID \ +{ 0x69967a8c, 0x1159, 0x4522, 0xaa, 0x89, 0x74, 0xcd, 0xc6, 0xe5, 0x99, 0xa0} + +#define EFI_SMM_SAVE_HDD_PASSWORD_GUID \ + { 0xeedcf975, 0x4dd3, 0x4d94, 0x96, 0xff, 0xaa, 0xca, 0x83, 0x53, 0xb8, 0x7b } + +#define EFI_SMM_REMOVE_HDD_PASSWORD_GUID \ + { 0xc2b1e795, 0xf9c5, 0x4829, 0x8a, 0x42, 0xc0, 0xb3, 0xfe, 0x57, 0x15, 0x17 } + +#define AMI_LOCATE_IDE_AHCI_PROTOCOL_GUID \ + { 0xb3f096e9, 0x2d46, 0x4e8e, 0xa2, 0x2c, 0x7d, 0xe8, 0xb1, 0x6b, 0x3a, 0x5b } + +#define HDD_PWD_ENCRYPTION_KEY "H?p1mA*k920_84o3d^!z@L.x4$kY64" + +#define EFI_SEGMENT( _Adr ) (UINT16) ((UINT16) (((UINTN) (_Adr))\ + >> 4) & 0xf000) +#define EFI_OFFSET( _Adr ) (UINT16) (((UINT16) ((UINTN) (_Adr))) & 0xffff) + + +//###DEBUG Uncomment the following for Required Debug Level. + +//#define TRACE_IDESMM TRACE + +//###DEBUG END + +#define TRACE_IDESMM + +#define ZeroMemory( Buffer, Size ) pBS->SetMem( Buffer, Size, 0 ) + +// Forward reference for pure ANSI compatability +typedef struct _IDE_BUS_PROTOCOL IDE_BUS_PROTOCOL; + +HDD_SECURITY_INIT_PROTOCOL *gHddSecurityInitProtocol; + +EFI_GUID gSaveHddPasswordGuid=EFI_SMM_SAVE_HDD_PASSWORD_GUID; +EFI_GUID gRemoveHddPasswordGuid=EFI_SMM_REMOVE_HDD_PASSWORD_GUID; +EFI_GUID gLocateIdeAhciSmmProtocolGuid=AMI_LOCATE_IDE_AHCI_PROTOCOL_GUID; +EFI_GUID gEfiSmmCommunicationProtocolGuid=EFI_SMM_COMMUNICATION_PROTOCOL_GUID; + +#pragma pack(1) + +typedef struct +{ + UINT8 Bus; + UINT8 Device; + UINT8 Function; + UINT8 Controller; + UINT32 Reserved; +} EDD_PCI; + +typedef struct +{ + UINT16 Base; + UINT16 Reserved; + UINT32 Reserved2; +} EDD_LEGACY; + +typedef union +{ + EDD_PCI Pci; + EDD_LEGACY Legacy; +} EDD_INTERFACE_PATH; + +typedef struct +{ + UINT8 Master; + UINT8 Reserved[15]; +} EDD_ATA; + +typedef struct +{ + UINT8 Master; + UINT8 Lun; + UINT8 Reserved[14]; +} EDD_ATAPI; + +typedef struct +{ + UINT16 TargetId; + UINT64 Lun; + UINT8 Reserved[6]; +} EDD_SCSI; + +typedef struct +{ + UINT64 SerialNumber; + UINT64 Reserved; +} EDD_USB; + +typedef struct +{ + UINT64 Guid; + UINT64 Reserved; +} EDD_1394; + +typedef struct +{ + UINT64 Wwn; + UINT64 Lun; +} EDD_FIBRE; + +typedef struct +{ + UINT8 bPortNum; + UINT8 Reserved[15]; +} EDD_SATA; + +typedef union +{ + EDD_ATA Ata; + EDD_ATAPI Atapi; + EDD_SCSI Scsi; + EDD_USB Usb; + EDD_1394 FireWire; + EDD_FIBRE FibreChannel; + EDD_SATA Sata; +} EDD_DEVICE_PATH; + +typedef struct +{ + UINT16 StructureSize; + UINT16 Flags; + UINT32 MaxCylinders; + UINT32 MaxHeads; + UINT32 SectorsPerTrack; + UINT64 PhysicalSectors; + UINT16 BytesPerSector; + UINT32 FDPT; + UINT16 Key; + UINT8 DevicePathLength; + UINT8 Reserved1; + UINT16 Reserved2; + CHAR8 HostBusType[4]; + CHAR8 InterfaceType[8]; + EDD_INTERFACE_PATH InterfacePath; + EDD_DEVICE_PATH DevicePath; + UINT8 Reserved3; + UINT8 Checksum; +} EDD_DRIVE_PARAMETERS; + +typedef struct _HDDSECDATA +{ + UINT16 UserMaster; + UINT32 PasswordLength; + UINT8 HddUserPassword[IDE_PASSWORD_LENGTH]; + UINT8 HddMasterPassword[IDE_PASSWORD_LENGTH]; +} HDDSECDATA; + +#pragma pack() + + + +EFI_STATUS InstallSecurityInterface ( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag ); + +EFI_STATUS StopSecurityModeSupport ( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag ); + +EFI_STATUS ReturnSecurityStatus ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 *SecurityStatus ); + +EFI_STATUS SecuritySetPassword ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer, + UINT16 RevisionCode ); + +EFI_STATUS SecurityUnlockPassword ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer ); + +EFI_STATUS SecurityDisablePassword ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer ); + +EFI_STATUS SetDefaultMasterPassword ( + IN IDE_SECURITY_PROTOCOL *This ); + +EFI_STATUS SecuritySetDefaultMasterPassword ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer, + UINT16 RevisionCode ); + +EFI_STATUS SecurityFreezeLock ( + IN IDE_SECURITY_PROTOCOL *This ); + +EFI_STATUS SecurityEraseUnit ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer ); + +EFI_STATUS ReturnIdePasswordFlags ( + IN IDE_SECURITY_PROTOCOL *This, + UINT32 *IdePasswordFlags ); + +EFI_STATUS SecurityCommonRoutine ( + IN VOID *IdeBusInterface, + UINT16 Control, + UINT8 *Buffer, + UINT8 SecurityCommand, + UINT16 RevisionCode, + BOOLEAN ModeFlag ); + +EFI_STATUS ConnectController ( + IN EFI_HANDLE ControllerHandle, + IN EFI_HANDLE*DriverImageHandle OPTIONAL, + IN EFI_DEVICE_PATH_PROTOCOL*RemainingDevicePath OPTIONAL, + IN BOOLEAN Recursive ); + +EFI_STATUS GatherIdeInfo ( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag, + OUT UINT32 *HddDataId ); + +EFI_STATUS UpdateIdentifyData ( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag ); + +EFI_STATUS SetHddSecDataInNvram ( + IN VOID *BusInterface, + UINT32 *HddDataId, + UINT16 Control, + UINT8 *Buffer ); + +EFI_STATUS TransferPwDataFromNvramToSmram ( + IN IDE_SECURITY_PROTOCOL *This ); + +VOID ConvertHddDataIdToString ( + IN UINT32 DataId, + OUT CHAR16 *String ); + +VOID EncodeDecodePassword ( + IN UINT8 *InputString, + OUT UINT8 *OutputString, + IN UINT32 StringLength ); + +EFI_STATUS OEMSetMasterPassword ( + IN IDE_SECURITY_PROTOCOL *This ); + +EFI_STATUS SmmHDDPasswordInterface ( + IN IDE_SECURITY_PROTOCOL *This, + UINT16 Control, + UINT8 *Buffer, + UINT8 Action ); + +VOID IdeBusCallbackBootScript ( + IN EFI_EVENT Event, + IN VOID *Context ); + +VOID IdeBusMiscSmmFeatureCallback ( + IN EFI_EVENT Event, + IN VOID *Context ); + +BOOLEAN CheckAhciMode ( + IN IDE_BUS_PROTOCOL *IdeBusInterface ); + +UINTN EfiValueToString ( + IN OUT CHAR16 *Buffer, + IN INT64 Value, + IN UINTN Flags, + IN UINTN Width ); + +EFI_STATUS CommonNonDataHook ( + IN VOID *BusInterface, + IN COMMAND_STRUCTURE CommandStructure, + IN BOOLEAN ModeFlag ); + +EFI_STATUS CommonPioDataHook ( + IN VOID *BusInterface, + IN COMMAND_STRUCTURE CommandStructure, + IN BOOLEAN ModeFlag ); + +EFI_STATUS CommonReadWritePioHook ( + IN VOID *BusInterface, + IN OUT VOID *Buffer, + IN UINTN ByteCount, + IN UINT64 LBA, + IN UINT8 ReadWriteCommand, + IN BOOLEAN ReadWrite, + IN BOOLEAN ModeFlag ); + +EFI_STATUS CommonWfccHook ( + IN VOID *BusInterface, + IN BOOLEAN ModeFlag ); + +VOID LocateAhciSmmServiceEvent ( + EFI_EVENT Event, + VOID *Context ); + + + +/****** DO NOT WRITE BELOW THIS LINE *******/ +#ifdef __cplusplus +} +#endif + +#endif + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2015, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Core/EM/HddSecurity/IdeSecurity.mak b/Core/EM/HddSecurity/IdeSecurity.mak new file mode 100644 index 0000000..479a803 --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.mak @@ -0,0 +1,173 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.mak 9 8/11/13 11:58p Srikantakumarp $ +# +# $Revision: 9 $ +# +# $Date: 8/11/13 11:58p $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.mak $ +# +# 9 8/11/13 11:58p Srikantakumarp +# [TAG] EIP123442 +# [Category] Improvement +# [Description] Create a new Plug-In way in the IdeSecurity Module for +# OEM append sd file into +# [Files] IdeSecurity.sdl, IdeSecurity.mak +# +# 8 6/06/13 4:04a Rameshr +# [TAG] EIP106423 +# [Category] Improvement +# [Description] HddPassword Support in UEFI Raid and Legacy Raid. And +# also taken care where there is no Conin Device avilable in the post +# [Files] IdeSecurity.cif,IdeSecurity.sdl,IdeSecurity.mak,IdeSecurityB +# dsCall.c,HddPassword.c, Ahcibus.c, Pidebus.h +# +# 7 4/25/13 9:22a Kapilporwal +# [TAG] EIP108583 +# [Category] New Feature +# [Description] support set HDD password in same page +# [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl, +# IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c, +# HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl +# +# 6 10/11/11 1:55a Rameshr +# [TAG] EIP69246 +# [Category] Improvement +# [Description] Made the SECURITY_SUPPORT as the Master token and +# removed the IdeSecurity_Support token. +# [Files] IdeSecurity.c, IdeSecurity.h, IdeSecurity.mak, +# IdeSecurity.sdl +# +# 5 12/03/10 12:24a Rameshr +# [TAG] - EIP 48770 +# [Category]- BUG FIX +# [Severity]- Minor +# [Symptom] - HddSecurity build error when disable the IDEBUS module.. +# [RootCause]- IdebusLib used with IdeSecurity Module. +# [Solution] - Removed IdebusLib usage from source and mak file. +# [Files] - Idesecurity.c, IdeSecurity.mak +# +# 4 12/09/09 12:17p Krishnakumarg +# EIP 31797 : IDE Security API documentation. Added comments whereever +# possible and modified files for coding standard +# +# 3 3/18/09 11:26a Fredericko +# EIP19618 removed dependency on foundation.lib +# +# 2 3/13/09 3:43p Fredericko +# +# 1 28/02/08 6:40p Anandakrishnanl +# Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +# IdeBus driver to be compatable with the AHCI Bus driver. +# +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: IdeSecurity_mak +# +# Description: Make file to build IDESecurity Driver Sources. +# +#<AMI_FHDR_END> +#********************************************************************** +all : IdeSecurity + +IdeSecurity : $(BUILD_DIR)\IdeSecurity.mak IdeSecurityBin + +$(BUILD_DIR)\IdeSecurity.mak : $(IDESECURITY_DIR)\$(@B).cif $(IDESECURITY_DIR)\$(@B).mak $(BUILD_RULES) + $(CIF2MAK) $(IDESECURITY_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS) + +IdeSecurityBin: $(AMIDXELIB) + $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\ + /f $(BUILD_DIR)\IdeSecurity.mak all\ + GUID=A9B700CF-019E-4d8b-A3A7-88E1EA01699E\ + ENTRY_POINT=IdeSecurityEntryPoint \ + TYPE=BS_DRIVER \ + COMPRESS=1\ + "OBJECTS=$(BUILD_DIR)\$(IDESECURITY_DIR)\IdeSecurity.obj" + +#--------------------------------------------------------------------------- +# Create IDE Bus Setup Screens +#--------------------------------------------------------------------------- +SetupSdbs : $(BUILD_DIR)\IdeSecurity.Sdb +SetupBin : $(BUILD_DIR)\IdeSecuritySetup.obj + +#IdeSecuritySdb : +# $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\ +# /f $(BUILD_DIR)\IdeSecurity.mak all\ +# MAKEFILE=$(IDESECURITY_DIR)\IdeSecurity.mak \ +# TYPE=SDB STRING_CONSUMERS=$(IDESECURITY_DIR)\IdeSecurity.sd +#$(BUILD_DIR)\IdeSecuritySetup.obj : $(IDESECURITY_DIR)\IdeSecuritySetup.c $(BUILD_DIR)\SetupStrTokens.h +# $(CC) $(CFLAGS) /Fo$(BUILD_DIR)\ $(IDESECURITY_DIR)\IdeSecuritySetup.c + +!IF (DEFINED(IDE_SECURITY_PLUG_IN) && "$(IDE_SECURITY_PLUG_IN)" == "1") + +$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_PLUG_IN_SD) $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_PLUG_IN_SD) + +!ELSE # !IF (DEFINED(IDE_SECURITY_PLUG_IN) && "$(IDE_SECURITY_PLUG_IN)" == "1") + +!IFNDEF "$(SECUITY_SETUP_ON_SAME_PAGE)" + +!IF "$(SECUITY_SETUP_ON_SAME_PAGE)" == "1" + +$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_DIR)\IdeSecurityCommon.sd $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurityCommon.sd + +!ELSE + +$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_DIR)\IdeSecurity.sd $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.sd + +!ENDIF # !IF SECUITY_SETUP_ON_SAME_PAGE = "1" + +!ELSE # !IFNDEF "$(SECUITY_SETUP_ON_SAME_PAGE)" + +$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_DIR)\IdeSecurity.sd $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni + $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.sd + +!ENDIF # !IFNDEF SECUITY_SETUP_ON_SAME_PAGE + +!ENDIF # !IF (DEFINED(IDE_SECURITY_PLUG_IN) && "$(IDE_SECURITY_PLUG_IN)" == "1") + +$(BUILD_DIR)\IdeSecuritySetup.obj : $(IDESECURITY_DIR)\IdeSecuritySetup.c $(BUILD_DIR)\SetupStrTokens.h + $(CC) $(CFLAGS) /Fo$(BUILD_DIR)\ $(IDESECURITY_DIR)\IdeSecuritySetup.c + +CORE_DXEBin : $(BUILD_DIR)\IdeSecurityBdsCall.obj + +$(BUILD_DIR)\IdeSecurityBdsCall.obj : $(IDESECURITY_DIR)\IdeSecurityBdsCall.c + $(CC) $(CFLAGS) /Fo$(BUILD_DIR)\ $(IDESECURITY_DIR)\IdeSecurityBdsCall.c + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Core/EM/HddSecurity/IdeSecurity.sd b/Core/EM/HddSecurity/IdeSecurity.sd new file mode 100644 index 0000000..47980b5 --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.sd @@ -0,0 +1,525 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.sd 17 1/30/14 9:16a Divyac $ +// +// $Revision: 17 $ +// +// $Date: 1/30/14 9:16a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.sd $ +// +// 17 1/30/14 9:16a Divyac +// [TAG] EIP152490 +// [Category] Improvement +// [Description] Resolved the build Error in HddSecurity module when +// enabling DISPLAY_MASTER_PASSWORD sdl token +// [Files] IdeSecurity.sd +// +// 16 12/06/13 8:49a Divyac +// [TAG] EIP143275 +// [Category] Improvement +// [Description] Aptio 4.x - Gray out option for the user password when +// the HDD is in frozen state +// [Files] IdeSecurity.c, IdeSecurity.uni +// +// 15 6/13/12 9:12a Anandakrishnanl +// [TAG] EIP92050 +// [Category] Bug Fix +// [Severity] Minor +// [Symptom] In setup, Hdd Security User and Master password status +// string displayed as Set or Not Set instead of Installed or Not +// Installed. +// [RootCause] In setup, Hdd Security User and Master password status +// string displayed as Set or Not Set instead of Installed or Not +// Installed. +// [Solution] Changed the sd and UNI string tokens to be unique to +// Module +// [Files] IdeSecuirty.sd +// IdeSecuirty.uni +// +// 14 1/03/12 1:42a Jittenkumarp +// [TAG] EIP78274 +// [Category] Bug Fix +// [Symptom] When the the token ALL_HDD_SAME_PW is set to 1 and no HDD +// is connected to SUT, Set User Password and Set Master Password links +// are displayed in security page. +// [RootCause] When ALL_HDD_SAME_PW token is 1 ,not checking the +// presence of hard disk. +// [Solution] When ALL_HDD_SAME_PW token is 1,checking harddisk is +// present or not and if not present suppress the links. +// [Files] IdeSecurity.sd +// +// 13 10/21/11 4:12a Rameshr +// [TAG] EIP69247 +// [Category] Bug Fix +// [Severity] Minor +// [Symptom] Several IdeSecurity.sdl tokens are not working properly +// [RootCause] Several IdeSecurity.sdl tokens are not working properly +// [Solution] Removed unwanted SDL token and verified all the SDL token +// function. +// [Files] IdeSecurity.c, IdeSecurity.sdl, IdeSecurity.sdl +// +// 12 2/01/11 3:48a Rameshr +// [TAG] - EIP 52221 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - Under Aptio4.6.4.1, the HddSecurity "4.6.3_HddSecurity_016" +// will build failed. +// [RootCause]- Goto Form error in UEFI2.0 +// [Solution] - Moved Goto Form inside the FormSet. +// [Files] - IdeSecurity.sd +// +// 11 1/20/11 12:22a Rameshr +// [TAG] - EIP 52221 +// [Category]- BUG FIX +// [Severity]- Minor +// [Symptom] - Under Aptio4.6.4.1, the HddSecurity "4.6.3_HddSecurity_016" +// will build failed. +// [RootCause]- All the Control Items included in the main formset also. +// [Solution] - moved the whole #ifdef FORM_SET_VARSTORE section outside +// of the #ifdef SECURITY_FORM_SET +// [Files] - IdeSecurity.sd +// +// 10 1/10/11 12:52a Rameshr +// [TAG] EIP48180 +// [Category] Improvement +// [Description] Update the IdeSecurity eModule to utilize Setup +// Customization +// [Files] IdeSecurity.sd +// +// 8 8/27/10 2:27p Yul +// [TAG] EIP40151 +// [Category] NEW FEATURE +// [Description] If system has two HDDs, User need set two HDDs password +// separately with master and user password. +// We want to simply the procedure, if user set master or user password, +// it will set two HDDs with same password. +// While un-lock the HDD password, user just need input one Master/User +// password to un-lock HDD. +// [Files] HddPassword.c +// HddPassword.sdl +// IdeSecurity.sd +// IdeSecurity.uni +// Same as v7. No code update. +// +// 7 8/27/10 10:01a Yul +// EIP 40151 - One Master/User password for all attach HDDs +// +// 6 4/13/10 10:29a Davidd +// Removed setup questions when SETUP_SAME_SYS_HDD_PW is on. They are not +// used in this case. +// +// 5 3/26/10 5:44p Krishnakumarg +// UEFI2.1 compliance change. EIP#34744 +// +// 4 12/09/09 12:18p Krishnakumarg +// EIP 31797 : IDE Security API documentation. Added comments whereever +// possible and modified files for coding standard +// +// 3 7/27/09 3:30p Pats +// EIP 22925: Request to set HDD password length by token. +// Solution: Changed definitions for IDEUserPassword and IDEMasterPassword +// to use the token value instead of 32. +// +// +// 2 8/12/08 10:30a Fasihm +// Added the Manufacturing flag to all the setup questions. +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// 1 10/23/07 4:18p Felixp + +//********************************************************************** + +//<AMI_FHDR_START> +//********************************************************************** +// Name: IdeSecurity.sd +// +// Description: Ide Security in Setup. +//********************************************************************** +//<AMI_FHDR_END> + +#ifdef FORM_SET_VARSTORE + varstore IDE_SECURITY_CONFIG, + key = IDE_SECURITY_HD_1_KEY_ID, + name = IDESecDev, + guid = IDE_SECURITY_CONFIG_GUID; +#endif + +#if defined(VFRCOMPILE) && !defined(CONTROLS_ARE_DEFINED) +#define CONTROL_DEFINITION +#endif + +#ifdef CONTROL_DEFINITION + +#if (SETUP_SAME_SYS_HDD_PW != 1) + #if ALL_HDD_SAME_PW + #define IDE_SECURITY_GET_USER_PASSWORD\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + endif; + #define IDE_SECURITY_GET_MASTER_PASSWORD\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + endif; + + #define IDE_SECURITY_GET_IDE_USER_PASSWORD + #define IDE_SECURITY_GET_IDE_MASTER_PASSWORD + + #else + #define IDE_SECURITY_GET_USER_PASSWORD + #define IDE_SECURITY_GET_MASTER_PASSWORD + + #define IDE_SECURITY_GET_IDE_USER_PASSWORD\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + + #define IDE_SECURITY_GET_IDE_MASTER_PASSWORD\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + + #endif + + #define IDE_SECURITY_CONFIG_COUNT\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_SUPPORTED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_SUPPORTED),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_NOT_SUPPORTED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_SUPPORTED),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + + #define IDE_SECURITY_CONFIG_ENABLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_ENABLED),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_NOT_ENABLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_ENABLED),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + + #define IDE_SECURITY_CONFIG_LOCKED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_LOCKED),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + + #define IDE_SECURITY_CONFIG_NOT_LOCKED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_LOCKED),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_FROZEN\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_FROZEN),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_NOT_FROZEN\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_FROZEN),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + +#else + + #define IDE_SECURITY_GET_USER_PASSWORD + #define IDE_SECURITY_GET_MASTER_PASSWORD + #define IDE_SECURITY_CONFIG_COUNT + #define IDE_SECURITY_CONFIG_SUPPORTED + #define IDE_SECURITY_CONFIG_NOT_SUPPORTED + #define IDE_SECURITY_CONFIG_ENABLED + #define IDE_SECURITY_CONFIG_NOT_ENABLED + #define IDE_SECURITY_CONFIG_LOCKED + #define IDE_SECURITY_CONFIG_NOT_LOCKED + #define IDE_SECURITY_CONFIG_FROZEN + #define IDE_SECURITY_CONFIG_NOT_FROZEN + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED + #define IDE_SECURITY_GET_IDE_USER_PASSWORD + #define IDE_SECURITY_GET_IDE_MASTER_PASSWORD +#endif +#endif + + +#ifdef CONTROLS_WITH_DEFAULTS + IDE_SECURITY_GET_USER_PASSWORD + IDE_SECURITY_GET_MASTER_PASSWORD + IDE_SECURITY_CONFIG_COUNT + IDE_SECURITY_CONFIG_SUPPORTED + IDE_SECURITY_CONFIG_NOT_SUPPORTED + IDE_SECURITY_CONFIG_ENABLED + IDE_SECURITY_CONFIG_NOT_ENABLED + IDE_SECURITY_CONFIG_LOCKED + IDE_SECURITY_CONFIG_NOT_LOCKED + IDE_SECURITY_CONFIG_FROZEN + IDE_SECURITY_CONFIG_NOT_FROZEN + IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS + IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED + IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS + IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED + IDE_SECURITY_GET_IDE_USER_PASSWORD + IDE_SECURITY_GET_IDE_MASTER_PASSWORD +#endif //#ifdef CONTROLS_WITH_DEFAULTS + +#if (SETUP_SAME_SYS_HDD_PW != 1) + #ifdef SECURITY_FORM_SET + + #if EFI_SPECIFICATION_VERSION > 0x20000 + #ifndef SUPPRESS_GRAYOUT_ENDIF //old Core + #define SUPPRESS_GRAYOUT_ENDIF endif; + #endif + #endif + + + #ifdef FORM_SET_ITEM + SEPARATOR + + #if ALL_HDD_SAME_PW + + grayoutif ideqvallist IDE_SECURITY_CONFIG.Frozen == 1; + IDE_SECURITY_GET_USER_PASSWORD + endif; + + #if DISPLAY_MASTER_PASSWORD + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster == 0 OR ideqval IDE_SECURITY_CONFIG.Frozen == 1; + IDE_SECURITY_GET_MASTER_PASSWORD + endif; + #endif + #endif + #endif + + #ifdef FORM_SET_GOTO + SEPARATOR + + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0; + IDE_SECURITY_CONFIG_COUNT + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0xFFFF; + goto IDE_SECURITY_FORM, + prompt = STRING_TOKEN(STR_EMPTY), + help = STRING_TOKEN(STR_IDE_SECURITY_HELP); + endif; + + #endif + + #ifdef FORM_SET_FORM + + form + formid = AUTO_ID(IDE_SECURITY_FORM), + title = STRING_TOKEN(STR_IDE_SECURITY_HD); + +#if !ALL_HDD_SAME_PW + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_PWD_DESC)) + SEPARATOR + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_ONE)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_TWO)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_THREE)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_FOUR)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_FIVE)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_SIX)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_SEVEN)) + SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_EIGHT)) + +#endif + SEPARATOR + SUBTITLE(STRING_TOKEN(STR_HDD_PASSWORD_CONFIG)) + SEPARATOR + + suppressif ideqvallist IDE_SECURITY_CONFIG.Supported == 0; + IDE_SECURITY_CONFIG_SUPPORTED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Supported == 1; + IDE_SECURITY_CONFIG_NOT_SUPPORTED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled == 0; + IDE_SECURITY_CONFIG_ENABLED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled == 1; + IDE_SECURITY_CONFIG_NOT_ENABLED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Locked == 0; + IDE_SECURITY_CONFIG_LOCKED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Locked == 1; + IDE_SECURITY_CONFIG_NOT_LOCKED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen == 0; + IDE_SECURITY_CONFIG_FROZEN + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen == 1; + IDE_SECURITY_CONFIG_NOT_FROZEN + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus == 0; + IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus == 1; + IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus == 0; + IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS + endif; + + suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus == 1; + IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED + endif; + + SEPARATOR + + #if !ALL_HDD_SAME_PW + grayoutif ideqvallist IDE_SECURITY_CONFIG.Frozen == 1; + IDE_SECURITY_GET_IDE_USER_PASSWORD + endif; + #if DISPLAY_MASTER_PASSWORD + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster == 0 OR ideqval IDE_SECURITY_CONFIG.Frozen == 1; + IDE_SECURITY_GET_IDE_MASTER_PASSWORD + endif; + #endif + #endif + + endform; + + #endif + #endif +#endif + + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//**********************************************************************
\ No newline at end of file diff --git a/Core/EM/HddSecurity/IdeSecurity.sdl b/Core/EM/HddSecurity/IdeSecurity.sdl new file mode 100644 index 0000000..4df0d75 --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.sdl @@ -0,0 +1,240 @@ +TOKEN + Name = "HDD_SECURITY_SUPPORT" + Value = "1" + Help = "Main switch to enable Hdd Security support in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Master = Yes +End + +TOKEN + Name = "SECURITY_SUPPORT" + Value = "1" + Help = "Main switch to enable IdeSecurity support in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + TargetH = Yes + Token = "HDD_SECURITY_SUPPORT" "=" "1" +End + +TOKEN + Name = "MASTER_PASSWORD_ENABLE" + Value = "0" + Help = "Enables support for Master passwords." + TokenType = Boolean + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "IDE_PASSWORD_LENGTH" + Value = "32" + Help = "Default maximum IDE password length." + TokenType = Integer + TargetH = Yes +End + + +TOKEN + Name = "DISPLAY_MASTER_PASSWORD" + Value = "0" + Help = "Displays Master Password in the Setup Security Page" + TokenType = Boolean + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "OEM_MASTER_PASSWORD_TAG" + Help = "Tag Contains the Default Password String provided by OEM to set as Master Password" + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "OEM_DEFAULT_MASTER_PASSWORD" + Value = "0" + Help = "OFF - (Default) Master Password is set by the user through Setup Interface \ ON - Master Password for all HDDs are set from the OEM_MASTER_PASSWORD_TAG which contains the string provided by the OEM.(Only Applicable when DISPLAY_MASTER_PASSWORD is Disabled)" + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "DEFAULT_MASTER_PASSWORD_REVISION" + Value = "0xFFFE" + Help = "Master password revision code to be used as default.\0000h/0FFFFh - Not supported " + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "DISABLED_MASTER_PASSWORD_REVISION" + Value = "0x1" + Help = "Disabled Master password revision code to be set.\0000h/0FFFFh - Not supported " + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "DEFAULT_MASTER_PASSWORD_TAG" + Value = "amim" + Help = "Tag Contains the Default Password String provided by OEM to set as Master Password when disabled" + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "MASTER_PASSWORD_REVISION_SWITCH" + Value = "0" + Help = "0 - (Default) Use DEFAULT_MASTER_PASSWORD_REVISION as Revision Code.\ 1 - Set Master Password Revision Code from CHANGED_MASTER_PASSWORD_REVISION value\ 2 - Increment Master Revision Code if Set Everytime\" + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "CHANGED_MASTER_PASSWORD_REVISION" + Value = "0xFFFE" + Help = "Changed Master password revision code to be set.\0000h/0FFFFh - Not supported " + TokenType = Expression + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "DISABLE_SOFT_SET_PREV" + Value = "0" + Help = "ON - Disable SATA Software Setting Preservation feature so that it will not preserve the state after hardware reset. i.e. After a hardware reset HDD will change security state as power-on.\OFF - Do not change it in POST, leave it as default (enabled)." + TokenType = Boolean + TargetMAK = Yes + TargetH = Yes +End + +TOKEN + Name = "DSSP" + Value = "$(DISABLE_SOFT_SET_PREV)" + TokenType = Integer + TargetASL = Yes +End + +TOKEN + Name = "FORCE_HDD_PASSWORD_PROMPT" + Value = "0" + Help = "Set to 1 to always prompt for HDD password (in AHCI mode)." + TokenType = Boolean + TargetH = Yes +End + +TOKEN + Name = "HDD_PASSWORD_ON_NVRAM" + Value = "0" + Help = "Save the Hdd Password on Nvram." + TokenType = Boolean + TargetH = Yes +End + +TOKEN + Name = "SECUITY_SETUP_ON_SAME_PAGE" + Value = "0" + Help = "Multiple HDD Security setting displayed on same page. To enable this token, AMITSE Source should be present in the project." + TokenType = Boolean + TargetH = Yes + TargetMAK = Yes +End + +TOKEN + Name = "FHPP" + Value = "$(FORCE_HDD_PASSWORD_PROMPT)" + TokenType = Integer + TargetASL = Yes +End + +TOKEN + Name = "IDE_SECURITY_PLUG_IN" + Value = "0" + Help = "If this token value is 1, OEM .sd file will be added. Default value should be 0" + TokenType = Boolean + TargetH = Yes + TargetMAK = Yes +End + +PATH + Name = "IDESECURITY_DIR" +End + +MODULE + Help = "Includes IdeSecurity.mak to Project" + File = "IdeSecurity.mak" +End + +ELINK + Name = "IDESECURITY_PLUG_IN_SD" + Help = "List of SD files of the IdeSecurity plug-ins" + InvokeOrder = ReplaceParent +End + +ELINK + Name = "$(BUILD_DIR)\IdeSecurity.sdb" + Parent = "SETUP_SDBS" + Token = "HDD_SECURITY_SUPPORT" "=" "1" + InvokeOrder = AfterParent +End + +ELINK + Name = "InitIdeSecurityStrings," + Parent = "SetupStringInit" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(IDESECURITY_DIR)\IdeSecurity.sd" + Parent = "SETUP_DEFINITIONS" + Token = "HDD_SECURITY_SUPPORT" "=" "1" + Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "0" + Token = "IDE_SECURITY_PLUG_IN" "=" "0" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(IDESECURITY_DIR)\IdeSecurityCommon.sd" + Parent = "SETUP_DEFINITIONS" + Token = "SECURITY_SUPPORT" "=" "1" + Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1" + Token = "IDE_SECURITY_PLUG_IN" "=" "0" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(IDESECURITY_PLUG_IN_SD)" + Parent = "SETUP_DEFINITIONS" + Token = "HDD_SECURITY_SUPPORT" "=" "1" + Token = "IDE_SECURITY_PLUG_IN" "=" "1" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(IDESECURITY_DIR)\IdeSecurity$(ARCH).ffs" + Parent = "FV_MAIN" + Token = "HDD_SECURITY_SUPPORT" "=" "1" + InvokeOrder = AfterParent +End + +ELINK + Name = "$(BUILD_DIR)\IdeSecurity.ffs" + Parent = "$(IDESECURITY_DIR)\IdeSecurity$(ARCH).ffs" + InvokeOrder = ReplaceParent +End + +ELINK + Name = "IdeConnectControllerAfterConnectEverthing," + Parent = "InitConVars," + InvokeOrder = AfterParent +End diff --git a/Core/EM/HddSecurity/IdeSecurity.uni b/Core/EM/HddSecurity/IdeSecurity.uni Binary files differnew file mode 100644 index 0000000..eb9d0ad --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurity.uni diff --git a/Core/EM/HddSecurity/IdeSecurityBdsCall.c b/Core/EM/HddSecurity/IdeSecurityBdsCall.c new file mode 100644 index 0000000..7aaf8bc --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurityBdsCall.c @@ -0,0 +1,261 @@ +//************************************************************************* +//************************************************************************* +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//************************************************************************* +//************************************************************************* + +//************************************************************************* +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityBdsCall.c 2 6/09/14 9:53a Anbuprakashp $ +// +// $Revision: 2 $ +// +// $Date: 6/09/14 9:53a $ +// +//************************************************************************* +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityBdsCall.c $ +// +// 2 6/09/14 9:53a Anbuprakashp +// [TAG] EIP 172443 +// [Category] Improvement +// [Description] "RaidDriverBlockingStatus" is using +// gEfiGlobalVariableGuid that violates UEFI 2.4 spec in +// IdeSecurityBdsCall.c and Runtime attribute set of this variable need to +// be removed +// [Files] IdeSecurityBdsCall.c, AhciBus.c +// +// 1 6/06/13 4:03a Rameshr +// [TAG] EIP106423 +// [Category] Improvement +// [Description] HddPassword Support in UEFI Raid and Legacy Raid. And +// also taken care where there is no Conin Device avilable in the post +// [Files] IdeSecurity.cif +// IdeSecurity.sdl +// IdeSecurity.mak +// IdeSecurity.h +// IdeSecurity.c +// IdeSecuritySetup.c +// IdeSecurityBdsCall.c +// IdeSecurity.sd +// IdeSecurity.uni +// IdeSecurity.dxs +// IdeSecurity.chm +// +// +//************************************************************************* + +//<AMI_FHDR_START> +//---------------------------------------------------------------------------- +// +// Name: IdeSecurityBdsCall.c +// +// Description: This function will connect the handle's of RAID Controllers and +// the IDE/AHCI Devices( the handle whose DiskIo was not opened by any one.) +// +// +//---------------------------------------------------------------------------- +//<AMI_FHDR_END> + + +#include <PCI.h> +#include "Protocol\DiskIo.h" +#include <Protocol\IdeControllerInit.h> +#include <AmiDxeLib.h> +#include <Protocol\DevicePath.h> + +static EFI_GUID gAmiGlobalVariableGuid = AMI_GLOBAL_VARIABLE_GUID; + + +extern EFI_STATUS GetPciHandlesByClass( + UINT8 Class, UINT8 SubClass, UINTN *NumberOfHandles, EFI_HANDLE **HandleBuffer +); + +// <AMI_PHDR_START> +//--------------------------------------------------------------------------- +// +// Name: IdeConnectControllerAfterConnectEverthing +// +// Description: +// This function will connect the handle's of RAID Controllers and the IDE/AHCI +// Devices( the handle whose DiskIo was not opened by any one.) +// +// Input: +// VOID +// +// Output: +// VOID +// +// Modified: +// +// Referrals: +// +// +// Notes: +// If Conin Devices are not Present, RAID Option ROM will not be launched +// by CSM BlockIo as RegisterHddNotification fucntion would get control after +// connectEverything() is called from BDS. Rather it would be launched by +// ShadowAllLegacyOproms() and UEFI Boot option for RAID will not be formed as +// blockIo will not be installed by csm BlockIo driver. So Connect the RAID handle +// so that CSM BlockIo starts. And also if Password is installed the above said case +// will happen when no con in device is present. +// +// Check for any device in IDE/AHCI mode not unlocked when no ConIn Device is not present. +// If found Connecting that Device using ConnectController() after the Device is unlocked. +// as read would fail and FileSystem would not be formedOpen gEfiIdeControllerInitProtocolGuid +// which will be installed on each controller. This will be opened as +// EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER by each device handle.Connect that Handle where +// DiskIo will be installed and not opened by another driver. +// +//--------------------------------------------------------------------------- +// <AMI_PHDR_END> + +VOID IdeConnectControllerAfterConnectEverthing( ) +{ + + UINT8 Index; + UINT8 Index1; + UINTN DiskIoCount; + UINTN Count; + UINTN Count1; + EFI_HANDLE *HandleBuffer = NULL; + UINTN NumHandles; + EFI_STATUS Status; + EFI_OPEN_PROTOCOL_INFORMATION_ENTRY *DiskIoEntries = NULL; + EFI_OPEN_PROTOCOL_INFORMATION_ENTRY *Entries = NULL; + BOOLEAN RaidDriverBlocked=FALSE; + UINTN VarSize=sizeof(RaidDriverBlocked); + + + + // If Conin Devices are not Present, RAID Option ROM will not be launched + // by CSM BlockIo as RegisterHddNotification fucntion would get control after + // connectEverything() is called from BDS. Rather it would be launched by + // ShadowAllLegacyOproms() and UEFI Boot option for RAID will not be formed as + // blockIo will not be installed by csm BlockIo driver. So Connect the RAID handle + // so that CSM BlockIo starts. And also if Password is installed the above said case + // will happen when no con in device is present. + + Status = GetPciHandlesByClass(PCI_CL_MASS_STOR, + PCI_CL_MASS_STOR_SCL_RAID, + &NumHandles, + &HandleBuffer + ); + + // Connect the handle so that CSM BlockIo Launches RAID Option Rom. + if(!EFI_ERROR(Status)){ + + Status = pRS->GetVariable( L"RaidDriverBlockingStatus", + &gAmiGlobalVariableGuid, + NULL, + &VarSize, + &RaidDriverBlocked ); + + + if((EFI_ERROR(Status)) || (RaidDriverBlocked == FALSE)) { + return; + } + + for(Index=0; Index<NumHandles; Index++){ + + // We have blocked the Raid driver until password verification is done. + // Now we need to un block and connect the Raid driver after HddPassword verification is done + Status = pBS->OpenProtocolInformation(HandleBuffer[Index], + &gEfiDevicePathProtocolGuid, + &Entries, + &Count1 + ); + + if(!EFI_ERROR(Status)) { + for(Index1=0; Index1 < Count1; Index1++) { + if (Entries[Index1].Attributes!=EFI_OPEN_PROTOCOL_BY_DRIVER) { + continue; + } + + Status = pBS->CloseProtocol ( + HandleBuffer[Index], + &gEfiDevicePathProtocolGuid, + Entries[Index1].AgentHandle, + Entries[Index1].ControllerHandle + ); + } + } + + pBS->ConnectController(HandleBuffer[Index],NULL,NULL,TRUE); + } + + } else { + + // Check for any device in IDE/AHCI mode not unlocked when no ConIn Device is not present. + // If found Connecting that Device using ConnectController() after the Device is unlocked. + // Open gEfiIdeControllerInitProtocolGuid which will be installed on each controller. + // This will be opened as EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER by each device handle. + // Connect that Handle where DiskIo will be installed and not opened by another driver. + + Status = pBS->LocateHandleBuffer(ByProtocol, + &gEfiIdeControllerInitProtocolGuid, + NULL, + &Count, + &HandleBuffer); + + if(!EFI_ERROR(Status)){ + for(Index=0; Index < Count; Index++) { + Status = pBS->OpenProtocolInformation(HandleBuffer[Index], + &gEfiIdeControllerInitProtocolGuid, + &Entries, + &Count1 + ); + if(!EFI_ERROR(Status)) { + for(Index1=0; Index1 < Count1; Index1++) { + if (Entries[Index1].Attributes!=EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER) { + continue; + } + Status = pBS->OpenProtocolInformation(Entries[Index1].ControllerHandle, + &gEfiDiskIoProtocolGuid, + &DiskIoEntries, + &DiskIoCount + ); + if(!EFI_ERROR(Status)) { + if( DiskIoCount == 0 ) { + Status = pBS->ConnectController(Entries[Index1].ControllerHandle, + NULL, + NULL, + TRUE); + } + pBS->FreePool(DiskIoEntries); + } + } + pBS->FreePool(Entries); + } + } + } + } + + if(HandleBuffer) { + pBS->FreePool(HandleBuffer); + } + + return; +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2014, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Core/EM/HddSecurity/IdeSecurityCommon.sd b/Core/EM/HddSecurity/IdeSecurityCommon.sd new file mode 100644 index 0000000..f30be83 --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecurityCommon.sd @@ -0,0 +1,653 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2012, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityCommon.sd 1 4/25/13 9:21a Kapilporwal $ +// +// $Revision: 1 $ +// +// $Date: 4/25/13 9:21a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityCommon.sd $ +// +// 1 4/25/13 9:21a Kapilporwal +// [TAG] EIP108583 +// [Category] New Feature +// [Description] support set HDD password in same page +// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl, +// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c, +// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl +// +//********************************************************************** + +//<AMI_FHDR_START> +//********************************************************************** +// Name: IdeSecurityCommon.sd +// +// Description: Ide Security in Setup. +//********************************************************************** +//<AMI_FHDR_END> + + +#ifdef FORM_SET_VARSTORE + varstore IDE_SECURITY_CONFIG, + key = IDE_SECURITY_HD_1_KEY_ID, + name = IDESecDev, + guid = IDE_SECURITY_CONFIG_GUID; +#endif // end of FORM_SET_VARSTORE + +#if defined(VFRCOMPILE) && !defined(CONTROLS_ARE_DEFINED) +#define CONTROL_DEFINITION +#endif + +#ifdef CONTROL_DEFINITION + + #define IDE_SECURITY_DUMMY_DEFINITION\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_SECURITY_PROMPT),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_HDD_NAME1\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SECURITY_HDD_ONE),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_HDD_NAME2\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SECURITY_HDD_TWO),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_HDD_NAME3\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SECURITY_HDD_THREE),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_HDD_NAME4\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SECURITY_HDD_FOUR),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_HDD_NAME5\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SECURITY_HDD_FIVE),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_HDD_NAME6\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SECURITY_HDD_SIX),\ + text = STRING_TOKEN(STR_EMPTY),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_SUPPORTED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_SUPPORTED),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_NOT_SUPPORTED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_SUPPORTED),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + + #define IDE_SECURITY_CONFIG_ENABLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_ENABLED),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_NOT_ENABLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_ENABLED),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + + #define IDE_SECURITY_CONFIG_LOCKED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_LOCKED),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + + #define IDE_SECURITY_CONFIG_NOT_LOCKED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_LOCKED),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_FROZEN\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_FROZEN),\ + text = STRING_TOKEN(STR_YES),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_NOT_FROZEN\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_SEC_FROZEN),\ + text = STRING_TOKEN(STR_NO),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED\ + text\ + help = STRING_TOKEN(STR_EMPTY),\ + text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\ + text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\ + flags = 0,\ + key = 0;\ + + #define IDE_SECURITY_NONSUPPORTED_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Supported[HDD_NUM] == 0;\ + IDE_SECURITY_CONFIG_SUPPORTED\ + endif; + + #define IDE_SECURITY_SUPPORTED_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Supported[HDD_NUM] == 1;\ + IDE_SECURITY_CONFIG_NOT_SUPPORTED\ + endif; + + #define IDE_SECURITY_NONENABLED_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled[HDD_NUM] == 0;\ + IDE_SECURITY_CONFIG_ENABLED\ + endif; + + #define IDE_SECURITY_ENABLED_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled[HDD_NUM] == 1;\ + IDE_SECURITY_CONFIG_NOT_ENABLED\ + endif; + + + #define IDE_SECURITY_NONLOCKED_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Locked[HDD_NUM] == 0;\ + IDE_SECURITY_CONFIG_LOCKED\ + endif; + + #define IDE_SECURITY_LOCKED_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Locked[HDD_NUM] == 1;\ + IDE_SECURITY_CONFIG_NOT_LOCKED\ + endif;\ + + #define IDE_SECURITY_NONFROZEN_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 0;\ + IDE_SECURITY_CONFIG_FROZEN\ + endif;\ + + #define IDE_SECURITY_FROZEN_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + IDE_SECURITY_CONFIG_NOT_FROZEN\ + endif;\ + + #define IDE_SECURITY_USERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus[HDD_NUM] == 0;\ + IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS\ + endif;\ + + #define IDE_SECURITY_USERPASSWORD_STATUS_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus[HDD_NUM] == 1;\ + IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED\ + endif; + + #define IDE_SECURITY_MASTERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus[HDD_NUM] == 0;\ + IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS\ + endif; + + + #define IDE_SECURITY_MASTERPASSWORD_STATUS_FEATURES(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus[HDD_NUM] == 1;\ + IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED\ + endif; + + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES1(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF + + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES1(HDD_NUM)\ + suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF\ + endif; + + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES2(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD2,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF + + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES2(HDD_NUM)\ + suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD2,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF\ + endif; + + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES3(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD3,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF + + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES3(HDD_NUM)\ + suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD3,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF\ + endif; + + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES4(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD4,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF + + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES4(HDD_NUM)\ + suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD4,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF\ + endif; + + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES5(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD5,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF + + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES5(HDD_NUM)\ + suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD5,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF\ + endif; + + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES6(HDD_NUM)\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD6,\ + prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF + + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES6(HDD_NUM)\ + suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\ + grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\ + suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\ + password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD6,\ + prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\ + help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\ + flags = 0,\ + key = 0,\ + minsize = 0,\ + maxsize = IDE_PASSWORD_LENGTH,\ + encoding = 1,\ + endpassword;\ + SUPPRESS_GRAYOUT_ENDIF\ + endif; + + #define IDE_SECURITY_FEATURES(HDD_NUM)\ + IDE_SECURITY_NONSUPPORTED_FEATURES(HDD_NUM)\ + IDE_SECURITY_SUPPORTED_FEATURES(HDD_NUM)\ + IDE_SECURITY_NONENABLED_FEATURES(HDD_NUM)\ + IDE_SECURITY_ENABLED_FEATURES(HDD_NUM)\ + IDE_SECURITY_NONLOCKED_FEATURES(HDD_NUM)\ + IDE_SECURITY_LOCKED_FEATURES(HDD_NUM)\ + IDE_SECURITY_NONFROZEN_FEATURES(HDD_NUM)\ + IDE_SECURITY_FROZEN_FEATURES(HDD_NUM)\ + IDE_SECURITY_USERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\ + IDE_SECURITY_USERPASSWORD_STATUS_FEATURES(HDD_NUM)\ + IDE_SECURITY_MASTERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\ + IDE_SECURITY_MASTERPASSWORD_STATUS_FEATURES(HDD_NUM) +#endif + +#ifdef CONTROLS_WITH_DEFAULTS + #define IDE_SECURITY_HDD_NAME1 + #define IDE_SECURITY_HDD_NAME2 + #define IDE_SECURITY_HDD_NAME3 + #define IDE_SECURITY_HDD_NAME4 + #define IDE_SECURITY_HDD_NAME5 + #define IDE_SECURITY_HDD_NAME6 + #define IDE_SECURITY_CONFIG_SUPPORTED(HDD_NUM) + #define IDE_SECURITY_CONFIG_NOT_SUPPORTED(HDD_NUM) + #define IDE_SECURITY_CONFIG_ENABLED(HDD_NUM) + #define IDE_SECURITY_CONFIG_NOT_ENABLED(HDD_NUM) + #define IDE_SECURITY_CONFIG_LOCKED(HDD_NUM) + #define IDE_SECURITY_CONFIG_NOT_LOCKED(HDD_NUM) + #define IDE_SECURITY_CONFIG_FROZEN(HDD_NUM) + #define IDE_SECURITY_CONFIG_NOT_FROZEN(HDD_NUM) + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS(HDD_NUM) + #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED(HDD_NUM) + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS(HDD_NUM) + #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED(HDD_NUM) + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES1(HDD_NUM) + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES1(HDD_NUM) + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES2(HDD_NUM) + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES2(HDD_NUM) + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES3(HDD_NUM) + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES3(HDD_NUM) + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES4(HDD_NUM) + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES4(HDD_NUM) + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES5(HDD_NUM) + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES5(HDD_NUM) + #define IDE_SECURITY_GET_USERPASSWORD_FEATURES6(HDD_NUM) + #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES6(HDD_NUM) + #define IDE_SECURITY_FEATURES(HDD_NUM) +#endif + +#ifdef SECURITY_FORM_SET + #ifdef FORM_SET_ITEM + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6; + SEPARATOR + SEPARATOR + endif; + #endif + + + #ifdef FORM_SET_GOTO + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6; + goto HDD_PASSWORD_FORM_ID, + prompt = STRING_TOKEN(STR_HDD_SECURITY_CONFIG), + help = STRING_TOKEN(STR_IDE_SECURITY_HELP); + endif; + #endif// end of FORM_SET_GOTO + + #ifdef FORM_SET_FORM + // + // Define forms + // + form formid = AUTO_ID(HDD_PASSWORD_FORM_ID), + title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG); + + SEPARATOR + SUBTITLE(STRING_TOKEN(STR_HDD_PASSWORD_CONFIG)) + SEPARATOR + + + //****************************************** + //*************** HDD 1nd ****************** + //****************************************** + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6; + IDE_SECURITY_HDD_NAME1 + endif; + + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6; + IDE_SECURITY_FEATURES(0) + IDE_SECURITY_GET_USERPASSWORD_FEATURES1(0) + #if DISPLAY_MASTER_PASSWORD + IDE_SECURITY_GET_MASTERPASSWORD_FEATURES1(0) + #endif + SEPARATOR + SEPARATOR + endif; + + + //****************************************** + //*************** HDD 2nd ****************** + //****************************************** + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 2 3 4 5 6; + IDE_SECURITY_HDD_NAME2 + endif; + + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 2 3 4 5 6; + IDE_SECURITY_FEATURES(1) + IDE_SECURITY_GET_USERPASSWORD_FEATURES2(1) + #if DISPLAY_MASTER_PASSWORD + IDE_SECURITY_GET_MASTERPASSWORD_FEATURES2(1) + #endif + SEPARATOR + SEPARATOR + endif; + + //****************************************** + //*************** HDD 3rd ****************** + //****************************************** + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 3 4 5 6; + IDE_SECURITY_HDD_NAME3 + endif; + + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 3 4 5 6; + IDE_SECURITY_FEATURES(2) + IDE_SECURITY_GET_USERPASSWORD_FEATURES3(2) + #if DISPLAY_MASTER_PASSWORD + IDE_SECURITY_GET_MASTERPASSWORD_FEATURES3(2) + #endif + SEPARATOR + SEPARATOR + endif; + + //****************************************** + //*************** HDD 4th ****************** + //****************************************** + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 4 5 6; + IDE_SECURITY_HDD_NAME4 + endif; + + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 4 5 6; + IDE_SECURITY_FEATURES(3) + IDE_SECURITY_GET_USERPASSWORD_FEATURES4(3) + #if DISPLAY_MASTER_PASSWORD + IDE_SECURITY_GET_MASTERPASSWORD_FEATURES4(3) + #endif + SEPARATOR + SEPARATOR + endif; + + //****************************************** + //*************** HDD 5th ****************** + //****************************************** + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 5 6; + IDE_SECURITY_HDD_NAME5 + endif; + + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 5 6; + IDE_SECURITY_FEATURES(4) + IDE_SECURITY_GET_USERPASSWORD_FEATURES5(4) + #if DISPLAY_MASTER_PASSWORD + IDE_SECURITY_GET_MASTERPASSWORD_FEATURES5(4) + #endif + SEPARATOR + SEPARATOR + endif; + + //****************************************** + //*************** HDD 6th ****************** + //****************************************** + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 6; + IDE_SECURITY_HDD_NAME6 + endif; + + suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 6; + IDE_SECURITY_FEATURES(5) + IDE_SECURITY_GET_USERPASSWORD_FEATURES6(5) + #if DISPLAY_MASTER_PASSWORD + IDE_SECURITY_GET_MASTERPASSWORD_FEATURES6(5) + #endif + SEPARATOR + SEPARATOR + endif; + + endform; + #endif // FORM_SET_FORM +#endif // SECURITY_FORM_SET + + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2008, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//**********************************************************************
\ No newline at end of file diff --git a/Core/EM/HddSecurity/IdeSecuritySetup.c b/Core/EM/HddSecurity/IdeSecuritySetup.c new file mode 100644 index 0000000..ba1f57b --- /dev/null +++ b/Core/EM/HddSecurity/IdeSecuritySetup.c @@ -0,0 +1,434 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2010, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecuritySetup.c 4 4/25/13 9:22a Kapilporwal $ +// +// $Revision: 4 $ +// +// $Date: 4/25/13 9:22a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecuritySetup.c $ +// +// 4 4/25/13 9:22a Kapilporwal +// [TAG] EIP108583 +// [Category] New Feature +// [Description] support set HDD password in same page +// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl, +// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c, +// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl +// +// 3 1/15/10 10:22a Yul +// Coding Standard +// +// 2 12/09/09 12:18p Krishnakumarg +// EIP 31797 : IDE Security API documentation. Added comments whereever +// possible and modified files for coding standard +// +// 1 28/02/08 6:40p Anandakrishnanl +// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from +// IdeBus driver to be compatable with the AHCI Bus driver. +// +// +// +//********************************************************************** + +//<AMI_FHDR_START> +//---------------------------------------------------------------------------- +// +// Name: IdeSecuritySetup.c +// +// Description: Ide Security Setup Routines +// +// NOTE: Use this hook to dynamically change Ide Security Driver Setup screen +// Strings. +// +//---------------------------------------------------------------------------- +//<AMI_FHDR_END> + +#include <AmiLib.h> +#include <AmiDxeLib.h> +#include <Setup.h> +#include <SetupStrTokens.h> +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE +#include "Protocol\PciIo.h" +#include "Protocol\BlockIo.h" +#include "Protocol\PDiskInfo.h" +#include "Protocol\PIDEController.h" +#include "Protocol\PIDEBus.h" +#include "Protocol\PAhciBus.h" +#include "Protocol\DevicePath.h" +#include "Protocol\HiiString.h" +#endif + +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + +EFI_GUID gDiskInfoProtocolGuid = EFI_DISK_INFO_PROTOCOL_GUID; +EFI_GUID gDevicePathProtocolGuid = EFI_DEVICE_PATH_PROTOCOL_GUID; +EFI_GUID gIDESecurityProtocolGuid = IDE_SECURITY_INTERFACE_GUID; + +// Store the names of HDDs present in the system. Dynamically updated. +STRING_REF gHddSecurityName[6] = +{ + STRING_TOKEN(STR_SECURITY_HDD_ONE), STRING_TOKEN(STR_SECURITY_HDD_TWO), + STRING_TOKEN(STR_SECURITY_HDD_THREE), STRING_TOKEN(STR_SECURITY_HDD_FOUR), + STRING_TOKEN(STR_SECURITY_HDD_FIVE), STRING_TOKEN(STR_SECURITY_HDD_SIX) +}; + +static EFI_HII_STRING_PROTOCOL *HiiString = NULL; +static EFI_GUID EfiVariableGuid = EFI_GLOBAL_VARIABLE; + +// Function Definitions + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: CheckSecurityStatus +// +// Description: return the Security Status Information +// +// Input: IN IDE_SECURITY_PROTOCOL *IDEPasswordSecurity, +// IN OUT BOOLEAN *ReqStatus, +// IN UINT16 Mask +// +// Output: BOOLEAN status in ReqStatus is valid +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN CheckSecurityStatus( + IN IDE_SECURITY_PROTOCOL *IDEPasswordSecurity, + IN OUT BOOLEAN *ReqStatus, + IN UINT16 Mask ) +{ + UINT16 SecurityStatus = 0; + EFI_STATUS Status; + + // + //get the security status of the device + // + Status = IDEPasswordSecurity->ReturnSecurityStatus( IDEPasswordSecurity, &SecurityStatus ); + + if ( EFI_ERROR( Status )) + return FALSE; // Unable to get IDE security status + // Mask security status based on supplied mask data + *ReqStatus = (BOOLEAN)((SecurityStatus & Mask) ? TRUE : FALSE ); + return TRUE; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HiiGetString +// +// Description: return the String based on StringId +// +// Input: IN EFI_HII_HANDLE HiiHandle, +// IN EFI_STRING_ID StringId, +// +// Output: EFI_STRING +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +EFI_STRING HiiGetString( + IN EFI_HII_HANDLE HiiHandle, + IN EFI_STRING_ID StringId) +{ + EFI_STRING String = NULL; + UINTN StringSize = 0; + EFI_STATUS Status; + CHAR8* PlatformLang = NULL; + UINTN Size = 0; + + if(HiiString == NULL) { + Status = pBS->LocateProtocol(&gEfiHiiStringProtocolGuid, NULL, (VOID **) &HiiString); + if(EFI_ERROR(Status)) + return NULL; + } + +//language not provided - try platform language + Status = GetEfiVariable(L"PlatformLang", &EfiVariableGuid, NULL, &Size, &PlatformLang); + if(!EFI_ERROR(Status)) { + Status = HiiString->GetString(HiiString, PlatformLang, HiiHandle, StringId, String, &StringSize, NULL); + if(Status == EFI_BUFFER_TOO_SMALL) { + Status = pBS->AllocatePool(EfiBootServicesData, StringSize, &String); + if(!EFI_ERROR(Status)) + Status = HiiString->GetString(HiiString, PlatformLang, HiiHandle, StringId, String, &StringSize, NULL); + } + pBS->FreePool(PlatformLang); + } + return (EFI_ERROR(Status)) ? NULL : String; +} + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: HddPasswordGetDeviceName +// +// Description: Return the Drive String Name +// +// Input: IN EFI_HANDLE Controller - the handle of the drive +// OUT CHAR16 **wsName - Pointer to the drive string +// +// Output: BOOLEAN - TRUE - drive string has been found and is in wsName +// - FALSE - drive string has not been found +// +// Notes: it is the caller's responsibility to deallocate the space used for +// wsName +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> +BOOLEAN HddPasswordGetDeviceName(IN EFI_HANDLE Controller, OUT CHAR16 **wsName) +{ + EFI_STATUS Status; + SECURITY_PROTOCOL *Security = NULL; + CHAR16 *DeviceName; + BOOLEAN ReturnStatus = FALSE; + + // Get the SECURITY_PROTOCOL (actually getting the IDE_SECURITY_PROTOCOL, but + // the SECURITY_PROTOCOL is an extended version with more information) + Status = pBS->HandleProtocol(Controller, &gIDESecurityProtocolGuid, &Security); + if ( !EFI_ERROR(Status) ) { + // Check the SATA controller operating mode, and based on the mode, get the UnicodeString + // name of the device + if ( Security->ModeFlag ) { + DeviceName = ((SATA_DEVICE_INTERFACE*)Security->BusInterface)->UDeviceName->UnicodeString; + } else { + DeviceName = ((IDE_BUS_PROTOCOL*)Security->BusInterface)->IdeDevice.UDeviceName->UnicodeString; + } + + // Allocate space to copy the unicode device name string + *wsName = MallocZ(sizeof(CHAR16)*(Wcslen(DeviceName)+1)); + if ( *wsName!=NULL ) { + Wcscpy( *wsName, DeviceName); + ReturnStatus = TRUE; + } + } + + // Return true to signify that a device name was discovered + return ReturnStatus; +} + +#endif + +// Function Definitions + + +//<AMI_PHDR_START> +//---------------------------------------------------------------------------- +// Procedure: InitIdeSecurityStrings +// +// Description: This function initializes the IdeSecurity setup option values +// +// Input: HiiHandle Handle to HII database +// Class Indicates the setup class +// +// Output: None +// +//---------------------------------------------------------------------------- +//<AMI_PHDR_END> + +VOID InitIdeSecurityStrings( + EFI_HII_HANDLE HiiHandle, + UINT16 Class ) +{ +#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE + EFI_STATUS Status; + EFI_HANDLE *HandleBuffer = NULL; + UINT16 i, HDDCount = 0; + UINTN Count; + CHAR16 * Name, *Temp1; + BOOLEAN Locked; + IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; + PCI_DEVICE_PATH *PciDevicePath; + SECURITY_PROTOCOL *Security = NULL; + UINT32 HddPortNumber; + CHAR16 *Buff=L"P"; + EFI_DISK_INFO_PROTOCOL *DiskInfoPtr=NULL; + UINT32 PortNumber; + UINT32 PMPortNumber; + BOOLEAN Flag = FALSE; + + // Locate all handles with IDE_SECURITY_PROTOCOL installled + Status = pBS->LocateHandleBuffer( ByProtocol, + &gIDESecurityProtocolGuid, + NULL, + &Count, + &HandleBuffer); + if ( EFI_ERROR( Status )) { + return; + } + + // For each handle in HandleBuffer + for ( i = 0; i < Count; i++ ) { + // + // Get the PasswordSecurity Protocol + // + Status = pBS->OpenProtocol( HandleBuffer[i], + &gIDESecurityProtocolGuid, + (VOID**) &IDEPasswordSecurity, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( EFI_ERROR( Status )) + continue; + // + // Get the DiskInfo Protocol + // + Status = pBS->OpenProtocol( HandleBuffer[i], + &gDiskInfoProtocolGuid, + (VOID**) &DiskInfoPtr, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( EFI_ERROR( Status )){ + continue; + } + // + // Locate the device path Protocol + // + Status = pBS->OpenProtocol( HandleBuffer[i], + &gDevicePathProtocolGuid, + (VOID**)&DevicePath, + NULL, + HandleBuffer[i], + EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if ( EFI_ERROR( Status )){ + continue; + } + + DevicePathNode = DevicePath; + + // + // Traverse the Device Path structure till we reach HARDWARE_DEVICE_PATH + // + while (!isEndNode (DevicePathNode)) { + + if ((DevicePathNode->Type == HARDWARE_DEVICE_PATH) && + (DevicePathNode->SubType == HW_PCI_DP)){ + + PciDevicePath = (PCI_DEVICE_PATH *) DevicePathNode; + break; + } + + DevicePathNode = NEXT_NODE (DevicePathNode); + } + // Check whether valid DevicePath found + if (PciDevicePath == NULL) continue; + + Security=(SECURITY_PROTOCOL *)IDEPasswordSecurity; + + if(Security->ModeFlag){ + // + // Controller is in Ahci Mode, Call WhichIde function to find out Port Number + // + DiskInfoPtr->WhichIde(DiskInfoPtr,&PortNumber,&PMPortNumber); + // + // Assign the PortNumber to HddPortNumber.This Port Number is displayed in Setup. + // + HddPortNumber=PortNumber; + Flag=TRUE; + + }else{ + +#ifdef SB_TEMPLATE_VER +#if SB_TEMPLATE_VER > 6 +{ + UINT32 IdeChannel; + UINT32 IdeDevice; + + if(gSbHddPolicyPtr==NULL){ + Status=gBS->LocateProtocol(&gSbHddPolicyProtocolGuid, + NULL, \ + &gSbHddPolicyPtr); + } + + if(gSbHddPolicyPtr!=NULL){ + + // + // Find out the Primary/Secondary,Master/Slave Info from WhichIde function + // + DiskInfoPtr->WhichIde(DiskInfoPtr,&IdeChannel,&IdeDevice); + // + // Get the Port Number to which the HDD is connected + // + gSbHddPolicyPtr->GeneratePortNumber(PciDevicePath->Device,PciDevicePath->Function, + IdeChannel,IdeDevice,&PortNumber); + + HddPortNumber=PortNumber; + Flag=TRUE; + + }else{ + // + // SB HDD Policy Protocol is not Present. + // + Flag=FALSE; + } +} +#endif +#endif + + } + + if ( CheckSecurityStatus( IDEPasswordSecurity, &Locked, 0x0004 )) { + if ( HddPasswordGetDeviceName( HandleBuffer[i], &Name )) { + Name[12] = 0; + if(Flag){ + // + // Display the the Port Number in Setup + // + InitString(HiiHandle, gHddSecurityName[i], L"%s%d:%s", L"P", HddPortNumber, Name); + }else{ + // + // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT + // token to display the String Information. + // + Temp1 = HiiGetString( HiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT )); + InitString(HiiHandle, gHddSecurityName[i], L"%s%d:%s",Temp1,HDDCount,Name); + } + } else { + if(Flag){ + // + // Display the the Port Number in Setup + // + InitString(HiiHandle, gHddSecurityName[i], L"%s%d", L"P", HddPortNumber); + }else{ + // + // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT + // token to display the String Information. + // + Temp1 = HiiGetString( HiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT )); + InitString(HiiHandle, gHddSecurityName[i], L"%s%d", Temp1, HDDCount); + } + } + HDDCount++; + }// end if + + }// end of for +#endif + return; +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2010, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** |