summaryrefslogtreecommitdiff
path: root/Core/EM/HddSecurity
diff options
context:
space:
mode:
Diffstat (limited to 'Core/EM/HddSecurity')
-rw-r--r--Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c158
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddPassword.c2631
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddPassword.cif14
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddPassword.h185
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddPassword.mak96
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddPassword.sdl136
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddPassword.unibin0 -> 6918 bytes
-rw-r--r--Core/EM/HddSecurity/Hddpassword/HddSecTokens.c79
-rw-r--r--Core/EM/HddSecurity/IDESMM.DXS84
-rw-r--r--Core/EM/HddSecurity/IDESMM.c1553
-rw-r--r--Core/EM/HddSecurity/IDESMM.cif12
-rw-r--r--Core/EM/HddSecurity/IDESMM.h198
-rw-r--r--Core/EM/HddSecurity/IDESMM.mak95
-rw-r--r--Core/EM/HddSecurity/IDESMM.sdl66
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.c2939
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.chmbin0 -> 220714 bytes
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.cif22
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.dxs86
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.h470
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.mak173
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.sd525
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.sdl240
-rw-r--r--Core/EM/HddSecurity/IdeSecurity.unibin0 -> 12110 bytes
-rw-r--r--Core/EM/HddSecurity/IdeSecurityBdsCall.c261
-rw-r--r--Core/EM/HddSecurity/IdeSecurityCommon.sd653
-rw-r--r--Core/EM/HddSecurity/IdeSecuritySetup.c434
26 files changed, 11110 insertions, 0 deletions
diff --git a/Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c b/Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c
new file mode 100644
index 0000000..90c9a4d
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/ForceHddPassword.c
@@ -0,0 +1,158 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2010, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/ForceHddPassword.c 2 10/11/10 6:19p Krishnakumarg $
+//
+// $Revision: 2 $
+//
+// $Date: 10/11/10 6:19p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/ForceHddPassword.c $
+//
+// 2 10/11/10 6:19p Krishnakumarg
+// [TAG] - EIP 45593
+// [Category] - IMPROVEMENT
+// [Severity] - Minor
+// [Symptom] - Build Errors in ForceHDDPassword.c on new core 4.6.4.1
+// label
+// [RootCause]- IDE_CONTROLLER_PROTOCOL structure defined header not
+// included
+// [Solution] - Include the respective header(PIDEController.h)
+// [Files] - ForceHddPassword.c
+//
+// 1 8/19/10 2:44a Rameshr
+// Issue:Need do HDD PSW reset when warmboot
+// EIP 40528
+//
+//
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//----------------------------------------------------------------------------
+//
+// Name: ForceHddPassword.c
+//
+// Description: Send Disable Software Preservation command when the
+// FORCE_HDD_PASSWORD_PROMPT token is set to 1
+//
+//----------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "Efi.h"
+#include "token.h"
+#include <AmiLib.h>
+#include <AmiDxeLib.h>
+#include "Protocol\PciIo.h"
+#include "Protocol\DevicePath.h"
+#include "protocol\DriverBinding.h"
+#include "protocol\BlockIo.h"
+#include "Protocol\PDiskInfo.h"
+#include "Protocol\PIDEController.h"
+#include "Protocol\PIDEBus.h"
+#include "Protocol\PAhciBus.h"
+#include "Protocol\PIDEBus.h"
+
+
+EFI_RUNTIME_SERVICES *gRT;
+EFI_BOOT_SERVICES *gBS;
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: DisableSoftwarePreservation
+//
+// Description: Send the Disable software Preservation
+//
+// Input: None
+//
+// Output: None
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID
+DisableSoftwarePreservation ( )
+{
+#if FORCE_HDD_PASSWORD_PROMPT
+ UINTN HandleCount;
+ EFI_HANDLE *HandleBuffer;
+ UINT8 i;
+ AHCI_BUS_PROTOCOL *AhciBusInterface;
+ EFI_GUID gEfiAhciBusProtocolGuid = AHCI_BUS_INIT_PROTOCOL_GUID;
+ SATA_DEVICE_INTERFACE *SataDeviceInterface;
+ DLINK *dlink;
+ COMMAND_STRUCTURE CommandStructure = {0};
+ EFI_STATUS Status;
+
+
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiAhciBusProtocolGuid,
+ NULL,
+ &HandleCount,
+ &HandleBuffer
+ );
+
+ if(EFI_ERROR(Status) || HandleCount == 0 ) {
+ return;
+ }
+
+ //
+ // Issue Disable Software Preservation command all the Sata Devices connected.
+ //
+ for (i = 0; i < HandleCount; i++) {
+ Status = gBS->HandleProtocol (HandleBuffer[i], &gEfiAhciBusProtocolGuid, &AhciBusInterface);
+ if (!EFI_ERROR(Status)) {
+ dlink = AhciBusInterface->SataDeviceList.pHead;
+ if (dlink){
+ do {
+ SataDeviceInterface = OUTTER(dlink, SataDeviceLink, SATA_DEVICE_INTERFACE);
+
+ if ((SataDeviceInterface->IdentifyData.Reserved_76_79[0] != 0xFFFF )&&
+ (SataDeviceInterface->IdentifyData.Reserved_76_79[2] & 0x0040)&& // Software Preservation support
+ (SataDeviceInterface->IdentifyData.Security_Status_128 & 0x0002)&& // Security enabled
+ (!(SataDeviceInterface->IdentifyData.Security_Status_128 & 0x0004))) { // Security not locked
+
+ //
+ // Send Disable Software Preservation command.
+ //
+ CommandStructure.Features = DISABLE_SATA2_SOFTPREV;
+ CommandStructure.SectorCount = 6;
+ CommandStructure.Command = SET_FEATURE_COMMAND;
+ Status = AhciBusInterface->ExecuteNonDataCommand(SataDeviceInterface, CommandStructure);
+ }
+ dlink = dlink-> pNext;
+ }while (dlink);
+ }
+ }
+ }
+#endif
+ return;
+}
+
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2010, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//********************************************************************** \ No newline at end of file
diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.c b/Core/EM/HddSecurity/Hddpassword/HddPassword.c
new file mode 100644
index 0000000..1de9072
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.c
@@ -0,0 +1,2631 @@
+//****************************************************************************
+//****************************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Norcross, GA 30093 **
+//** **
+//** Phone (770)-246-8600 **
+//** **
+//****************************************************************************
+//****************************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.c 43 3/26/15 2:01a Rameshr $
+//
+// $Revision: 43 $
+//
+// $Date: 3/26/15 2:01a $
+//
+//*****************************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.c $
+//
+// 43 3/26/15 2:01a Rameshr
+// [TAG] EIP208331
+// [Category] New Feature
+// [Description] Avoid sending freeze Lock command to the device if the
+// HDD already in frozen state
+// [Files] HddPassword.c
+//
+// 42 3/16/15 5:51a Rameshr
+// [TAG] EIP208331
+// [Category] Improvement
+// [Description] Avoid sending freeze Lock command to the device if the
+// HDD already in frozen state
+// [Files] IdeSecurity.c, HddPassword.c
+//
+// 41 9/10/14 3:07a Divyac
+// [TAG] EIP182213
+// [Category] Improvement
+// [Description] Use System table conout Clearscreen instead of
+// ClearScreen() from TSE to avoid active buffer updation.
+// [Files] HddPassword.c
+//
+// 40 9/10/14 2:58a Divyac
+// [TAG] EIP181548
+// [Category] Improvement
+// [Description] Implement event signaling during HDD Passwords Prompt.
+// [Files] HddPassword.c
+// HddPassword.h
+//
+// 39 12/18/13 4:09a Srikantakumarp
+// [TAG] EIP127356
+// [Category] Improvement
+// [Description] Flash NVRAM seems to cause HDD can't be unlocked when
+// S3 resume.
+// [Files] IdeSecurity.c, IDESMM.c, HddPassword.c, AhciBus.c, AhciBus.h
+//
+// 38 6/06/13 4:10a Rameshr
+// [TAG] EIP106423
+// [Category] Improvement
+// [Description] HddPassword Support in UEFI Raid and Legacy Raid. And
+// also taken care where there is no Conin Device avilable in the post
+// [Files] IdeSecurity.cif,IdeSecurity.sdl,IdeSecurity.mak,IdeSecurityB
+// dsCall.c,HddPassword.c, Ahcibus.c, Pidebus.h
+//
+// 37 5/29/13 8:08a Srikantakumarp
+// [TAG] EIP123088
+// [Category] Improvement
+// [Description] Added the Wrapper function to pass HDD status and flag
+// to show maximum unlocking attempt is reached.
+// [Files] HddPassword.c
+//
+// 36 4/29/13 2:30a Kapilporwal
+// fixing build errors, when tse soruce is not present, from last check-in
+//
+// 35 4/25/13 9:28a Kapilporwal
+// [TAG] EIP108583
+// [Category] New Feature
+// [Description] support set HDD password in same page
+// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl,
+// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c,
+// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl
+//
+// 34 3/25/13 6:01a Rameshr
+// [TAG] EIP113655
+// [Category] Improvement
+// [Description] Invoke TSEIDEPasswordCheck() function only if password
+// is set to the HDD and also to remove the unnecessary save screen in
+// IDEPasswordCheck() of HDD security module.
+// [Files] HddPassword.c
+//
+// 33 3/25/13 5:14a Rameshr
+// [TAG] EIP117159
+// [Category] Improvement
+// [Description] Proper error message displayed when the Password count
+// expired
+// [Files] HddPassword.c, HddPassword.uni, HddSecTokens.c
+//
+// 32 9/03/12 1:49a Srilathasc
+// [TAG] EIP99649
+// [Category] Improvement
+// [Description] Made IDEPasswordUpdateHdd() symmetric with
+// IDEPasswordAuthenticateHdd() when
+// token SETUP_PASSWORD_NON_CASE_SENSITIVE is set
+//
+//
+// [Files] HddPassword.c
+//
+// 31 6/07/12 12:34a Jittenkumarp
+// [TAG] EIP89271
+// [Category] Bug Fix
+// [Symptom] HDD Security string not displayed properly on multilanguage
+// [RootCause] Languages not initilized by AMITSE
+// [Solution] Languages is now initilized .Hddsecurity string is
+// displayed properly for multilanguage.
+//
+// [Files] HddPassword.c
+//
+// 30 2/13/12 1:39a Deepthins
+// [TAG] EIP81680
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] The password set for DEFAULT_MASTER_PASSWORD_TAG token is
+// not authenticated when the token SETUP_PASSWORD_NON_CASE_SENSITIVE is
+// set to 1.
+// [RootCause] When the master password is not installed, Master
+// password Prompt window should not displayed
+// [Solution] Removed master password prompt window, when the master
+// password is not installed
+// [Files] HddPassword.c
+//
+// 29 1/10/12 4:41a Deepthins
+// [TAG] EIP76872
+// [Category] Improvement
+// [Description] If user password are all wrong, then try master
+// password(no need to press 'ESC').
+// [Files] HddPassword.c, HddPassword.sdl
+//
+// 28 11/16/11 1:19a Rameshr
+// [TAG] EIP75245
+// [Category] Improvement
+// [Description] RegisterHddNotification does not match AMITSE hook
+// return values. Modified the function to match the AMITSE hook return
+// values.
+// [Files] Hddpassword.c
+//
+// 27 11/09/11 12:30a Rameshr
+// [TAG] EIP62381
+// [Category] Improvement
+// [Description] SB template version checking added to avoid the build
+// error on old SB template project
+// [Files] HddPassword.c
+//
+// 26 11/08/11 3:33a Rameshr
+// [TAG] EIP72999
+// [Category] Improvement
+// [Description] Modified the function to support the
+// OVERRIDE_TSEIDEPasswordCheck SDL token
+// [Files] Hddpassword.c
+//
+// 25 10/11/11 1:41a Rameshr
+// [TAG] EIP69244
+// [Category] Improvement
+// [Description] The number of retry count for user and master password
+// added based on the MAXIMUM_HDD_UNLOCK_ATTEMPTS SDL token value.
+// [Files] HddPassword.c , HddPassword.Sdl
+//
+// 24 10/07/11 7:01a Rajeshms
+// [TAG] EIP71205
+// [Description] Idesecurity module throws build error with AMITSE
+// Bootonly flavour.
+// [Files] HddPassword.c
+//
+// 23 9/09/11 4:58a Rameshr
+// [TAG] - EIP 69521
+// [Category]- IMPROVEMENT
+// [Description]- Idesecurity module to be compatible with AMITSE BootOnly
+// flavor
+// [Files] - HddPassword.c
+//
+// 22 9/02/11 4:07a Rameshr
+// [TAG] - EIP 67674
+// [Category]- IMPROVEMENT
+// [Description]- All buffers allocated from heap during password checking
+// should be zeroed before freeing - security requirement
+// [Files] - HddPassword.c
+//
+// 21 7/15/11 7:26a Rameshr
+// [TAG] - EIP 63320
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - Port1 HDD's password setting item is disappeared, if the
+// device is connected to another controller.
+// [RootCause]- When the second controller HDD detected and comes for the
+// Password verfication, the already password validated HDD information is
+// lost.
+// [Solution] - Saved the existing data if it's already password verified
+// and added to the new data
+// [Files] - Hddpassword.c
+//
+// 20 6/28/11 6:31a Anandv
+// [TAG] EIP62381
+// [Category] Improvement
+// [Description] In IdeSecurity Module, display HDD number in Setup
+// based on
+// results from WhichIde() function of DiskInfoProtocol.
+// [Files] HddPassword.c, HddPassword.h, SBDxe.c, PIDEController.h
+//
+// 19 2/18/11 5:45a Rameshr
+// [TAG]- EIP 37975
+// [Category]-IMPROVEMENT
+// [Description]- Klocwork Issues II - IDE/Ahci module
+// [Files]- HddPassword.c
+//
+// 18 2/01/11 6:22a Lavanyap
+// [TAG] - EIP52585
+// [Category] - BUG FIX
+// [Severity] - N/A
+// [Symptom] - HDD password can not be disabled in setup menu when turn on
+// token "ALL_HDD_SAME_PW"
+// [RootCause] - Authenticate HDD only if it is locked,which fails when
+// ALL_HDD_SAME_PW is set.
+// [Solution] - Removed the code that checks HDD locked state in
+// IDEPasswordAuthenticateAllHdd().
+// [Files] - HddPassword.c
+//
+// 17 1/10/11 9:54a Rameshr
+// [TAG] EIP49732
+// [Category] Improvement
+// [Description] Build problem Resolved with Old AMITSE version.
+// [Files] Build problem Resolved with Old AMITSE version.
+//
+// 16 1/07/11 12:08a Rameshr
+// [TAG]- EIP 49732
+// [Category]-IMPROVEMENT
+// [Description]- Supported added for SETUP_PASSWORD_NON_CASE_SENSITIVE
+// [Files]- Hddpassword.c
+//
+// 15 12/28/10 4:31a Lavanyap
+// [TAG] - EIP50988
+// [Category] - BUG FIX
+// [Severity] - Important
+// [Symptom] - Hddpassword doesn't work properly with more than 1 HDD with
+// ALL_HDD_SAME_PW set to 0.
+// [RootCause] - Not added the AMITSE changes for the implementation of
+// ALL_HDD_SAME_PW token.
+// [Solution] - Changes in AMITSE module for the implementation of token
+// ALL_HDD_SAME_PW moved to AmitseHddpassword.
+// [Files] - HddPassword.c
+//
+// 14 12/07/10 6:36a Rameshr
+// [TAG] - EIP 46116
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - When enter the BIOS Setup :"security" page ,it will hang
+// up.
+// [RootCause]- 1. Freepool function doesn't have proper input
+// 2. Size variable not initilized.
+// [Solution] - 1. Removed using gBs pointer and used Lib Function
+// 2. Size variable initilized with 0.
+// [Files] - Hddpassword.c
+//
+// 13 8/27/10 2:30p Yul
+// [TAG] EIP40151
+// [Category] NEW FEATURE
+// [Description] If system has two HDDs, User need set two HDDs password
+// separately with master and user password.
+// We want to simply the procedure, if user set master or user password,
+// it will set two HDDs with same password.
+// While un-lock the HDD password, user just need input one Master/User
+// password to un-lock HDD.
+// [Files] HddPassword.c
+// HddPassword.sdl
+// IdeSecurity.sd
+// IdeSecurity.uni
+// Same as v12. No code update.
+//
+// 12 8/27/10 10:05a Yul
+// EIP 40151 - One Master/User password for all attach HDDs
+//
+// 11 8/27/10 12:15a Rameshr
+// [TAG] - EIP 43059
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom]- Build Errors in HddPassword.c on non INTEL_IDE_PROTOCOL
+// Projects.
+// [RootCause]- Hddpassword.c included the PIdebus.h . PIdebus.h uses the
+// IDE_CONTROLLER_PROTOCOL protocol.
+// [Solution]- Before Pidebus.h included, included the PIDEController.h
+// also. .
+// [Files] - Hddpassword.c
+//
+// 10 8/26/10 2:43a Rameshr
+// [TAG] - EIP42594
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom]- [IdeSecurity]IdeSecConfig variable not set when there is on
+// HDD connected
+// [RootCause]- IdeSecConfig variable is not set when no HDD is present,
+// thus the HDD count value (IdeSecConfig.Count) checking fails in
+// IdeSecurity.sd and displays the label always.
+// [Solution]- Initialised the structure IdeSecConfig to zero if no HDD is
+// present.
+// [Files]- HddPassword.c
+//
+// 9 6/07/10 7:20p Krishnakumarg
+// Build error in "4.6.3_HddSecurity_011" label.EIP#39531
+//
+// 8 5/21/10 2:58p Aaronp
+// Fix for EIP 38473 - Device names are not displayed when built in UEFI
+// 2.1 mode
+//
+// 7 5/11/10 3:57p Krishnakumarg
+// Coding standard.
+//
+// 6 3/29/10 2:24p Yul
+// Refer to EIP 36288.
+// Once SETUP_SAME_SYS_HDD_PW is ON, AHCI mode fails to boot OS
+// with specific Hard Drive.
+//
+// 5 3/26/10 5:42p Krishnakumarg
+// UEFI2.1 compliance change EIP#34744.
+//
+// 4 3/11/10 3:49a Rameshr
+// Issue: Same Structure definied in Hddpassword and Amitse.
+// Solution: Amitse created tsecommon.h with all the common definition.
+// EIP: 27339
+//
+// 3 1/15/10 10:10a Yul
+// Coding Standard
+//
+// 2 9/28/09 4:59p Rameshr
+// The data structure AMI_IFR_MSGBOX in HddPassword.h and MessageBox.h are
+// not the same
+// EIP 27157
+//
+// 1 5/01/09 11:09a Rameshr
+// Initial Check-in
+//*****************************************************************************//
+
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: Hddpassword.c
+//
+// Description: Provides the Hddpassword Screen support in the setup.
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "AmiDxeLib.h"
+#include "token.h"
+#if EFI_SPECIFICATION_VERSION > 0x20000
+#include "Include\UefiHii.h"
+#include "Protocol\HiiDatabase.h"
+#include "Protocol\HiiString.h"
+#else
+#include <Protocol/Hii.h>
+#endif
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+#include "minisetup.h"
+#endif
+#include "Protocol\PciIo.h"
+#include "Protocol\BlockIo.h"
+#include "Protocol\PDiskInfo.h"
+#include "Protocol\PIDEController.h"
+#include "Protocol\PIDEBus.h"
+#include "Protocol\PAhciBus.h"
+#include <Protocol/SimpleTextIn.h>
+#include <Protocol/SimpleTextOut.h>
+#include <Protocol/AMIPostMgr.h>
+#include "AMITSEStrTokens.h"
+#include "AmiVfr.h"
+#include "HddPassword.h"
+#include "Protocol\DevicePath.h"
+#if SETUP_SAME_SYS_HDD_PW
+#include "Core\EM\AMITSE\Inc\PwdLib.h"
+#include "Core\EM\AMITSE\Inc\Variable.h"
+#endif
+
+#ifdef SB_TEMPLATE_VER
+#if SB_TEMPLATE_VER > 6
+SB_HDD_POLICY_PROTOCOL *gSbHddPolicyPtr=NULL;
+EFI_GUID gSbHddPolicyProtocolGuid = SB_HDD_POLICY_PROTOCOL_GUID;
+#endif
+#endif
+
+
+EFI_GUID gDiskInfoProtocolGuid = EFI_DISK_INFO_PROTOCOL_GUID;
+EFI_GUID gDevicePathProtocolGuid = EFI_DEVICE_PATH_PROTOCOL_GUID;
+EFI_GUID gHddSecurityEndProtocolGuid = HDD_SECURITY_END_PROTOCOL_GUID;
+EFI_GUID gHddPasswordVerifiedGuid = HDD_PASSWORD_VERIFIED_GUID;
+EFI_GUID gIDESecGuid = IDE_SECURITY_CONFIG_GUID;
+EFI_GUID gIDESecurityProtocolGuid = IDE_SECURITY_INTERFACE_GUID;
+EFI_GUID gHddPasswordPromptEnterGuid = HDD_PASSWORD_PROMPT_ENTER_GUID;
+EFI_GUID gHddPasswordPromptExitGuid = HDD_PASSWORD_PROMPT_EXIT_GUID;
+
+static EFI_HII_STRING_PROTOCOL *HiiString = NULL;
+static CHAR8 *SupportedLanguages=NULL;
+
+
+typedef struct
+{
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity;
+ UINT16 NameToken;
+ UINT16 PromptToken;
+ BOOLEAN Locked;
+ BOOLEAN LoggedInAsMaster;
+ BOOLEAN Validated;
+ UINT8 PWD[IDE_PASSWORD_LENGTH + 1];
+} IDE_SECURITY_DATA;
+
+#if TSE_BUILD > 0x1206
+BOOLEAN IsPasswordSupportNonCaseSensitive();
+VOID UpdatePasswordToNonCaseSensitive(CHAR16 *Password, UINTN PwdLength);
+#endif
+
+VOID HddNotificationFunction(EFI_EVENT Event, VOID *HddRegContext);
+VOID IDEPasswordCheck(VOID);
+UINT16 IDEPasswordGetName(UINT16 Index);
+UINT16 IDESecurityProtocolInit();
+BOOLEAN HddPasswordGetDeviceName(EFI_HANDLE Controller,CHAR16 **wsName);
+BOOLEAN CheckSecurityStatus (
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity,
+ BOOLEAN *Locked,
+ UINT16 Mask );
+EFI_STATUS IDEPasswordAuthenticateHdd(
+ CHAR16 *Password,
+ VOID * Ptr,
+ BOOLEAN bCheckUser );
+
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+VOID IDEUpdateConfig(
+ VOID *TempideSecConfig,
+ UINTN value );
+
+VOID SearchTseHardDiskField (
+ BOOLEAN *pbCheckUser, BOOLEAN *pEnabledBit,
+ UINT8 *pHardDiskNumber, VOID *data );
+
+EFI_STRING_ID ConfigPromptToken = 0;
+extern UINTN gInvalidPasswordFailMsgBox;
+#else
+UINTN gCurrIDESecPage;
+#endif
+
+IDE_SECURITY_DATA *IDEPasswordSecurityData = NULL;
+EFI_HANDLE gHddSecEndHandle = NULL;
+EFI_HANDLE HddNotifyHandle;
+static EFI_HANDLE *gHandleBuffer = NULL;
+EFI_EVENT HddNotifyEvent;
+VOID *HddNotifyRegistration;
+BOOLEAN HddFreeze = FALSE;
+UINT16 gIDESecurityCount = 0;
+BOOLEAN gFlag = FALSE;
+
+
+VOID EfiStrCpy (IN CHAR16 *Destination,IN CHAR16 *Source);
+UINTN EfiStrLen (IN CHAR16 *String);
+extern VOID TSEIDEPasswordCheck();
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddSecuritySignalProtocolEvent
+//
+// Description: Internal function that installs/uninstall protocol
+// with a specified GUID and NULL interface.
+// Such protocols can be used as event signaling mechanism.
+//
+//
+// Input: ProtocolGuid Pointer to the protocol GUID.
+//
+// Output: None.
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+VOID
+HddSecuritySignalProtocolEvent (
+ IN EFI_GUID *ProtocolGuid
+)
+{
+
+ EFI_HANDLE Handle = NULL;
+
+ pBS->InstallProtocolInterface (
+ &Handle,
+ ProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ NULL );
+
+ pBS->UninstallProtocolInterface (
+ Handle,
+ ProtocolGuid,
+ NULL);
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: RegisterHddNotification
+//
+// Description: Register the Protocol call back event
+//
+//
+// Input: VOID
+//
+// Output: VOID
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN RegisterHddNotification( VOID )
+{
+ EFI_STATUS Status = EFI_UNSUPPORTED;
+
+ Status = gBS->CreateEvent( EFI_EVENT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ HddNotificationFunction,
+ &HddNotifyRegistration,
+ &HddNotifyEvent);
+
+ Status = gBS->RegisterProtocolNotify( &gHddSecurityEndProtocolGuid,
+ HddNotifyEvent,
+ &HddNotifyRegistration);
+
+ //
+ // get any of these events that have occured in the past
+ //
+ gBS->SignalEvent( HddNotifyEvent );
+
+ return FALSE;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddNotificationFunction
+//
+// Description: Hdd notification function gets called when HddSecurityEnd Protocol get installed.
+//
+// Input:
+// EFI_EVENT Event - Event to signal
+// void HddRegContext - Event specific context (pointer to NotifyRegisteration
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID HddNotificationFunction( EFI_EVENT Event, VOID *HddRegContext )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ IDE_SECURITY_CONFIG *IdeSecConfig = NULL;
+ IDE_SECURITY_CONFIG ideSecConfig;
+ IDE_SECURITY_DATA *DataPtr=NULL;
+ UINTN NumHandles;
+ UINTN IdeSecConfigSize = 0;
+ UINTN Index=0;
+
+ if ( HddRegContext == NULL )
+ return;
+ //
+ // Initialise IdeSecConfig information if this variable is not set already.
+ //
+ IdeSecConfig = VarGetNvramName( L"IDESecDev", &gIDESecGuid, NULL, &IdeSecConfigSize );
+
+ if ( !IdeSecConfig ) {
+
+ IdeSecConfig = EfiLibAllocateZeroPool( sizeof(IDE_SECURITY_CONFIG));
+
+ if ( IdeSecConfig == NULL ) {
+ return;
+ }
+ MemSet( IdeSecConfig, sizeof(IDE_SECURITY_CONFIG), 0);
+ VarSetNvramName( L"IDESecDev",
+ &gIDESecGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ IdeSecConfig,
+ sizeof(IDE_SECURITY_CONFIG));
+ } else {
+ MemFreePointer( (VOID **)&IdeSecConfig );
+ }
+
+ //
+ //Locate the handle
+ //
+ Status = gBS->LocateHandleBuffer( ByRegisterNotify,
+ NULL,
+ *(VOID**)HddRegContext,
+ &NumHandles,
+ &HandleBuffer);
+
+ //
+ // If protocol not installed return
+ //
+ if ( EFI_ERROR( Status ))
+ return;
+
+ gHddSecEndHandle = HandleBuffer[0];
+
+ //
+ //Locate the Security Protocols
+ //
+ gIDESecurityCount = IDESecurityProtocolInit();
+
+ for(Index=0; Index<gIDESecurityCount; Index++){
+ //
+ //Initialize the DataPtr
+ //
+ DataPtr = (IDE_SECURITY_DATA *) IDEPasswordGetDataPtr(Index);
+
+ //
+ // Search for locked Hard disc and not password verification done
+ //
+ if(DataPtr->Locked && !DataPtr->Validated){
+ break;
+ }
+ }
+
+ //
+ // Validate the password only if HDD is locked
+ //
+ if( (gIDESecurityCount != 0 ) && (NULL != DataPtr ) &&
+ (DataPtr->Locked ) && (!DataPtr->Validated ) ){
+ TSEIDEPasswordCheck();
+ } else {
+ //
+ // Update the IdeSecConfig information .
+ //
+ MemSet( &ideSecConfig, sizeof(ideSecConfig), 0 );
+ ideSecConfig.Count = gIDESecurityCount;
+ VarSetNvramName( L"IDESecDev",
+ &gIDESecGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ &ideSecConfig,
+ sizeof(ideSecConfig));
+ }
+
+ //
+ // Install the Unlocked Protocol to nitify HDD has been unlocked
+ //
+ if ( gHddSecEndHandle != NULL ) {
+ Status = gBS->InstallProtocolInterface( &gHddSecEndHandle,
+ &gHddPasswordVerifiedGuid,
+ EFI_NATIVE_INTERFACE,
+ NULL);
+ }
+
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: PrivateHiiAddString
+//
+// Description: Add the String to Hii Database using HiiString Protocol
+//
+// Input:
+// IN EFI_HII_HANDLE HiiHandle,
+// IN CHAR16 * String
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STRING_ID PrivateHiiAddString(
+ IN EFI_HII_HANDLE HiiHandle,
+ IN CHAR16 * String)
+{
+ EFI_STATUS Status;
+ CHAR8* Languages = NULL;
+ UINTN LangSize = 0;
+ CHAR8* CurrentLanguage;
+ BOOLEAN LastLanguage = FALSE;
+ EFI_STRING_ID StringId = 0;
+
+ if(HiiString == NULL) {
+ Status = pBS->LocateProtocol(&gEfiHiiStringProtocolGuid, NULL, (VOID **) &HiiString);
+ if(EFI_ERROR(Status)) {
+ return 0;
+ }
+ }
+
+ if(SupportedLanguages == NULL) {
+ Status = HiiString->GetLanguages(HiiString, HiiHandle, Languages, &LangSize);
+ if(Status == EFI_BUFFER_TOO_SMALL) {
+ Status = pBS->AllocatePool(EfiBootServicesData, LangSize, &Languages);
+ if(EFI_ERROR(Status)) {
+ //
+ //not enough resources to allocate string
+ //
+ return NULL;
+ }
+ Status = HiiString->GetLanguages(HiiString, HiiHandle, Languages, &LangSize);
+ }
+ SupportedLanguages=Languages;
+ } else {
+ Languages=SupportedLanguages;
+ }
+
+ while(!LastLanguage) {
+ //
+ //point CurrentLanguage to start of new language
+ //
+ CurrentLanguage = Languages;
+ while(*Languages != ';' && *Languages != 0)
+ Languages++;
+
+ //
+ //Last language in language list
+ //
+ if(*Languages == 0) {
+ LastLanguage = TRUE;
+ if(StringId == 0) {
+ Status = HiiString->NewString(HiiString, HiiHandle, &StringId, CurrentLanguage, NULL, String, NULL);
+ } else {
+ Status = HiiString->SetString(HiiString, HiiHandle, StringId, CurrentLanguage, String, NULL);
+ }
+ if(EFI_ERROR(Status)) {
+ return 0;
+ }
+ } else {
+ //
+ //put null-terminator
+ //
+ *Languages = 0;
+ if(StringId == 0) {
+ Status = HiiString->NewString(HiiString, HiiHandle, &StringId, CurrentLanguage, NULL, String, NULL);
+ } else {
+ Status = HiiString->SetString(HiiString, HiiHandle, StringId, CurrentLanguage, String, NULL);
+ }
+ *Languages = ';'; //restore original character
+ Languages++;
+ if(EFI_ERROR(Status)) {
+ return 0;
+ }
+ }
+ }
+ return StringId;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: PasswordHiiAddString
+//
+// Description: Add the String to HiiDatabase
+//
+// Input:
+// IN EFI_HII_HANDLE HiiHandle,
+// IN CHAR16 * String
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STRING_ID PasswordHiiAddString(
+ IN EFI_HII_HANDLE HiiHandle,
+ IN CHAR16 * String )
+{
+ EFI_STRING_ID StringId = 0;
+
+ StringId=PrivateHiiAddString( HiiHandle, String );
+
+ //
+ // Error in Adding String. Try with Default function that AMITSE has.
+ //
+ if(StringId == 0) {
+ StringId= HiiAddString( HiiHandle, String );
+ }
+
+ return StringId;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDESecurityProtocolInit
+//
+// Description: Locate the Security Protocols and return the information
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+UINT16 IDESecurityProtocolInit( )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINT16 i, j, HDDCount = 0;
+ UINTN Count;
+ CHAR16 * Name, *Temp1;
+ CHAR16 Temp[60];
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL;
+ IDE_SECURITY_DATA *DataPtr = NULL;
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;
+ EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;
+ PCI_DEVICE_PATH *PciDevicePath;
+ SECURITY_PROTOCOL *Security = NULL;
+ UINT32 HddPortNumber;
+ CHAR16 *Buff=L"P";
+ EFI_DISK_INFO_PROTOCOL *DiskInfoPtr=NULL;
+ UINT32 PortNumber;
+ UINT32 PMPortNumber;
+ IDE_SECURITY_DATA *TempIDEPasswordSecurityData = NULL;
+
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+ if(ConfigPromptToken == 0)
+ ConfigPromptToken = PasswordHiiAddString( gHiiHandle, L"HDD Security Configuration" );
+#endif
+
+ Status = gBS->LocateHandleBuffer( ByProtocol,
+ &gIDESecurityProtocolGuid,
+ NULL,
+ &Count,
+ &HandleBuffer);
+
+ //
+ // If already data has been found return with that information
+ //
+ if ( gIDESecurityCount != 0 && IDEPasswordSecurityData != NULL ) {
+ if ( gIDESecurityCount == Count ) {
+ return gIDESecurityCount; //the IDE struct is valid
+ }
+
+ //
+ // New HDD device found. Need to validate the password for the new HDD
+ // and skip the HDD that has been already validated.
+ //
+ TempIDEPasswordSecurityData = IDEPasswordSecurityData;
+ IDEPasswordSecurityData = EfiLibAllocateZeroPool( Count * sizeof(IDE_SECURITY_DATA));
+ //
+ // Copy the Existing HDD data
+ //
+ MemCopy( IDEPasswordSecurityData, TempIDEPasswordSecurityData, sizeof(IDE_SECURITY_DATA) * gIDESecurityCount );
+ MemFreePointer((VOID**)&TempIDEPasswordSecurityData );
+ DataPtr = IDEPasswordSecurityData;
+ //
+ // DataPtr moved to free Entry
+ //
+ DataPtr+=gIDESecurityCount;
+ HDDCount=gIDESecurityCount;
+
+ } else {
+ //
+ // Allocate the buffer for DataPtr
+ //
+ IDEPasswordSecurityData = EfiLibAllocateZeroPool( Count * sizeof(IDE_SECURITY_DATA));
+ DataPtr = IDEPasswordSecurityData;
+ }
+
+ if ( EFI_ERROR( Status )) {
+ return 0;
+ }
+
+
+ if(DataPtr == NULL) {
+ return 0;
+ }
+
+
+ if ( gHandleBuffer != NULL ) {
+ MemFreePointer( (VOID **)&gHandleBuffer );
+ }
+
+ gHandleBuffer = EfiLibAllocateZeroPool( sizeof(EFI_HANDLE) * Count );
+
+ for ( i = 0; i < Count; i++ ) {
+ //
+ // Check if already Validate or not. If already validate don't verify the password again.
+ //
+ if ( gHandleBuffer != NULL && gIDESecurityCount != 0 ) {
+ j = gIDESecurityCount;
+
+ do {
+ if ( HandleBuffer[i] == gHandleBuffer[j - 1] ) {
+ break;
+ }
+ j--;
+ } while ( j != 0 );
+
+ if ( j != 0 )
+ continue;
+ }
+
+ //
+ // Get the PasswordSecurity Protocol
+ //
+ Status = gBS->OpenProtocol( HandleBuffer[i],
+ &gIDESecurityProtocolGuid,
+ (VOID**) &IDEPasswordSecurity,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if ( EFI_ERROR( Status ))
+ continue;
+ //
+ // Handle the DiskInfo Protocol
+ //
+ Status = gBS->OpenProtocol( HandleBuffer[i],
+ &gDiskInfoProtocolGuid,
+ (VOID**) &DiskInfoPtr,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if ( EFI_ERROR( Status )){
+ continue;
+ }
+ //
+ // Locate the device path Protocol
+ //
+ Status = gBS->OpenProtocol( HandleBuffer[i],
+ &gDevicePathProtocolGuid,
+ (VOID**)&DevicePath,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+
+ if ( EFI_ERROR( Status )){
+ continue;
+ }
+
+ DevicePathNode = DevicePath;
+
+ //
+ // Traverse the Device Path structure till we reach HARDWARE_DEVICE_PATH
+ //
+ while (!isEndNode (DevicePathNode)) {
+
+ if ((DevicePathNode->Type == HARDWARE_DEVICE_PATH) &&
+ (DevicePathNode->SubType == HW_PCI_DP)){
+
+ PciDevicePath = (PCI_DEVICE_PATH *) DevicePathNode;
+ break;
+ }
+
+ DevicePathNode = NEXT_NODE (DevicePathNode);
+ }
+
+ if (PciDevicePath == NULL) continue;
+
+ Security=(SECURITY_PROTOCOL *)IDEPasswordSecurity;
+
+ if(Security->ModeFlag){
+ //
+ // Controller is in Ahci Mode, Call WhichIde function to find out Port Number
+ //
+ DiskInfoPtr->WhichIde(DiskInfoPtr,&PortNumber,&PMPortNumber);
+ //
+ // Assign the PortNumber to HddPortNumber.This Port Number is displayed in Setup.
+ //
+ HddPortNumber=PortNumber;
+
+ gFlag=TRUE;
+
+ }else{
+
+#ifdef SB_TEMPLATE_VER
+#if SB_TEMPLATE_VER > 6
+{
+ UINT32 IdeChannel;
+ UINT32 IdeDevice;
+
+ if(gSbHddPolicyPtr==NULL){
+ Status=gBS->LocateProtocol(&gSbHddPolicyProtocolGuid,
+ NULL, \
+ &gSbHddPolicyPtr);
+ }
+
+ if(gSbHddPolicyPtr!=NULL){
+
+ //
+ // Find out the Primary/Secondary,Master/Slave Info from WhichIde function
+ //
+ DiskInfoPtr->WhichIde(DiskInfoPtr,&IdeChannel,&IdeDevice);
+ //
+ // Get the Port Number to which the HDD is connected
+ //
+ gSbHddPolicyPtr->GeneratePortNumber(PciDevicePath->Device,PciDevicePath->Function,
+ IdeChannel,IdeDevice,&PortNumber);
+
+ HddPortNumber=PortNumber;
+
+ gFlag=TRUE;
+
+ }else{
+
+ //
+ // SB HDD Policy Protocol is not Present.
+ //
+ gFlag=FALSE;
+ }
+}
+#endif
+#endif
+
+ }
+ if ( CheckSecurityStatus( IDEPasswordSecurity, &(DataPtr->Locked), SecurityLockedMask )) {
+ DataPtr->IDEPasswordSecurity = IDEPasswordSecurity;
+
+ if ( HddPasswordGetDeviceName( HandleBuffer[i], &Name )) {
+ DataPtr->NameToken = PasswordHiiAddString( gHiiHandle, Name );
+ Name[12] = 0;
+ if(gFlag){
+ //
+ // Display the the Port Number in Setup
+ //
+ SPrint( Temp, 60, L"%s%d:%s", Buff, HddPortNumber, Name );
+ DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp );
+ }else{
+ //
+ // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT
+ // token to display the String Information.
+ //
+ Temp1 = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT ));
+ SPrint( Temp, 60, L"%s%d:%s", Temp1,HDDCount,Name);
+ DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp );
+ }
+ } else {
+ if(gFlag){
+ //
+ // Display the the Port Number in Setup
+ //
+ SPrint( Temp, 60, L"%s%d", Buff, HddPortNumber );
+ DataPtr->NameToken = PasswordHiiAddString( gHiiHandle, Temp );
+ DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp );
+ }else{
+ //
+ // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT
+ // token to display the String Information.
+ //
+ Temp1 = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT ));
+ SPrint( Temp, 60, L"%s%d", Temp1, HDDCount);
+ DataPtr->NameToken = PasswordHiiAddString( gHiiHandle, Temp );
+ DataPtr->PromptToken = PasswordHiiAddString( gHiiHandle, Temp );
+ }
+ }
+ DataPtr->Validated = FALSE;
+
+ if(DataPtr->Locked) {
+ gHandleBuffer[i]=HandleBuffer[i];
+ }
+
+ DataPtr++;
+ HDDCount++;
+ }// end if
+
+ }// end of for
+
+ //
+ //if no hd is supported
+ //
+ if ( HDDCount == 0 ) {
+ MemFreePointer((VOID**)&IDEPasswordSecurityData );
+ IDEPasswordSecurityData=NULL;
+ }
+
+ MemFreePointer((VOID**)&HandleBuffer );
+
+ return HDDCount;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordGetLocked
+//
+// Description: Return Hdd Locked Information
+//
+// Input: UINTN Index
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN IDEPasswordGetLocked(
+ UINTN Index )
+{
+ IDE_SECURITY_DATA *DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( Index );
+
+ if(DataPtr == NULL) {
+ return 0;
+ }
+ return DataPtr->Locked;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: CheckSecurityStatus
+//
+// Description: return the Security Status Information
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN CheckSecurityStatus(
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity,
+ BOOLEAN *ReqStatus,
+ UINT16 Mask )
+{
+ UINT16 SecurityStatus = 0;
+ EFI_STATUS Status;
+
+ //
+ //get the security status of the device
+ //
+ Status = IDEPasswordSecurity->ReturnSecurityStatus( IDEPasswordSecurity, &SecurityStatus );
+
+ if ( EFI_ERROR( Status ))
+ return FALSE;
+
+ *ReqStatus = (BOOLEAN)((SecurityStatus & Mask) ? TRUE : FALSE );
+ return TRUE;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddPasswordDPLength
+//
+// Description: return the Device path Length
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+UINTN HddPasswordDPLength( EFI_DEVICE_PATH_PROTOCOL *pDp )
+{
+ UINTN Size = 0;
+
+ for (; !(IsDevicePathEnd( pDp )); pDp = NextDevicePathNode( pDp ))
+ Size += DevicePathNodeLength( pDp );
+
+ //
+ // add size of END_DEVICE_PATH node
+ //
+ return Size + END_DEVICE_PATH_LENGTH;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddPasswordDPGetLastNode
+//
+// Description: Returns pointer on very last DP node before END_OF_DEVICE_PATH node
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID* HddPasswordDPGetLastNode( EFI_DEVICE_PATH_PROTOCOL *pDp )
+{
+ EFI_DEVICE_PATH_PROTOCOL *dp = NULL;
+
+ for (; !IsDevicePathEnd( pDp ); pDp = NextDevicePathNode( pDp ))
+ dp = pDp;
+
+ return dp;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddPasswordDPCopy
+//
+// Description: Copy the Device path to another Memory buffer
+//
+// Input:
+// EFI_DEVICE_PATH_PROTOCOL *pDp
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID* HddPasswordDPCopy( EFI_DEVICE_PATH_PROTOCOL *pDp )
+{
+ UINTN l = HddPasswordDPLength( pDp );
+ UINT8 *p = EfiLibAllocateZeroPool( l );
+
+ MemCopy( p, pDp, l );
+ return p;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddPasswordGetDeviceName
+//
+// Description: Return the Drive String Name
+//
+// Input: EFI_HANDLE Controller - the handle of the drive
+// CHAR16 **wsName - returned pointer to the drive string
+//
+// Output: BOOLEAN - TRUE - drive string has been found and is in wsName
+// - FALSE - drive string has not been found
+//
+// Notes: it is the caller's responsibility to deallocate the space used for
+// wsName
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN HddPasswordGetDeviceName(EFI_HANDLE Controller, CHAR16 **wsName)
+{
+ EFI_STATUS Status;
+ SECURITY_PROTOCOL *Security = NULL;
+
+ CHAR16 *DeviceName;
+ BOOLEAN ReturnStatus = FALSE;
+
+ // Get the SECURITY_PROTOCOL (actually getting the IDE_SECURITY_PROTOCOL, but
+ // the SECURITY_PROTOCOL is an extended version with more information)
+ Status = gBS->HandleProtocol(Controller, &gIDESecurityProtocolGuid, &Security);
+ if ( !EFI_ERROR(Status) ) {
+ // Check the SATA controller operating mode, and based on the mode, get the UnicodeString
+ // name of the device
+ if ( Security->ModeFlag ) {
+ DeviceName = ((SATA_DEVICE_INTERFACE*)Security->BusInterface)->UDeviceName->UnicodeString;
+ } else {
+ DeviceName = ((IDE_BUS_PROTOCOL*)Security->BusInterface)->IdeDevice.UDeviceName->UnicodeString;
+ }
+
+ // Allocate space to copy the unicode device name string
+ *wsName = EfiLibAllocateZeroPool( sizeof(CHAR16)*(EfiStrLen(DeviceName)+1));
+
+ if ( *wsName!=NULL ) {
+ EfiStrCpy( *wsName, DeviceName);
+ ReturnStatus = TRUE;
+ }
+ }
+
+ // Return true to signify that a device name was discovered
+ return ReturnStatus;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: AMI_CheckIDEPassword
+//
+// Description: Get the password and Validate the HDD password
+//
+// Input:
+// UINT16 PromptToken,
+// VOID *DataPtr
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID AMI_CheckIDEPassword(UINT16 PromptToken, VOID *DataPtr)
+{
+ UINTN CurrXPos, CurrYPos, i;
+ CHAR16 *PasswordEntered;
+ EFI_STATUS Status = EFI_ACCESS_DENIED;
+ UINT32 IdePasswordFlags = 0;
+ UINTN BoxLength = IDE_PASSWORD_LENGTH;
+ CHAR16 *DescToken = NULL;
+
+ UINT16 SecurityStatus=0;
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL;
+ CHAR16 *UnlckHddCBToken = NULL;
+ UINTN CB_BoxLength=0;
+
+ CheckForKeyHook((EFI_EVENT)NULL, NULL );
+ gST->ConIn->Reset( gST->ConIn, FALSE );
+ DescToken = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_ENTER_USER ));
+
+ if ( DescToken ) {
+ if ( (TestPrintLength( DescToken ) / NG_SIZE) > BoxLength ) {
+ BoxLength = TestPrintLength( DescToken ) / NG_SIZE;
+ }
+ }
+ MemFreePointer((VOID**) &DescToken );
+
+ UnlckHddCBToken = HiiGetString( gHiiHandle, STRING_TOKEN(STR_IDE_UNLCK_COLD));
+ if ( UnlckHddCBToken ) {
+ if ( (TestPrintLength( UnlckHddCBToken ) / NG_SIZE) > CB_BoxLength ) {
+ CB_BoxLength = TestPrintLength( UnlckHddCBToken ) / NG_SIZE;
+ }
+ }
+ MemFreePointer((VOID**) &UnlckHddCBToken );
+
+
+ HddSecuritySignalProtocolEvent(&gHddPasswordPromptEnterGuid);
+ //
+ //Draw password window
+ //
+#if ALL_HDD_SAME_PW
+ PromptToken = STRING_TOKEN( STR_IDE_SECURITY_PROMPT );
+#endif
+
+ _DrawPasswordWindow( PromptToken, BoxLength, &CurrXPos, &CurrYPos );
+ PasswordEntered = EfiLibAllocateZeroPool((IDE_PASSWORD_LENGTH + 1) * sizeof(CHAR16));
+ IDEPasswordSecurity=((IDE_SECURITY_DATA* )DataPtr)->IDEPasswordSecurity;
+ //
+ //Give four chances to enter user password
+ //
+ for ( i = 0; i < USER_PASSWORD_RETRY_ATTEMPTS; i++ ) {
+ Status = IDEPasswordSecurity->ReturnSecurityStatus(IDEPasswordSecurity, &SecurityStatus );
+ if(Status == EFI_SUCCESS && (SecurityStatus>>4)& 0x1){
+ _DrawPasswordWindow( PromptToken, CB_BoxLength, &CurrXPos, &CurrYPos );
+ _ReportInBox(CB_BoxLength,STRING_TOKEN(STR_IDE_UNLCK_COLD),CurrXPos,CurrYPos,TRUE);
+ HddSecuritySignalProtocolEvent(&gHddPasswordPromptExitGuid);
+ if (gST->ConOut != NULL) {
+ //Disable cursor, set desired attributes and clear screen
+ gST->ConOut->EnableCursor( gST->ConOut, FALSE );
+ gST->ConOut->SetAttribute( gST->ConOut, (EFI_BACKGROUND_BLACK | EFI_WHITE));
+ gST->ConOut->ClearScreen( gST->ConOut);
+ }
+ return ;
+ }
+ _ReportInBox( BoxLength, STRING_TOKEN(STR_IDE_ENTER_USER), CurrXPos, CurrYPos - 1, FALSE );
+
+ if ( EFI_SUCCESS !=_GetPassword(
+ PasswordEntered,
+ IDE_PASSWORD_LENGTH,
+ CurrXPos,
+ CurrYPos,
+ NULL )) {
+ break;
+ } // end if
+
+ //
+ // Validate the Password
+ //
+ Status = IDEPasswordAuthenticate( PasswordEntered, DataPtr, TRUE );
+
+ if ( EFI_SUCCESS == Status ) {
+ break;
+ } else if ((i + 1) != USER_PASSWORD_RETRY_ATTEMPTS ) {
+ _ReportInBox( IDE_PASSWORD_LENGTH, STRING_TOKEN(STR_ERROR_PSWD), CurrXPos, CurrYPos, TRUE );
+ }
+ }// end of for
+
+
+ #if SETUP_ASK_MASTER_PASSWORD
+
+ if ( EFI_SUCCESS != Status ) {
+ _ReportInBox( IDE_PASSWORD_LENGTH, STRING_TOKEN(STR_ERROR_PSWD), CurrXPos, CurrYPos, TRUE );
+ //
+ // Checking if the master password is installed
+ //
+ Status=((IDE_SECURITY_DATA*)DataPtr)->IDEPasswordSecurity->ReturnIdePasswordFlags(
+ ((IDE_SECURITY_DATA*)DataPtr)->IDEPasswordSecurity,
+ &IdePasswordFlags );
+
+ if((Status == EFI_SUCCESS)&&((IdePasswordFlags>>16)&1)) {
+ if ( i < MAXIMUM_HDD_UNLOCK_ATTEMPTS ) {
+ BoxLength = IDE_PASSWORD_LENGTH;
+ DescToken = HiiGetString( gHiiHandle, STRING_TOKEN( STR_IDE_ENTER_MASTER ));
+
+ if ( DescToken ) {
+ if (( TestPrintLength( DescToken ) / NG_SIZE) > BoxLength ) {
+ BoxLength = TestPrintLength( DescToken ) / NG_SIZE;
+ }
+ }
+ MemFreePointer((VOID**) &DescToken );
+
+ ClearScreen( EFI_BACKGROUND_BLACK | EFI_LIGHTGRAY );
+
+ //
+ //Draw password window
+ //
+ _DrawPasswordWindow( PromptToken, BoxLength, &CurrXPos, &CurrYPos );
+ }
+
+ //
+ //Give remaining chances to enter Master password
+ //
+ for (; i < MAXIMUM_HDD_UNLOCK_ATTEMPTS; i++ ) {
+ Status = IDEPasswordSecurity->ReturnSecurityStatus(IDEPasswordSecurity, &SecurityStatus );
+ if(Status == EFI_SUCCESS && (SecurityStatus>>4)& 0x1){
+ _DrawPasswordWindow( PromptToken, CB_BoxLength, &CurrXPos, &CurrYPos );
+ _ReportInBox(CB_BoxLength,STRING_TOKEN(STR_IDE_UNLCK_COLD),CurrXPos,CurrYPos,TRUE);
+ HddSecuritySignalProtocolEvent(&gHddPasswordPromptExitGuid);
+ if (gST->ConOut != NULL) {
+ //Disable cursor, set desired attributes and clear screen
+ gST->ConOut->EnableCursor( gST->ConOut, FALSE );
+ gST->ConOut->SetAttribute( gST->ConOut, (EFI_BACKGROUND_BLACK | EFI_WHITE));
+ gST->ConOut->ClearScreen( gST->ConOut);
+ }
+ return ;
+ }
+ _ReportInBox( BoxLength, STRING_TOKEN(
+ STR_IDE_ENTER_MASTER ), CurrXPos, CurrYPos - 1,
+ FALSE );
+
+ if ( EFI_SUCCESS !=
+ _GetPassword( PasswordEntered, IDE_PASSWORD_LENGTH, CurrXPos,
+ CurrYPos, NULL )) {
+ break;
+ }
+
+ //
+ // Vaidate the Master password
+ //
+ Status = IDEPasswordAuthenticate( PasswordEntered, DataPtr, FALSE );
+
+ if ( EFI_SUCCESS == Status ) {
+ break;
+ } else {
+ if ( (i + 1) != MAXIMUM_HDD_UNLOCK_ATTEMPTS ) {
+ _ReportInBox( IDE_PASSWORD_LENGTH,
+ STRING_TOKEN(
+ STR_ERROR_PSWD ), CurrXPos, CurrYPos,
+ TRUE );
+ }
+ }
+ }// end of for
+ }// end if
+ }// end if
+ #endif
+
+ MemSet( PasswordEntered, (IDE_PASSWORD_LENGTH + 1) * sizeof(CHAR16), 0);
+
+ MemFreePointer((VOID**)&PasswordEntered );
+
+ if ( EFI_SUCCESS != Status ) {
+ //Report Invalid password
+ _ReportInBox( IDE_PASSWORD_LENGTH, STRING_TOKEN(
+ STR_IDE_ERROR_PSWD ), CurrXPos, CurrYPos, TRUE );
+ // Unlock failed.
+ EfiLibReportStatusCode( EFI_ERROR_CODE | EFI_ERROR_MAJOR,
+ DXE_INVALID_IDE_PASSWORD,
+ 0,
+ NULL,
+ NULL );
+ }
+
+ HddSecuritySignalProtocolEvent(&gHddPasswordPromptExitGuid);
+ if (gST->ConOut != NULL) {
+ //Disable cursor, set desired attributes and clear screen
+ gST->ConOut->EnableCursor( gST->ConOut, FALSE );
+ gST->ConOut->SetAttribute( gST->ConOut, (EFI_BACKGROUND_BLACK | EFI_WHITE));
+ gST->ConOut->ClearScreen( gST->ConOut);
+ }
+
+
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordvices
+//
+// Description: Send Frezze command all the HDD
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID IDEPasswordFreezeDevices( )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer;
+ UINT16 i;
+ UINTN Count;
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL;
+
+ // Return if Hdd FreezeLock command is already sent
+ if( HddFreeze ) {
+ return;
+ }
+
+ if(IDEPasswordSecurityData != NULL) {
+ //
+ // Clear the Password
+ //
+ MemSet( IDEPasswordSecurityData, sizeof(IDE_SECURITY_DATA) * gIDESecurityCount, 0);
+ //
+ // Free up the Memory
+ //
+ MemFreePointer((VOID**)&IDEPasswordSecurityData );
+ IDEPasswordSecurityData=NULL;
+ }
+
+ Status = gBS->LocateHandleBuffer(
+ ByProtocol,
+ &gIDESecurityProtocolGuid,
+ NULL,
+ &Count,
+ &HandleBuffer
+ );
+
+ if ( EFI_ERROR( Status )) {
+ return;
+ }
+
+ for ( i = 0; i < Count; i++ ) {
+ //
+ // get password security protocol
+ //
+ Status = gBS->OpenProtocol(
+ HandleBuffer[i],
+ &gIDESecurityProtocolGuid,
+ (VOID**) &IDEPasswordSecurity,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+
+ if ( EFI_ERROR( Status )) {
+ continue;
+ }
+
+ //
+ //Send Freeze lock command
+ //
+ Status=IDEPasswordSecurity->SecurityFreezeLock( IDEPasswordSecurity );
+
+ if(Status == EFI_SUCCESS) {
+ HddFreeze = TRUE;
+ }
+
+ }// end of for
+ MemFreePointer((VOID**)&HandleBuffer );
+
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordUpdateHdd
+//
+// Description: Updates the HDD password for the current HDD alone.
+//
+// Input:
+// UINT32 Index,
+// CHAR16 *Password,
+// BOOLEAN bCheckUser
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN IDEPasswordUpdateHdd(UINT32 Index,CHAR16 *Password,BOOLEAN bCheckUser)
+{
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL;
+ UINT16 Control = bCheckUser ? 0 : 1;
+ UINT8 RevisionCode = 0;
+ BOOLEAN Locked, Enabled;
+ EFI_STATUS Status = EFI_UNSUPPORTED;
+ UINT8 Buffer[IDE_PASSWORD_LENGTH + 1];
+ UINT8 Selection;
+ #if !SETUP_SAME_SYS_HDD_PW
+ UINTN ii;
+ #endif
+ IDE_SECURITY_DATA *DataPtr;
+
+//
+// While password is set via hook in tse to perfom some OEM feature
+// and SETUP_PASSWORD_NON_CASE_SENSITIVE is set, even then the
+// password will be updated as if it is case sensitive but Authenticates
+// as non case sensitive so in order to avoid such situation making
+// IDEPasswordUpdateHdd() symmetric with IDEPasswordAuthenticateHdd()
+// to update case sensivity {EIP99649}
+//
+#if TSE_BUILD > 0x1206
+{
+ UINTN NewPwLen = 0;
+ if( IsPasswordSupportNonCaseSensitive() ) {
+ NewPwLen = EfiStrLen(Password);
+ UpdatePasswordToNonCaseSensitive(Password, NewPwLen);
+ }
+}
+#endif
+
+ DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( Index );
+
+ if ( DataPtr == NULL ) {
+ ShowPostMsgBox(
+ NULL,
+ HiiGetString(
+ gHiiHandle,
+ STRING_TOKEN(STR_IDE_SECURITY_UNSUPPORTED)
+ ),
+ MSGBOX_TYPE_OK,
+ &Selection
+ ); // ShowPostMsgBox
+
+ return FALSE;
+ }
+ IDEPasswordSecurity = DataPtr->IDEPasswordSecurity;
+
+ //
+ //get the status of the device
+ //
+ if ( !(
+ CheckSecurityStatus(
+ IDEPasswordSecurity, &Locked,
+ SecurityLockedMask )
+ && CheckSecurityStatus( IDEPasswordSecurity, &Enabled,
+ SecurityEnabledMask ))) {
+ return FALSE;
+ }
+
+ if ( !Locked ) {
+ if ( Password[0] == 0 ) {
+ //
+ //empty string is entered -> disable password
+ //
+ Status = IDEPasswordSecurity->SecurityDisablePassword(
+ IDEPasswordSecurity,
+ Control,
+ IDEPasswordSecurityData[Index].PWD );
+ } else {
+ //
+ //set new password
+ //
+ MemSet( &Buffer, IDE_PASSWORD_LENGTH + 1, 0 );
+ #if !SETUP_SAME_SYS_HDD_PW
+
+ for ( ii = 0; ii < IDE_PASSWORD_LENGTH + 1; ii++ ) {
+ Buffer[ii] = (UINT8)Password[ii];
+
+ if ( Password[ii] == L'\0' ) {
+ break;
+ }
+ }// end of for
+ #else
+ MemCopy( Buffer, Password, IDE_PASSWORD_LENGTH + 1 );
+ #endif
+
+ Status = IDEPasswordSecurity->SecuritySetPassword(
+ IDEPasswordSecurity,
+ Control,
+ Buffer,
+ RevisionCode );
+ }
+ }// end if(!Locked)
+
+ if ( EFI_ERROR( Status )) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordUpdateAllHdd
+//
+// Description: Updates the HDD password for all the HDDs present.
+//
+// Input:
+// UINT32 Index,
+// CHAR16 *Password,
+// BOOLEAN bCheckUser
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN IDEPasswordUpdateAllHdd(
+ UINT32 Index,
+ CHAR16 *Password,
+ BOOLEAN bCheckUser )
+{
+ UINTN i;
+ BOOLEAN Status = FALSE;
+ for ( i = 0; i < gIDESecurityCount; i++ ) {
+ Status = IDEPasswordUpdateHdd( (UINT32)i, Password, bCheckUser);
+ }
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordUpdate
+//
+// Description: Hook function to update the password for the HDDs based
+// on the token ALL_HDD_SAME_PW.
+// Input:
+// UINT32 Index,
+// CHAR16 *Password,
+// BOOLEAN bCheckUser
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN IDEPasswordUpdate(
+ UINT32 Index,
+ CHAR16 *Password,
+ BOOLEAN bCheckUser )
+{
+ #if ALL_HDD_SAME_PW
+ return IDEPasswordUpdateAllHdd( Index, Password, bCheckUser);
+ #else
+ return IDEPasswordUpdateHdd( Index, Password, bCheckUser);
+ #endif
+
+}
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: UnlockHDD
+//
+// Description: Unlock the HDD
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID UnlockHDD(
+ VOID )
+{
+ #if SETUP_SAME_SYS_HDD_PW
+ UINTN Size=0, i;
+ AMITSESETUP *TSESetup;
+ IDE_SECURITY_DATA *DataPtr;
+ EFI_STATUS Status;
+ EFI_GUID AmiTseSetupGuid = AMITSESETUP_GUID;
+
+ //
+ //Do not proceed if admin pssword is not set
+ //
+ if ( !(AMI_PASSWORD_USER & PasswordCheckInstalled()) ) {
+ return;
+ }
+
+ //
+ //Get password from NVRAM
+ //
+ Size = 0;
+ TSESetup = VarGetNvramName (L"AMITSESetup", &AmiTseSetupGuid, NULL, &Size);
+
+ if ( Size ) {
+ //
+ //For all drives
+ //
+ DataPtr = IDEPasswordSecurityData;
+
+ for ( i = 0; i < gIDESecurityCount; i++ ) {
+ if ( DataPtr->Locked ) {
+ //
+ //ask fot the password if locked
+ //
+ Status = IDEPasswordAuthenticateHdd( TSESetup->UserPassword,
+ DataPtr,
+ TRUE );
+
+ if ( EFI_SUCCESS != Status ) {
+ //
+ // Unlock failed.
+ //
+ EfiLibReportStatusCode( EFI_ERROR_CODE | EFI_ERROR_MAJOR,
+ DXE_INVALID_IDE_PASSWORD,
+ 0,
+ NULL,
+ NULL );
+ }
+ }
+ DataPtr++;
+ } // end of for
+ } // end if
+
+ MemFreePointer((VOID**) &TSESetup );
+ return;
+ #endif //#if SETUP_SAME_SYS_HDD_PW
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SetHDDPassword
+//
+// Description: Set the HDD password
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID SetHDDPassword(VOID)
+{
+ #if SETUP_SAME_SYS_HDD_PW
+ UINTN Size=0, i;
+ AMITSESETUP *TSESetup;
+ BOOLEAN Status;
+ EFI_GUID AmiTseSetupGuid = AMITSESETUP_GUID;
+
+ //
+ //Get password from NVRAM
+ //
+ Size = 0;
+ TSESetup = VarGetNvramName (L"AMITSESetup", &AmiTseSetupGuid, NULL, &Size);
+
+ if ( Size ) {
+ //
+ //For all drives
+ //
+ for ( i = 0; i < gIDESecurityCount; i++ ) {
+ Status = IDEPasswordUpdateHdd( (UINT32)i, TSESetup->UserPassword, TRUE);
+ }
+ }
+
+ MemFreePointer((VOID**) &TSESetup );
+ #endif //#if SETUP_SAME_SYS_HDD_PW
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordCheck
+//
+// Description: Validate the HDD password
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID IDEPasswordCheck()
+{
+ #if !SETUP_SAME_SYS_HDD_PW
+ IDE_SECURITY_DATA *DataPtr;
+#if !ALL_HDD_SAME_PW
+ UINT16 i;
+#endif
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+ UINTN IDE_idex = 0;
+#endif
+ BOOLEAN ScreenCorrupted = FALSE;
+ #endif
+ IDE_SECURITY_CONFIG ideSecConfig;
+
+ //
+ // build IDESecurity data
+ //
+
+ gIDESecurityCount = IDESecurityProtocolInit( );
+
+ if ( IDEPasswordSecurityData == NULL || gIDESecurityCount == 0 ) {
+ return;
+ }
+
+ #if SETUP_SAME_SYS_HDD_PW
+ UnlockHDD();
+ #else
+ DataPtr = IDEPasswordSecurityData;
+#if !ALL_HDD_SAME_PW
+ for ( i = 0; i < gIDESecurityCount; i++ ) {
+#endif
+ if ( DataPtr->Locked && (!DataPtr->Validated)) {
+ //
+ //ask fot the password if locked
+ //
+ DataPtr->Validated = TRUE;
+ AMI_CheckIDEPassword( DataPtr->PromptToken, (VOID*)DataPtr );
+ ScreenCorrupted = TRUE;
+ }
+#if !ALL_HDD_SAME_PW
+ DataPtr++;
+ }// end of for
+#endif
+ //
+ // If the Screen Corrupted , Redraw the Screen
+ //
+ // if(ScreenCorrupted) {
+ // DrawScreenAgain(OldScreen);
+ // }
+ #endif
+
+ MemSet( &ideSecConfig, sizeof(ideSecConfig), 0 );
+ ideSecConfig.Count = gIDESecurityCount;
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+ for( IDE_idex = 0 ; IDE_idex < gIDESecurityCount ; IDE_idex++ )
+ {
+ IDEUpdateConfig( &ideSecConfig, IDE_idex );
+ }
+#endif
+ VarSetNvramName( L"IDESecDev",
+ &gIDESecGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ &ideSecConfig,
+ sizeof(ideSecConfig));
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEUpdateConfigHdd
+//
+// Description: Initializes the structure IDE_SECURITY_CONFIG for the current
+// HDD if the data pointer to the structure IDE_SECURITY_DATA is
+// initialized already.
+//
+// Input:
+// IDE_SECURITY_CONFIG *ideSecConfig
+// UINTN value
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID IDEUpdateConfigHdd(
+ VOID *TempideSecConfig,
+ UINTN value )
+{
+ IDE_SECURITY_DATA *DataPtr = NULL;
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL;
+ BOOLEAN Status;
+ UINT32 IdePasswordFlags = 0;
+ EFI_STATUS ReturnStatus;
+ IDE_SECURITY_CONFIG *ideSecConfig
+ = (IDE_SECURITY_CONFIG*)TempideSecConfig;
+
+
+ //
+ //Set current IDE security page
+ //
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+
+ DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( value );
+
+ if ( DataPtr ) {
+ IDEPasswordSecurity = DataPtr->IDEPasswordSecurity;
+
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecuritySupportedMask );
+ ideSecConfig->Supported[value] = Status ? 1 : 0;
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecurityEnabledMask );
+ ideSecConfig->Enabled[value] = Status ? 1 : 0;
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecurityLockedMask );
+ ideSecConfig->Locked[value] = Status ? 1 : 0;
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecurityFrozenMask );
+ ideSecConfig->Frozen[value] = Status ? 1 : 0;
+ ReturnStatus = IDEPasswordSecurity->ReturnIdePasswordFlags(
+ IDEPasswordSecurity,
+ &IdePasswordFlags );
+
+ if ( EFI_ERROR( ReturnStatus )) {
+ return;
+ }
+
+ ideSecConfig->UserPasswordStatus[value]
+ = (IdePasswordFlags & 0x00020000) ? 1 : 0;
+ ideSecConfig->MasterPasswordStatus[value]
+ = (IdePasswordFlags & 0x00010000) ? 1 : 0;
+
+ ideSecConfig->ShowMaster[value] = 0x0000;
+
+ if ( ideSecConfig->Locked[value] ) {
+ ideSecConfig->ShowMaster[value] = 0x0001;
+ } else if ( (DataPtr->LoggedInAsMaster)) {
+ ideSecConfig->ShowMaster[value] = 0x0001;
+ } else if ( !(ideSecConfig->UserPasswordStatus[value])) {
+ ideSecConfig->ShowMaster[value] = 0x0001;
+ }
+ }// end if
+#else
+ gCurrIDESecPage = value;
+
+ DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( value );
+
+ if ( DataPtr ) {
+ IDEPasswordSecurity = DataPtr->IDEPasswordSecurity;
+
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecuritySupportedMask );
+ ideSecConfig->Supported = Status ? 1 : 0;
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecurityEnabledMask );
+ ideSecConfig->Enabled = Status ? 1 : 0;
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecurityLockedMask );
+ ideSecConfig->Locked = Status ? 1 : 0;
+ CheckSecurityStatus(
+ IDEPasswordSecurity,
+ &Status,
+ SecurityFrozenMask );
+ ideSecConfig->Frozen = Status ? 1 : 0;
+ ReturnStatus = IDEPasswordSecurity->ReturnIdePasswordFlags(
+ IDEPasswordSecurity,
+ &IdePasswordFlags );
+
+ if ( EFI_ERROR( ReturnStatus )) {
+ return;
+ }
+
+ ideSecConfig->UserPasswordStatus
+ = (IdePasswordFlags & 0x00020000) ? 1 : 0;
+ ideSecConfig->MasterPasswordStatus
+ = (IdePasswordFlags & 0x00010000) ? 1 : 0;
+
+ ideSecConfig->ShowMaster = 0x0000;
+
+ if ( ideSecConfig->Locked ) {
+ ideSecConfig->ShowMaster = 0x0001;
+ } else if ( (DataPtr->LoggedInAsMaster)) {
+ ideSecConfig->ShowMaster = 0x0001;
+ } else if ( !(ideSecConfig->UserPasswordStatus)) {
+ ideSecConfig->ShowMaster = 0x0001;
+ }
+ }// end if
+#endif
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEUpdateConfigAllHdd
+//
+// Description: Initializes the structure IDE_SECURITY_CONFIG for all the
+// HDDs present if the data pointer to the structure
+// IDE_SECURITY_DATA is initialized already.
+//
+// Input:
+// IDE_SECURITY_CONFIG *ideSecConfig
+// UINTN value
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID IDEUpdateConfigAllHdd(
+ VOID *TempideSecConfig,
+ UINTN value )
+{
+ UINTN i;
+
+ for ( i = 0; i < gIDESecurityCount; i++ ) {
+ IDEUpdateConfigHdd( TempideSecConfig, i);
+ }
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEUpdateConfig
+//
+// Description: Hook function to Initialize the structure IDE_SECURITY_CONFIG
+// for the HDDs based on the token ALL_HDD_SAME_PW.
+//
+// Input:
+// IDE_SECURITY_CONFIG *ideSecConfig
+// UINTN value
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID IDEUpdateConfig(
+ VOID *TempideSecConfig,
+ UINTN value )
+{
+ #if ALL_HDD_SAME_PW
+ IDEUpdateConfigAllHdd( TempideSecConfig, value);
+ #else
+ IDEUpdateConfigHdd( TempideSecConfig, value);
+ #endif
+
+}
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordGetName
+//
+// Description: Get the Hdd name
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+UINT16 IDEPasswordGetName(
+ UINT16 Index )
+{
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+ // workaround for code in special.c which fills "goto string" token with
+ // hdd name string token. In our case we dont need that.
+ return ConfigPromptToken;
+#else
+ UINTN size=0;
+ IDE_SECURITY_CONFIG *ideSecConfig;
+ IDE_SECURITY_DATA *DataPtr;
+
+ ideSecConfig = VarGetNvramName (L"IDESecDev", &gIDESecGuid, NULL, &size);
+ IDEUpdateConfigHdd (ideSecConfig, Index);
+ VarSetNvramName (L"IDESecDev",
+ &gIDESecGuid,
+ EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ ideSecConfig,
+ size);
+
+ MemFreePointer((VOID **)&ideSecConfig);
+
+ DataPtr = (IDE_SECURITY_DATA*)IDEPasswordGetDataPtr( Index );
+
+ if(DataPtr == NULL) {
+ return 0;
+ }
+
+ return DataPtr->PromptToken;
+#endif
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordAuthenticateHdd
+//
+// Description: Validates the Ide password for the current HDD alone.
+//
+// Input:
+// CHAR16 *Password,
+// VOID* Ptr,
+// BOOLEAN bCheckUser
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS IDEPasswordAuthenticateHdd(
+ CHAR16 *Password,
+ VOID * Ptr,
+ BOOLEAN bCheckUser )
+{
+ UINT16 Control = 0;
+ EFI_STATUS Status;
+ UINT8 Buffer[IDE_PASSWORD_LENGTH + 1];
+
+ #if !SETUP_SAME_SYS_HDD_PW
+ UINTN i;
+ #endif
+
+ IDE_SECURITY_DATA * DataPtr = (IDE_SECURITY_DATA*)Ptr;
+
+ MemSet( &Buffer, IDE_PASSWORD_LENGTH + 1, 0 );
+
+#if TSE_BUILD > 0x1206
+{
+ UINTN NewPwLen = 0;
+ if( IsPasswordSupportNonCaseSensitive() ) {
+ NewPwLen = EfiStrLen(Password);
+ UpdatePasswordToNonCaseSensitive(Password, NewPwLen);
+ }
+}
+#endif
+
+ #if !SETUP_SAME_SYS_HDD_PW
+
+ for ( i = 0; i < IDE_PASSWORD_LENGTH + 1; i++ ) {
+ Buffer[i] = (UINT8)Password[i];
+
+ if ( Password[i] == L'\0' ) {
+ break;
+ }
+ }
+ #else
+ MemCopy( Buffer, Password, IDE_PASSWORD_LENGTH + 1 );
+ #endif
+
+ Control = bCheckUser ? 0 : 1;
+
+ Status = (DataPtr->IDEPasswordSecurity)->SecurityUnlockPassword(
+ DataPtr->IDEPasswordSecurity,
+ Control,
+ Buffer );
+
+ if ( EFI_ERROR( Status )) {
+ return EFI_ACCESS_DENIED;
+ }
+
+ //
+ //save password in case we need to disable it during the setup
+ //
+ MemCopy( &(DataPtr->PWD), &Buffer, IDE_PASSWORD_LENGTH + 1 );
+// DataPtr->Locked = FALSE;
+
+ if ( !bCheckUser ) {
+ DataPtr->LoggedInAsMaster = TRUE;
+ }
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordAuthenticateAllHdd
+//
+// Description: Validates the Ide password for all the HDDs Present.
+//
+// Input:
+// CHAR16 *Password,
+// VOID* Ptr,
+// BOOLEAN bCheckUser
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS IDEPasswordAuthenticateAllHdd(
+ CHAR16 *Password,
+ VOID * Ptr,
+ BOOLEAN bCheckUser )
+{
+ IDE_SECURITY_DATA *DataPtr;
+ UINTN i;
+ EFI_STATUS Status=EFI_NOT_FOUND;
+
+ //
+ //For all drives
+ //
+ DataPtr = IDEPasswordSecurityData;
+
+ if(DataPtr == NULL) {
+ return EFI_NOT_FOUND;
+ }
+
+ for ( i = 0; i < gIDESecurityCount; i++ ) {
+
+ Status = IDEPasswordAuthenticateHdd( Password,
+ DataPtr,
+ bCheckUser );
+ if ( EFI_SUCCESS != Status ) {
+ //
+ // Unlock failed.
+ //
+ EfiLibReportStatusCode( EFI_ERROR_CODE | EFI_ERROR_MAJOR,
+ DXE_INVALID_IDE_PASSWORD,
+ 0,
+ NULL,
+ NULL );
+ }
+ DataPtr++;
+ }
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordAuthenticate
+//
+// Description: Hook function to validate IDE Password for the HDDs based on
+// the token ALL_HDD_SAME_PW
+// Input:
+// CHAR16 *Password,
+// VOID* Ptr,
+// BOOLEAN bCheckUser
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS IDEPasswordAuthenticate(
+ CHAR16 *Password,
+ VOID * Ptr,
+ BOOLEAN bCheckUser )
+{
+ #if ALL_HDD_SAME_PW
+ return IDEPasswordAuthenticateAllHdd( Password, Ptr, bCheckUser);
+ #else
+ return IDEPasswordAuthenticateHdd( Password, Ptr, bCheckUser);
+ #endif
+
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IDEPasswordGetDataPtr
+//
+// Description: Get the Ide password Data pointer
+//
+// Input: none
+//
+// Output: none
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID* IDEPasswordGetDataPtr( UINTN Index )
+{
+ IDE_SECURITY_DATA *DataPtr;
+
+ if ( gIDESecurityCount == 0 || IDEPasswordSecurityData == NULL ) {
+ //
+ //try to initialize, if not initialized
+ //
+ gIDESecurityCount = IDESecurityProtocolInit( );
+ }
+
+ if ( gIDESecurityCount == 0 || IDEPasswordSecurityData == NULL || Index >=
+ gIDESecurityCount ) {
+ return NULL;
+ }
+
+ DataPtr = (IDE_SECURITY_DATA*)IDEPasswordSecurityData;
+
+ if(DataPtr == NULL) {
+ return 0;
+ }
+
+ return (VOID*)&DataPtr[Index];
+}
+
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: FramePwdCallbackIdePasswordUpdate
+//
+// Description: function to update the ide password
+//
+// Input: CONTROL_DATA *control : Selected password control data,
+// VOID *saveData : New password
+//
+// Output: EFI_STATUS
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS FramePwdCallbackIdePasswordUpdate ( CONTROL_DATA *control, CHAR16 *saveData)
+{
+ BOOLEAN bCheckUser = FALSE;
+ VOID * data =control->ControlData.ControlPtr;
+ UINT8 HardDiskNumber = 0xFF;
+
+ // Check whether selected password control is a HDD Password control
+ if (control->ControlData.ControlVariable == VARIABLE_ID_IDE_SECURITY )
+ {
+ // find index of currently selected HDD and type of password(user/master) to update
+ SearchTseHardDiskField( &bCheckUser, NULL, &HardDiskNumber, data );
+
+ if( HardDiskNumber != 0xFF ) // If HDD index is valid
+ {
+ IDEPasswordUpdate( (UINT32)HardDiskNumber, (CHAR16*) saveData, bCheckUser ); //update it
+ }
+ return EFI_SUCCESS;
+ }
+ else
+ return EFI_UNSUPPORTED;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: PopupPwdAuthenticateIDEPwd
+//
+// Description: Function to authenticate the IDE password
+//
+// Input: POPUP_PASSWORD_DATA *popuppassword,
+// BOOLEAN *AbortUpdate,
+// VOID *data
+//
+// Output: EFI_STATUS
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS PopupPwdAuthenticateIDEPwd(POPUP_PASSWORD_DATA *popuppassword, BOOLEAN *AbortUpdate,VOID *data)
+{
+ EFI_STATUS Status = EFI_UNSUPPORTED;
+ CHAR16 *Text=NULL;
+ UINT8 HardDiskNumber = 0xFF;
+
+ // Check whether selected password control is a HDD Password control
+ if(popuppassword->ControlData.ControlVariable == VARIABLE_ID_IDE_SECURITY )
+ {
+ BOOLEAN bCheckUser = FALSE;
+ BOOLEAN EnabledBit = FALSE;
+ UINTN size = 0;
+ IDE_SECURITY_CONFIG *ideSecConfig;
+
+ ideSecConfig = VarGetVariable( VARIABLE_ID_IDE_SECURITY, &size ); // Get the data from setup page
+ if (NULL == ideSecConfig) {
+ return EFI_NOT_FOUND;
+ }
+ // find index of currently selected HDD and type of password(user/master) to authenticate
+ SearchTseHardDiskField( &bCheckUser, &EnabledBit, &HardDiskNumber, data );
+ // Check if password has been set for selected HDD
+ if( ( HardDiskNumber != 0xFF ) && ideSecConfig->Enabled[HardDiskNumber] )
+ {
+ EnabledBit = TRUE;
+ }
+
+ // If password has been set then proceed
+ if(EnabledBit)
+ {
+ if( bCheckUser || ideSecConfig->MasterPasswordStatus[HardDiskNumber] )
+ {
+ // Ask for the password
+ Status = _DoPopupEdit( popuppassword, STRING_TOKEN(STR_OLD_PSWD), &Text);
+ if(EFI_SUCCESS != Status )
+ {
+ *AbortUpdate = TRUE; // Status: Password not updated
+ }
+ else
+ {
+ // Get IDE_SECURITY_PROTOCOL instance for current HDD
+ void* DataPtr = TSEIDEPasswordGetDataPtr( HardDiskNumber );
+ Status = TSEIDEPasswordAuthenticate( Text, DataPtr, bCheckUser ); //Authenticate it
+ if(EFI_ERROR( Status ))
+ {
+ // Show error message if password is wrong
+ CallbackShowMessageBox( (UINTN)gInvalidPasswordFailMsgBox, MSGBOX_TYPE_OK );
+ *AbortUpdate = TRUE; // Status: Password not updated
+ }
+ StringZeroFreeMemory ((VOID **)&Text); // Erase string and free allocated memory
+ }
+ }
+ }
+
+ MemFreePointer((VOID **) &ideSecConfig); // Free setup data memory
+ return EFI_SUCCESS;
+ }
+ return EFI_UNSUPPORTED;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: PopupPwdUpdateIDEPwd
+//
+// Description: function to update the setup config page after IDE password update
+//
+// Input: None
+//
+// Output: None
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+VOID PopupPwdUpdateIDEPwd (VOID)
+{
+ UINTN size = 0;
+ IDE_SECURITY_CONFIG *ideSecConfig;
+ UINT8 HardDiskNumber = 0xFF;
+
+ // Get the old setup config data
+ ideSecConfig = VarGetVariable( VARIABLE_ID_IDE_SECURITY, &size );
+ if (NULL == ideSecConfig) {
+ return;
+ }
+ // Update setup data for all HDDs
+ for( HardDiskNumber = 0 ; HardDiskNumber < ideSecConfig->Count ; HardDiskNumber++ )
+ {
+ IDEUpdateConfig( (VOID*)ideSecConfig, HardDiskNumber );
+ }
+ // Set the new setup config data
+ VarSetValue (VARIABLE_ID_IDE_SECURITY, 0, size, ideSecConfig);
+ if (gApp != NULL)
+ gApp->CompleteRedraw = TRUE; // redraw setup config page to reflect updated configuration
+ MemFreePointer((VOID **)&ideSecConfig);
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SearchTseHardDiskField
+//
+// Description: function to search TSE hard disk field.
+//
+// Input: IN OUT BOOLEAN *pbCheckUser : Password type - User/Master,
+// IN OUT BOOLEAN *pEnabledBit : Password is set / not,
+// IN OUT UINT8 *pHardDiskNumber : HDD index,
+// IN VOID *data
+//
+// Output: None
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID SearchTseHardDiskField (
+ IN OUT BOOLEAN *pbCheckUser, IN OUT BOOLEAN *pEnabledBit,
+ IN OUT UINT8 *pHardDiskNumber, IN VOID *data
+ )
+{
+ UINTN size = 0;
+ IDE_SECURITY_CONFIG *ideSecConfig;
+
+ ideSecConfig = VarGetVariable( VARIABLE_ID_IDE_SECURITY, &size );
+
+ //
+ // Check if User password field is selected, if yes then set HDD index
+ //
+ if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword) )
+ {
+ *pHardDiskNumber = 0;
+ *pbCheckUser = TRUE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD2) )
+ {
+ *pHardDiskNumber = 1;
+ *pbCheckUser = TRUE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD3) )
+ {
+ *pHardDiskNumber = 2;
+ *pbCheckUser = TRUE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD4) )
+ {
+ *pHardDiskNumber = 3;
+ *pbCheckUser = TRUE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD5) )
+ {
+ *pHardDiskNumber = 4;
+ *pbCheckUser = TRUE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEUserPassword_HDD6) )
+ {
+ *pHardDiskNumber = 5;
+ *pbCheckUser = TRUE;
+ }
+ //
+ // Check if Master password field is selected, if yes then set HDD index
+ //
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword) )
+ {
+ *pHardDiskNumber = 0;
+ *pbCheckUser = FALSE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD2) )
+ {
+ *pHardDiskNumber = 1;
+ *pbCheckUser = FALSE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD3) )
+ {
+ *pHardDiskNumber = 2;
+ *pbCheckUser = FALSE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD4) )
+ {
+ *pHardDiskNumber = 3;
+ *pbCheckUser = FALSE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD5) )
+ {
+ *pHardDiskNumber = 4;
+ *pbCheckUser = FALSE;
+ }
+ else if( UefiGetQuestionOffset(data) /*data->QuestionId*/
+ == STRUCT_OFFSET(IDE_SECURITY_CONFIG,IDEMasterPassword_HDD6) )
+ {
+ *pHardDiskNumber = 5;
+ *pbCheckUser = FALSE;
+ }
+ else // Question offset is not from any of the password fields
+ {
+ *pHardDiskNumber = 0xFF; // No HDD selected
+ if( pEnabledBit != NULL )
+ {
+ *pEnabledBit = FALSE; // No HDD ie no password is set
+ }
+ }
+ // if HDD index is invalid, set it to 0xFF
+ if( *pHardDiskNumber >= ideSecConfig->Count )
+ {
+ *pHardDiskNumber = 0xFF;
+ }
+
+ MemFreePointer( (VOID **) &ideSecConfig );
+ return;
+}
+
+#endif
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HDDStatus
+//
+// Description: Returns EFI_SUCCESS and sets *bHddStatus = TRUE if number of
+// attempt to unlock HDD has reached MAXIMUM_HDD_UNLOCK_ATTEMPTS.
+//
+// Input: VOID *DataPtr
+//
+// Output: BOOLEAN *bHddStatus
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS HDDStatus(VOID *DataPtr, BOOLEAN *bHddStatus)
+{
+ EFI_STATUS Status = 0;
+ UINT16 SecurityStatus = 0;
+ IDE_SECURITY_DATA *Ptr = (IDE_SECURITY_DATA *)DataPtr;
+
+ *bHddStatus = FALSE;
+
+ Status = Ptr->IDEPasswordSecurity->ReturnSecurityStatus( Ptr->IDEPasswordSecurity, &SecurityStatus );
+ if ( EFI_ERROR( Status ))
+ return Status;
+
+ if (SecurityStatus & 0x10) {
+ *bHddStatus = TRUE;
+ }
+
+ return EFI_SUCCESS;
+}
+//****************************************************************************
+//****************************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Norcross, GA 30093 **
+//** **
+//** Phone (770)-246-8600 **
+//** **
+//****************************************************************************
+//****************************************************************************
diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.cif b/Core/EM/HddSecurity/Hddpassword/HddPassword.cif
new file mode 100644
index 0000000..5529e64
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.cif
@@ -0,0 +1,14 @@
+<component>
+ name = "AmiTseHddPassword"
+ category = ModulePart
+ LocalRoot = "Core\EM\HddSecurity\Hddpassword"
+ RefName = "AmiTseHddPassword"
+[files]
+"HddPassword.mak"
+"HddPassword.sdl"
+"HddPassword.c"
+"HddPassword.h"
+"HddPassword.uni"
+"HddSecTokens.c"
+"ForceHddPassword.c"
+<endComponent>
diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.h b/Core/EM/HddSecurity/Hddpassword/HddPassword.h
new file mode 100644
index 0000000..ccfdffb
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.h
@@ -0,0 +1,185 @@
+//****************************************************************************
+//****************************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Norcross, GA 30093 **
+//** **
+//** Phone (770)-246-8600 **
+//** **
+//****************************************************************************
+//****************************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.h 11 9/10/14 2:59a Divyac $
+//
+// $Revision: 11 $
+//
+// $Date: 9/10/14 2:59a $
+//
+//*****************************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.h $
+//
+// 11 9/10/14 2:59a Divyac
+// [TAG] EIP181548
+// [Category] Improvement
+// [Description] Implement event signaling during HDD Passwords Prompt.
+// [Files] HddPassword.c
+// HddPassword.h
+//
+// 10 4/29/13 2:30a Kapilporwal
+// fixing build errors, when tse soruce is not present, from last check-in
+//
+// 9 4/25/13 9:28a Kapilporwal
+// [TAG] EIP108583
+// [Category] New Feature
+// [Description] support set HDD password in same page
+// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl,
+// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c,
+// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl
+//
+// 8 6/28/11 6:24a Anandv
+// [TAG] EIP62381
+// [Category] Improvement
+// [Description] In IdeSecurity Module, display HDD number in Setup
+// based
+// on results from WhichIde() function of
+// DiskInfo Protocol.
+//
+// [Files] HddPassword.c, HddPassword.h, SBDxe.c, PIDEController.h
+//
+// 7 5/21/10 2:58p Aaronp
+// Fix for EIP 38473 - Device names are not displayed when built in UEFI
+// 2.1 mode
+//
+// 6 3/11/10 3:50a Rameshr
+// Issue: Same Structure definied in Hddpassword and Amitse.
+// Solution: Amitse created tsecommon.h with all the common definition.
+// EIP: 27339
+//
+// 5 1/15/10 10:11a Yul
+// Coding Standard
+//
+// 4 9/28/09 4:59p Rameshr
+//
+// 3 9/21/09 3:48p Rameshr
+// The data structure AMI_IFR_MSGBOX in HddPassword.h and MessageBox.h are
+// not the same
+// EIP 27157
+//
+// 2 7/27/09 5:37p Pats
+// EIP 22925: Request to set HDD password length by token.
+// Solution: Token added to IdeSecurity.sdl, and definition removed from
+// HddPassword.h
+//
+// 1 5/01/09 11:09a Rameshr
+// Initial Check-in
+//*****************************************************************************//
+
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: HddPassword.h
+//
+// Description: Header file for the HddPassword
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#ifndef _IDEPASSWORD_H_
+#define _IDEPASSWORD_H_
+
+#include "AmiStatusCodes.h"
+
+#define IDE_SECURITY_INTERFACE_GUID \
+ { 0xF4F63529, 0x281E, 0x4040, 0xA3, 0x13, 0xC1, 0xD6, 0x76, 0x63, 0x84,\
+ 0xBE }
+
+#define HDD_SECURITY_END_PROTOCOL_GUID \
+ { 0xad77ae29, 0x4c20, 0x4fdd, 0x85, 0x04, 0x81, 0x76, 0x61, 0x9b, 0x67,\
+ 0x6a }
+
+#define HDD_UNLOCKED_GUID \
+ { 0x1fd29be6, 0x70d0, 0x42a4, 0xa6, 0xe7, 0xe5, 0xd1, 0xe, 0x6a, 0xc3, 0x76};
+
+#define HDD_PASSWORD_PROMPT_ENTER_GUID \
+ { 0x8e8d584a, 0x6e32, 0x44bf, { 0xb9, 0x6e, 0x1d, 0x27, 0x7, 0xc4, 0xeb, 0x5c } }
+
+#define HDD_PASSWORD_PROMPT_EXIT_GUID \
+ { 0xe22af903, 0xfd6f, 0x4d22, { 0x94, 0xce, 0xf8, 0x49, 0xc6, 0x14, 0xc3, 0x45 } }
+
+#define SECURITY_SET_PASSWORD 0xF1
+#define SECURITY_UNLOCK 0xF2
+#define SECURITY_ERASE_PREPARE 0xF3
+#define SECURITY_ERASE_UNIT 0xF4
+#define SECURITY_FREEZE_LOCK 0xF5
+#define SECURITY_DISABLE_PASSWORD 0xF6
+#define SECURITY_BUFFER_LENGTH 512 // Bytes
+
+#define SecuritySupportedMask 0x0001
+#define SecurityEnabledMask 0x0002
+#define SecurityLockedMask 0x0004
+#define SecurityFrozenMask 0x0008
+
+
+#ifndef AMI_DXE_BS_EC_INVALID_IDE_PASSWORD
+ #define AMI_DXE_BS_EC_INVALID_IDE_PASSWORD (AMI_STATUS_CODE_CLASS\
+ | 0x00000005)
+#endif
+
+#ifndef DXE_INVALID_IDE_PASSWORD
+ #define DXE_INVALID_IDE_PASSWORD (EFI_SOFTWARE_DXE_BS_DRIVER\
+ | AMI_DXE_BS_EC_INVALID_IDE_PASSWORD)
+#endif
+
+#define NG_SIZE 19
+#define VARIABLE_ID_AMITSESETUP 5
+#if !defined(SECUITY_SETUP_ON_SAME_PAGE) || SECUITY_SETUP_ON_SAME_PAGE == 0
+#define INVALID_HANDLE ((VOID*)-1)
+#endif
+#include "tsecommon.h"
+
+#define EFI_DP_TYPE_MASK 0x7F
+#define EFI_DP_TYPE_UNPACKED 0x80
+#if !defined(SECUITY_SETUP_ON_SAME_PAGE) || SECUITY_SETUP_ON_SAME_PAGE == 0
+#define END_DEVICE_PATH_TYPE 0x7f
+#define END_ENTIRE_DEVICE_PATH_SUBTYPE 0xff
+
+#define DevicePathType( a ) (((a)->Type) & EFI_DP_TYPE_MASK)
+#define DevicePathSubType( a ) ((a)->SubType)
+#define DevicePathNodeLength( a ) (((a)->Length[0]) | ((a)->Length[1] << 8))
+#define NextDevicePathNode( a ) ((EFI_DEVICE_PATH_PROTOCOL*) (((UINT8*) (\
+ a))\
+ +\
+ DevicePathNodeLength( a )))
+#define IsDevicePathEndType( a ) (\
+ DevicePathType( \
+ a ) == END_DEVICE_PATH_TYPE)
+#define IsDevicePathEndSubType( a ) ((a)->SubType ==\
+ END_ENTIRE_DEVICE_PATH_SUBTYPE)
+#define IsDevicePathEnd( a ) (IsDevicePathEndType( a )\
+ && IsDevicePathEndSubType( a ))
+VOID
+HddSecuritySignalProtocolEvent (
+ IN EFI_GUID *ProtocolGuid
+);
+
+#endif
+
+#endif /* _PASSWORD_H_ */
+
+//****************************************************************************
+//****************************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Norcross, GA 30093 **
+//** **
+//** Phone (770)-246-8600 **
+//** **
+//****************************************************************************
+//****************************************************************************
diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.mak b/Core/EM/HddSecurity/Hddpassword/HddPassword.mak
new file mode 100644
index 0000000..445a4a8
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.mak
@@ -0,0 +1,96 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.mak 5 4/25/13 9:29a Kapilporwal $
+#
+# $Revision: 5 $
+#
+# $Date: 4/25/13 9:29a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddPassword.mak $
+#
+# 5 4/25/13 9:29a Kapilporwal
+# [TAG] EIP108583
+# [Category] New Feature
+# [Description] support set HDD password in same page
+# [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl,
+# IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c,
+# HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl
+#
+# 4 8/19/10 2:46a Rameshr
+# Issue:Need do HDD PSW reset when warmboot
+# EIP 40528
+#
+# 3 6/30/10 4:15a Rameshr
+# Modified the Hddpassword build procedure, so that customer can add
+# their password oem files and build without modifying the Mak file
+#
+# 2 3/11/10 3:50a Rameshr
+# Issue: Same Structure definied in Hddpassword and Amitse.
+# Solution: Amitse created tsecommon.h with all the common definition.
+# EIP: 27339
+#
+# 1 5/01/09 11:09a Rameshr
+# Initial Check-in
+#
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: HddPassword.mak
+#
+# Description: Make file for the Hddpassword.obj
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+EDK_TSE_INCLUDES = \
+ -I EDK\MiniSetup\TseLite \
+ -I EDK\MiniSetup\Ezport \
+ -I EDK\MiniSetup\BootOnly \
+ -I EDK\MiniSetup\BootOnly\AMILogo \
+ -I EDK\MiniSetup\uefi2.1 \
+ /DTSE_FOR_APTIO_4_50
+
+AMITSEBin : $(BUILD_DIR)\HddPassword.obj $(BUILD_DIR)\ForceHddPassword.obj
+
+{$(AMITSE_HDD_PASSWORD_DIR)}.c{$(BUILD_DIR)}.obj ::
+ $(CC) $(CFLAGS) $(EDK_TSE_INCLUDES) -I $(TSEBIN_DIR)\Inc -I $(TSEBIN_DIR) /Fo$(BUILD_DIR)\ $<
+
+$(BUILD_DIR)\HddPassword.mak : $(AMITSE_HDD_PASSWORD_DIR)\$(@B).cif $(AMITSE_HDD_PASSWORD_DIR)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(AMITSE_HDD_PASSWORD_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+AMITSESDB : HddPassWordSDB
+
+HddPassWordSDB : $(BUILD_DIR)\HddPassword.mak
+ $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\
+ /f $(BUILD_DIR)\HddPassword.mak all\
+ "UNI_INCLUDE_PATH=$(TSEBIN_DIR) $(TSE_UNI_INCLUDE_PATH)"\
+ "STRING_CONSUMERS=$(AMITSE_HDD_PASSWORD_DIR)\HddSecTokens.c"\
+ TYPE=SDB NAME=HddPassword
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.sdl b/Core/EM/HddSecurity/Hddpassword/HddPassword.sdl
new file mode 100644
index 0000000..a020c63
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.sdl
@@ -0,0 +1,136 @@
+TOKEN
+ Name = "SETUP_IDE_SECURITY_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable Hdd password Screen in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+End
+
+TOKEN
+ Name = "SETUP_ASK_MASTER_PASSWORD"
+ Value = "0"
+ Help = "Enable / Disable IDE Master password support"
+ TokenType = Boolean
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "SETUP_SAME_SYS_HDD_PW"
+ Value = "0"
+ Help = "Enable to have User password as IDE password"
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+
+TOKEN
+ Name = "USER_PASSWORD_RETRY_ATTEMPTS"
+ Value = "3"
+ Help = "Maximum number of attempts allowed to the HDD User Password. This token value should be less than or equal to MAXIMUM_HDD_UNLOCK_ATTEMPTS token. If all the attempts by user password failed then (MAXIMUM_HDD_UNLOCK_ATTEMPTS - USER_PASSWORD_RETRY_ATTEMPTS) attempts will be given to Master password"
+ TokenType = Integer
+ TargetH = Yes
+ TargetMAK = Yes
+ Range = "1 - MAXIMUM_HDD_UNLOCK_ATTEMPTS"
+End
+
+TOKEN
+ Name = "MAXIMUM_HDD_UNLOCK_ATTEMPTS"
+ Value = "5"
+ Help = "Maximum number of attempts in POST in which the user has to enter the HDD User Password/Master Password to unlock the HDD.This token value should not exceed 5 times because the ATA SECURITY UNLOCK command fails even if the correct User/Master password is entered on the sixth time because the ATA Security Expire Count is 5"
+ TokenType = Integer
+ TargetH = Yes
+ TargetMAK = Yes
+ Range = "1 - 5"
+End
+
+TOKEN
+ Name = "ALL_HDD_SAME_PW"
+ Value = "0"
+ Help = "1-Enable to have one password for all HDD drives,0-Different HDD could have different password"
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+End
+PATH
+ Name = "AMITSE_HDD_PASSWORD_DIR"
+End
+
+MODULE
+ Help = "Includes HddPassword.mak to Project"
+ File = "HddPassword.mak"
+End
+
+ELINK
+ Name = "RegisterHddNotification,"
+ Parent = "ProcessConInAvailability,"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\HddPassword.obj"
+ Parent = "AMITSE_Objects"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(AMITSE_HDD_PASSWORD_DIR)\HddSecTokens.c"
+ Parent = "TSE_STRING_CONSUMERS_LIST"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "-i $(AMITSE_HDD_PASSWORD_DIR)"
+ Parent = "TSE_UNI_INCLUDE_PATH"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\HddPassword.sdb"
+ Parent = "TSE_SDBS"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "DisableSoftwarePreservation,"
+ Parent = "PreSystemResetHookHook,"
+ InvokeOrder = AfterParent
+ Token = "FORCE_HDD_PASSWORD_PROMPT" "=" "1"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\ForceHddPassword.obj"
+ Parent = "AMITSE_Objects"
+ InvokeOrder = AfterParent
+ Token = "FORCE_HDD_PASSWORD_PROMPT" "=" "1"
+End
+
+TOKEN
+ Name = "OVERRIDE_FramePwdCallbackIdePasswordUpdate"
+ Value = "1"
+ Help = "set to 1 if oem wants to override the FramePwdCallbackIdePasswordUpdate function from Board module."
+ TokenType = Boolean
+ Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1"
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "OVERRIDE_PopupPwdAuthenticateIDEPwd"
+ Value = "1"
+ Help = "set to 1 if oem wants to override the PopupPwdAuthenticateIDEPwd function from Board module."
+ TokenType = Boolean
+ Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1"
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "OVERRIDE_PopupPwdUpdateIDEPwd"
+ Value = "1"
+ Help = "set to 1 if oem wants to override the PopupPwdUpdateIDEPwd function from Board module."
+ TokenType = Boolean
+ Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1"
+ TargetH = Yes
+End
diff --git a/Core/EM/HddSecurity/Hddpassword/HddPassword.uni b/Core/EM/HddSecurity/Hddpassword/HddPassword.uni
new file mode 100644
index 0000000..8fdd12d
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddPassword.uni
Binary files differ
diff --git a/Core/EM/HddSecurity/Hddpassword/HddSecTokens.c b/Core/EM/HddSecurity/Hddpassword/HddSecTokens.c
new file mode 100644
index 0000000..082fae5
--- /dev/null
+++ b/Core/EM/HddSecurity/Hddpassword/HddSecTokens.c
@@ -0,0 +1,79 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddSecTokens.c 2 3/25/13 5:16a Rameshr $
+//
+// $Revision: 2 $
+//
+// $Date: 3/25/13 5:16a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/HddPassword/HddSecTokens.c $
+//
+// 2 3/25/13 5:16a Rameshr
+// [TAG] EIP117159
+// [Category] Improvement
+// [Description] Proper error message displayed when the Password count
+// expired
+// [Files] HddPassword.c, HddPassword.uni, HddSecTokens.c
+//
+// 1 3/11/10 3:51a Rameshr
+// Issue: Same Structure definied in Hddpassword and Amitse.
+// Solution: Amitse created tsecommon.h with all the common definition.
+// EIP: 27339
+//
+// Initial check-in
+//
+//**********************************************************************
+//<AMI_FHDR_START>
+//
+// Name: HddSecTokens.c
+//
+// Description:
+// This file does not add any code. It has, all the string tokens that
+// are used by Minisetup, to fake the usage to strgather.exe. Add to
+// this list, the new string tokens that are defined in
+// AmiTSEStrstr.uni and to be used by Minisetup
+//
+//<AMI_FHDR_END>
+//**********************************************************************
+
+
+//Following code is to force strgatherer to include these strings
+#if 0
+
+STRING_TOKEN(STR_IDE_SECURITY_UNSUPPORTED)
+STRING_TOKEN(STR_IDE_SECURITY_LOCKED)
+STRING_TOKEN(STR_IDE_ERROR_PSWD)
+STRING_TOKEN(STR_IDE_SECURITY_PROMPT)
+STRING_TOKEN(STR_IDE_ENTER_USER)
+STRING_TOKEN(STR_IDE_ENTER_MASTER)
+STRING_TOKEN(STR_IDE_UNLCK_COLD)
+
+#endif
+
+//*****************************************************************//
+//*****************************************************************//
+//** **//
+//** (C)Copyright 2013, American Megatrends, Inc. **//
+//** **//
+//** All Rights Reserved. **//
+//** **//
+//** 5555 Oakbrook Pkwy, Norcross, Georgia 30093 **//
+//** **//
+//** Phone (770)-246-8600 **//
+//** **//
+//*****************************************************************//
+//*****************************************************************//
diff --git a/Core/EM/HddSecurity/IDESMM.DXS b/Core/EM/HddSecurity/IDESMM.DXS
new file mode 100644
index 0000000..26ab424
--- /dev/null
+++ b/Core/EM/HddSecurity/IDESMM.DXS
@@ -0,0 +1,84 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.DXS 4 1/08/13 12:40a Rameshr $
+//
+// $Revision: 4 $
+//
+// $Date: 1/08/13 12:40a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.DXS $
+//
+// 4 1/08/13 12:40a Rameshr
+// [TAG] EIP109495
+// [Category] Improvement
+// [Description] HddSecurity driver needs to be updated for PI
+// specification 1.2
+// [Files] IdeSmm.c, IdeSmm.dxs, IdeSmm.h, IdeSmm.cif
+//
+// 3 6/01/10 7:11p Krishnakumarg
+// Removed Tab spaces
+//
+// 2 4/28/09 6:56p Rameshr
+// HDD password support in RAID mode
+// EIP:20421
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+// 2 13/04/07 3:07p Anandakrishnanl
+// Ide Bus Module - Update source files to comply with AMI coding
+// standard"!!!
+//
+// 1 12/14/05 2:57p Srinin
+//
+//
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: IDESMM.DXS
+//
+// Description: Dependency file for the IDE SMM
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "IDESMM.h"
+
+DEPENDENCY_START
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+ EFI_SMM_SW_DISPATCH2_PROTOCOL_GUID
+#else
+ EFI_SMM_SW_DISPATCH_PROTOCOL_GUID
+#endif
+DEPENDENCY_END
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Core/EM/HddSecurity/IDESMM.c b/Core/EM/HddSecurity/IDESMM.c
new file mode 100644
index 0000000..f898455
--- /dev/null
+++ b/Core/EM/HddSecurity/IDESMM.c
@@ -0,0 +1,1553 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2015, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.c 24 4/29/15 3:41a Anbuprakashp $
+//
+// $Revision: 24 $
+//
+// $Date: 4/29/15 3:41a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.c $
+//
+// 24 4/29/15 3:41a Anbuprakashp
+// [TAG] EIP215937
+// [Category] Bug Fix
+// [Severity] Important
+// [Symptom] System hang while SmmCommunication SMI trigger after enable
+// SmmChkEn bit
+// [RootCause] Bootservice call is used inside IDESMM driver
+// [Solution] Avoided using BootService call inide IDESMM driver
+// [Files] IDESMM.c
+//
+// 23 4/22/15 4:01a Anbuprakashp
+// [TAG] EIP212319
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] System hang while SW_SMI_AHCI_LOCATE_AHCI_SMM SMI trigger
+// after enable SmmChkEn bit
+// [RootCause] Bootservice call used inside IdeSmm driver which causes
+// the Exception
+// [Solution] Changes made not to use BootService calls inside IdeSmm
+// driver
+// [Files] IdeSecurity.h
+// IdeSecurity.c
+// IDESMM.c
+//
+// 22 12/09/14 1:41a Anbuprakashp
+// [TAG] EIP193600
+// [Category] Improvement
+// [Description] Security Enhancement for SMIHandler in HddSecurity
+// module
+// [Files] IDESMM.mak, IDESMM.h, IDESMM.c
+//
+// 21 8/11/14 6:54a Anbuprakashp
+// [TAG] EIP178239
+// [Category] Improvement
+// [Description] S3 Resume fails when HDD password is set where platform
+// have more than one AHCI controller
+// [Files] AhciSmm.c,AhciSmm.sdl,IDESMM.c
+//
+// 20 12/18/13 4:07a Srikantakumarp
+// [TAG] EIP127356
+// [Category] Improvement
+// [Description] Flash NVRAM seems to cause HDD can't be unlocked when
+// S3 resume.
+// [Files] IdeSecurity.c, IDESMM.c, HddPassword.c, AhciBus.c, AhciBus.h
+//
+// 19 1/08/13 12:39a Rameshr
+// [TAG] EIP109495
+// [Category] Improvement
+// [Description] HddSecurity driver needs to be updated for PI
+// specification 1.2
+// [Files] IdeSmm.c, IdeSmm.dxs, IdeSmm.h, IdeSmm.cif
+//
+// 18 8/22/11 2:06a Anandakrishnanl
+// [TAG] EIP67738
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] IdeSmm.c File has been changed in the previous version to
+// remove AHCI Controller Init programming that issue controller reset in
+// S3. This causes various AMD platforms to not resume from S3 properly.
+// [RootCause] IdeSmm.c File has been changed in the previous version to
+// remove AHCI Controller Init programming that issue controller reset in
+// S3. This causes various AMD platforms to not resume from S3 properly.
+// [Solution] Reverted the Idesmm.c file to previous version that will
+// bring back the Ahci Controller initialization by issuing Controller
+// reset
+// [Files] IDESMM.C
+//
+// 17 12/22/10 11:52a Krishnakumarg
+// [TAG] - EIP 46081
+// [Category] - Action Item
+// [Description] - 64 bit PCI config space exception in AHCI driver.
+// [Files] - IDESmm.c
+//
+// 16 10/11/10 11:02a Krishnakumarg
+// [TAG]- EIP 43249
+// [Category]-IMPROVEMENT
+// [Description]- Non-Ascii character in comments causing build problem in
+// japanese XP
+// [Files]- IdeSecurity.c,IDESMM.c, InstallIdeSmi, Ata.c, Atapi.c,
+// IDEBusComponentName.c, IdeBusMaster.c, IdeHPA.c, IdePowerManagement.c
+//
+// 15 9/20/10 4:19a Rameshr
+// [TAG]- EIP 44182
+// [Category]-IMPROVEMENT
+// [Description]- Unable to build the project with HDDSecurity module and
+// without AHCI module.
+// [Files]- IdeSecurity.h, IdeSmm.c
+//
+// 14 9/13/10 1:40a Rameshr
+// [TAG]- EIP 43299
+// [Category]-IMPROVEMENT
+// [Description]- About IdeSecurity module. It use soft smi port 0xb2
+// directly.It will need to re-modify on all of AMD project.
+// 1) Added the SDL token for Sw SMI port address.
+// 2) Used Pciio protocol to get the device location and passed this
+// information to SMM driver.
+// [Files]- IdeSecurity.c, IdeSmm.c, PideBus.h
+//
+// 13 6/01/10 7:07p Krishnakumarg
+// Removed Tab spaces.
+//
+// 12 1/15/10 10:14a Yul
+// Coding Standard
+//
+// 11 11/02/09 6:04p Davidd
+// - Correct S3 resume hanging problem when IDE_PASSWORD_LENGTH is set to
+// some value other than 32 (EIP 27989).
+// - Correct S3 resume hanging problem in AHCI mode (EIP 29827).
+//
+// 10 6/05/09 2:47p Rameshr
+// x64 mode compilation error Resolved.
+// Eip:22710
+//
+// 9 5/11/09 9:39a Rameshr
+// Symptom: Unable to clear the HDD password.
+// Solution: SmmProtocols located on the remove HDD password SMI also.
+// EIP: 21668
+//
+// 8 4/28/09 6:56p Rameshr
+// HDD password support in RAID mode
+// EIP:20421
+//
+// 7 3/31/09 6:52p Davidd
+// Added Device Configuration Freeze Lock programming.
+//
+// 6 3/05/09 11:34a Rameshr
+// RemovedHddpassword doesn't work for Ahci mode- EIP 19935.
+//
+// 5 4/11/08 4:26p Rameshraju
+// s3 Resume time improved when is security not enabled.
+//
+// 2 3/24/08 6:37p Fasihm
+// Updated some missed protocols inside the build switchs.
+//
+// 4 24/03/08 6:34p Anandakrishnanl
+// Removed unwanted comment.
+//
+// 3 24/03/08 6:31p Anandakrishnanl
+// Corrected the SMM Thunk Protocols to Extended Thunk Protocols.
+//
+// 1 3/11/08 2:40p Fasihm
+// Changed the structure names to match with the new SMM module labeled.
+// Will have to remove this after updating the IdeSecurity module with
+// this change.
+//
+// 2 10/03/08 6:47p Anandakrishnanl
+// Removed FreezeLock related code from SMI for improving the S3 resume
+// time.
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+// 1 2/20/08 8:13p Fasihm
+// Added the code to fix the SATA freeze problem.
+//
+// 8 22/06/07 12:44p Anandakrishnanl
+// HardDisk Security Support Module Added.
+// Need ACPI Module and SB Module and under Core\Include we updated
+// Setup.h.
+// Also New IdeBus bin module.
+//
+// 7 13/04/07 3:06p Anandakrishnanl
+// Ide Bus Module - Update source files to comply with AMI coding
+// standard"!!!
+//
+// 6 12/18/06 11:53a Srinin
+// Fixed issues with unlocking HDD password during S3 resume.
+//
+// 5 8/24/06 5:08p Felixp
+//
+// 4 8/24/06 5:07p Felixp
+// x64 support (warnings/errors fixed)
+//
+// 3 8/24/06 9:31a Felixp
+// x64 support (asm code removed)
+//
+// 2 1/04/06 9:36a Srinin
+// Access to Boot services during Runtime removed.
+//
+// 1 12/14/05 2:57p Srinin
+//
+//
+//
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: IdeSMM.C
+//
+// Description: Provide functions to unlock HDD password during S3 resume
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "IDESMM.h"
+
+#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) )
+EFI_GUID gAhciSmmProtocolGuid = AHCI_SMM_PROTOCOL_GUID;
+UINT8 *AhciSecurityBuffer = NULL;
+AHCI_BUS_SMM_PROTOCOL *mAhciSmm = NULL;
+#endif
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION>=0x4028B)
+#define RETURN(status) {return status;}
+#else
+#define RETURN(status) {return ;}
+#endif
+
+EFI_GUID gSecurityModeProtocolGuid = IDE_SECURITY_INTERFACE_GUID;
+DLIST gPasswordList;
+
+COMMAND_BUFFER *mCmdBuffer;
+UINT8 *mDataBuffer = NULL;
+UINT8 *mDataSmmBuffer = NULL;
+UINT8 *SecurityBuffer = NULL;
+BOOLEAN AhciInit = FALSE;
+
+SECURITY_PROTOCOL *IdeSecurityInterface = NULL;
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+ EFI_SMM_SYSTEM_TABLE2 *gSmst;
+#else
+ EFI_SMM_SYSTEM_TABLE *gSmst;
+#endif
+
+#define PCI_CFG_ADDR( bus, dev, func, reg ) \
+ ((VOID*)(UINTN) (PCIEX_BASE_ADDRESS\
+ + ((bus) << 20) + ((dev) << 15) + ((func) << 12) + reg))
+
+#define AHCI_BAR 0x24
+#define PCI_SCC 0x000A // Sub Class Code Register
+
+
+#if defined(EFI64) || defined(EFIx64)
+static UINT64 DivU64x32(
+ IN UINT64 Dividend,
+ IN UINTN Divisor,
+ OUT UINTN*Remainder OPTIONAL )
+{
+ UINT64 Result = Dividend / Divisor;
+
+ if ( Remainder )
+ {
+ *Remainder = Dividend % Divisor;
+ }
+ return Result;
+}
+
+#else
+
+static UINT64 DivU64x32(
+ IN UINT64 Dividend,
+ IN UINTN Divisor, //Can only be 31 bits.
+ OUT UINTN*Remainder OPTIONAL )
+{
+ UINT64 Result;
+ UINT32 Rem;
+
+ _asm
+ {
+ mov eax, dword ptr Dividend[0]
+ mov edx, dword ptr Dividend[4]
+ mov esi, Divisor
+ xor edi, edi ; Remainder
+ mov ecx, 64 ; 64 bits
+Div64_loop:
+ shl eax, 1 ;Shift dividend left. This clears bit 0.
+ rcl edx, 1
+ rcl edi, 1 ;Shift remainder left. Bit 0 = previous dividend bit 63.
+
+ cmp edi, esi ; If Rem >= Divisor, don't adjust
+ cmc ; else adjust dividend and subtract divisor.
+ sbb ebx, ebx ; if Rem >= Divisor, ebx = 0, else ebx = -1.
+ sub eax, ebx ; if adjust, bit 0 of dividend = 1
+ and ebx, esi ; if adjust, ebx = Divisor, else ebx = 0.
+ sub edi, ebx ; if adjust, subtract divisor from remainder.
+ loop Div64_loop
+
+ mov dword ptr Result[0], eax
+ mov dword ptr Result[4], edx
+ mov Rem, edi
+ }
+
+ if (Remainder) *Remainder = Rem;
+
+ return Result;
+}
+
+#endif
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: Stall
+//
+// Description: Stalls for the Required Amount of MicroSeconds
+//
+// Input:
+// UINTN Usec // Number of microseconds to delay
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID
+Stall (
+ UINTN Usec
+ )
+{
+ UINTN Counter, i;
+ UINT32 Data32, PrevData;
+ UINTN Remainder;
+
+ Counter = (UINTN)DivU64x32 ((Usec * 10), 3, &Remainder);
+
+ if (Remainder != 0) {
+ Counter++;
+ }
+
+ //
+ // Call WaitForTick for Counter + 1 ticks to try to guarantee Counter tick
+ // periods, thus attempting to ensure Microseconds of stall time.
+ //
+ if (Counter != 0) {
+
+ PrevData = IoRead32(PM_BASE_ADDRESS + 8);
+ for (i=0; i < Counter; ) {
+ Data32 = IoRead32(PM_BASE_ADDRESS + 8);
+ if (Data32 < PrevData) { // Reset if there is a overlap
+ PrevData=Data32;
+ continue;
+ }
+ i += (Data32 - PrevData);
+ PrevData = Data32;
+ }
+ }
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: ZeromemorySmm
+//
+// Description: Clears the buffer
+//
+// Input: void *Buffer,
+// UINTN Size
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+void
+ZeroMemorySmm (
+ void *Buffer,
+ UINTN Size
+ )
+{
+ UINT8 *Ptr;
+ Ptr = Buffer;
+ while (Size--) {
+ *(Ptr++) = 0;
+ }
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SMMWaitforBitClear
+//
+// Description: Waits for the given bit to be clear
+//
+// Input: HDD_PASSWORD *pHddPassword,
+// UINT8 BitClear,
+// UINT32 Timeout
+//
+// Output: EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+SMMWaitforBitClear (
+ HDD_PASSWORD *pHddPassword,
+ UINT8 BitClear,
+ UINT32 Timeout
+ )
+{
+ UINT8 Delay;
+ UINT8 Data8;
+
+ for ( ; Timeout > 0; Timeout--) {
+ for ( Delay = 100; Delay > 0; Delay--) {
+ Data8 = IoRead8(pHddPassword->DeviceControlReg);
+ if (!(Data8 & BitClear)) return EFI_SUCCESS;
+ Stall(10); // 10 Usec
+ }
+ }
+ return EFI_TIMEOUT;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SMMWaitforBitSet
+//
+// Description: Checks for a particular Bit to be set for a given amount
+// of time
+//
+// Input: HDD_PASSWORD *pHddPassword,
+// UINT8 BitSet,
+// UINT32 Timeout
+//
+// Output: EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS
+SMMWaitforBitSet (
+ HDD_PASSWORD *pHddPassword,
+ UINT8 BitSet,
+ UINT32 TimeOut
+ )
+{
+ UINT8 Delay;
+ UINT8 Data8;
+
+ for ( ; TimeOut > 0; TimeOut--) {
+ for ( Delay = 100; Delay > 0; Delay--) {
+ Data8 = IoRead8(pHddPassword->DeviceControlReg);
+ if (Data8 & BitSet) return EFI_SUCCESS;
+ Stall(10); // 10 Usec
+ }
+ }
+ return EFI_TIMEOUT;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SMMWaitForCmdCompletion
+//
+// Description: Waits for BSY bit to get clear
+//
+// Input: HDD_PASSWORD *pHddPassword
+//
+// Output: EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes: Wait for BSY bit to get clear. Check for any errors.
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+SMMWaitForCmdCompletion (
+ HDD_PASSWORD *pHddPassword
+ )
+{
+ UINT8 Data8;
+ EFI_STATUS Status;
+
+// Read ATL_STATUS and ignore the result. Just a delay
+ Data8 = IoRead8(pHddPassword->DeviceControlReg);
+
+// Check for BSY bit to be clear
+ Status = SMMWaitforBitClear ( pHddPassword,
+ BSY,
+ DMA_ATAPI_COMMAND_COMPLETE_TIMEOUT);
+
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+// Check for errors.
+ Data8 = IoRead8(pHddPassword->BaseAddress + 7);
+
+ if (Data8 & (ERR | DF)) return EFI_DEVICE_ERROR;
+
+ return EFI_SUCCESS;
+}
+
+#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) )
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SMMAhciSecurityUnlockCommand
+//
+// Description: This Function unlocks HDD password during S3 resume in
+// Ahci Mode Using Int 13.
+//
+// Input: HDD_PASSWORD *pHddPassword
+//
+// Output: EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+SMMAhciSecurityUnlockCommand (
+ HDD_PASSWORD *pHddPassword
+ )
+{
+ UINT8 i;
+ UINT64 AhciBar = 0;
+ UINT8 SccReg;
+ BOOLEAN ControllerinAhciMode = FALSE;
+ UINT32 GlobalControl;
+ COMMAND_STRUCTURE CommandStructure;
+ UINT32 NoofPorts=0;
+
+ if(mAhciSmm == NULL || !AhciSecurityBuffer) {
+ return EFI_NOT_FOUND;
+ }
+
+ // 1. Check if Controller is in AHCI Mode.
+ // 2. Read ABAR Offset and Get HbaAddress.
+ // 3. Disable AHCI_ENABLE.
+ // 4. Issue Controller Reset.
+ // 5. Wait for HBA Reset to Complete.
+ // 6. Enable AHCI_ENABLE.
+
+ AhciBar = *(UINT32*)PCI_CFG_ADDR( pHddPassword->BusNo,
+ pHddPassword->DeviceNo,
+ pHddPassword->FunctionNo,
+ AHCI_BAR);
+ AhciBar &= 0xFFFFFFF0;
+
+ // Store AhciBase address of HDD Drive before calling AhciSmmInitPortOnS3Resume() function
+ // of the "AHCI_BUS_SMM_PROTOCOL"
+ mAhciSmm->AhciBaseAddress=AhciBar;
+
+ // Find Number of Ports from BIT0:BIT4 of the HBA_CAP register
+ NoofPorts = ((MMIO_READ32(AhciBar + HBA_CAP)) & HBA_CAP_NP_MASK) + 1;
+
+ // Check if AHCI MMIO address space resides in SMRAM region. If yes, don't proceed.
+ if( AmiValidateMmioBuffer( (VOID*)mAhciSmm->AhciBaseAddress, HBA_PORTS_START + (NoofPorts * HBA_PORTS_REG_WIDTH) ) ) {
+ return EFI_NOT_FOUND;
+ }
+
+ if(!AhciInit) {
+ SccReg = *(UINT8*)PCI_CFG_ADDR(pHddPassword->BusNo,
+ pHddPassword->DeviceNo,
+ pHddPassword->FunctionNo,
+ PCI_SCC); // Get Scc Register;
+
+ if((SccReg & 0x06) || (SccReg & 0x04)) {
+ ControllerinAhciMode = TRUE;
+ }
+
+ if(ControllerinAhciMode) {
+
+ GlobalControl = MMIO_READ32(AhciBar + 0x04);
+
+ GlobalControl &= 0x7FFFFFFF;
+ MMIO_WRITE32(AhciBar + 0x04, GlobalControl);
+
+ GlobalControl = 0x01;
+ MMIO_WRITE32(AhciBar + 0x04, GlobalControl);
+
+ Stall(5000); // 5 milli Sec Delay
+
+ GlobalControl = 0x80000000;
+ MMIO_WRITE32(AhciBar + 0x04, GlobalControl);
+
+ Stall(1000000); // 1 Sec Delay
+ }
+ AhciInit=TRUE;
+ }
+
+ // Clear the Buffer
+ ZeroMemorySmm (AhciSecurityBuffer, 512);
+ AhciSecurityBuffer[0] = pHddPassword->Control & 1;;
+ if(AhciSecurityBuffer[0]) {
+ //Copy 32 Bytes of Password
+ for (i = 0; i < IDE_PASSWORD_LENGTH; i++) {
+ ((UINT8 *)AhciSecurityBuffer)[i + 2] = pHddPassword->MasterPassword[i];
+ }
+ } else {
+ //Copy 32 Bytes of Password
+ for (i = 0; i < IDE_PASSWORD_LENGTH; i++) {
+ ((UINT8 *)AhciSecurityBuffer)[i + 2] = pHddPassword->UserPassword[i];
+ }
+ }
+ //
+ //Resuming from S3. So bring back the AHCI controller to working state
+ //
+ mAhciSmm->AhciSmmInitPortOnS3Resume(mAhciSmm,pHddPassword->PortNumber);
+
+ //
+ //Setup the Unlock command
+ //
+ ZeroMemorySmm(&CommandStructure, sizeof(COMMAND_STRUCTURE));
+ CommandStructure.SectorCount = 1;
+ CommandStructure.LBALow = 0;
+ CommandStructure.LBAMid = 0;
+ CommandStructure.LBAHigh = 0;
+ CommandStructure.Device = 0x40;
+ CommandStructure.Command = SECURITY_UNLOCK;
+ CommandStructure.Buffer = AhciSecurityBuffer;
+ CommandStructure.ByteCount = 512;
+ //
+ //Issue the unlock command
+ //
+ mAhciSmm->AhciSmmExecutePioDataCommand( mAhciSmm,
+ &CommandStructure,
+ pHddPassword->PortNumber,
+ 0xFF,
+ ATA,
+ TRUE);
+
+#if DISABLE_SOFT_SET_PREV
+ ZeroMemorySmm (&CommandStructure, sizeof(COMMAND_STRUCTURE));
+ CommandStructure.Features = DISABLE_SATA2_SOFTPREV; // Disable Software Preservation
+ CommandStructure.SectorCount = 6;
+ CommandStructure.Command = SET_FEATURE_COMMAND;
+
+ mAhciSmm->AhciSmmExecuteNonDataCommand( mAhciSmm,
+ CommandStructure,
+ pHddPassword->PortNumber,
+ 0xFF,
+ ATA
+ );
+#endif
+
+ //
+ //Issue the Security Freeze lock command
+ //
+ ZeroMemorySmm(&CommandStructure, sizeof(COMMAND_STRUCTURE));
+ CommandStructure.Command = SECURITY_FREEZE_LOCK;
+ mAhciSmm->AhciSmmExecuteNonDataCommand( mAhciSmm,
+ CommandStructure,
+ pHddPassword->PortNumber,
+ 0xFF,
+ ATA
+ );
+
+ //
+ //Issue the Device config Freeze lock command
+ //
+ ZeroMemorySmm (&CommandStructure, sizeof(COMMAND_STRUCTURE));
+ CommandStructure.Command = DEV_CONFIG_FREEZE_LOCK;
+ CommandStructure.Features = DEV_CONFIG_FREEZE_LOCK_FEATURES;
+ mAhciSmm->AhciSmmExecuteNonDataCommand( mAhciSmm,
+ CommandStructure,
+ pHddPassword->PortNumber,
+ 0xFF,
+ ATA
+ );
+
+ return EFI_SUCCESS;
+
+}
+#endif
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SMMSecurityUnlockCommand
+//
+// Description: This Function unlocks HDD password during S3 resume.
+//
+// Input: HDD_PASSWORD *pHddPassword
+//
+// Output: EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+SMMSecurityUnlockCommand (
+ HDD_PASSWORD *pHddPassword
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Data8;
+ UINT8 i;
+ UINT16 Reg;
+
+ // Disable Interrupt
+ IoWrite8(pHddPassword->DeviceControlReg, 2);
+
+ // Select the drive
+ IoWrite8(pHddPassword->BaseAddress + 6, pHddPassword->Device << 4);
+
+ // Wait for BSY to go low
+ Status = SMMWaitforBitClear (pHddPassword, BSY, S3_BUSY_CLEAR_TIMEOUT);
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+ // Clear the Buffer
+ ZeroMemorySmm (SecurityBuffer, 512);
+
+ SecurityBuffer[0] = pHddPassword->Control & 1;;
+
+ if(SecurityBuffer[0]) {
+
+ // Copy 32 Bytes of Password
+
+ for (i = 0; i < IDE_PASSWORD_LENGTH; i++) {
+ ((UINT8 *)SecurityBuffer)[i + 2] = pHddPassword->MasterPassword[i];
+ }
+ } else {
+
+ // Copy 32 Bytes of Password
+ for (i = 0; i < IDE_PASSWORD_LENGTH; i++) {
+ ((UINT8 *)SecurityBuffer)[i + 2] = pHddPassword->UserPassword[i];
+ }
+ }
+
+ Status = SMMIdeNonDataCommand (pHddPassword,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ SECURITY_UNLOCK);
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+ // Wait for Command completion
+ Status = SMMWaitForCmdCompletion (pHddPassword);
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+ // Check for DRQ
+ Status = SMMWaitforBitSet(pHddPassword, DRQ, DRQ_TIMEOUT);
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+ Reg = pHddPassword->BaseAddress;
+
+ // Status = IdeWriteMultipleWord (pHddPassword->BaseAddress, 256, &SecurityBuffer);
+ IoWrite(
+ CpuIoWidthFifoUint16,
+ Reg,
+ 256,
+ SecurityBuffer
+ );
+
+ // Check for errors
+ Status = SMMWaitForCmdCompletion (pHddPassword);
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+ // Check for errors.
+ Data8 = IoRead8 ( pHddPassword->BaseAddress + 7);
+ if(Data8 & 0x21) { // ERR OR DF bit set ?
+ return EFI_DEVICE_ERROR;
+ }
+
+//IA32_DEBUG
+#if DISABLE_SOFT_SET_PREV || FORCE_HDD_PASSWORD_PROMPT
+ Status = SMMIdeNonDataCommand (pHddPassword,
+ DISABLE_SATA2_SOFTPREV,
+ 6,
+ 0,
+ 0,
+ 0,
+ SET_FEATURE_COMMAND);
+
+ // Check for errors
+ Status = SMMWaitForCmdCompletion (pHddPassword);
+ if (EFI_ERROR(Status)) return Status;
+#endif
+
+ Status = SMMIdeNonDataCommand (pHddPassword,
+ DEV_CONFIG_FREEZE_LOCK_FEATURES,
+ 0,
+ 0,
+ 0,
+ 0,
+ DEV_CONFIG_FREEZE_LOCK);
+
+ // Check for errors
+ Status = SMMWaitForCmdCompletion (pHddPassword);
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SMMIdeNonDataCommand
+//
+// Description: Issues Set Feature command (Non Data)
+//
+// Input: HDD_PASSWORD *pHddPassword
+// UINT8 Command
+//
+// Output: EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+SMMIdeNonDataCommand (
+ HDD_PASSWORD *pHddPassword,
+ IN UINT8 Features,
+ IN UINT8 SectorCount,
+ IN UINT8 LBALow,
+ IN UINT8 LBAMid,
+ IN UINT8 LBAHigh,
+ IN UINT8 Command
+)
+{
+
+ EFI_STATUS Status;
+ UINT8 Data8;
+
+// Select the drive
+ IoWrite8(pHddPassword->BaseAddress + 6, pHddPassword->Device << 4);
+
+// Check for Controller presence
+ Data8 = IoRead8(pHddPassword->DeviceControlReg);
+ if (Data8 == 0xFF) {
+ ASSERT(Data8 == 0xFF);
+ return EFI_DEVICE_ERROR;
+ }
+
+// Before Writing to Sector Count Reg, BSY and DRQ bit should be zero
+ Status = SMMWaitforBitClear(pHddPassword, BSY, S3_BUSY_CLEAR_TIMEOUT);
+ if (EFI_ERROR(Status)) return EFI_DEVICE_ERROR;
+
+// Check for DRDY
+ Status = SMMWaitforBitSet(pHddPassword, DRDY, DRDY_TIMEOUT);
+ if (EFI_ERROR(Status)) return EFI_TIMEOUT;
+
+// Issue command
+
+ IoWrite8 ( pHddPassword->BaseAddress + 1, Features);
+ IoWrite8 ( pHddPassword->BaseAddress + 2, SectorCount);
+ IoWrite8 ( pHddPassword->BaseAddress + 3, LBALow);
+ IoWrite8 ( pHddPassword->BaseAddress + 4, LBAMid);
+ IoWrite8 ( pHddPassword->BaseAddress + 5, LBAHigh);
+ IoWrite8 ( pHddPassword->BaseAddress + 7, Command);
+
+ return EFI_SUCCESS;
+
+}
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: LocateSMMServices
+//
+// Description: This function Locates the AhciSmm protocl from the Smm
+//
+// Input: None
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS LocateSMMServices(
+ IN EFI_GUID *VariableGuid,
+ IN VOID **VariablePointer
+)
+{
+ UINTN Index;
+
+ for (Index = 0; Index < gSmst->NumberOfTableEntries; ++Index) {
+ if (guidcmp(&gSmst->SmmConfigurationTable[Index].VendorGuid,VariableGuid) == 0) {
+ break;
+ }
+ }
+
+ if (Index != gSmst->NumberOfTableEntries) {
+ *VariablePointer = gSmst->SmmConfigurationTable[Index].VendorTable;
+ return EFI_SUCCESS;
+ }
+
+ return EFI_NOT_FOUND;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: LocateIdeSmmProtocols
+//
+// Description: This function Locates the protocols and saves in global pointe
+//
+// Input: None
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID LocateIdeSmmProtocols()
+{
+
+#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) )
+ if(mAhciSmm == NULL && gSmst ) {
+ LocateSMMServices(&gAhciSmmProtocolGuid,(VOID **)&mAhciSmm);
+ }
+#endif
+ return;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: SaveHDDPassword
+//
+// Description: This function saves the HDD password and other information
+// necessary to unlock HDD password during S3 Resume.
+//
+// Input: DispatchHandle Handle to the Dispatcher
+// DispatchContext SW SMM dispatcher context
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+EFI_STATUS SaveHDDPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN CONST VOID *DispatchContext OPTIONAL,
+ IN OUT VOID *CommBuffer OPTIONAL,
+ IN OUT UINTN *CommBufferSize OPTIONAL
+#else
+VOID SaveHDDPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
+#endif
+)
+{
+
+ HDD_PASSWORD *pHddPassword=NULL, *StoredHDDList;
+ DLINK *dlink;
+ UINT8 i;
+ BOOLEAN UserOrMaster = FALSE;
+ BOOLEAN CheckFlag;
+ EFI_STATUS Status=EFI_SUCCESS;
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+ pHddPassword = (HDD_PASSWORD *)CommBuffer;
+#else
+ Status = pBS->LocateProtocol(&gSecurityModeProtocolGuid, NULL, &IdeSecurityInterface);
+ if(!EFI_ERROR(Status)) {
+ pHddPassword = IdeSecurityInterface->pHDDPasswordBuffer;
+ }
+#endif
+
+ if (!pHddPassword) {
+ RETURN(Status);
+ }
+
+ // Check if signature is present or not
+ if ((UINT32) pHddPassword->Signature != '$HDD') {
+ RETURN(Status);
+ }
+
+ // Check whether info about the HDD is already present
+ dlink = gPasswordList.pHead;
+ for ( ; dlink; dlink = dlink->pNext) {
+ StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD);
+ CheckFlag = FALSE;
+ if(StoredHDDList->ModeFlag) {
+ if (StoredHDDList->PortNumber == pHddPassword->PortNumber) {
+ CheckFlag = TRUE;
+ }
+ } else {
+ if ((StoredHDDList->BaseAddress == pHddPassword->BaseAddress) &&
+ (StoredHDDList->Device == pHddPassword->Device)) {
+ CheckFlag = TRUE;
+ }
+ }
+
+ if (CheckFlag) {
+ UserOrMaster = (BOOLEAN)((pHddPassword->Control) & 0x01);
+
+ if(UserOrMaster){
+ // Match has been found. Just copy the Password buffer
+ for (i = 0; i < sizeof (pHddPassword->MasterPassword); i++) {
+ StoredHDDList->MasterPassword[i] = pHddPassword->MasterPassword[i];
+ }
+ } else {
+ // Match has been found. Just copy the Password buffer
+ for (i = 0; i < sizeof (pHddPassword->UserPassword); i++) {
+ StoredHDDList->UserPassword[i] = pHddPassword->UserPassword[i];
+ }
+ }
+ RETURN(Status);
+ }
+ }
+
+ // Allocate memory needed while unlocking the Password. Done only once.
+ // Same buffer will be reused.
+ if (SecurityBuffer == NULL) {
+ pSmst->SmmAllocatePool(0, 512, &SecurityBuffer);
+ }
+
+ // Match has not been found. Allocate memory and copy the buffer.
+ if (pSmst->SmmAllocatePool(0, sizeof(HDD_PASSWORD), &StoredHDDList) != EFI_SUCCESS) {
+ RETURN(Status);
+ }
+ for (i = 0; i < sizeof (HDD_PASSWORD); i++) ((UINT8 *)StoredHDDList)[i] = ((UINT8 *)pHddPassword)[i];
+ DListAdd(&gPasswordList, &StoredHDDList->LinkList);
+
+ RETURN(Status);
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: UnlockHDDPassword
+//
+// Description: This Function unlocks HDD password during S3 resume.
+//
+// Input: DispatchHandle Handle to the Dispatcher
+// DispatchContext SW SMM dispatcher context
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+EFI_STATUS UnlockHDDPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN CONST VOID *DispatchContext OPTIONAL,
+ IN OUT VOID *CommBuffer OPTIONAL,
+ IN OUT UINTN *CommBufferSize OPTIONAL
+#else
+VOID UnlockHDDPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
+#endif
+)
+{
+ HDD_PASSWORD *StoredHDDList;
+ DLINK *dlink;
+ EFI_STATUS Status=EFI_SUCCESS;
+
+ dlink = gPasswordList.pHead;
+ for ( ; dlink; dlink = dlink->pNext) {
+ StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD);
+ if (StoredHDDList->Signature == '$HDD') {
+ if(!StoredHDDList->ModeFlag) {
+ SMMSecurityUnlockCommand (StoredHDDList);
+ } else {
+#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) )
+ SMMAhciSecurityUnlockCommand (StoredHDDList);
+#endif
+ }
+ }
+ }
+ AhciInit=FALSE;
+
+ RETURN(Status);
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: RemoveHDDPassword
+//
+// Description: This Function removes HDD password from the internal database
+//
+// Input: DispatchHandle Handle to the Dispatcher
+// DispatchContext SW SMM dispatcher context
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+EFI_STATUS RemoveHDDPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN CONST VOID *DispatchContext OPTIONAL,
+ IN OUT VOID *CommBuffer OPTIONAL,
+ IN OUT UINTN *CommBufferSize OPTIONAL
+#else
+VOID RemoveHDDPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
+#endif
+)
+{
+ HDD_PASSWORD *pHddPassword, *StoredHDDList;
+ DLINK *dlink;
+ EFI_STATUS Status=EFI_SUCCESS;
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+ pHddPassword = (HDD_PASSWORD *)CommBuffer;
+#else
+ Status = pBS->LocateProtocol(&gSecurityModeProtocolGuid, NULL, &IdeSecurityInterface);
+ if(!EFI_ERROR(Status)) {
+ pHddPassword = IdeSecurityInterface->pHDDPasswordBuffer;
+ }
+#endif
+
+ if (!pHddPassword) {
+ RETURN(Status);
+ }
+
+// Check if signature is present or not
+ if ((UINT32) pHddPassword->Signature != '$HDD') {
+ RETURN(Status);
+ }
+
+// Check whether info about the HDD is already present
+ dlink = gPasswordList.pHead;
+ for ( ; dlink; dlink = dlink->pNext) {
+ StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD);
+ if(StoredHDDList->ModeFlag) {
+ if (StoredHDDList->PortNumber == pHddPassword->PortNumber) {
+ DListDelete(&gPasswordList, &StoredHDDList->LinkList);
+ }
+ } else {
+ if ((StoredHDDList->BaseAddress == pHddPassword->BaseAddress) &&
+ (StoredHDDList->Device == pHddPassword->Device)) {
+ DListDelete(&gPasswordList, &StoredHDDList->LinkList);
+ }
+ }
+
+ }
+ RETURN(Status);
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IdeSmmMiscSmiPassword
+//
+// Description: This Function Freeze locks HDD, Issues Disable/Enable Software
+// Settings preservation Feature for Security Supported HDDs.
+// Input: DispatchHandle Handle to the Dispatcher
+// DispatchContext SW SMM dispatcher context
+//
+// Output: None
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+EFI_STATUS IdeSmmMiscSmiPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN CONST VOID *DispatchContext OPTIONAL,
+ IN OUT VOID *CommBuffer OPTIONAL,
+ IN OUT UINTN *CommBufferSize OPTIONAL
+#else
+VOID IdeSmmMiscSmiPassword (
+ IN EFI_HANDLE DispatchHandle,
+ IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
+#endif
+)
+{
+ EFI_STATUS Status;
+ HDD_PASSWORD *StoredHDDList;
+ DLINK *dlink;
+
+ dlink = gPasswordList.pHead;
+ for ( ; dlink; dlink = dlink->pNext) {
+ StoredHDDList = OUTTER(dlink, LinkList, HDD_PASSWORD);
+ if (StoredHDDList->Signature == '$HDD') {
+
+ Status = SMMIdeNonDataCommand (StoredHDDList,
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ SECURITY_FREEZE_LOCK);
+
+ // Check for errors
+ Status = SMMWaitForCmdCompletion (StoredHDDList);
+ if (EFI_ERROR(Status)) {
+ RETURN(Status);
+ }
+
+#if DISABLE_SOFT_SET_PREV || FORCE_HDD_PASSWORD_PROMPT
+
+ Status = SMMIdeNonDataCommand (StoredHDDList,
+ DISABLE_SATA2_SOFTPREV,
+ 6,
+ 0,
+ 0,
+ 0,
+ SET_FEATURE_COMMAND);
+
+ // Check for errors
+ Status = SMMWaitForCmdCompletion (StoredHDDList);
+ if (EFI_ERROR(Status)) {
+ RETURN(Status);
+ }
+#endif
+ }
+ }
+
+ RETURN(Status);
+}
+
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: LocateAhciSMM
+//
+// Description: This function Locates the AhciSMM driver and save pointer globally.
+//
+// Input: DispatchHandle Handle to the Dispatcher
+// DispatchContext SW SMM dispatcher context
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+EFI_STATUS LocateAhciSMM (
+ IN EFI_HANDLE DispatchHandle,
+ IN CONST VOID *DispatchContext OPTIONAL,
+ IN OUT VOID *CommBuffer OPTIONAL,
+ IN OUT UINTN *CommBufferSize OPTIONAL
+#else
+VOID LocateAhciSMM (
+ IN EFI_HANDLE DispatchHandle,
+ IN EFI_SMM_SW_DISPATCH_CONTEXT *DispatchContext
+#endif
+)
+{
+ EFI_STATUS Status=EFI_SUCCESS;
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+ // Unlock command Buffer
+ AhciSecurityBuffer = (UINT8 *)(*(UINTN *)CommBuffer);
+#else
+ if(!AhciSecurityBuffer) {
+ Status = pBS->AllocatePool ( EfiReservedMemoryType,
+ 512,
+ (VOID**)&AhciSecurityBuffer );
+ }
+#endif
+
+ LocateIdeSmmProtocols();
+ RETURN(Status);
+}
+
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IdeSmmInSmmFunction
+//
+// Description: Called from InstallSmiHandler
+//
+// Input:
+//
+//
+// Output: None
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS IdeSmmInSmmFunction(
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE Handle;
+ EFI_SMM_SW_REGISTER_CONTEXT Unlock_HDD_Password = {SW_SMI_HDD_UNLOCK_PASSWORD};
+ EFI_SMM_SW_REGISTER_CONTEXT IdeSmm_MiscSmi_Password = {SW_SMI_HDD_MISC_SMM_FEATURES};
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+ EFI_SMM_BASE2_PROTOCOL *pSmmBase2;
+ EFI_SMM_SW_DISPATCH2_PROTOCOL *pSwDispatch = NULL;
+
+#else
+ EFI_SMM_BASE_PROTOCOL *pSmmBase;
+ EFI_SMM_SW_DISPATCH_PROTOCOL *pSwDispatch = NULL;
+#endif
+
+#if defined(PI_SPECIFICATION_VERSION)&&!(PI_SPECIFICATION_VERSION>=0x00010014)
+ EFI_SMM_SW_REGISTER_CONTEXT Save_HDD_Password = {SW_SMI_HDD_PASSWORD_SAVE};
+ EFI_SMM_SW_REGISTER_CONTEXT Remove_HDD_Password = {SW_SMI_HDD_PASSWORD_REMOVE};
+ EFI_SMM_SW_REGISTER_CONTEXT Locate_Ahci_SMM = {SW_SMI_AHCI_LOCATE_AHCI_SMM};
+#endif
+
+ InitAmiBufferValidationLib(ImageHandle, SystemTable);
+ Status = InitAmiSmmLib( ImageHandle, SystemTable );
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION >= 0x4028B)
+
+ Status = pBS->LocateProtocol(&gEfiSmmBase2ProtocolGuid, NULL, &pSmmBase2);
+
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ //
+ // We are in SMM, retrieve the pointer to SMM System Table
+ //
+ Status = pSmmBase2->GetSmstLocation( pSmmBase2, &gSmst);
+ if (EFI_ERROR(Status)) {
+ return EFI_UNSUPPORTED;
+ }
+
+ Status = gSmst->SmmLocateProtocol( &gEfiSmmSwDispatch2ProtocolGuid, \
+ NULL, \
+ &pSwDispatch );
+
+#else
+
+ Status = pBS->LocateProtocol(&gEfiSmmBaseProtocolGuid, NULL, &pSmmBase);
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ Status = pSmmBase->GetSmstLocation(pSmmBase,&gSmst);
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ Status = pBS->LocateProtocol(&gEfiSmmSwDispatchProtocolGuid, NULL, &pSwDispatch);
+#endif
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+ DListInit(&gPasswordList);
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+
+ Status = gSmst->SmiHandlerRegister(
+ (VOID *)SaveHDDPassword,
+ &gSaveHddPasswordGuid,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+ Status = gSmst->SmiHandlerRegister(
+ (VOID *)RemoveHDDPassword,
+ &gRemoveHddPasswordGuid,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+ Status = gSmst->SmiHandlerRegister(
+ (VOID *)LocateAhciSMM,
+ &gLocateIdeAhciSmmProtocolGuid,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ }
+
+#else
+ Status = pSwDispatch->Register(
+ pSwDispatch,
+ SaveHDDPassword,
+ &Save_HDD_Password,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+ Status = pSwDispatch->Register(
+ pSwDispatch,
+ RemoveHDDPassword,
+ &Remove_HDD_Password,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+ Status = pSwDispatch->Register(
+ pSwDispatch,
+ LocateAhciSMM ,
+ &Locate_Ahci_SMM ,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+#endif
+
+ Status = pSwDispatch->Register(
+ pSwDispatch,
+ UnlockHDDPassword,
+ &Unlock_HDD_Password,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+
+ Status = pSwDispatch->Register(
+ pSwDispatch,
+ IdeSmmMiscSmiPassword ,
+ &IdeSmm_MiscSmi_Password ,
+ &Handle
+ );
+
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return Status;
+ }
+
+ return EFI_SUCCESS;
+}
+
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IdeHDDPasswordSMMInit
+//
+// Description: Initializes HDD Password SMM Drivers.
+//
+// Input:
+//
+// Output:
+// EFI_STATUS
+//
+// Modified:
+//
+// Referrals:
+//
+// Notes:
+// Here is the control flow of this function:
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS
+IdeHDDPasswordSMMInit(
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ InitAmiLib(ImageHandle,SystemTable);
+ return InitSmmHandler(ImageHandle, SystemTable, IdeSmmInSmmFunction, NULL);
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2015, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
diff --git a/Core/EM/HddSecurity/IDESMM.cif b/Core/EM/HddSecurity/IDESMM.cif
new file mode 100644
index 0000000..f64fdff
--- /dev/null
+++ b/Core/EM/HddSecurity/IDESMM.cif
@@ -0,0 +1,12 @@
+<component>
+ name = "IDESMM"
+ category = ModulePart
+ LocalRoot = "Core\EM\HddSecurity\"
+ RefName = "IDESMM"
+[files]
+"IDESMM.sdl"
+"IDESMM.mak"
+"IDESMM.h"
+"IDESMM.c"
+"IDESMM.DXS"
+<endComponent>
diff --git a/Core/EM/HddSecurity/IDESMM.h b/Core/EM/HddSecurity/IDESMM.h
new file mode 100644
index 0000000..e3850a4
--- /dev/null
+++ b/Core/EM/HddSecurity/IDESMM.h
@@ -0,0 +1,198 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.h 7 12/09/14 1:41a Anbuprakashp $
+//
+// $Revision: 7 $
+//
+// $Date: 12/09/14 1:41a $
+//
+//*********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.h $
+//
+// 7 12/09/14 1:41a Anbuprakashp
+// [TAG] EIP193600
+// [Category] Improvement
+// [Description] Security Enhancement for SMIHandler in HddSecurity
+// module
+// [Files] IDESMM.mak, IDESMM.h, IDESMM.c
+//
+// 6 1/08/13 12:41a Rameshr
+// [TAG] EIP109495
+// [Category] Improvement
+// [Description] HddSecurity driver needs to be updated for PI
+// specification 1.2
+// [Files] IdeSmm.c, IdeSmm.dxs, IdeSmm.h, IdeSmm.cif
+//
+// 5 9/27/11 3:04a Rajeshms
+// [TAG] EIP69295
+// [Category] Improvement
+// [Description] The Timeout values used by IDE and AHCI drivers are
+// made as SDL tokens, so that the timeout values can be varied.
+// [Files] IdeBusBoard.c, CORE_DXE.sdl, AhciSmm.h, AhciBus.h, IDESMM.h,
+// Ata.c, Atapi.c, IdeBus.c, IdeBus.h, IdeBusMaster.c, IdeBusBoard.h
+//
+// 4 3/24/11 5:24a Rameshr
+// [TAG] - EIP 56827
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - Buld error from IdeSmm.h
+// [RootCause]- Invalid characters in IdeSmm.h
+// [Solution] - Removed the Invalid Charater from IdeSmm.h
+// [Files] - IdeSmm.h
+//
+// 3 1/15/10 10:16a Yul
+// Coding Standard
+//
+// 2 4/28/09 6:57p Rameshr
+// HDD password support in RAID mode
+// EIP:20421
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+// 2 22/06/07 12:44p Anandakrishnanl
+// HardDisk Security Support Module Added.
+// Need ACPI Module and SB Module and under Core\Include we updated
+// Setup.h.
+// Also New IdeBus bin module.
+//
+// 1 13/04/07 3:08p Anandakrishnanl
+// Ide Bus Module - Update source files to comply with AMI coding
+// standard"!!!
+//
+//*********************************************************************
+
+//<AMI_FHDR_START>
+//----------------------------------------------------------------------------
+//
+// Name: <IDESMM.h>
+//
+// Description: This file contains the Includes, Definitions, typedefs,
+// Variable and External Declarations, Structure and
+// function prototypes needed for the IDESMM Component
+//
+//----------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#ifndef _IDESMM_H_
+#define _IDESMM_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <Token.h>
+#include <AmiDxeLib.h>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)&&(CORE_COMBINED_VERSION>=0x4028B)
+#include <Protocol\SmmCpu.h>
+#include <Protocol\SmmBase2.h>
+#include <Protocol\SmmSwDispatch2.h>
+#else
+#include <Protocol\SmmBase.h>
+#include <Protocol\SmmSwDispatch.h>
+#endif
+#include "IdeSecurity.h"
+#include <AmiBufferValidationLib.h>
+
+#ifndef DMA_ATAPI_COMMAND_COMPLETE_TIMEOUT
+#define DMA_ATAPI_COMMAND_COMPLETE_TIMEOUT 16000 // 16Sec
+#endif
+
+#ifndef S3_BUSY_CLEAR_TIMEOUT
+#define S3_BUSY_CLEAR_TIMEOUT 10000 // 10Sec
+#endif
+
+#ifndef HBA_CAP
+#define HBA_CAP 0x0000
+#endif
+
+#ifndef HBA_CAP_NP_MASK
+#define HBA_CAP_NP_MASK 0x1F
+#endif
+
+#ifndef HBA_PORTS_START
+#define HBA_PORTS_START 0x0100
+#endif
+
+#ifndef HBA_PORTS_REG_WIDTH
+#define HBA_PORTS_REG_WIDTH 0x0080
+#endif
+
+#define BUSY_CLEAR_TIMEOUT 1000 // 1Sec
+#define DRDY_TIMEOUT 1000 // 1Sec
+#define DRQ_TIMEOUT 10 // 10msec
+#pragma pack(1)
+
+typedef struct
+{
+ UINT8 bFeature;
+ UINT8 bSectorCount;
+ UINT8 bLbaLow;
+ UINT8 bLbaMid;
+ UINT8 bLbaHigh;
+ UINT8 bDevice;
+ UINT8 bCommand;
+} COMMAND_BUFFER;
+
+#pragma pack()
+
+EFI_STATUS SMMSecurityUnlockCommand (
+ HDD_PASSWORD *pHddPassword
+);
+
+EFI_STATUS SMMIdeNonDataCommand (
+ HDD_PASSWORD *pHddPassword,
+ IN UINT8 Features,
+ IN UINT8 SectorCount,
+ IN UINT8 LBALow,
+ IN UINT8 LBAMid,
+ IN UINT8 LBAHigh,
+ IN UINT8 Command );
+
+void ZeroMemorySmm (
+ void *Buffer,
+ UINTN Size );
+
+EFI_STATUS
+IdeSmmInSmmFunction(
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
+
+
+/****** DO NOT WRITE BELOW THIS LINE *******/
+#ifdef __cplusplus
+}
+#endif
+
+#endif // _IDESMM_H_
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2013, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Core/EM/HddSecurity/IDESMM.mak b/Core/EM/HddSecurity/IDESMM.mak
new file mode 100644
index 0000000..723b4f4
--- /dev/null
+++ b/Core/EM/HddSecurity/IDESMM.mak
@@ -0,0 +1,95 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2005, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.mak 4 12/09/14 1:41a Anbuprakashp $
+#
+# $Revision: 4 $
+#
+# $Date: 12/09/14 1:41a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSmm/IDESMM.mak $
+#
+# 4 12/09/14 1:41a Anbuprakashp
+# [TAG] EIP193600
+# [Category] Improvement
+# [Description] Security Enhancement for SMIHandler in HddSecurity
+# module
+# [Files] IDESMM.mak, IDESMM.h, IDESMM.c
+#
+# 3 6/06/13 2:24a Rameshr
+# [TAG] EIP122239
+# [Category] Improvement
+# [Description] IdeSmm should be part of the SMM driver
+# [Files] IdeSmm.mak
+#
+# 2 6/01/10 12:28p Krishnakumarg
+# Removed Tab spaces
+#
+# 1 28/02/08 6:40p Anandakrishnanl
+# Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+# IdeBus driver to be compatable with the AHCI Bus driver.
+#
+# 2 13/04/07 3:08p Anandakrishnanl
+# Ide Bus Module - Update source files to comply with “AMI coding
+# standard"!!!
+#
+# 1 12/14/05 2:57p Srinin
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: IDESMM.mak
+#
+# Description: Make file for the Idesmm component
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+all : IdeSMM
+
+IdeSMM : $(BUILD_DIR)\IdeSMM.mak IdeSMMBin
+
+$(BUILD_DIR)\IdeSMM.mak : $(IDESMM_DIR)\$(@B).cif $(IDESMM_DIR)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(IDESMM_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+IDE_SMM_INCLUDES = $(AMIDXELIB) \
+ $(BUILD_DIR)\AmiBufferValidationLib.lib
+
+IdeSMMBin : $(IDE_SMM_INCLUDES)
+ @set INCLUDE=%%INCLUDE%%
+ $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\
+ /f $(BUILD_DIR)\IdeSMM.mak all\
+ GUID=316B1230-0500-4592-8C09-EABA0FB6B07F\
+ ENTRY_POINT=IdeHDDPasswordSMMInit\
+!IF $(PI_SPECIFICATION_VERSION)<0x00001000A
+ TYPE=BS_DRIVER\
+!ELSE
+ TYPE=SMM_DRIVER\
+!ENDIF
+ COMPRESS=1\
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2005, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#********************************************************************** \ No newline at end of file
diff --git a/Core/EM/HddSecurity/IDESMM.sdl b/Core/EM/HddSecurity/IDESMM.sdl
new file mode 100644
index 0000000..d6ddda5
--- /dev/null
+++ b/Core/EM/HddSecurity/IDESMM.sdl
@@ -0,0 +1,66 @@
+TOKEN
+ Name = "IDESMM_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable IDESMM support in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ Master = Yes
+ Token = "HDD_SECURITY_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "SW_SMI_HDD_PASSWORD_SAVE"
+ Value = "0D0h"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "SW_SMI_HDD_UNLOCK_PASSWORD"
+ Value = "0D1h"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "SW_SMI_HDD_PASSWORD_REMOVE"
+ Value = "0D2h"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "SW_SMI_HDD_MISC_SMM_FEATURES"
+ Value = "0D3h"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "SW_SMI_AHCI_LOCATE_AHCI_SMM"
+ Value = "0D4h"
+ TokenType = Integer
+ TargetEQU = Yes
+ TargetH = Yes
+End
+
+PATH
+ Name = "IDESMM_DIR"
+End
+
+MODULE
+ Help = "Includes IDESMM.mak to Project"
+ File = "IDESMM.mak"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\IDESMM.ffs"
+ Parent = "FV_MAIN"
+ Token = "IDESMM_SUPPORT" "=" "1"
+ InvokeOrder = AfterParent
+End \ No newline at end of file
diff --git a/Core/EM/HddSecurity/IdeSecurity.c b/Core/EM/HddSecurity/IdeSecurity.c
new file mode 100644
index 0000000..cfa9d89
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.c
@@ -0,0 +1,2939 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2015, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.c 43 4/22/15 3:57a Anbuprakashp $
+//
+// $Revision: 43 $
+//
+// $Date: 4/22/15 3:57a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.c $
+//
+// 43 4/22/15 3:57a Anbuprakashp
+// [TAG] EIP212319
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] System hang while SW_SMI_AHCI_LOCATE_AHCI_SMM SMI trigger
+// after enable SmmChkEn bit
+// [RootCause] Bootservice call used inside IdeSmm driver which causes
+// the Exception
+// [Solution] Changes made not to use BootService calls inside IdeSmm
+// driver
+// [Files] IdeSecurity.h
+// IdeSecurity.c
+// IDESMM.c
+//
+// 42 3/16/15 5:50a Rameshr
+// [TAG] EIP208331
+// [Category] Improvement
+// [Description] Avoid sending freeze Lock command to the device if the
+// HDD already in frozen state
+// [Files] IdeSecurity.c, HddPassword.c
+//
+// 41 6/09/14 9:30a Anbuprakashp
+// [TAG] EIP172445
+// [Category] Improvement
+// [Description] Runtime attribute set for the some of the variable used
+// by Aptio-4 HddSecurity driver and needs to be reviewed
+// [Files] IdeSecurity.c
+//
+// 40 4/07/14 2:39a Nimishsv
+// [TAG] EIP151848
+// [Category] Improvement
+// [Description] [HDD security]Clear HDD security data related variable
+// when secuirty disabled
+// [Files] IdeSecurity.c
+//
+// 39 3/25/14 6:21a Rameshr
+// [TAG] EIP160499
+// [Category] Improvement
+// [Description] Do not get HDD password variable if HDD is in lock
+// state
+// [Files] IdeSecurity.c
+//
+// 38 3/25/14 6:12a Rameshr
+// [TAG] EIP124591
+// [Category] Improvement
+// [Description] Before sending the freeze lock command for the HDD,
+// check the Hdd security status (locked or unlocked) and if the hdd is
+// unlocked state, send the freeze lock command to hdd
+// [Files] IdeSecurity.c
+//
+// 37 12/18/13 4:05a Srikantakumarp
+// [TAG] EIP127356
+// [Category] Improvement
+// [Description] Flash NVRAM seems to cause HDD can't be unlocked when
+// S3 resume.
+// [Files] IdeSecurity.c, IDESMM.c, HddPassword.c, AhciBus.c, AhciBus.h
+//
+// 36 1/17/12 12:50a Jittenkumarp
+// [TAG] EIP78432
+// [Category] Bug Fix
+// [Symptom] The password set for OEM_MASTER_PASSWORD_TAG token is not
+// authenticated when the token SETUP_PASSWORD_NON_CASE_SENSITIVE is set
+// to 1.
+// [RootCause] When SETUP_PASSWORD_NON_CASE_SENSITIVE token is 1, input
+// password is always converted to Uppercase but OEM_MASTER_PASSWORD_TAG
+// is in lower case.
+// [Solution] OEM_MASTER_PASSWORD_TAG is converted into Uppercase before
+// storing in memory.
+// [Files] IdSecurity.c
+//
+// 35 1/05/12 6:25a Anandakrishnanl
+// [TAG] EIP79637
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] Enhanced Erase Mode not Working
+// [RootCause] IdeSecurity Module SecurityEraseUnit did not handle Bit1
+// of Control Word to identify if it is a normal erase or Enhanced erase
+// [Solution] [IdeSecurity Module]SIECURITY ERASE UNIT command needs
+// Enhanced mode support
+// Code changed from Control &= 0x1; // Bit0 is valid to Control &= 0x3;
+// // Bit0 and Bit 1 is valid
+// to make EnhancedErase functional.
+// [Files] IdeSecurity.c
+//
+// 34 12/19/11 1:06a Rameshr
+// [TAG] EIP77527
+// [Category] Improvement
+// [Description] IdeSecurity, IdeAcoustic and IdeSmart changes should be
+// done based on the Core Version checking.
+// [Files] IdeSecurity.c, IdeSmart.c , Acoustic.c
+//
+// 33 12/05/11 6:24p Rajkumarkc
+// [TAG] EIP77142
+// [Category] Improvement
+// [Description] Added the function 'IdeNonDataCommandExp' in the
+// 'IDE_BUS_PROTOCOL' and removed the existing function
+// 'IdeNonDataCommand' for supporting the upper 24bits of LBA.
+// [Files]
+// Ata.c, IdeBus.c, Idebus.h, PIDEBus.h, Acoustic.c, IdeSecurity.c,
+// IdeSMART.c
+//
+// 32 10/21/11 4:11a Rameshr
+// [TAG] EIP69247
+// [Category] Bug Fix
+// [Severity] Minor
+// [Symptom] Several IdeSecurity.sdl tokens are not working properly
+// [RootCause] Several IdeSecurity.sdl tokens are not working properly
+// [Solution] Removed unwanted SDL token and verified all the SDL token
+// function.
+// [Files] IdeSecurity.c, IdeSecurity.sdl, IdeSecurity.sdl
+//
+// 31 10/21/11 2:22a Rameshr
+// [TAG] EIP70395
+// [Category] Bug Fix
+// [Severity] Minor
+// [Symptom] When an Empty Master Password string is entered for the
+// first time(when no password was installed before), the
+// IDEPasswordUpdateHdd returns a Boolean "TRUE"
+// [RootCause] SecurityDisablePassword function returns the status of
+// SetDefaultMasterPassword function which is EFI_SUCCESS instead of
+// returning the status of SecurityCommonRoutine which will fail.
+// [Solution] SecurityCommonRoutine function status returned as the
+// status for SecurityDisablePassword function.
+// [Files] IdeSecurity.c
+//
+// 30 10/11/11 1:54a Rameshr
+// [TAG] EIP69246
+// [Category] Improvement
+// [Description] Made the SECURITY_SUPPORT as the Master token and
+// removed the IdeSecurity_Support token.
+//
+// [Files] IdeSecurity.c, IdeSecurity.h, IdeSecurity.mak,
+// IdeSecurity.sdl
+//
+// 29 10/11/11 1:34a Rameshr
+// [TAG] EIP70918
+// [Category] Bug Fix
+// [Severity] Minor
+// [Symptom] On S3 resume system will throw blue screen error, when HDD
+// password is set
+// [RootCause] Ld assume that the data is UINT64. But the actual data is
+// UINT32.
+// [Solution] To display d should be enough as the DataId is UINT32
+// [Files] IdeSecurity.c
+//
+// 28 4/27/11 6:03a Anandakrishnanl
+// [TAG] EIP54315
+// [Category] Bug Fix
+// [Severity] Important
+// [Symptom] SugarBay IdeSecurity increase S3 Resume time
+// [RootCause] Setting the MASTER_PASSWORD_ENABLE sdl token in Ide
+// security Module saves the password in Smm all the time in reboots. This
+// causes the system to ask for master password even when it is not locked
+// which causes Long Timeout in S3 resume.
+// [Solution] Fix by not saving the master pasword in SMM at the time
+// of Set password. Only Unlock password will save validated password in
+// SMM area.
+// [Files] IdeSecurity.c
+//
+// 27 4/06/11 12:52a Rameshr
+// [TAG]- EIP 57341
+// [Category]-IMPROVEMENT
+// [Description]- Added Support for SMM PI 1.1 in HDDSecurity eModule.
+// [Files]- IdeSecurity.c , IdeSecurity.h, IdeSecurity.dxs
+//
+// 26 12/03/10 12:23a Rameshr
+// [TAG] - EIP 48770
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - HddSecurity build error when disable the IDEBUS module..
+// [RootCause]- IdebusLib used with IdeSecurity Module.
+// [Solution] - Removed IdebusLib usage from source and mak file.
+// [Files] - Idesecurity.c, IdeSecurity.mak
+//
+// 25 10/20/10 2:49a Rameshr
+// [TAG]- EIP 43492
+// [Category]-IMPROVEMENT
+// [Description]- Added the INTEL_IDE_PROTOCOL also to support old Core
+// and drivers.
+// [Files]- IdeSecurity.c
+//
+// 24 10/11/10 6:36p Krishnakumarg
+// [TAG] - EIP 44603
+// [Category] - Enhancement
+// [Severity] - Minor
+// [Symptom] - No Hdd Password in Nvram once enable
+// FORCE_HDD_PASSWORD_PROMPT
+// [RootCause]- Password not stored in NVRAM on enabling the
+// FORCE_HDD_PASSWORD_PROMPT token.
+// [Solution] - Password will be stored in nvram based on
+// HDD_PASSWORD_ON_NVRAM token.
+// [Files] - IdeSecurity.c, IdeSecurity.sdl
+//
+// 23 10/11/10 10:59a Krishnakumarg
+// [TAG]- EIP 43249
+// [Category]-IMPROVEMENT
+// [Description]- Non-Ascii character in comments causing build problem in
+// japanese XP
+// [Files]- IdeSecurity.c,IDESMM.c, InstallIdeSmi, Ata.c, Atapi.c,
+// IDEBusComponentName.c, IdeBusMaster.c, IdeHPA.c, IdePowerManagement.c
+//
+// 22 9/13/10 1:37a Rameshr
+// [TAG]- EIP 43299
+// [Category]-IMPROVEMENT
+// [Description]- About IdeSecurity module. It use soft smi port 0xb2
+// directly.It will need to re-modify on all of AMD project.
+// 1) Added the SDL token for Sw SMI port address.
+// 2) Used Pciio protocol to get the device location and
+// passed this information to SMM driver.
+// [Files]- IdeSecurity.c, IdeSmm.c, PideBus.h
+//
+// 21 9/13/10 1:31a Rameshr
+// [TAG]- EIP 43492
+// [Category]-IMPROVEMENT
+// [Description]- Change the INTEL_IDE_PROTOCOL into EFI_IDE_PROTOCOL in
+// IdeSecurity.c
+// [Files]- IdeSecurity.c
+//
+// 20 6/07/10 7:18p Krishnakumarg
+// Build error in "4.6.3_HddSecurity_011" label.EIP#39531
+//
+// 19 5/06/10 4:39p Yul
+// Refer to EIP 37975 IdeSecurity related fixes.
+//
+// 18 2/19/10 12:47p Yul
+// Delete the comment out codes
+//
+// 17 1/21/10 12:06p Yul
+// Refer to EIP 33848.
+// LegacyBios protocol is not needed here.
+//
+// 16 1/15/10 10:20a Yul
+// Coding Standard
+//
+// 15 12/22/09 3:22p Krishnakumarg
+// Update for chm file. Added some more comments in function headers
+//
+// 14 12/09/09 12:17p Krishnakumarg
+// EIP 31797 : IDE Security API documentation. Added comments whereever
+// possible and modified files for coding standard
+//
+// 13 11/25/09 6:02p Krishnakumarg
+// Updated the file with comments to comply with AMI coding standard.
+//
+// 12 10/14/09 12:49p Krishnakumarg
+// CloseEvent funtion used instead of a static variable in callback
+// routines - EIP 27065
+//
+// 11 7/09/09 4:52p Fasihm
+// Update Identify Data before checking the Security Status of the Hard
+// Disk.
+//
+// 10 4/28/09 6:52p Rameshr
+// HDD password support in RAID mode
+// EIP:20421
+//
+// 9 3/31/09 7:02p Davidd
+// Added FORCE_HDD_PASSWORD_PROMPT token and Device Configuration Freeze
+// Lock programming.
+//
+// 8 3/29/09 11:11a Rameshr
+// Security Erase command timeout value should be from the Identify packet
+// command word 89. Added code in Ahci and IDE drivers. So removed the
+// Extra timeout checking code from here.
+// EIP 20630
+//
+// 7 3/18/09 11:24a Fredericko
+// EIP19618 removed dependency on foundation.lib
+//
+// 6 3/13/09 3:41p Fredericko
+//
+// 1 10/17/08 7:28p Fasihm
+// This is the Initial check-in for the complete AMI Aptio source for the
+// Calpella Crb platform based on Clarksfield and Ibex Peak - M chipsets.
+//
+// 5 9/15/08 9:01p Rameshraju
+// Password Buffer is cleard before saving the password.
+//
+// 4 4/11/08 4:24p Rameshraju
+// 1)Enter the Emptry string for the master password, will set the default
+// OEM password and in setup password status will be not installed.
+// 2)If the revision code is not 0, then SecuritySetPassword will use
+// revision code from the input parameters.
+// 3)HddSecutiyData Nvram variable master password cleared when we set
+// user password and user password cleared when we set master password.
+// 4)When we disable the password, HddSecutiyData Nvram variable also
+// updated properly.
+// 5)Password lenght stored in HddSecData structure.
+//
+// 3 4/09/08 4:22p Rameshraju
+// Build error resolved when the MASTER_PASSWORD_ENABLED.
+//
+// 2 10/03/08 6:47p Anandakrishnanl
+// Removed FreezeLock related code from SMI for improving the S3 resume
+// time.
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+// 15 10/23/07 4:17p Felixp
+// IDE Security support moved from Sources to Binary
+//
+// 14 9/25/07 3:24p Rameshraju
+// Set the OEM default master password when the HDD is in unlocked and Not
+// Frozen State
+//
+// 13 14/08/07 1:57p Anandakrishnanl
+// Changes made for:
+// 1. Prompt for current password inside setup.
+// 2. Display HardDisk Security Status information.
+// 3. Master Password Verification Logic modified.
+// 4. Added Password install status in ReturnIdePasswordFlags
+// protocol function.
+//
+// 12 22/06/07 12:40p Anandakrishnanl
+// HardDisk Security Support Module Added.
+// Need ACPI Module and SB Module and under Core\Include we updated
+// Setup.h.
+// Also New IdeBus bin module.
+//
+// 11 13/04/07 3:05p Anandakrishnanl
+// Ide Bus Module - Update source files to comply with AMI coding
+// standard"!!!
+//
+// 10 12/20/06 1:25p Felixp
+// Warning fixed
+//
+// 9 12/18/06 11:59a Srinin
+// Moved CreateReadytoBootEvent little later so that Ide Controller is
+// restored first before HDD is unlocked during S3 Resume.
+//
+// 8 11/17/06 3:41p Ambikas
+//
+// 7 10/12/06 9:42a Felixp
+// UEFI2.0 compliance: use CreateReadyToBootEvent instead of CreateEvent
+//
+// 6 3/21/06 4:47p Srinin
+// Build error fixed.
+//
+// 5 3/13/06 2:21a Felixp
+//
+// 4 1/09/06 11:36a Felixp
+//
+// 2 12/14/05 3:09p Srinin
+// HDD password unlock during S3 resume support added.
+//
+// 1 12/01/05 9:43a Felixp
+//
+// 6 3/04/05 11:35a Mandal
+//
+// 5 1/18/05 3:22p Felixp
+// PrintDebugMessage renamed to Trace
+//
+// 3 1/13/05 4:25p Srinin
+// Procedure names modified.
+//
+// 2 1/10/05 11:31a Srinin
+// IDESecurity Interface changed.
+//
+// 1 1/05/05 11:22a Srinin
+// IDE Password Support added.
+//
+//
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: IDESecurityServices.c
+//
+// Description: IDE Security Support
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "IdeSecurity.h"
+
+
+
+static EFI_GUID gHddSecurityInitProtocolGuid
+ = HDD_SECURITY_INIT_PROTOCOL_GUID;
+static EFI_GUID gEfiBootScriptSaveGuid
+ = EFI_BOOT_SCRIPT_SAVE_GUID;
+static EFI_GUID gIdeSecurityPwNvguid
+ = IDE_SECURITY_PWNV_GUID;
+static EFI_GUID gSecurityModeProtocolGuid
+ = IDE_SECURITY_INTERFACE_GUID;
+static EFI_GUID gEfiBlockIoProtocolGuid
+ = EFI_BLOCK_IO_PROTOCOL_GUID;
+
+extern EFI_DRIVER_BINDING_PROTOCOL gIdeBusDriverBinding;
+extern EFI_EVENT gIDEBusEvtMiscSmmFeatures;
+EFI_EVENT BootEvent = NULL;
+EFI_EVENT gIDEBusEvtBootScript = NULL;
+
+const CHAR16 *sOemMasterPasswordTag
+ = CONVERT_TO_WSTRING( OEM_MASTER_PASSWORD_TAG );
+const CHAR16 *sDefaultMasterPasswordTag
+ = CONVERT_TO_WSTRING( DEFAULT_MASTER_PASSWORD_TAG );
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+EFI_SMM_CONTROL2_PROTOCOL *mSmmCtl=NULL;
+#else
+EFI_SMM_CONTROL_PROTOCOL *mSmmCtl=NULL;
+#endif
+
+HDD_PASSWORD *gHDDPasswordBuffer = NULL;
+EFI_SMM_COMMUNICATION_PROTOCOL *gSmmCommunication = NULL;
+
+#ifdef SW_SMI_IO_ADDRESS
+UINT8 SwSmiPort=SW_SMI_IO_ADDRESS;
+#else
+//
+// Default Sw Smi port
+//
+UINT8 SwSmiPort=0xB2;
+#endif
+
+EFI_STATUS
+HDDPortReset(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag
+);
+
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: InstallSecurityInterface
+//
+// Description: Checks whether the device supports Security mode or not.
+// If yes, installs SecurityProtocol.
+//
+// Input:
+// IN VOID *BusInterface,
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : Security Mode supported.
+// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS InstallSecurityInterface(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ SECURITY_PROTOCOL *IdeSecurityInterface;
+ EFI_HANDLE IdeDeviceHandle;
+ IDENTIFY_DATA IdentifyData;
+
+ #if MASTER_PASSWORD_ENABLE
+ UINT32 IdePasswordFlags = 0;
+ #endif
+
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ IdentifyData = IdeBusInterface->IdeDevice.IdentifyData;
+ IdeDeviceHandle = IdeBusInterface->IdeDeviceHandle;
+ }
+ else {
+ IdentifyData = SataDevInterface->IdentifyData;
+ IdeDeviceHandle = SataDevInterface->IdeDeviceHandle;
+ }
+
+ if ((IdentifyData.Command_Set_Supported_82 & 0x2) == 0 )
+ {
+ return EFI_UNSUPPORTED;
+ }
+
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ sizeof(SECURITY_PROTOCOL),
+ (VOID**)&IdeSecurityInterface );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return Status;
+ }
+
+ //
+ // gHDDPasswordBuffer is allocated only once. The same buffer will be used for all devices.
+ //
+ if ( gHDDPasswordBuffer == NULL )
+ {
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ sizeof(HDD_PASSWORD),
+ (VOID**)&gHDDPasswordBuffer );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return Status;
+ }
+ }
+
+ if ( ModeFlag == FALSE )
+ {
+ IdeBusInterface->IdeSecurityInterface = IdeSecurityInterface;
+ IdeSecurityInterface->BusInterface = IdeBusInterface;
+ }
+ else {
+ SataDevInterface->IdeSecurityInterface = IdeSecurityInterface;
+ IdeSecurityInterface->BusInterface = SataDevInterface;
+ }
+
+ IdeSecurityInterface->ReturnSecurityStatus = ReturnSecurityStatus;
+ IdeSecurityInterface->SecuritySetPassword = SecuritySetPassword;
+ IdeSecurityInterface->SecurityUnlockPassword = SecurityUnlockPassword;
+ IdeSecurityInterface->SecurityDisablePassword = SecurityDisablePassword;
+ IdeSecurityInterface->SecurityFreezeLock = SecurityFreezeLock;
+ IdeSecurityInterface->SecurityEraseUnit = SecurityEraseUnit;
+ IdeSecurityInterface->ReturnIdePasswordFlags = ReturnIdePasswordFlags;
+ IdeSecurityInterface->pHDDPasswordBuffer = gHDDPasswordBuffer;
+
+ //
+ // Set ModeFlag to FALSE if IdeBus else TRUE for Ahci Bus.
+ //
+ IdeSecurityInterface->ModeFlag = ModeFlag; // Ide Bus
+
+ //
+ // Install the protocol on the device
+ //
+ Status = pBS->InstallMultipleProtocolInterfaces(
+ &IdeDeviceHandle,
+ &gSecurityModeProtocolGuid, IdeSecurityInterface,
+ NULL );
+
+ if ( gIDEBusEvtBootScript == NULL )
+ {
+ //
+ // Create event for boot script
+ //
+ Status = CreateReadyToBootEvent(
+ TPL_CALLBACK,
+ IdeBusCallbackBootScript,
+ NULL,
+ &gIDEBusEvtBootScript
+ );
+ ASSERT_EFI_ERROR( Status );
+ }
+
+ //
+ // Install the Readytoboot event to locate the AhciSMM protocol interface for IdeSmm driver.
+ // AhciSmm protocol is valid only on AHCI mode. Other mode Callback is not needed
+ //
+ if ((BootEvent == NULL) && (ModeFlag))
+ {
+
+ // Send data to SMM.
+ Status = pBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &gSmmCommunication);
+ if (EFI_ERROR(Status)) {
+ gSmmCommunication=NULL;
+ }
+
+ //
+ // Create event for boot script
+ //
+ Status = CreateReadyToBootEvent(
+ TPL_CALLBACK,
+ LocateAhciSmmServiceEvent,
+ NULL,
+ &BootEvent
+ );
+ ASSERT_EFI_ERROR( Status );
+ }
+
+ #if MASTER_PASSWORD_ENABLE
+ //
+ // Check if OEM_DEFAULT_MASTER_PASSWORD is enabled and
+ // DISPLAY_MASTER_PASSWORD is Disabled
+ //
+ Status = ReturnIdePasswordFlags(
+ (IDE_SECURITY_PROTOCOL*)IdeSecurityInterface,
+ &IdePasswordFlags
+ );
+
+ ASSERT_EFI_ERROR( Status );
+
+ if ((IdePasswordFlags & 0x0800) && (!(IdePasswordFlags & 0x0008)))
+ {
+ Status = OEMSetMasterPassword(
+ (IDE_SECURITY_PROTOCOL*)IdeSecurityInterface );
+ ASSERT_EFI_ERROR( Status );
+ }
+ #endif
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: StopSecurityModeSupport
+//
+// Description: Stops the security mode support by uninstalling the
+// security interface.
+//
+// Input:
+// IN VOID *BusInterface,
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : Security Mode supported
+// EFI_DEVICE_ERROR : Not supported
+//
+// Referrals: ReturnSecurityStatus
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS StopSecurityModeSupport(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE IdeDeviceHandle;
+ SECURITY_PROTOCOL *IdeSecurityInterface;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ IdeSecurityInterface = IdeBusInterface->IdeSecurityInterface;
+ IdeDeviceHandle = IdeBusInterface->IdeDeviceHandle;
+ }
+ else {
+ IdeSecurityInterface = SataDevInterface->IdeSecurityInterface;
+ IdeDeviceHandle = SataDevInterface->IdeDeviceHandle;
+ }
+
+ if ( IdeSecurityInterface == NULL )
+ {
+ return EFI_SUCCESS;
+ }
+
+ //
+ // Install Devicepath and BLOCK_IO on a new handle
+ //
+ Status = pBS->UninstallMultipleProtocolInterfaces(
+ IdeDeviceHandle,
+ &gSecurityModeProtocolGuid,
+ IdeSecurityInterface,
+ NULL );
+
+ if ( Status == EFI_SUCCESS )
+ {
+ pBS->FreePool( IdeSecurityInterface );
+ IdeSecurityInterface = NULL;
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: IdeBusCallbackBootScript
+//
+// Description: Saves the IDE registers in a boot script.
+//
+// Input:
+// IN EFI_EVENT Event
+// IN VOID *Context
+//
+// Output:
+// None
+//
+// Referrals: SmmHDDPasswordInterface
+//
+// Notes: Will be called only if HDD loses power in S3 state. A SW SMI will
+// be created during S3 resume, to unlock the HDD and put it in
+// Freeze state.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID IdeBusCallbackBootScript(
+ IN EFI_EVENT Event,
+ IN VOID *Context )
+{
+ EFI_BOOT_SCRIPT_SAVE_PROTOCOL *BootScriptSave;
+ EFI_STATUS Status;
+ UINT8 Value = SW_SMI_HDD_UNLOCK_PASSWORD;
+
+
+ Status = pBS->LocateProtocol(
+ &gEfiBootScriptSaveGuid,
+ NULL,
+ &BootScriptSave
+ );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return;
+ }
+
+ BOOT_SCRIPT_S3_IO_WRITE_MACRO(
+ BootScriptSave,
+ EfiBootScriptWidthUint8,
+ SwSmiPort,
+ 1,
+ &Value
+ );
+
+ //
+ //Kill the Event
+ //
+ pBS->CloseEvent( Event );
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: IdeBusMiscSmmFeatureCallback
+//
+// Description: Saves the IDE registers in a boot script.
+//
+// Input:
+// IN EFI_EVENT Event
+// IN VOID *Context
+//
+// Output:
+// None
+//
+// Referrals: SmmHDDPasswordInterface
+//
+// Notes: Will be called only if HDD is in AHCI Mode or SWSP is Disabled
+// A SW SMI will be created during S3 resume, to Freeze the HDD in AHCI
+// or Disable SWSP command through Set feature command is Issued.
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+VOID IdeBusMiscSmmFeatureCallback(
+ IN EFI_EVENT Event,
+ IN VOID *Context )
+{
+ EFI_BOOT_SCRIPT_SAVE_PROTOCOL *BootScriptSave;
+ EFI_STATUS Status;
+ UINT8 Value = SW_SMI_HDD_MISC_SMM_FEATURES;
+
+ static BOOLEAN S3DataSaved = FALSE;
+
+ if ( S3DataSaved )
+ {
+ return;
+ }
+
+ Status = pBS->LocateProtocol(
+ &gEfiBootScriptSaveGuid,
+ NULL,
+ &BootScriptSave
+ );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return;
+ }
+
+ BOOT_SCRIPT_S3_IO_WRITE_MACRO(
+ BootScriptSave,
+ EfiBootScriptWidthUint8,
+ SwSmiPort,
+ 1,
+ &Value
+ );
+
+ S3DataSaved = TRUE;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: IdeSecurityEntryPoint
+//
+// Description: This function is the entry point for IDE SECURITY Driver.
+//
+// Input:
+// EFI_HANDLE ImageHandle Image handle.
+// EFI_SYSTEM_TABLE *SystemTable Pointer to the EFI system table.
+//
+// Output:
+// EFI_SUCCESS Security interface installed.
+// EFI_ERROR Security interface not installed or unable to locate
+// some protocol.
+//
+// Notes:
+// Entry Points are used to locate or install protocol interfaces and
+// notification events.
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS IdeSecurityEntryPoint(
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable )
+{
+ EFI_HANDLE Handle = NULL;
+ EFI_STATUS Status;
+
+ InitAmiLib( ImageHandle, SystemTable );
+
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ sizeof(HDD_SECURITY_INIT_PROTOCOL),
+ (VOID**)&gHddSecurityInitProtocol );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return Status;
+ }
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+ Status = pBS->LocateProtocol(&gEfiSmmControl2ProtocolGuid, NULL, &mSmmCtl);
+#else
+ Status = pBS->LocateProtocol(&gEfiSmmControlProtocolGuid, NULL, &mSmmCtl);
+#endif
+
+ if ( EFI_ERROR( Status )) {
+ return EFI_UNSUPPORTED;
+ }
+
+ gHddSecurityInitProtocol->InstallSecurityInterface
+ = InstallSecurityInterface;
+ gHddSecurityInitProtocol->StopSecurityModeSupport
+ = StopSecurityModeSupport;
+
+ Status = pBS->InstallProtocolInterface(
+ &Handle,
+ &gHddSecurityInitProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ gHddSecurityInitProtocol
+ );
+ ASSERT_EFI_ERROR( Status );
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: ReturnSecurityStatus
+//
+// Description: Returns whether the Device supports Security Mode or not.
+// If supported, the current status of the device is returned.
+// Security status information will be retrieved from buffer
+// updated by IDENTIFY DEVICE(Command Code : 0xEC) command.
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT16 *SecurityStatus
+//
+// Output:
+// EFI_SUCCESS : Security Mode supported
+// EFI_UNSUPPORTED : Not supported
+//
+// UINT16 *SecurityStatus
+// Bit 0 : Security Supported
+// Bit 1 : Security Enabled
+// Bit 2 : Security Locked
+// Bit 3 : Security Frozen
+// Bit 4 : Security Count Expired
+// Bit 5 : Enhanced Security Erase supported
+// Bit 6 : Enhanced Security Erase supported
+// Bit 8 : Security Level 0:High, 1:Maximum
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS ReturnSecurityStatus(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 *SecurityStatus )
+{
+ EFI_STATUS Status = EFI_UNSUPPORTED;
+ IDENTIFY_DATA IdentifyData;
+ VOID *BusInterface
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ IdentifyData = IdeBusInterface->IdeDevice.IdentifyData;
+ }
+ else {
+ IdentifyData = SataDevInterface->IdentifyData;
+ }
+
+ //
+ // Check if Word 82 Bit 1 is set
+ //
+ if ( IdentifyData.Command_Set_Supported_82 & 0x2 )
+ {
+ Status = EFI_SUCCESS;
+ *SecurityStatus = IdentifyData.Security_Status_128;
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecuritySetPassword
+//
+// Description: Sets User/Master Password using SECURITY_SET_PASSWORD
+// (Commnd Code : 0xF1) security command.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT16 Control,
+// UINT8 *Buffer (32 Bytes)
+// UINT8 RevisionCode (Valid when Control
+// Bit 0 = 1 of Master Password)
+//
+// Control : Bit 0 : 0/1 User/Master Password
+// Bit 8 : 0/1 High/Maximum Security level
+//
+// Output:
+// EFI_SUCCESS : Password set.
+// EFI_ERROR : Error in setting Password.
+//
+// Notes:
+// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not 32
+// bytes long,pad it with zeros to create a buffer of 32 bytes.
+// 2. If a MasterPassword with a valid Revision code(0x0001 through 0xFFFE)
+// already exists, a new MasterPassword with a different revisioncode
+// cannot be installed.MasterPassword needs to be unlocked, disabled and
+// then a new password can be installed.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS SecuritySetPassword(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT16 RevisionCode )
+{
+ EFI_STATUS Status;
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ UINT32 HddDataId = 0;
+ UINT16 UserMaster = 0;
+ #endif
+ UINT16 Temp = 1;
+
+ VOID *BusInterface
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ IDENTIFY_DATA IdentifyData;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ Control &= 0x0101; // Bit0 and Bit 8 are valid
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ if ( ModeFlag == FALSE )
+ {
+ IdentifyData = IdeBusInterface->IdeDevice.IdentifyData;
+ }
+ else {
+ IdentifyData = SataDevInterface->IdentifyData;
+ }
+
+ if ((Control & 1) && (RevisionCode == 0))
+ {
+ RevisionCode = DEFAULT_MASTER_PASSWORD_REVISION;
+
+ #if MASTER_PASSWORD_REVISION_SWITCH == 1
+ RevisionCode = CHANGED_MASTER_PASSWORD_REVISION;
+ #endif
+
+ #if MASTER_PASSWORD_REVISION_SWITCH == 2
+ Temp = (IdentifyData.Master_Password_Rev_92)++;
+
+ if ((Temp == 0) || (Temp == 0xFFFF))
+ {
+ Temp++;
+
+ if ( Temp == 0xFFFF )
+ {
+ Temp++;
+ }
+ }
+ RevisionCode = Temp;
+ #endif
+
+ if ( RevisionCode == DISABLED_MASTER_PASSWORD_REVISION )
+ {
+ RevisionCode++;
+
+ if ((RevisionCode == 0) || (RevisionCode == 0xFFFF))
+ {
+ RevisionCode++;
+
+ if ( RevisionCode == 0xFFFF )
+ {
+ RevisionCode++;
+ }
+ }
+ }
+ }
+
+ Status = SecurityCommonRoutine(
+ BusInterface,
+ Control,
+ Buffer,
+ SECURITY_SET_PASSWORD,
+ RevisionCode,
+ ModeFlag
+ );
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ //
+ // If Password is set successfully, save it.
+ //
+ if ( !EFI_ERROR( Status ))
+ {
+ if(!(Control & 1)) {
+ SmmHDDPasswordInterface( This,
+ Control,
+ Buffer,
+ SW_SMI_HDD_PASSWORD_SAVE );
+ }
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId );
+ ASSERT_EFI_ERROR( Status );
+
+ Status = SetHddSecDataInNvram( BusInterface,
+ &HddDataId,
+ Control,
+ Buffer );
+ ASSERT_EFI_ERROR( Status );
+ #endif
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecurityUnlockPassword
+//
+// Description: Unlocks the devices for media access using
+// SECURITY_UNLOCK(Command Code : 0xF2) security command.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT16 Control,
+// UINT8 *Buffer (32 Bytes).
+//
+// Control : Bit 0 : 0/1 User/Master Password
+// Buffer : Pointer to password buffer which will be used to unlock the
+// drive.
+//
+// Output:
+// EFI_SUCCESS : Hard disk is unlocked.
+// EFI_DEVICE_ERROR : Failed to unlock the drive.
+//
+// Notes:
+// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not
+// 32 bytes long, pad it with zeros to create a buffer of 32 bytes.
+// 2. If the password compare fails then the device returns command aborted
+// to the host and decrements the unlock counter. This counter is initially
+// set to five and is decremented for each password mismatch when SECURITY
+// UNLOCK is issued and the device is locked. When this counter reaches
+// zero then SECURITY UNLOCK and SECURITY ERASE UNIT commands are command
+// aborted until a power-on reset or a hardware reset.SECURITY UNLOCK
+// commands issued when the device is unlocked have no effect on the unlock
+// counter.
+// 3. SECURITY_DISABLE_PASSWORD and SECURITY_SET_PASSWORD commands used when
+// security password is set and HDD is in unlocked state. This is done to
+// have consistency of output from this function.
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS SecurityUnlockPassword(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer )
+{
+ EFI_STATUS Status;
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ UINT32 HddDataId = 0;
+ UINT16 UserMaster = 0;
+ #endif
+ UINT16 RevisionCode = 0;
+ EFI_STATUS Status1;
+ VOID *BusInterface \
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag \
+ = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ UINT16 SecurityStatus = 0;
+ #if MASTER_PASSWORD_ENABLE
+ UINT32 IdePasswordFlags = 0;
+ #endif
+
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+ EFI_BLOCK_IO_PROTOCOL *BlockIo;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ Status = ReturnSecurityStatus( This, &SecurityStatus );
+
+ Control &= 0x1; // Bit0 is valid
+ //
+ // When in Setup, Current Password is prompted for consistency when Setting a New Password
+ // Or Disabling the Existing Password. Follow a Special Path only in this case.
+ //*****This Case Applies on only when (1)Password is Set & Security Enabled
+ // (2)Unlocked
+
+
+ if ((SecurityStatus & BIT01) && (!(SecurityStatus & BIT02)))
+ {
+ if ( !(Control & 1))
+ {
+ //
+ // (a)For Changing or Clearing User Password.
+ // 1.Send a disable Password Command from the String Obtained from user.
+ // 2.If Success Set the Password Same Password.
+ // 3.Suitable if Logged in as Both User or Master
+ //
+ Status = SecurityCommonRoutine(
+ BusInterface,
+ Control,
+ Buffer,
+ SECURITY_DISABLE_PASSWORD,
+ 0,
+ ModeFlag
+ );
+
+ if ( !EFI_ERROR( Status ))
+ {
+ SecurityCommonRoutine(
+ BusInterface,
+ Control,
+ Buffer,
+ SECURITY_SET_PASSWORD,
+ RevisionCode,
+ ModeFlag
+ );
+ }
+ return Status;
+ }
+
+ }
+
+ Status = SecurityCommonRoutine(
+ BusInterface,
+ Control,
+ Buffer,
+ SECURITY_UNLOCK,
+ 0,
+ ModeFlag
+ );
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ if ( !EFI_ERROR( Status ))
+ {
+ //
+ // Save the Password if unlocked Successfully.
+ //
+ SmmHDDPasswordInterface( This,
+ Control,
+ Buffer,
+ SW_SMI_HDD_PASSWORD_SAVE );
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId );
+ ASSERT_EFI_ERROR( Status );
+
+ Status = SetHddSecDataInNvram( BusInterface,
+ &HddDataId,
+ Control,
+ Buffer );
+ ASSERT_EFI_ERROR( Status );
+ #endif
+
+ //
+ // After unlock the HDD set the OEM default master password
+ // Check if OEM_DEFAULT_MASTER_PASSWORD is enabled and
+ // DISPLAY_MASTER_PASSWORD is Disabled.
+ //
+ #if MASTER_PASSWORD_ENABLE
+ Status = ReturnIdePasswordFlags( This, &IdePasswordFlags );
+ ASSERT_EFI_ERROR( Status );
+
+ if ((IdePasswordFlags & 0x0800) && (!(IdePasswordFlags & 0x0008)))
+ {
+ Status = OEMSetMasterPassword( This );
+ ASSERT_EFI_ERROR( Status );
+ }
+ #endif
+
+ if ( ModeFlag == FALSE ) {
+
+ //
+ // Check if BlockIO Protocol is already present on this device.
+ //
+ Status1 = pBS->HandleProtocol(IdeBusInterface->IdeDeviceHandle,
+ &gEfiBlockIoProtocolGuid,
+ &BlockIo
+ );
+
+ //
+ // Connect only if BloCkIO protocol is not installed on the device.
+ //
+ if ( EFI_ERROR( Status1 )) {
+ #if EFI_IDE_PROTOCOL || INTEL_IDE_PROTOCOL
+ pBS->ConnectController(
+ IdeBusInterface->IdeControllerInterfaceHandle,
+ NULL,
+ NULL,
+ TRUE
+ );
+ #else
+ pBS->ConnectController(
+ IdeBusInterface->IdeControllerInterface->ControllerHandle,
+ NULL,
+ NULL,
+ TRUE
+ );
+ #endif
+ }
+ }
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecurityDisablePassword
+//
+// Description: Disables Password authentification before media access.
+// SECURITY_DISABLE_PASSWORD(Command Code : 0xF6) security
+// command is used to remove the user password.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT16 Control,
+// UINT8 *Buffer (32 Bytes)
+//
+// Control : Bit 0 : 0/1 User/Master Password
+//
+// Buffer : Pointer to password buffer which will be used to when sending
+// SECURITY_DISABLE_PASSWORD command.
+//
+//
+// Output:
+// EFI_SUCCESS : Security mode feature disabled.
+// EFI_DEVICE_ERROR : Security command failed.
+//
+// Notes:
+// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not
+// 32 bytes long,pad it with zeros to create a buffer of 32 bytes.
+// 2. Password should be unlocked before disabling it.
+// 3. SECURITY_DISABLE_PASSWORD command does not change the Master password
+// that may be reactivated later by setting a User password.
+// 4. Normal erase mode is selected, the SECURITY ERASE UNIT command writes
+// binary zeroes to all user data areas.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS SecurityDisablePassword(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer )
+{
+ EFI_STATUS Status;
+ VOID *BusInterface \
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag \
+ = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ UINT32 HddDataId = 0;
+ UINT8 EmptyBuffer[IDE_PASSWORD_LENGTH];
+ #endif
+
+ Control &= 0x1; // Bit0 is valid
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ //
+ //Update the Nvram buffer with NULL string.
+ //
+ pBS->SetMem( EmptyBuffer, IDE_PASSWORD_LENGTH, 0 );
+
+ Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId );
+ ASSERT_EFI_ERROR( Status );
+
+ Status = SetHddSecDataInNvram( BusInterface, &HddDataId, Control, EmptyBuffer );
+ ASSERT_EFI_ERROR( Status );
+ #endif
+
+ Status = SecurityCommonRoutine( BusInterface,
+ Control,
+ Buffer,
+ SECURITY_DISABLE_PASSWORD,
+ 0,
+ ModeFlag
+ );
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ if ( !EFI_ERROR( Status ))
+ {
+ SmmHDDPasswordInterface( This,
+ Control,
+ Buffer,
+ SW_SMI_HDD_PASSWORD_REMOVE );
+ }
+
+ //
+ // If the Empty string entered for the master password, Set the OEM
+ // disable password with Disabled revision code.
+ //
+ if ( Control & 01 )
+ {
+ EFI_STATUS DefaultStatus;
+ DefaultStatus = SetDefaultMasterPassword( This );
+ ASSERT_EFI_ERROR( DefaultStatus );
+ }
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SetDefaultMasterPassword
+//
+// Description: Sets the Default Password String provided by OEM as
+// Master Password.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This
+//
+// Output:
+// EFI_SUCCESS : Default master password is set.
+// EFI_ERROR : Default master password is not set.
+//
+// Notes:
+// DEFAULT_MASTER_PASSWORD_TAG token string will be set as master password.
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS SetDefaultMasterPassword(
+ IN IDE_SECURITY_PROTOCOL *This )
+{
+ EFI_STATUS Status;
+ UINT8 Buffer[IDE_PASSWORD_LENGTH];
+ UINT16 Control = 1;
+ UINT16 RevisionCode = DISABLED_MASTER_PASSWORD_REVISION;
+ UINTN i;
+ UINT16 SecurityStatus = 0;
+
+ MemSet( &Buffer, IDE_PASSWORD_LENGTH, 0 );
+
+ for ( i = 0; i < IDE_PASSWORD_LENGTH; i++ )
+ {
+ Buffer[i] = (UINT8)sDefaultMasterPasswordTag[i];
+
+ if ( sDefaultMasterPasswordTag[i] == L'\0' )
+ {
+ break;
+ }
+ }
+ //
+ // Set the OEM master password if the HDD is not in Frozen or locked state.
+ //
+ Status = ReturnSecurityStatus( This, &SecurityStatus );
+
+ if ( !((SecurityStatus & 0x04) || (SecurityStatus & 0x08)))
+ {
+ Status = SecuritySetDefaultMasterPassword( This,
+ Control,
+ Buffer,
+ RevisionCode );
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecuritySetDefaultMasterPassword
+//
+// Description: Sets default Master Password with disabled revision code.
+// SECURITY_SET_PASSWORD(Command code : 0xF1) security command
+// used to set default master password.
+//
+// Input:
+// IN IDE_BUS_PROTOCOL *This,
+// UINT16 Control,
+// UINT8 *Buffer (32 Bytes)
+// UINT8 RevisionCode (Valid when
+// Control Bit 0 = 1 of Master Password)
+//
+// Control : Bit 0 : 0/1 User/Master Password
+// Bit 8 : 0/1 High/Maximum Security level
+//
+// Output:
+// EFI_SUCCESS : Password set
+// EFI_ERROR : Error in setting Password
+//
+// Notes:
+// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not
+// 32 bytes long,pad it with zeros to create a buffer of 32 bytes.
+//
+// 2. If a MasterPassword with a valid Revision code already exists, a new
+// MasterPassword with a different revisioncode cannot be installed.
+// MasterPassword needs to be unlocked, disabled and then a new password
+// can be installed.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS SecuritySetDefaultMasterPassword(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT16 RevisionCode )
+{
+ VOID *BusInterface = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ EFI_STATUS Status;
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ UINT32 HddDataId = 0;
+ UINT16 UserMaster = 0;
+ #endif
+
+ Control &= 0x0101; // Bit0 and Bit 8 are valid
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ Status = SecurityCommonRoutine(
+ BusInterface,
+ Control,
+ Buffer,
+ SECURITY_SET_PASSWORD,
+ RevisionCode,
+ ModeFlag
+ );
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ //
+ // If Password is set successfully, save it.
+ //
+ if ( !EFI_ERROR( Status ))
+ {
+ SmmHDDPasswordInterface(
+ This,
+ Control,
+ Buffer,
+ SW_SMI_HDD_PASSWORD_SAVE
+ );
+
+ #if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+ Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId );
+ ASSERT_EFI_ERROR( Status );
+
+ Status = SetHddSecDataInNvram( BusInterface,
+ &HddDataId,
+ Control,
+ Buffer );
+ ASSERT_EFI_ERROR( Status );
+ #endif
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecurityFreezeLock
+//
+// Description: Prevents any further alteration of security status on the
+// device leaving the hard disk in Frozen mode. Frozen mode is
+// disabled by power-off or hardware reset. SECURITY_FREEZE_LOCK
+// (Command Code : 0xF5)security command is used to freeze hard disk.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+//
+// Output:
+// EFI_SUCCESS : Hard disk is successdully kept in FROZEN state.
+// EFI_ERROR : Security Freeze command failed.
+//
+// Notes:
+// Commands disabled by SECURITY FREEZE LOCK are:
+// - SECURITY SET PASSWORD
+// - SECURITY UNLOCK
+// - SECURITY DISABLE PASSWORD
+// - SECURITY ERASE PREPARE
+// - SECURITY ERASE UNIT
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS SecurityFreezeLock(
+ IN IDE_SECURITY_PROTOCOL *This )
+{
+ EFI_STATUS Status;
+ VOID *BusInterface
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag
+ = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ UINT16 SecurityStatus = 0;
+
+ COMMAND_STRUCTURE CommandStructure;
+#if !DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT
+ IDENTIFY_DATA IdentifyData;
+#endif
+
+ Status=ReturnSecurityStatus( This, &SecurityStatus );
+ if(EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ // Freeze Lock command will not work with the HDD is in Locked State.
+ // So return with success if the HDD is locked state or already frozen state
+ if ( SecurityStatus & 0xc ) {
+ return EFI_SUCCESS;
+ }
+
+ ZeroMemory( &CommandStructure, sizeof(COMMAND_STRUCTURE));
+ CommandStructure.Command = SECURITY_FREEZE_LOCK;
+
+#if !DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT
+ if ( ModeFlag == FALSE ) {
+ IdentifyData = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDevice.IdentifyData;
+ } else {
+ IdentifyData = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdentifyData;
+ }
+ if ( SecurityStatus & 2 )
+ {
+ if ( IdentifyData.Reserved_76_79[3] & 0x0040 )
+ {
+ Status = TransferPwDataFromNvramToSmram( This );
+ ASSERT_EFI_ERROR( Status );
+ }
+ }
+#endif
+
+ Status = CommonNonDataHook( BusInterface,
+ CommandStructure,
+ ModeFlag );
+ ASSERT_EFI_ERROR (Status);
+ CommandStructure.Features = DEV_CONFIG_FREEZE_LOCK_FEATURES;
+ CommandStructure.Command = DEV_CONFIG_FREEZE_LOCK;
+ Status = CommonNonDataHook( BusInterface,
+ CommandStructure,
+ ModeFlag );
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecurityEraseUnit
+//
+// Description: Erases the Device content.SECURITY_ERASE_UNIT
+// (Command code : 0xF4) security command is used for device
+// erasing.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT16 Control,
+// UINT8 *Buffer
+//
+// Control : Bit 0 : 0/1 User/Master Password
+// Bit 1 : 0/1 Normal Erase/ Enhanced Erase
+// Buffer : Pointer to password buffer which will be used to when sending
+// SECURITY_ERASE_UNIT command.
+//
+// Output:
+// EFI_SUCCESS : Successfull completion of Erase command.
+// EFI_DEVICE_ERROR : EraseUnit command failed to complete.
+//
+// Notes:
+// If a device is locked with USER PASSWORD and Maximum security level set
+// then only way to unlock the device with MASTER password is to erase the
+// contents of the device.
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS SecurityEraseUnit(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer )
+{
+ EFI_STATUS Status;
+
+ VOID *BusInterface \
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag \
+ = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ COMMAND_STRUCTURE CommandStructure;
+
+ ZeroMemory( &CommandStructure, sizeof(COMMAND_STRUCTURE));
+ CommandStructure.Command = SECURITY_ERASE_PREPARE;
+
+ Status = CommonNonDataHook( BusInterface, CommandStructure, ModeFlag );
+
+ //
+ // Issue Security Erase Unit
+ //
+ Control &= 0x3; // Bit0 and Bit 1 is valid
+ Status = SecurityCommonRoutine(
+ BusInterface,
+ Control,
+ Buffer,
+ SECURITY_ERASE_UNIT,
+ 0,
+ ModeFlag
+ );
+
+ //
+ // Update the Identify device buffer
+ //
+ UpdateIdentifyData( BusInterface, ModeFlag );
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: ReturnIdePasswordFlags
+//
+// Description: Returns Ide Password Variables and Flags.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT32 *IdePasswordFlags
+//
+// Output:
+// EFI_SUCCESS : IDEPassword Status Flag is returned in IdePasswordFlags.
+// EFI_ERROR : Error while retrieving the SecurityStatus.
+//
+//
+// Referrals:
+//
+// IdePasswordFlags:
+// **TBD Only Bit0, Bit03, Bit11, Bit16, Bit17 are Supported Currently
+//
+// BIT0 User Password Support;
+// BIT1 Master Password Support;
+// BIT2 Display User Password;
+// BIT3 Display Master Password;
+// BIT4 Display User Password Status;
+// BIT5 Display Master Password Status;
+// BIT6 Freeze Lock Hdds;
+// BIT7 Single User Password;
+// BIT8 Single Master Password;
+// BIT9 System User Password as Hdd User Password;
+// BIT10 System Admin Password as Hdd Master Password;
+// BIT11 OEM Default Master Password
+// BIT12 Prompt for User Password in Post
+// BIT13 Prompt for Master Password in Post
+// BIT14 Display Security Status in Setup
+// BIT15 DUMMY Security Token.
+// BIT16 MasterPassword Set Status.
+// BIT17 UserPassword Set Status.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS ReturnIdePasswordFlags(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT32 *IdePasswordFlags )
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+ UINT32 Temp = 0;
+ UINT16 MasterPwdRev = 0;
+ UINT16 SecurityStatus = 0;
+ VOID *BusInterface
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag
+ = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ IDENTIFY_DATA IdentifyData;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ IdentifyData = IdeBusInterface->IdeDevice.IdentifyData;
+ }
+ else {
+ IdentifyData = SataDevInterface->IdentifyData;
+ }
+
+
+
+ #if MASTER_PASSWORD_ENABLE
+ Temp |= BIT01;
+ #endif
+
+
+ #if DISPLAY_MASTER_PASSWORD
+ Temp |= BIT03;
+ #endif
+
+ #if OEM_DEFAULT_MASTER_PASSWORD
+ Temp |= BIT11;
+ #endif
+
+
+ MasterPwdRev = IdentifyData.Master_Password_Rev_92;
+
+ if ((MasterPwdRev != 0x0000) && (MasterPwdRev != 0xFFFF) \
+ && (MasterPwdRev != DISABLED_MASTER_PASSWORD_REVISION))
+ {
+ Temp |= BIT16;
+ }
+
+ Status = ReturnSecurityStatus( This, &SecurityStatus );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return Status;
+ }
+
+ if ( SecurityStatus & BIT01 )
+ {
+ Temp |= BIT17;
+ }
+
+ *IdePasswordFlags = (UINT32)Temp;
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SecurityCommonRoutine
+//
+// Description: This is common security routine which will be called from
+// security routines. It is from this routine most of the security
+// commands are sent to the drive.
+//
+// Input:
+// IN VOID *BusInterface,
+// UINT16 Control,
+// UINT8 *Buffer (32 Bytes),
+// UINT8 SecurityCommand
+// UINT8 RevisionCode
+// (Valid for Master password)
+//
+// Control : Bit 0 : 0/1 User/Master Password
+// Bit 1 : 0/1 Normal/Enhanced Erase
+// Bit 8 : 0/1 High/Maximum Security level
+//
+// Buffer : Pointer to password buffer which will be used to when sending
+// SecurityCommand.
+//
+//
+// Output:
+// EFI_STATUS : EFI_SUCCESS/EFI_DEVICE_ERROR
+//
+// Notes:
+// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not
+// 32 bytes long, pad it with zeros to create a buffer of 32 bytes.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS SecurityCommonRoutine(
+ IN VOID *BusInterface,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT8 SecurityCommand,
+ UINT16 RevisionCode,
+ BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ UINT16 *SecurityBuffer;
+
+ //
+ // Allocate 512 Bytes
+ //
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ SECURITY_BUFFER_LENGTH,
+ (VOID**)&SecurityBuffer );
+
+ if ( EFI_ERROR( Status ))
+ {
+ return Status;
+ }
+
+ //
+ // Clear the Buffer
+ //
+ ZeroMemory( SecurityBuffer, SECURITY_BUFFER_LENGTH );
+
+ SecurityBuffer[0] = Control;
+
+ //
+ // Copy 32 Bytes
+ //
+ pBS->CopyMem( &(SecurityBuffer[1]), Buffer, IDE_PASSWORD_LENGTH );
+
+ //
+ // If Security Set password command is for Master, then update the
+ // revision code.
+ //
+ if ((SecurityCommand == SECURITY_SET_PASSWORD) & (Control & 1))
+ {
+ if ((RevisionCode != 0) || (RevisionCode != 0xFFFF))
+ {
+ SecurityBuffer[17] = RevisionCode;
+ }
+ }
+
+ //
+ // Write 512 Bytes
+ //
+ Status = CommonReadWritePioHook(
+ BusInterface,
+ SecurityBuffer,
+ SECURITY_BUFFER_LENGTH,
+ 0,
+ SecurityCommand,
+ TRUE,
+ ModeFlag
+ );
+
+ pBS->FreePool( SecurityBuffer );
+ return Status;
+}
+
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SmmHDDPasswordInterface
+//
+// Description: Manages HDD Password in SMM area.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+// UINT16 Control,
+// UINT8 *Buffer
+// UINT8 Action
+//
+//
+// Control : Bit 0 : 0/1 User/Master Password
+//
+// Buffer : Pointer to password buffer which will be used to when sending
+// SecurityCommand.
+//
+// Output:
+// EFI_SUCCESS : Password saved which will be used to unlock the drive
+// during S3 resume.
+// EFI_DEVICE_ERROR : Error in saving Password.
+//
+// Notes:
+// 1. Buffer should be 32 bytes long (Mandatory). Even if Password is not
+// 32 bytes long, pad it with zeros to create a buffer of 32 bytes.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS SmmHDDPasswordInterface(
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT8 Action )
+{
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+ UINT8 DataSize = 1;
+#else
+ UINTN DataSize = 1;
+#endif
+ UINT8 SwSmiValue = Action;
+ UINTN i;
+ HDD_PASSWORD *HDDPasswordBuffer = gHDDPasswordBuffer;
+ VOID *BusInterface \
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag \
+ = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ EFI_PCI_IO_PROTOCOL *PciIo;
+ UINTN SegNum;
+ UINTN BusNum;
+ UINTN DevNum;
+ UINTN FuncNum;
+ EFI_STATUS Status;
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+ EFI_SMM_COMMUNICATE_HEADER *SmmCommunicationHeader;
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(HDD_PASSWORD)];
+ UINTN CommBufferSize;
+#endif
+
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ //
+ // If HDD is not going to lose power in S3, no need to unlock password and put it in
+ // Freeze state during S3 resume.
+ //
+ if ( !(IdeBusInterface->IdeBusInitInterface->Flags \
+ & S3_RESUME_UNLOCK_HDD_PASSWORD))
+ {
+ return EFI_SUCCESS;
+ }
+
+ HDDPasswordBuffer->BaseAddress
+ = IdeBusInterface->IdeDevice.Regs.CommandBlock.DataReg;
+ HDDPasswordBuffer->Device = IdeBusInterface->IdeDevice.Device;
+ HDDPasswordBuffer->DeviceControlReg
+ = IdeBusInterface->IdeDevice.Regs.ControlBlock.DeviceControlReg;
+ PciIo = IdeBusInterface->PciIO;
+
+ }
+ else {
+
+ PciIo=SataDevInterface->AhciBusInterface->PciIO;
+ HDDPasswordBuffer->PortNumber = SataDevInterface->PortNumber;
+ HDDPasswordBuffer->PMPortNumber = SataDevInterface->PMPortNumber;
+ }
+
+ //
+ // Get PCI Bus/Device/Function number
+ //
+ Status = PciIo->GetLocation ( PciIo,
+ &SegNum,
+ &BusNum,
+ &DevNum,
+ &FuncNum
+ );
+
+ //
+ // Save it for IdeSmm to initilize the controller.
+ //
+ HDDPasswordBuffer->BusNo=(UINT8)BusNum;
+ HDDPasswordBuffer->DeviceNo=(UINT8)DevNum;
+ HDDPasswordBuffer->FunctionNo=(UINT8)FuncNum;
+
+ HDDPasswordBuffer->Signature = '$HDD'; // 0x44444824; //
+ HDDPasswordBuffer->Control = Control;
+ HDDPasswordBuffer->ModeFlag = ModeFlag;
+
+ //
+ // HDDPasswordBuffer->RevisionCode = RevisionCode;
+ //
+ if ( Control & 0x01 )
+ {
+ for ( i = 0; i < sizeof (HDDPasswordBuffer->MasterPassword); i++ )
+ {
+ HDDPasswordBuffer->MasterPassword[i] = Buffer[i];
+ } // end of for
+ }
+ else {
+ for ( i = 0; i < sizeof (HDDPasswordBuffer->UserPassword); i++ )
+ {
+ HDDPasswordBuffer->UserPassword[i] = Buffer[i];
+ } // end of for
+ }
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+
+ if(!gSmmCommunication) {
+ Status = pBS->LocateProtocol (
+ &gEfiSmmCommunicationProtocolGuid,
+ NULL,
+ (VOID **)&gSmmCommunication
+ );
+ if (EFI_ERROR (Status)) {
+ ASSERT_EFI_ERROR (Status);
+ return Status;
+ }
+ }
+
+ SmmCommunicationHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];
+
+ if(SwSmiValue == SW_SMI_HDD_PASSWORD_SAVE) {
+ pBS->CopyMem( &SmmCommunicationHeader->HeaderGuid, &gSaveHddPasswordGuid, sizeof( EFI_GUID ) );
+ } else if( SwSmiValue == SW_SMI_HDD_PASSWORD_REMOVE ) {
+ pBS->CopyMem( &SmmCommunicationHeader->HeaderGuid, &gRemoveHddPasswordGuid, sizeof( EFI_GUID ) );
+ } else {
+ // Unknown SwSmiValue
+ return EFI_UNSUPPORTED;
+ }
+
+ SmmCommunicationHeader->MessageLength = sizeof(HDD_PASSWORD);
+ pBS->CopyMem( &SmmCommunicationHeader->Data, HDDPasswordBuffer, sizeof(HDD_PASSWORD) );
+
+ CommBufferSize = sizeof(CommBuffer);
+ Status = gSmmCommunication->Communicate (gSmmCommunication, &CommBuffer[0], &CommBufferSize);
+#else
+ // Now Generate a SW SMI to log this data
+ mSmmCtl->Trigger( mSmmCtl, &SwSmiValue, &DataSize, 0, 0 );
+#endif
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+//
+// Procedure: UpdateIdentifyData
+//
+// Description: Updates Identify command data.IDENTIFY_DATA(Command Code: 0xEC)
+// command used to update the Identifydata buffer.
+//
+// Input:
+// IN IDE_BUS_PROTOCOL *IdeBusInterface,
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : Identifydata updated successfully.
+// EFI_ERROR : Failed to update the identifydata.
+//
+// Notes: ATA/ATAPI device type should have beeen known already.
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS UpdateIdentifyData(
+ IN IDE_BUS_PROTOCOL *BusInterface,
+ IN BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ COMMAND_STRUCTURE CommandStructure;
+
+ ZeroMemory( &CommandStructure, sizeof(COMMAND_STRUCTURE));
+
+ CommandStructure.ByteCount = sizeof(IDENTIFY_DATA);
+ CommandStructure.Command = IDENTIFY_COMMAND;
+
+ Status = CommonPioDataHook( BusInterface, CommandStructure, ModeFlag );
+
+ return Status;
+}
+
+#if MASTER_PASSWORD_ENABLE
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: OEMSetMasterPassword
+//
+// Description: Sets the Default Password String provided by OEM as
+// Master Password. SECURITY_SET_PASSWORD(Command Code : 0xF1)
+// security command is used to set the master password.
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+//
+// Output:
+// EFI_SUCCESS : OEM Master password set successfully.
+// EFI_ERROR : Failed to set OEM Master passord to the hard disk.
+//
+// Notes:
+// OEM_MASTER_PASSWORD_TAG token string will be set as oem master password.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS OEMSetMasterPassword(
+ IN IDE_SECURITY_PROTOCOL *This )
+{
+ EFI_STATUS Status = 0;
+ UINT8 Buffer[IDE_PASSWORD_LENGTH];
+ UINT16 Control = 1;
+ UINT16 RevisionCode = 0xFFFE;
+ UINTN i;
+ UINT16 SecurityStatus = 0;
+
+ MemSet( &Buffer, IDE_PASSWORD_LENGTH, 0 );
+
+ for ( i = 0; i < IDE_PASSWORD_LENGTH; i++ )
+ {
+ Buffer[i] = (UINT8)sOemMasterPasswordTag[i];
+
+#if defined SETUP_PASSWORD_NON_CASE_SENSITIVE && SETUP_PASSWORD_NON_CASE_SENSITIVE
+ Buffer[i] = ((Buffer[i]>='a')&&(Buffer[i]<='z'))?(Buffer[i]+'A'-'a'):Buffer[i];
+#endif
+ if ( sOemMasterPasswordTag[i] == L'\0' )
+ {
+ break;
+ }
+ }
+
+ //
+ //Set the OEM master password if the HDD is not in Frozen or locked state.
+ //
+ ReturnSecurityStatus( This, &SecurityStatus );
+
+ if ( !((SecurityStatus & 0x04) || (SecurityStatus & 0x08)))
+ {
+ Status = SecuritySetPassword( This, Control, Buffer, RevisionCode );
+ }
+
+ return Status;
+}
+
+#endif
+
+#if (!DISABLE_SOFT_SET_PREV && !FORCE_HDD_PASSWORD_PROMPT ) || HDD_PASSWORD_ON_NVRAM
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: GatherIdeInfo
+//
+// Description: Gathers Ide Device's Bus,Func,Device & PM/PS/SM/SS Info.
+//
+// Input:
+// IN VOID *BusInterface,
+// OUT UINT32 *HddDataId
+//
+// Output:
+// EFI_SUCCESS : IDE info retrieved successfully.
+// EFI_ERROR : Failed to get IDE info.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS GatherIdeInfo(
+ IN VOID *BusInterface,
+ BOOLEAN ModeFlag,
+ OUT UINT32 *HddDataId )
+{
+ EFI_STATUS Status;
+ UINTN SegNum;
+ UINTN BusNum;
+ UINTN DevNum;
+ UINTN FuncNum;
+ UINT16 wBDF;
+ UINT16 wPortPMModeFlag;
+ UINT8 ChannelorPort;
+ UINT8 DeviceorPMPort;
+ EFI_PCI_IO_PROTOCOL *PciIo;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ PciIo = IdeBusInterface->PciIO;
+ ChannelorPort = IdeBusInterface->IdeDevice.Channel;
+ DeviceorPMPort = IdeBusInterface->IdeDevice.Device;
+ }
+ else {
+ PciIo = SataDevInterface->AhciBusInterface->PciIO;
+ ChannelorPort = SataDevInterface->PortNumber;
+ DeviceorPMPort = SataDevInterface->PMPortNumber;
+ }
+
+ Status = PciIo->GetLocation( PciIo, &SegNum, &BusNum, &DevNum, &FuncNum );
+
+ wBDF = (UINT16)((BusNum << 8) | (DevNum << 3) | FuncNum );
+ wPortPMModeFlag = (UINT16)((ChannelorPort << 12) \
+ | (DeviceorPMPort << 4) \
+ | ((UINT8)ModeFlag));
+
+ *HddDataId = (UINT32)(((UINT16)wBDF << 16) + ((UINT16)wPortPMModeFlag));
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: SetHddSecDataInNvram
+//
+// Description: Sets Hdd Security Data in NVRAM Area.
+//
+// Input:
+// IN VOID *BusInterface,
+// UINT32 *HddDataId
+// UINT16 Control,
+// UINT8 *Buffer
+//
+// Control : Bit 0 : 0/1 User/Master Password
+//
+// Buffer : Pointer to password buffer which will be used to when sending
+// SecurityCommand.
+// Output:
+// EFI_SUCCESS : HDDPassword saved in NVram which later will be transfered to
+// SMRAM.
+// EFI_ERROR : Failed to save the HDD password in nvram.
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS SetHddSecDataInNvram(
+ IN VOID *BusInterface,
+ UINT32 *HddDataId,
+ UINT16 Control,
+ UINT8 *Buffer )
+{
+ EFI_STATUS Status;
+ HDDSECDATA *HddSecData=NULL;
+ UINTN i;
+ CHAR16 *HddSecutiyData = NULL;
+ UINT8 CryptBuffer[IDE_PASSWORD_LENGTH];
+ UINTN HddSecDataSize = sizeof (HDDSECDATA);
+ UINT32 ParseIndex;
+ UINT32 Attribute = 0;
+
+ pBS->AllocatePool( EfiBootServicesData, sizeof (HDDSECDATA), &HddSecData );
+ pBS->SetMem( HddSecData, sizeof(HDDSECDATA), 0 );
+ pBS->AllocatePool( EfiBootServicesData,
+ IDE_PASSWORD_LENGTH,
+ &HddSecutiyData );
+ pBS->SetMem( HddSecutiyData, IDE_PASSWORD_LENGTH, 0 );
+ ConvertHddDataIdToString( *HddDataId, HddSecutiyData );
+
+ //
+ // Get the password variable so that other password will be
+ // maintained in the nvram variable.
+ //
+ Status = pRS->GetVariable(
+ HddSecutiyData,
+ &gIdeSecurityPwNvguid,
+ &Attribute,
+ &HddSecDataSize,
+ HddSecData
+ );
+
+ if ( EFI_ERROR( Status ))
+ {
+ pBS->SetMem( HddSecData, sizeof(HDDSECDATA), 0 );
+ if(Attribute == 0) {
+ Attribute = (UINT32)(EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
+ }
+ }
+
+
+ for ( ParseIndex = 0; ParseIndex < IDE_PASSWORD_LENGTH; ParseIndex++ )
+ {
+ if ( Buffer[ParseIndex] == 0 )
+ {
+ break;
+ }
+ }
+
+ HddSecData->UserMaster = Control;
+ HddSecData->PasswordLength = ParseIndex;
+
+ if ( Control & 0x01 )
+ {
+ EncodeDecodePassword( Buffer, CryptBuffer, ParseIndex );
+
+ for ( i = 0; i < ParseIndex; i++ )
+ {
+ HddSecData->HddMasterPassword[i] = CryptBuffer[i];
+ }
+
+ for ( i = ParseIndex; i < sizeof (HddSecData->HddMasterPassword); i++ )
+ {
+ HddSecData->HddMasterPassword[i] = 00;
+ }
+ }
+ else {
+ EncodeDecodePassword( Buffer, CryptBuffer, ParseIndex );
+
+ for ( i = 0; i < ParseIndex; i++ )
+ {
+ HddSecData->HddUserPassword[i] = CryptBuffer[i];
+ }
+
+ for ( i = ParseIndex; i < sizeof (HddSecData->HddUserPassword); i++ )
+ {
+ HddSecData->HddUserPassword[i] = 00;
+ }
+ }
+
+ Status = pRS->SetVariable(
+ HddSecutiyData,
+ &gIdeSecurityPwNvguid,
+ Attribute,
+ HddSecDataSize,
+ HddSecData
+ );
+
+ ASSERT_EFI_ERROR( Status );
+ pBS->FreePool( HddSecData );
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: TransferPwDataFromNvramToSmram
+//
+// Description: Transfers Stored Data from NVRAM to SMRAM.
+//
+// Input:
+// IN IDE_SECURITY_PROTOCOL *This,
+//
+// Output:
+// EFI_SUCCESS : Password saved in SMRAM.
+// EFI_DEVICE_ERROR : Password not saved in SMRAM.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS TransferPwDataFromNvramToSmram(
+ IN IDE_SECURITY_PROTOCOL *This
+)
+{
+ UINT32 HddDataId = 0;
+ UINT16 UserMaster = 0;
+ CHAR16 *HddSecutiyData = NULL;
+ HDDSECDATA *HddSecData = NULL;
+ VOID *BusInterface \
+ = ((SECURITY_PROTOCOL* )This)->BusInterface;
+ BOOLEAN ModeFlag = ((SECURITY_PROTOCOL* )This)->ModeFlag;
+ EFI_STATUS Status;
+ UINT16 Control;
+ UINTN i;
+ UINTN HddSecDataSize = sizeof (HDDSECDATA);
+ UINT8 CryptBuffer[IDE_PASSWORD_LENGTH];
+ UINT8 Buffer[IDE_PASSWORD_LENGTH];
+ UINT16 SecurityStatus = 0;
+
+ Status=ReturnSecurityStatus( This, &SecurityStatus );
+
+ if(EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ // Hdd Password Nvram Variable will not be avilable if the HDD is in locked state.
+ // So return without copying the password to Smram as the password
+ // data is not avilable
+
+ if ( SecurityStatus & 4 ) {
+ return EFI_SUCCESS;
+ }
+
+ Status = GatherIdeInfo( BusInterface, ModeFlag, &HddDataId );
+ ASSERT_EFI_ERROR( Status );
+
+ pBS->AllocatePool( EfiBootServicesData,
+ IDE_PASSWORD_LENGTH,
+ &HddSecutiyData );
+ pBS->SetMem( HddSecutiyData, IDE_PASSWORD_LENGTH, 0 );
+ ConvertHddDataIdToString( HddDataId, HddSecutiyData );
+
+ pBS->AllocatePool( EfiBootServicesData, sizeof (HDDSECDATA), &HddSecData );
+ pBS->SetMem( HddSecData, sizeof(HDDSECDATA), 0 );
+
+ pBS->SetMem( Buffer, IDE_PASSWORD_LENGTH, 0 );
+
+ Status = pRS->GetVariable(
+ HddSecutiyData,
+ &gIdeSecurityPwNvguid,
+ NULL,
+ &HddSecDataSize,
+ HddSecData
+ );
+
+ if(Status){
+ Status = HDDPortReset(BusInterface,ModeFlag);
+ return Status;
+ }
+
+ Control = HddSecData->UserMaster;
+
+ if ( Control & 0x01 )
+ {
+ for ( i = 0; i < sizeof (HddSecData->HddMasterPassword); i++ )
+ {
+ CryptBuffer[i] = HddSecData->HddMasterPassword[i];
+ }
+
+ EncodeDecodePassword( CryptBuffer, Buffer, HddSecData->PasswordLength );
+ }
+ else {
+ for ( i = 0; i < sizeof (HddSecData->HddUserPassword); i++ )
+ {
+ CryptBuffer[i] = HddSecData->HddUserPassword[i];
+ }
+
+ EncodeDecodePassword( CryptBuffer, Buffer, HddSecData->PasswordLength );
+ }
+
+ SmmHDDPasswordInterface( This,
+ Control,
+ Buffer,
+ SW_SMI_HDD_PASSWORD_SAVE );
+
+ pBS->FreePool( HddSecData );
+
+ return Status;
+}
+
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: ConvertHddDataIdToString
+//
+// Description: Converts Integer HDD Data Id to String.
+//
+// Input:
+// IN UINT32 DataId,
+// OUT CHAR16 *String
+// Output:
+// None
+//
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID ConvertHddDataIdToString(
+ IN UINT32 DataId,
+ OUT CHAR16 *String )
+{
+ Swprintf( String, L"%*d", 0, DataId );
+ return;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: EncodeDecodePassword
+//
+// Description: Encodes/Decodes Password.
+//
+// Input:
+// IN UINT8 *InputString,
+// OUT UINT8 *OutputString,
+// IN UINT32 StringLen
+// Output:
+// None
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID EncodeDecodePassword(
+ IN UINT8 *InputString,
+ OUT UINT8 *OutputString,
+ IN UINT32 StringLength )
+{
+ UINT8 *Key;
+ UINT32 i;
+ UINT32 KeyIndex;
+ UINT32 KeyLength;
+
+ if ((InputString == NULL) || (StringLength == 0))
+ {
+ return;
+ }
+
+ KeyLength = (UINT32)( Strlen( HDD_PWD_ENCRYPTION_KEY ));
+ pBS->AllocatePool( EfiBootServicesData, KeyLength, (VOID**)&Key );
+ pBS->SetMem( Key, KeyLength, 0 );
+ pBS->CopyMem( Key, HDD_PWD_ENCRYPTION_KEY, KeyLength );
+ ASSERT( Key != NULL );
+
+ for ( i = 0, KeyIndex = 0; i < StringLength; i++, KeyIndex++ )
+ {
+ if ( KeyIndex == (KeyLength - 1))
+ {
+ KeyIndex = 0;
+ }
+ OutputString[i] = (UINT8) ( InputString[i] ^ Key[KeyIndex] );
+ }
+
+ pBS->FreePool( Key );
+ return;
+}
+
+#endif
+
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: CommonNonDataHook
+//
+// Description: Common Hook which Calls Non Data Command.
+//
+// Input: IN VOID* BusInterface,
+// IN COMMAND_STRUCTURE CommandStructure,
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : Non Data command completed successfully.
+// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS CommonNonDataHook(
+ IN VOID *BusInterface,
+ IN COMMAND_STRUCTURE CommandStructure,
+ IN BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ CommandStructure.Device = IdeBusInterface->IdeDevice.Device << 4;
+
+ //
+ // Idebus API changed from Core 4.6.5.2. Added Core Version check for the OLD
+ // Core support.
+ //
+#if defined CORE_COMBINED_VERSION && (CORE_COMBINED_VERSION > 0x4028b)
+ Status = IdeBusInterface->IdeNonDataCommand(
+ IdeBusInterface,
+ CommandStructure.Features,
+ (UINT8)CommandStructure.SectorCount,
+ (UINT8)(CommandStructure.SectorCount >> 8),
+ CommandStructure.LBALow,
+ CommandStructure.LBALowExp,
+ CommandStructure.LBAMid,
+ CommandStructure.LBAMidExp,
+ CommandStructure.LBAHigh,
+ CommandStructure.LBAHighExp,
+ CommandStructure.Device,
+ CommandStructure.Command
+ );
+#else
+ Status = IdeBusInterface->IdeNonDataCommand(
+ IdeBusInterface,
+ CommandStructure.Features,
+ (UINT8)CommandStructure.SectorCount,
+ CommandStructure.LBALow,
+ CommandStructure.LBAMid,
+ CommandStructure.LBAHigh,
+ CommandStructure.Device,
+ CommandStructure.Command
+ );
+
+#endif
+ }
+ else {
+ Status = SataDevInterface->AhciBusInterface->ExecuteNonDataCommand(
+ SataDevInterface,
+ CommandStructure
+ );
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: CommonPioDataHook
+//
+// Description: Common Hook which Calls Pio Data Command.
+//
+// Input: IN VOID* BusInterface,
+// IN COMMAND_STRUCTURE CommandStructure,
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : Pio data command completed.
+// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS CommonPioDataHook(
+ IN VOID *BusInterface,
+ IN COMMAND_STRUCTURE CommandStructure,
+ IN BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+ VOID *IdentifyBuffer = NULL;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ sizeof(IDENTIFY_DATA),
+ (VOID**)&IdentifyBuffer
+ );
+ //
+ // Read Identifydata
+ //
+ CommandStructure.Buffer = IdentifyBuffer;
+
+ if ( ModeFlag == FALSE )
+ {
+ CommandStructure.Device = IdeBusInterface->IdeDevice.Device << 4;
+ Status = IdeBusInterface->AtaPioDataIn(
+ IdeBusInterface,
+ CommandStructure
+ .Buffer,
+ CommandStructure
+ .ByteCount,
+ CommandStructure
+ .Features,
+ (UINT8)
+ CommandStructure.SectorCount,
+ CommandStructure
+ .LBALow,
+ CommandStructure
+ .LBAMid,
+ CommandStructure
+ .LBAHigh,
+ CommandStructure
+ .Device,
+ CommandStructure
+ .Command,
+ FALSE
+ );
+ //
+ // Copy Identify Data
+ //
+ pBS->CopyMem( &(IdeBusInterface->IdeDevice.IdentifyData),
+ IdentifyBuffer,
+ sizeof(IDENTIFY_DATA)
+ );
+ }
+ else {
+ Status = SataDevInterface->AhciBusInterface->ExecutePioDataCommand(
+ SataDevInterface,
+ &CommandStructure,
+ FALSE
+ );
+
+ //
+ // Copy Identify Data
+ //
+ pBS->CopyMem( &(SataDevInterface->IdentifyData),
+ IdentifyBuffer,
+ sizeof(IDENTIFY_DATA)
+ );
+ }
+
+ pBS->FreePool( IdentifyBuffer );
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+//
+// Procedure: CommonReadWritePioHook
+//
+// Description: Common Hook which Calls Read Write PIO.
+//
+// Input:
+// IN VOID *BusInterface,
+// VOID *Buffer,
+// UINTN ByteCount,
+// UINT64 LBA
+// IN UINT8 ReadWriteCommand,
+// IN BOOLEAN ReadWrite Read/Write = 0/1
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// *Buffer updated from PIO command.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS CommonReadWritePioHook(
+ IN VOID *BusInterface,
+ IN OUT VOID *Buffer,
+ IN UINTN ByteCount,
+ IN UINT64 LBA,
+ IN UINT8 ReadWriteCommand,
+ IN BOOLEAN ReadWrite,
+ IN BOOLEAN ModeFlag )
+{
+ EFI_STATUS Status;
+ IDE_BUS_PROTOCOL *IdeBusInterface;
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+
+ IdeBusInterface = (IDE_BUS_PROTOCOL*)BusInterface;
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+
+ if ( ModeFlag == FALSE )
+ {
+ Status = IdeBusInterface->AtaReadWritePio(
+ IdeBusInterface,
+ Buffer,
+ ByteCount,
+ 0,
+ ReadWriteCommand,
+ TRUE
+ );
+ }
+ else {
+ Status = SataDevInterface->AhciBusInterface->SataReadWritePio(
+ SataDevInterface,
+ Buffer,
+ ByteCount,
+ 0,
+ ReadWriteCommand,
+ TRUE
+ );
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: LocateAhciSmmServiceEvent
+//
+// Description: Generates the SwSMI to Locate the AhciSMM Protocol
+// that is used by IdeSMM.
+//
+// Input:
+// EFI_EVENT Event,
+// VOID *Context
+//
+// Output:
+// None
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+VOID LocateAhciSmmServiceEvent(
+ EFI_EVENT Event,
+ VOID *Context )
+{
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+ EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(UINT8*)];
+ UINTN CommBufferSize;
+ EFI_STATUS Status;
+#elif defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+ UINT8 DataSize = 1;
+#else
+ UINTN DataSize = 1;
+#endif
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x00010014)
+
+ if(gSmmCommunication != NULL) {
+ Status = pBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &gSmmCommunication);
+ if (EFI_ERROR(Status)) {
+ ASSERT_EFI_ERROR(Status);
+ return ;
+ }
+ }
+
+ // Copy Smm Communicate Header Here
+ SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *)CommBuffer;
+ pBS->CopyMem( &SmmCommunicateHeader->HeaderGuid, &gLocateIdeAhciSmmProtocolGuid, sizeof( EFI_GUID ) );
+ SmmCommunicateHeader->MessageLength = sizeof(UINT8 *);
+
+ // Allocate the Buffer for the Passing the Password Data to
+ // Unlock command in SMM
+ Status = pBS->AllocatePool( EfiReservedMemoryType,
+ 512,
+ (VOID**)&SmmCommunicateHeader->Data );
+
+ // Calculate Size of Communication buffer
+ CommBufferSize = sizeof (CommBuffer);
+
+ // Send data to SMM.
+ Status = gSmmCommunication->Communicate (gSmmCommunication, &CommBuffer[0], &CommBufferSize);
+ ASSERT_EFI_ERROR(Status);
+
+#else
+ UINT8 SwSmiValue = SW_SMI_AHCI_LOCATE_AHCI_SMM;
+
+ // Now Generate a SW SMI to Locate all the SMM protocols used by IDESMM
+ mSmmCtl->Trigger( mSmmCtl, &SwSmiValue, &DataSize, 0, 0 );
+#endif
+
+ return;
+}
+
+
+EFI_STATUS
+HDDPortReset(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag
+)
+{
+
+ EFI_STATUS Status;
+ AHCI_BUS_PROTOCOL *AhciBusInterface;
+ SATA_DEVICE_INTERFACE *SataDeviceInterface;
+ DLINK *dlink;
+ COMMAND_STRUCTURE CommandStructure = {0};
+ SATA_DEVICE_INTERFACE *SataDevInterface;
+ EFI_OPEN_PROTOCOL_INFORMATION_ENTRY *Entries = NULL;
+
+
+ SataDevInterface = (SATA_DEVICE_INTERFACE*)BusInterface;
+ AhciBusInterface = SataDevInterface->AhciBusInterface;
+
+ if ( ModeFlag == FALSE ) {
+ return EFI_UNSUPPORTED;
+ }
+
+ // Issue Disable Software Preservation command all the Sata Devices connected.
+ dlink = AhciBusInterface->SataDeviceList.pHead;
+ if (dlink){
+ do {
+ SataDeviceInterface = OUTTER(dlink, SataDeviceLink, SATA_DEVICE_INTERFACE);
+ if(SataDevInterface->PortNumber == SataDeviceInterface->PortNumber &&
+ SataDevInterface->PMPortNumber == SataDeviceInterface->PMPortNumber) {
+
+ // Send Disable Software Preservation command.
+ CommandStructure.Features = DISABLE_SATA2_SOFTPREV;
+ CommandStructure.SectorCount = 6;
+ CommandStructure.Command = SET_FEATURE_COMMAND;
+ Status = AhciBusInterface->ExecuteNonDataCommand(SataDeviceInterface,
+ CommandStructure);
+ break;
+ }
+ dlink = dlink-> pNext;
+ }while (dlink);
+ }
+
+ // Reset the port to restore the initial State
+ Status = AhciBusInterface->GeneratePortReset(
+ AhciBusInterface,
+ SataDevInterface,
+ SataDevInterface->PortNumber,
+ SataDevInterface->PMPortNumber,
+ 0,
+ 0
+ );
+
+
+ // Disconnect the Controller Handle
+ Status = pBS->DisconnectController(
+ AhciBusInterface->ControllerHandle,
+ NULL,
+ NULL);
+
+ // Connect Controller handle again to invoke the HDD Password Verfication
+ Status = pBS->ConnectController(
+ AhciBusInterface->ControllerHandle,
+ NULL,
+ NULL,
+ TRUE);
+
+ // Send Enable Software Preservation command.
+ CommandStructure.Features = 0x10;
+ CommandStructure.SectorCount = 6;
+ CommandStructure.Command = SET_FEATURE_COMMAND;
+ Status = AhciBusInterface->ExecuteNonDataCommand(SataDeviceInterface,
+ CommandStructure);
+
+ return Status;
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Core/EM/HddSecurity/IdeSecurity.chm b/Core/EM/HddSecurity/IdeSecurity.chm
new file mode 100644
index 0000000..abc643a
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.chm
Binary files differ
diff --git a/Core/EM/HddSecurity/IdeSecurity.cif b/Core/EM/HddSecurity/IdeSecurity.cif
new file mode 100644
index 0000000..bcdd7df
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.cif
@@ -0,0 +1,22 @@
+<component>
+ name = "IdeSecurity"
+ category = eModule
+ Rank = 31
+ LocalRoot = "Core\EM\HddSecurity\"
+ RefName = "IdeSecurity"
+[files]
+"IdeSecurity.sdl"
+"IdeSecurity.mak"
+"IdeSecurity.h"
+"IdeSecurity.c"
+"IdeSecuritySetup.c"
+"IdeSecurityBdsCall.c"
+"IdeSecurity.sd"
+"IdeSecurity.uni"
+"IdeSecurity.dxs"
+"IdeSecurity.chm"
+"IdeSecurityCommon.sd"
+[parts]
+"IDESMM"
+"AmiTseHddPassword"
+<endComponent>
diff --git a/Core/EM/HddSecurity/IdeSecurity.dxs b/Core/EM/HddSecurity/IdeSecurity.dxs
new file mode 100644
index 0000000..0d3347d
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.dxs
@@ -0,0 +1,86 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2007, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.dxs 5 4/06/11 12:53a Rameshr $
+//
+// $Revision: 5 $
+//
+// $Date: 4/06/11 12:53a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.dxs $
+//
+// 5 4/06/11 12:53a Rameshr
+// [TAG]- EIP 57341
+// [Category]-IMPROVEMENT
+// [Description]- Added Support for SMM PI 1.1 in HDDSecurity eModule.
+// [Files]- IdeSecurity.c , IdeSecurity.h, IdeSecurity.dxs
+//
+// 4 2/19/10 12:51p Yul
+// Delete comment out codes
+//
+// 3 1/21/10 12:08p Yul
+// Refer to EIP 33848
+// LegacyBios is not needed here.
+//
+// 2 12/09/09 12:19p Krishnakumarg
+// EIP 31797 : IDE Security API documentation. Added comments whereever
+// possible and modified files for coding standard
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+//
+//
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: IdeSecurity.DXS
+//
+// Description: Dependency expression for IDESecurity driver.
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+#include <Protocol/SmmControl2.h>
+#else
+#include <Protocol/SmmControl.h>
+#endif
+
+DEPENDENCY_START
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+ EFI_SMM_CONTROL2_PROTOCOL_GUID
+#else
+ EFI_SMM_CONTROL_PROTOCOL_GUID
+#endif
+DEPENDENCY_END
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2007, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 6145-F Northbelt Pkwy, Norcross, GA 30071 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Core/EM/HddSecurity/IdeSecurity.h b/Core/EM/HddSecurity/IdeSecurity.h
new file mode 100644
index 0000000..dbc6a18
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.h
@@ -0,0 +1,470 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2015, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.h 13 4/22/15 3:57a Anbuprakashp $
+//
+// $Revision: 13 $
+//
+// $Date: 4/22/15 3:57a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.h $
+//
+// 13 4/22/15 3:57a Anbuprakashp
+// [TAG] EIP212319
+// [Category] Bug Fix
+// [Severity] Normal
+// [Symptom] System hang while SW_SMI_AHCI_LOCATE_AHCI_SMM SMI trigger
+// after enable SmmChkEn bit
+// [RootCause] Bootservice call used inside IdeSmm driver which causes
+// the Exception
+// [Solution] Changes made not to use BootService calls inside IdeSmm
+// driver
+// [Files] IdeSecurity.h
+// IdeSecurity.c
+// IDESMM.c
+//
+// 12 10/11/11 1:54a Rameshr
+// [TAG] EIP69246
+// [Category] Improvement
+// [Description] Made the SECURITY_SUPPORT as the Master token and
+// removed the IdeSecurity_Support token.
+// [Files] IdeSecurity.c, IdeSecurity.h, IdeSecurity.mak,
+// IdeSecurity.sdl
+//
+// 11 4/06/11 12:53a Rameshr
+// [TAG]- EIP 57341
+// [Category]-IMPROVEMENT
+// [Description]- Added Support for SMM PI 1.1 in HDDSecurity eModule.
+// [Files]- IdeSecurity.c , IdeSecurity.h, IdeSecurity.dxs
+//
+// 10 10/13/10 4:26a Rameshr
+// [TAG] - EIP 43790
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - The IDE_SECURITY_PWNV_GUID in IdeSecurity.h will cause
+// compile failed in some case
+// [RootCause] - The definition of IDE_SECURITY_PWNV_GUID contains a
+// semicolon in the end of line
+// [Solution] - Removed the SemiColon in the end of line
+// [Files] - IdeSecurity.h
+//
+// 9 9/20/10 4:16a Rameshr
+// [TAG]- EIP 44182
+// [Category]-IMPROVEMENT
+// [Description]- Unable to build the project with HDDSecurity module and
+// without AHCI module.
+// [Files]- IdeSecurity.h, IdeSmm.c
+//
+// 8 2/19/10 12:48p Yul
+// Delete the comment out codes.
+//
+// 7 1/21/10 12:07p Yul
+// Refer to EIP 33848
+// LegacyBios protocol is not needed here.
+//
+// 6 1/15/10 10:21a Yul
+// Coding Standard
+//
+// 5 11/25/09 6:03p Krishnakumarg
+// Removed Tab spaces to comply with AMI coding standard.
+//
+// 4 7/14/09 1:55p Pats
+// EIP 22925: Request to set HDD password length by token.
+// Solution: Token added to IdeSecurity.sdl, and definition removed from
+// IdeSecurity.h
+//
+// 3 4/28/09 6:46p Rameshr
+// HDD password support in RAID mode
+// EIP:20421
+//
+// 2 4/11/08 4:28p Rameshraju
+// 1)Enter the Emptry string for the master password, will set the default
+// OEM password and in setup password status will be not installed.
+// 2)If the revision code is not 0, then SecuritySetPassword will use
+// revision code from the input parameters.
+// 3)HddSecutiyData Nvram variable master password cleared when we set
+// user password and user password cleared when we set master password.
+// 4)When we disable the password, HddSecutiyData Nvram variable also
+// updated properly.
+// 5)Password lenght stored in HddSecData structure.
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+//
+//<AMI_FHDR_START>
+//----------------------------------------------------------------------------
+//
+// Name: <IdeSecurity.h>
+//
+// Description: This file contains the Includes, Definitions, typedefs,
+// Variable and External Declarations, Structure and
+// function prototypes needed for the IdeSecurity driver
+//
+//----------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#ifndef _IdeSecurity_
+#define _IdeSecurity_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <Efi.h>
+#include <Token.h>
+#include <Dxe.h>
+#include <AmiDxeLib.h>
+#include "Protocol\PciIo.h"
+#include "Protocol\DevicePath.h"
+#include "protocol\DriverBinding.h"
+#include "protocol\BlockIo.h"
+#include "Protocol\PDiskInfo.h"
+#include "Protocol\PIDEController.h"
+#include "Protocol\PIDEBus.h"
+#include "Protocol\PAhciBus.h"
+#include <Protocol\ComponentName.h>
+#include <Protocol\BootScriptSave.h>
+#include <Protocol\SmmBase.h>
+#include <Protocol\SmmCommunication.h>
+#if defined(PI_SPECIFICATION_VERSION)&&(PI_SPECIFICATION_VERSION>=0x0001000A)
+#include <Protocol\SmmControl2.h>
+#else
+#include <Protocol\SmmControl.h>
+#endif
+#if ( defined(AhciSrc_SUPPORT) && (AhciSrc_SUPPORT != 0) )
+#include <Protocol\AhciSmmProtocol.h>
+#endif
+
+#define IDE_SECURITY_PWNV_GUID \
+{ 0x69967a8c, 0x1159, 0x4522, 0xaa, 0x89, 0x74, 0xcd, 0xc6, 0xe5, 0x99, 0xa0}
+
+#define EFI_SMM_SAVE_HDD_PASSWORD_GUID \
+ { 0xeedcf975, 0x4dd3, 0x4d94, 0x96, 0xff, 0xaa, 0xca, 0x83, 0x53, 0xb8, 0x7b }
+
+#define EFI_SMM_REMOVE_HDD_PASSWORD_GUID \
+ { 0xc2b1e795, 0xf9c5, 0x4829, 0x8a, 0x42, 0xc0, 0xb3, 0xfe, 0x57, 0x15, 0x17 }
+
+#define AMI_LOCATE_IDE_AHCI_PROTOCOL_GUID \
+ { 0xb3f096e9, 0x2d46, 0x4e8e, 0xa2, 0x2c, 0x7d, 0xe8, 0xb1, 0x6b, 0x3a, 0x5b }
+
+#define HDD_PWD_ENCRYPTION_KEY "H?p1mA*k920_84o3d^!z@L.x4$kY64"
+
+#define EFI_SEGMENT( _Adr ) (UINT16) ((UINT16) (((UINTN) (_Adr))\
+ >> 4) & 0xf000)
+#define EFI_OFFSET( _Adr ) (UINT16) (((UINT16) ((UINTN) (_Adr))) & 0xffff)
+
+
+//###DEBUG Uncomment the following for Required Debug Level.
+
+//#define TRACE_IDESMM TRACE
+
+//###DEBUG END
+
+#define TRACE_IDESMM
+
+#define ZeroMemory( Buffer, Size ) pBS->SetMem( Buffer, Size, 0 )
+
+// Forward reference for pure ANSI compatability
+typedef struct _IDE_BUS_PROTOCOL IDE_BUS_PROTOCOL;
+
+HDD_SECURITY_INIT_PROTOCOL *gHddSecurityInitProtocol;
+
+EFI_GUID gSaveHddPasswordGuid=EFI_SMM_SAVE_HDD_PASSWORD_GUID;
+EFI_GUID gRemoveHddPasswordGuid=EFI_SMM_REMOVE_HDD_PASSWORD_GUID;
+EFI_GUID gLocateIdeAhciSmmProtocolGuid=AMI_LOCATE_IDE_AHCI_PROTOCOL_GUID;
+EFI_GUID gEfiSmmCommunicationProtocolGuid=EFI_SMM_COMMUNICATION_PROTOCOL_GUID;
+
+#pragma pack(1)
+
+typedef struct
+{
+ UINT8 Bus;
+ UINT8 Device;
+ UINT8 Function;
+ UINT8 Controller;
+ UINT32 Reserved;
+} EDD_PCI;
+
+typedef struct
+{
+ UINT16 Base;
+ UINT16 Reserved;
+ UINT32 Reserved2;
+} EDD_LEGACY;
+
+typedef union
+{
+ EDD_PCI Pci;
+ EDD_LEGACY Legacy;
+} EDD_INTERFACE_PATH;
+
+typedef struct
+{
+ UINT8 Master;
+ UINT8 Reserved[15];
+} EDD_ATA;
+
+typedef struct
+{
+ UINT8 Master;
+ UINT8 Lun;
+ UINT8 Reserved[14];
+} EDD_ATAPI;
+
+typedef struct
+{
+ UINT16 TargetId;
+ UINT64 Lun;
+ UINT8 Reserved[6];
+} EDD_SCSI;
+
+typedef struct
+{
+ UINT64 SerialNumber;
+ UINT64 Reserved;
+} EDD_USB;
+
+typedef struct
+{
+ UINT64 Guid;
+ UINT64 Reserved;
+} EDD_1394;
+
+typedef struct
+{
+ UINT64 Wwn;
+ UINT64 Lun;
+} EDD_FIBRE;
+
+typedef struct
+{
+ UINT8 bPortNum;
+ UINT8 Reserved[15];
+} EDD_SATA;
+
+typedef union
+{
+ EDD_ATA Ata;
+ EDD_ATAPI Atapi;
+ EDD_SCSI Scsi;
+ EDD_USB Usb;
+ EDD_1394 FireWire;
+ EDD_FIBRE FibreChannel;
+ EDD_SATA Sata;
+} EDD_DEVICE_PATH;
+
+typedef struct
+{
+ UINT16 StructureSize;
+ UINT16 Flags;
+ UINT32 MaxCylinders;
+ UINT32 MaxHeads;
+ UINT32 SectorsPerTrack;
+ UINT64 PhysicalSectors;
+ UINT16 BytesPerSector;
+ UINT32 FDPT;
+ UINT16 Key;
+ UINT8 DevicePathLength;
+ UINT8 Reserved1;
+ UINT16 Reserved2;
+ CHAR8 HostBusType[4];
+ CHAR8 InterfaceType[8];
+ EDD_INTERFACE_PATH InterfacePath;
+ EDD_DEVICE_PATH DevicePath;
+ UINT8 Reserved3;
+ UINT8 Checksum;
+} EDD_DRIVE_PARAMETERS;
+
+typedef struct _HDDSECDATA
+{
+ UINT16 UserMaster;
+ UINT32 PasswordLength;
+ UINT8 HddUserPassword[IDE_PASSWORD_LENGTH];
+ UINT8 HddMasterPassword[IDE_PASSWORD_LENGTH];
+} HDDSECDATA;
+
+#pragma pack()
+
+
+
+EFI_STATUS InstallSecurityInterface (
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS StopSecurityModeSupport (
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS ReturnSecurityStatus (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 *SecurityStatus );
+
+EFI_STATUS SecuritySetPassword (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT16 RevisionCode );
+
+EFI_STATUS SecurityUnlockPassword (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer );
+
+EFI_STATUS SecurityDisablePassword (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer );
+
+EFI_STATUS SetDefaultMasterPassword (
+ IN IDE_SECURITY_PROTOCOL *This );
+
+EFI_STATUS SecuritySetDefaultMasterPassword (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT16 RevisionCode );
+
+EFI_STATUS SecurityFreezeLock (
+ IN IDE_SECURITY_PROTOCOL *This );
+
+EFI_STATUS SecurityEraseUnit (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer );
+
+EFI_STATUS ReturnIdePasswordFlags (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT32 *IdePasswordFlags );
+
+EFI_STATUS SecurityCommonRoutine (
+ IN VOID *IdeBusInterface,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT8 SecurityCommand,
+ UINT16 RevisionCode,
+ BOOLEAN ModeFlag );
+
+EFI_STATUS ConnectController (
+ IN EFI_HANDLE ControllerHandle,
+ IN EFI_HANDLE*DriverImageHandle OPTIONAL,
+ IN EFI_DEVICE_PATH_PROTOCOL*RemainingDevicePath OPTIONAL,
+ IN BOOLEAN Recursive );
+
+EFI_STATUS GatherIdeInfo (
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag,
+ OUT UINT32 *HddDataId );
+
+EFI_STATUS UpdateIdentifyData (
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS SetHddSecDataInNvram (
+ IN VOID *BusInterface,
+ UINT32 *HddDataId,
+ UINT16 Control,
+ UINT8 *Buffer );
+
+EFI_STATUS TransferPwDataFromNvramToSmram (
+ IN IDE_SECURITY_PROTOCOL *This );
+
+VOID ConvertHddDataIdToString (
+ IN UINT32 DataId,
+ OUT CHAR16 *String );
+
+VOID EncodeDecodePassword (
+ IN UINT8 *InputString,
+ OUT UINT8 *OutputString,
+ IN UINT32 StringLength );
+
+EFI_STATUS OEMSetMasterPassword (
+ IN IDE_SECURITY_PROTOCOL *This );
+
+EFI_STATUS SmmHDDPasswordInterface (
+ IN IDE_SECURITY_PROTOCOL *This,
+ UINT16 Control,
+ UINT8 *Buffer,
+ UINT8 Action );
+
+VOID IdeBusCallbackBootScript (
+ IN EFI_EVENT Event,
+ IN VOID *Context );
+
+VOID IdeBusMiscSmmFeatureCallback (
+ IN EFI_EVENT Event,
+ IN VOID *Context );
+
+BOOLEAN CheckAhciMode (
+ IN IDE_BUS_PROTOCOL *IdeBusInterface );
+
+UINTN EfiValueToString (
+ IN OUT CHAR16 *Buffer,
+ IN INT64 Value,
+ IN UINTN Flags,
+ IN UINTN Width );
+
+EFI_STATUS CommonNonDataHook (
+ IN VOID *BusInterface,
+ IN COMMAND_STRUCTURE CommandStructure,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS CommonPioDataHook (
+ IN VOID *BusInterface,
+ IN COMMAND_STRUCTURE CommandStructure,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS CommonReadWritePioHook (
+ IN VOID *BusInterface,
+ IN OUT VOID *Buffer,
+ IN UINTN ByteCount,
+ IN UINT64 LBA,
+ IN UINT8 ReadWriteCommand,
+ IN BOOLEAN ReadWrite,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS CommonWfccHook (
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag );
+
+VOID LocateAhciSmmServiceEvent (
+ EFI_EVENT Event,
+ VOID *Context );
+
+
+
+/****** DO NOT WRITE BELOW THIS LINE *******/
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2015, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Core/EM/HddSecurity/IdeSecurity.mak b/Core/EM/HddSecurity/IdeSecurity.mak
new file mode 100644
index 0000000..479a803
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.mak
@@ -0,0 +1,173 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.mak 9 8/11/13 11:58p Srikantakumarp $
+#
+# $Revision: 9 $
+#
+# $Date: 8/11/13 11:58p $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.mak $
+#
+# 9 8/11/13 11:58p Srikantakumarp
+# [TAG] EIP123442
+# [Category] Improvement
+# [Description] Create a new Plug-In way in the IdeSecurity Module for
+# OEM append sd file into
+# [Files] IdeSecurity.sdl, IdeSecurity.mak
+#
+# 8 6/06/13 4:04a Rameshr
+# [TAG] EIP106423
+# [Category] Improvement
+# [Description] HddPassword Support in UEFI Raid and Legacy Raid. And
+# also taken care where there is no Conin Device avilable in the post
+# [Files] IdeSecurity.cif,IdeSecurity.sdl,IdeSecurity.mak,IdeSecurityB
+# dsCall.c,HddPassword.c, Ahcibus.c, Pidebus.h
+#
+# 7 4/25/13 9:22a Kapilporwal
+# [TAG] EIP108583
+# [Category] New Feature
+# [Description] support set HDD password in same page
+# [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl,
+# IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c,
+# HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl
+#
+# 6 10/11/11 1:55a Rameshr
+# [TAG] EIP69246
+# [Category] Improvement
+# [Description] Made the SECURITY_SUPPORT as the Master token and
+# removed the IdeSecurity_Support token.
+# [Files] IdeSecurity.c, IdeSecurity.h, IdeSecurity.mak,
+# IdeSecurity.sdl
+#
+# 5 12/03/10 12:24a Rameshr
+# [TAG] - EIP 48770
+# [Category]- BUG FIX
+# [Severity]- Minor
+# [Symptom] - HddSecurity build error when disable the IDEBUS module..
+# [RootCause]- IdebusLib used with IdeSecurity Module.
+# [Solution] - Removed IdebusLib usage from source and mak file.
+# [Files] - Idesecurity.c, IdeSecurity.mak
+#
+# 4 12/09/09 12:17p Krishnakumarg
+# EIP 31797 : IDE Security API documentation. Added comments whereever
+# possible and modified files for coding standard
+#
+# 3 3/18/09 11:26a Fredericko
+# EIP19618 removed dependency on foundation.lib
+#
+# 2 3/13/09 3:43p Fredericko
+#
+# 1 28/02/08 6:40p Anandakrishnanl
+# Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+# IdeBus driver to be compatable with the AHCI Bus driver.
+#
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: IdeSecurity_mak
+#
+# Description: Make file to build IDESecurity Driver Sources.
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+all : IdeSecurity
+
+IdeSecurity : $(BUILD_DIR)\IdeSecurity.mak IdeSecurityBin
+
+$(BUILD_DIR)\IdeSecurity.mak : $(IDESECURITY_DIR)\$(@B).cif $(IDESECURITY_DIR)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(IDESECURITY_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+IdeSecurityBin: $(AMIDXELIB)
+ $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\
+ /f $(BUILD_DIR)\IdeSecurity.mak all\
+ GUID=A9B700CF-019E-4d8b-A3A7-88E1EA01699E\
+ ENTRY_POINT=IdeSecurityEntryPoint \
+ TYPE=BS_DRIVER \
+ COMPRESS=1\
+ "OBJECTS=$(BUILD_DIR)\$(IDESECURITY_DIR)\IdeSecurity.obj"
+
+#---------------------------------------------------------------------------
+# Create IDE Bus Setup Screens
+#---------------------------------------------------------------------------
+SetupSdbs : $(BUILD_DIR)\IdeSecurity.Sdb
+SetupBin : $(BUILD_DIR)\IdeSecuritySetup.obj
+
+#IdeSecuritySdb :
+# $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\
+# /f $(BUILD_DIR)\IdeSecurity.mak all\
+# MAKEFILE=$(IDESECURITY_DIR)\IdeSecurity.mak \
+# TYPE=SDB STRING_CONSUMERS=$(IDESECURITY_DIR)\IdeSecurity.sd
+#$(BUILD_DIR)\IdeSecuritySetup.obj : $(IDESECURITY_DIR)\IdeSecuritySetup.c $(BUILD_DIR)\SetupStrTokens.h
+# $(CC) $(CFLAGS) /Fo$(BUILD_DIR)\ $(IDESECURITY_DIR)\IdeSecuritySetup.c
+
+!IF (DEFINED(IDE_SECURITY_PLUG_IN) && "$(IDE_SECURITY_PLUG_IN)" == "1")
+
+$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_PLUG_IN_SD) $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_PLUG_IN_SD)
+
+!ELSE # !IF (DEFINED(IDE_SECURITY_PLUG_IN) && "$(IDE_SECURITY_PLUG_IN)" == "1")
+
+!IFNDEF "$(SECUITY_SETUP_ON_SAME_PAGE)"
+
+!IF "$(SECUITY_SETUP_ON_SAME_PAGE)" == "1"
+
+$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_DIR)\IdeSecurityCommon.sd $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurityCommon.sd
+
+!ELSE
+
+$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_DIR)\IdeSecurity.sd $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.sd
+
+!ENDIF # !IF SECUITY_SETUP_ON_SAME_PAGE = "1"
+
+!ELSE # !IFNDEF "$(SECUITY_SETUP_ON_SAME_PAGE)"
+
+$(BUILD_DIR)\IdeSecurity.sdb : $(IDESECURITY_DIR)\IdeSecurity.sd $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -i INCLUDE -parse -newdb -db $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.uni
+ $(STRGATHER) -scan -db $(BUILD_DIR)\IdeSecurity.sdb -od $(BUILD_DIR)\IdeSecurity.sdb $(IDESECURITY_DIR)\IdeSecurity.sd
+
+!ENDIF # !IFNDEF SECUITY_SETUP_ON_SAME_PAGE
+
+!ENDIF # !IF (DEFINED(IDE_SECURITY_PLUG_IN) && "$(IDE_SECURITY_PLUG_IN)" == "1")
+
+$(BUILD_DIR)\IdeSecuritySetup.obj : $(IDESECURITY_DIR)\IdeSecuritySetup.c $(BUILD_DIR)\SetupStrTokens.h
+ $(CC) $(CFLAGS) /Fo$(BUILD_DIR)\ $(IDESECURITY_DIR)\IdeSecuritySetup.c
+
+CORE_DXEBin : $(BUILD_DIR)\IdeSecurityBdsCall.obj
+
+$(BUILD_DIR)\IdeSecurityBdsCall.obj : $(IDESECURITY_DIR)\IdeSecurityBdsCall.c
+ $(CC) $(CFLAGS) /Fo$(BUILD_DIR)\ $(IDESECURITY_DIR)\IdeSecurityBdsCall.c
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2013, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
diff --git a/Core/EM/HddSecurity/IdeSecurity.sd b/Core/EM/HddSecurity/IdeSecurity.sd
new file mode 100644
index 0000000..47980b5
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.sd
@@ -0,0 +1,525 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.sd 17 1/30/14 9:16a Divyac $
+//
+// $Revision: 17 $
+//
+// $Date: 1/30/14 9:16a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurity.sd $
+//
+// 17 1/30/14 9:16a Divyac
+// [TAG] EIP152490
+// [Category] Improvement
+// [Description] Resolved the build Error in HddSecurity module when
+// enabling DISPLAY_MASTER_PASSWORD sdl token
+// [Files] IdeSecurity.sd
+//
+// 16 12/06/13 8:49a Divyac
+// [TAG] EIP143275
+// [Category] Improvement
+// [Description] Aptio 4.x - Gray out option for the user password when
+// the HDD is in frozen state
+// [Files] IdeSecurity.c, IdeSecurity.uni
+//
+// 15 6/13/12 9:12a Anandakrishnanl
+// [TAG] EIP92050
+// [Category] Bug Fix
+// [Severity] Minor
+// [Symptom] In setup, Hdd Security User and Master password status
+// string displayed as Set or Not Set instead of Installed or Not
+// Installed.
+// [RootCause] In setup, Hdd Security User and Master password status
+// string displayed as Set or Not Set instead of Installed or Not
+// Installed.
+// [Solution] Changed the sd and UNI string tokens to be unique to
+// Module
+// [Files] IdeSecuirty.sd
+// IdeSecuirty.uni
+//
+// 14 1/03/12 1:42a Jittenkumarp
+// [TAG] EIP78274
+// [Category] Bug Fix
+// [Symptom] When the the token ALL_HDD_SAME_PW is set to 1 and no HDD
+// is connected to SUT, Set User Password and Set Master Password links
+// are displayed in security page.
+// [RootCause] When ALL_HDD_SAME_PW token is 1 ,not checking the
+// presence of hard disk.
+// [Solution] When ALL_HDD_SAME_PW token is 1,checking harddisk is
+// present or not and if not present suppress the links.
+// [Files] IdeSecurity.sd
+//
+// 13 10/21/11 4:12a Rameshr
+// [TAG] EIP69247
+// [Category] Bug Fix
+// [Severity] Minor
+// [Symptom] Several IdeSecurity.sdl tokens are not working properly
+// [RootCause] Several IdeSecurity.sdl tokens are not working properly
+// [Solution] Removed unwanted SDL token and verified all the SDL token
+// function.
+// [Files] IdeSecurity.c, IdeSecurity.sdl, IdeSecurity.sdl
+//
+// 12 2/01/11 3:48a Rameshr
+// [TAG] - EIP 52221
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - Under Aptio4.6.4.1, the HddSecurity "4.6.3_HddSecurity_016"
+// will build failed.
+// [RootCause]- Goto Form error in UEFI2.0
+// [Solution] - Moved Goto Form inside the FormSet.
+// [Files] - IdeSecurity.sd
+//
+// 11 1/20/11 12:22a Rameshr
+// [TAG] - EIP 52221
+// [Category]- BUG FIX
+// [Severity]- Minor
+// [Symptom] - Under Aptio4.6.4.1, the HddSecurity "4.6.3_HddSecurity_016"
+// will build failed.
+// [RootCause]- All the Control Items included in the main formset also.
+// [Solution] - moved the whole #ifdef FORM_SET_VARSTORE section outside
+// of the #ifdef SECURITY_FORM_SET
+// [Files] - IdeSecurity.sd
+//
+// 10 1/10/11 12:52a Rameshr
+// [TAG] EIP48180
+// [Category] Improvement
+// [Description] Update the IdeSecurity eModule to utilize Setup
+// Customization
+// [Files] IdeSecurity.sd
+//
+// 8 8/27/10 2:27p Yul
+// [TAG] EIP40151
+// [Category] NEW FEATURE
+// [Description] If system has two HDDs, User need set two HDDs password
+// separately with master and user password.
+// We want to simply the procedure, if user set master or user password,
+// it will set two HDDs with same password.
+// While un-lock the HDD password, user just need input one Master/User
+// password to un-lock HDD.
+// [Files] HddPassword.c
+// HddPassword.sdl
+// IdeSecurity.sd
+// IdeSecurity.uni
+// Same as v7. No code update.
+//
+// 7 8/27/10 10:01a Yul
+// EIP 40151 - One Master/User password for all attach HDDs
+//
+// 6 4/13/10 10:29a Davidd
+// Removed setup questions when SETUP_SAME_SYS_HDD_PW is on. They are not
+// used in this case.
+//
+// 5 3/26/10 5:44p Krishnakumarg
+// UEFI2.1 compliance change. EIP#34744
+//
+// 4 12/09/09 12:18p Krishnakumarg
+// EIP 31797 : IDE Security API documentation. Added comments whereever
+// possible and modified files for coding standard
+//
+// 3 7/27/09 3:30p Pats
+// EIP 22925: Request to set HDD password length by token.
+// Solution: Changed definitions for IDEUserPassword and IDEMasterPassword
+// to use the token value instead of 32.
+//
+//
+// 2 8/12/08 10:30a Fasihm
+// Added the Manufacturing flag to all the setup questions.
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+// 1 10/23/07 4:18p Felixp
+
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//**********************************************************************
+// Name: IdeSecurity.sd
+//
+// Description: Ide Security in Setup.
+//**********************************************************************
+//<AMI_FHDR_END>
+
+#ifdef FORM_SET_VARSTORE
+ varstore IDE_SECURITY_CONFIG,
+ key = IDE_SECURITY_HD_1_KEY_ID,
+ name = IDESecDev,
+ guid = IDE_SECURITY_CONFIG_GUID;
+#endif
+
+#if defined(VFRCOMPILE) && !defined(CONTROLS_ARE_DEFINED)
+#define CONTROL_DEFINITION
+#endif
+
+#ifdef CONTROL_DEFINITION
+
+#if (SETUP_SAME_SYS_HDD_PW != 1)
+ #if ALL_HDD_SAME_PW
+ #define IDE_SECURITY_GET_USER_PASSWORD\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ endif;
+ #define IDE_SECURITY_GET_MASTER_PASSWORD\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ endif;
+
+ #define IDE_SECURITY_GET_IDE_USER_PASSWORD
+ #define IDE_SECURITY_GET_IDE_MASTER_PASSWORD
+
+ #else
+ #define IDE_SECURITY_GET_USER_PASSWORD
+ #define IDE_SECURITY_GET_MASTER_PASSWORD
+
+ #define IDE_SECURITY_GET_IDE_USER_PASSWORD\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+
+ #define IDE_SECURITY_GET_IDE_MASTER_PASSWORD\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+
+ #endif
+
+ #define IDE_SECURITY_CONFIG_COUNT\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_SUPPORTED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_SUPPORTED),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_NOT_SUPPORTED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_SUPPORTED),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+
+ #define IDE_SECURITY_CONFIG_ENABLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_ENABLED),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_NOT_ENABLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_ENABLED),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+
+ #define IDE_SECURITY_CONFIG_LOCKED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_LOCKED),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+
+ #define IDE_SECURITY_CONFIG_NOT_LOCKED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_LOCKED),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_FROZEN\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_FROZEN),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_NOT_FROZEN\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_FROZEN),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+#else
+
+ #define IDE_SECURITY_GET_USER_PASSWORD
+ #define IDE_SECURITY_GET_MASTER_PASSWORD
+ #define IDE_SECURITY_CONFIG_COUNT
+ #define IDE_SECURITY_CONFIG_SUPPORTED
+ #define IDE_SECURITY_CONFIG_NOT_SUPPORTED
+ #define IDE_SECURITY_CONFIG_ENABLED
+ #define IDE_SECURITY_CONFIG_NOT_ENABLED
+ #define IDE_SECURITY_CONFIG_LOCKED
+ #define IDE_SECURITY_CONFIG_NOT_LOCKED
+ #define IDE_SECURITY_CONFIG_FROZEN
+ #define IDE_SECURITY_CONFIG_NOT_FROZEN
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED
+ #define IDE_SECURITY_GET_IDE_USER_PASSWORD
+ #define IDE_SECURITY_GET_IDE_MASTER_PASSWORD
+#endif
+#endif
+
+
+#ifdef CONTROLS_WITH_DEFAULTS
+ IDE_SECURITY_GET_USER_PASSWORD
+ IDE_SECURITY_GET_MASTER_PASSWORD
+ IDE_SECURITY_CONFIG_COUNT
+ IDE_SECURITY_CONFIG_SUPPORTED
+ IDE_SECURITY_CONFIG_NOT_SUPPORTED
+ IDE_SECURITY_CONFIG_ENABLED
+ IDE_SECURITY_CONFIG_NOT_ENABLED
+ IDE_SECURITY_CONFIG_LOCKED
+ IDE_SECURITY_CONFIG_NOT_LOCKED
+ IDE_SECURITY_CONFIG_FROZEN
+ IDE_SECURITY_CONFIG_NOT_FROZEN
+ IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS
+ IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED
+ IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS
+ IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED
+ IDE_SECURITY_GET_IDE_USER_PASSWORD
+ IDE_SECURITY_GET_IDE_MASTER_PASSWORD
+#endif //#ifdef CONTROLS_WITH_DEFAULTS
+
+#if (SETUP_SAME_SYS_HDD_PW != 1)
+ #ifdef SECURITY_FORM_SET
+
+ #if EFI_SPECIFICATION_VERSION > 0x20000
+ #ifndef SUPPRESS_GRAYOUT_ENDIF //old Core
+ #define SUPPRESS_GRAYOUT_ENDIF endif;
+ #endif
+ #endif
+
+
+ #ifdef FORM_SET_ITEM
+ SEPARATOR
+
+ #if ALL_HDD_SAME_PW
+
+ grayoutif ideqvallist IDE_SECURITY_CONFIG.Frozen == 1;
+ IDE_SECURITY_GET_USER_PASSWORD
+ endif;
+
+ #if DISPLAY_MASTER_PASSWORD
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster == 0 OR ideqval IDE_SECURITY_CONFIG.Frozen == 1;
+ IDE_SECURITY_GET_MASTER_PASSWORD
+ endif;
+ #endif
+ #endif
+ #endif
+
+ #ifdef FORM_SET_GOTO
+ SEPARATOR
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;
+ IDE_SECURITY_CONFIG_COUNT
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0xFFFF;
+ goto IDE_SECURITY_FORM,
+ prompt = STRING_TOKEN(STR_EMPTY),
+ help = STRING_TOKEN(STR_IDE_SECURITY_HELP);
+ endif;
+
+ #endif
+
+ #ifdef FORM_SET_FORM
+
+ form
+ formid = AUTO_ID(IDE_SECURITY_FORM),
+ title = STRING_TOKEN(STR_IDE_SECURITY_HD);
+
+#if !ALL_HDD_SAME_PW
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_PWD_DESC))
+ SEPARATOR
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_ONE))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_TWO))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_THREE))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_FOUR))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_FIVE))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_SIX))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_SEVEN))
+ SUBTITLE(STRING_TOKEN(STR_SECURITY_HDD_BANNER_EIGHT))
+
+#endif
+ SEPARATOR
+ SUBTITLE(STRING_TOKEN(STR_HDD_PASSWORD_CONFIG))
+ SEPARATOR
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Supported == 0;
+ IDE_SECURITY_CONFIG_SUPPORTED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Supported == 1;
+ IDE_SECURITY_CONFIG_NOT_SUPPORTED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled == 0;
+ IDE_SECURITY_CONFIG_ENABLED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled == 1;
+ IDE_SECURITY_CONFIG_NOT_ENABLED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Locked == 0;
+ IDE_SECURITY_CONFIG_LOCKED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Locked == 1;
+ IDE_SECURITY_CONFIG_NOT_LOCKED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen == 0;
+ IDE_SECURITY_CONFIG_FROZEN
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen == 1;
+ IDE_SECURITY_CONFIG_NOT_FROZEN
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus == 0;
+ IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus == 1;
+ IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus == 0;
+ IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS
+ endif;
+
+ suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus == 1;
+ IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED
+ endif;
+
+ SEPARATOR
+
+ #if !ALL_HDD_SAME_PW
+ grayoutif ideqvallist IDE_SECURITY_CONFIG.Frozen == 1;
+ IDE_SECURITY_GET_IDE_USER_PASSWORD
+ endif;
+ #if DISPLAY_MASTER_PASSWORD
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster == 0 OR ideqval IDE_SECURITY_CONFIG.Frozen == 1;
+ IDE_SECURITY_GET_IDE_MASTER_PASSWORD
+ endif;
+ #endif
+ #endif
+
+ endform;
+
+ #endif
+ #endif
+#endif
+
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//********************************************************************** \ No newline at end of file
diff --git a/Core/EM/HddSecurity/IdeSecurity.sdl b/Core/EM/HddSecurity/IdeSecurity.sdl
new file mode 100644
index 0000000..4df0d75
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.sdl
@@ -0,0 +1,240 @@
+TOKEN
+ Name = "HDD_SECURITY_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable Hdd Security support in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+End
+
+TOKEN
+ Name = "SECURITY_SUPPORT"
+ Value = "1"
+ Help = "Main switch to enable IdeSecurity support in Project"
+ TokenType = Boolean
+ TargetEQU = Yes
+ TargetMAK = Yes
+ TargetH = Yes
+ Token = "HDD_SECURITY_SUPPORT" "=" "1"
+End
+
+TOKEN
+ Name = "MASTER_PASSWORD_ENABLE"
+ Value = "0"
+ Help = "Enables support for Master passwords."
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "IDE_PASSWORD_LENGTH"
+ Value = "32"
+ Help = "Default maximum IDE password length."
+ TokenType = Integer
+ TargetH = Yes
+End
+
+
+TOKEN
+ Name = "DISPLAY_MASTER_PASSWORD"
+ Value = "0"
+ Help = "Displays Master Password in the Setup Security Page"
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "OEM_MASTER_PASSWORD_TAG"
+ Help = "Tag Contains the Default Password String provided by OEM to set as Master Password"
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "OEM_DEFAULT_MASTER_PASSWORD"
+ Value = "0"
+ Help = "OFF - (Default) Master Password is set by the user through Setup Interface \ ON - Master Password for all HDDs are set from the OEM_MASTER_PASSWORD_TAG which contains the string provided by the OEM.(Only Applicable when DISPLAY_MASTER_PASSWORD is Disabled)"
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "DEFAULT_MASTER_PASSWORD_REVISION"
+ Value = "0xFFFE"
+ Help = "Master password revision code to be used as default.\0000h/0FFFFh - Not supported "
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "DISABLED_MASTER_PASSWORD_REVISION"
+ Value = "0x1"
+ Help = "Disabled Master password revision code to be set.\0000h/0FFFFh - Not supported "
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "DEFAULT_MASTER_PASSWORD_TAG"
+ Value = "amim"
+ Help = "Tag Contains the Default Password String provided by OEM to set as Master Password when disabled"
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "MASTER_PASSWORD_REVISION_SWITCH"
+ Value = "0"
+ Help = "0 - (Default) Use DEFAULT_MASTER_PASSWORD_REVISION as Revision Code.\ 1 - Set Master Password Revision Code from CHANGED_MASTER_PASSWORD_REVISION value\ 2 - Increment Master Revision Code if Set Everytime\"
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "CHANGED_MASTER_PASSWORD_REVISION"
+ Value = "0xFFFE"
+ Help = "Changed Master password revision code to be set.\0000h/0FFFFh - Not supported "
+ TokenType = Expression
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "DISABLE_SOFT_SET_PREV"
+ Value = "0"
+ Help = "ON - Disable SATA Software Setting Preservation feature so that it will not preserve the state after hardware reset. i.e. After a hardware reset HDD will change security state as power-on.\OFF - Do not change it in POST, leave it as default (enabled)."
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "DSSP"
+ Value = "$(DISABLE_SOFT_SET_PREV)"
+ TokenType = Integer
+ TargetASL = Yes
+End
+
+TOKEN
+ Name = "FORCE_HDD_PASSWORD_PROMPT"
+ Value = "0"
+ Help = "Set to 1 to always prompt for HDD password (in AHCI mode)."
+ TokenType = Boolean
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "HDD_PASSWORD_ON_NVRAM"
+ Value = "0"
+ Help = "Save the Hdd Password on Nvram."
+ TokenType = Boolean
+ TargetH = Yes
+End
+
+TOKEN
+ Name = "SECUITY_SETUP_ON_SAME_PAGE"
+ Value = "0"
+ Help = "Multiple HDD Security setting displayed on same page. To enable this token, AMITSE Source should be present in the project."
+ TokenType = Boolean
+ TargetH = Yes
+ TargetMAK = Yes
+End
+
+TOKEN
+ Name = "FHPP"
+ Value = "$(FORCE_HDD_PASSWORD_PROMPT)"
+ TokenType = Integer
+ TargetASL = Yes
+End
+
+TOKEN
+ Name = "IDE_SECURITY_PLUG_IN"
+ Value = "0"
+ Help = "If this token value is 1, OEM .sd file will be added. Default value should be 0"
+ TokenType = Boolean
+ TargetH = Yes
+ TargetMAK = Yes
+End
+
+PATH
+ Name = "IDESECURITY_DIR"
+End
+
+MODULE
+ Help = "Includes IdeSecurity.mak to Project"
+ File = "IdeSecurity.mak"
+End
+
+ELINK
+ Name = "IDESECURITY_PLUG_IN_SD"
+ Help = "List of SD files of the IdeSecurity plug-ins"
+ InvokeOrder = ReplaceParent
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\IdeSecurity.sdb"
+ Parent = "SETUP_SDBS"
+ Token = "HDD_SECURITY_SUPPORT" "=" "1"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "InitIdeSecurityStrings,"
+ Parent = "SetupStringInit"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(IDESECURITY_DIR)\IdeSecurity.sd"
+ Parent = "SETUP_DEFINITIONS"
+ Token = "HDD_SECURITY_SUPPORT" "=" "1"
+ Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "0"
+ Token = "IDE_SECURITY_PLUG_IN" "=" "0"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(IDESECURITY_DIR)\IdeSecurityCommon.sd"
+ Parent = "SETUP_DEFINITIONS"
+ Token = "SECURITY_SUPPORT" "=" "1"
+ Token = "SECUITY_SETUP_ON_SAME_PAGE" "=" "1"
+ Token = "IDE_SECURITY_PLUG_IN" "=" "0"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(IDESECURITY_PLUG_IN_SD)"
+ Parent = "SETUP_DEFINITIONS"
+ Token = "HDD_SECURITY_SUPPORT" "=" "1"
+ Token = "IDE_SECURITY_PLUG_IN" "=" "1"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(IDESECURITY_DIR)\IdeSecurity$(ARCH).ffs"
+ Parent = "FV_MAIN"
+ Token = "HDD_SECURITY_SUPPORT" "=" "1"
+ InvokeOrder = AfterParent
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\IdeSecurity.ffs"
+ Parent = "$(IDESECURITY_DIR)\IdeSecurity$(ARCH).ffs"
+ InvokeOrder = ReplaceParent
+End
+
+ELINK
+ Name = "IdeConnectControllerAfterConnectEverthing,"
+ Parent = "InitConVars,"
+ InvokeOrder = AfterParent
+End
diff --git a/Core/EM/HddSecurity/IdeSecurity.uni b/Core/EM/HddSecurity/IdeSecurity.uni
new file mode 100644
index 0000000..eb9d0ad
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurity.uni
Binary files differ
diff --git a/Core/EM/HddSecurity/IdeSecurityBdsCall.c b/Core/EM/HddSecurity/IdeSecurityBdsCall.c
new file mode 100644
index 0000000..7aaf8bc
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurityBdsCall.c
@@ -0,0 +1,261 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
+
+//*************************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityBdsCall.c 2 6/09/14 9:53a Anbuprakashp $
+//
+// $Revision: 2 $
+//
+// $Date: 6/09/14 9:53a $
+//
+//*************************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityBdsCall.c $
+//
+// 2 6/09/14 9:53a Anbuprakashp
+// [TAG] EIP 172443
+// [Category] Improvement
+// [Description] "RaidDriverBlockingStatus" is using
+// gEfiGlobalVariableGuid that violates UEFI 2.4 spec in
+// IdeSecurityBdsCall.c and Runtime attribute set of this variable need to
+// be removed
+// [Files] IdeSecurityBdsCall.c, AhciBus.c
+//
+// 1 6/06/13 4:03a Rameshr
+// [TAG] EIP106423
+// [Category] Improvement
+// [Description] HddPassword Support in UEFI Raid and Legacy Raid. And
+// also taken care where there is no Conin Device avilable in the post
+// [Files] IdeSecurity.cif
+// IdeSecurity.sdl
+// IdeSecurity.mak
+// IdeSecurity.h
+// IdeSecurity.c
+// IdeSecuritySetup.c
+// IdeSecurityBdsCall.c
+// IdeSecurity.sd
+// IdeSecurity.uni
+// IdeSecurity.dxs
+// IdeSecurity.chm
+//
+//
+//*************************************************************************
+
+//<AMI_FHDR_START>
+//----------------------------------------------------------------------------
+//
+// Name: IdeSecurityBdsCall.c
+//
+// Description: This function will connect the handle's of RAID Controllers and
+// the IDE/AHCI Devices( the handle whose DiskIo was not opened by any one.)
+//
+//
+//----------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+
+#include <PCI.h>
+#include "Protocol\DiskIo.h"
+#include <Protocol\IdeControllerInit.h>
+#include <AmiDxeLib.h>
+#include <Protocol\DevicePath.h>
+
+static EFI_GUID gAmiGlobalVariableGuid = AMI_GLOBAL_VARIABLE_GUID;
+
+
+extern EFI_STATUS GetPciHandlesByClass(
+ UINT8 Class, UINT8 SubClass, UINTN *NumberOfHandles, EFI_HANDLE **HandleBuffer
+);
+
+// <AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: IdeConnectControllerAfterConnectEverthing
+//
+// Description:
+// This function will connect the handle's of RAID Controllers and the IDE/AHCI
+// Devices( the handle whose DiskIo was not opened by any one.)
+//
+// Input:
+// VOID
+//
+// Output:
+// VOID
+//
+// Modified:
+//
+// Referrals:
+//
+//
+// Notes:
+// If Conin Devices are not Present, RAID Option ROM will not be launched
+// by CSM BlockIo as RegisterHddNotification fucntion would get control after
+// connectEverything() is called from BDS. Rather it would be launched by
+// ShadowAllLegacyOproms() and UEFI Boot option for RAID will not be formed as
+// blockIo will not be installed by csm BlockIo driver. So Connect the RAID handle
+// so that CSM BlockIo starts. And also if Password is installed the above said case
+// will happen when no con in device is present.
+//
+// Check for any device in IDE/AHCI mode not unlocked when no ConIn Device is not present.
+// If found Connecting that Device using ConnectController() after the Device is unlocked.
+// as read would fail and FileSystem would not be formedOpen gEfiIdeControllerInitProtocolGuid
+// which will be installed on each controller. This will be opened as
+// EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER by each device handle.Connect that Handle where
+// DiskIo will be installed and not opened by another driver.
+//
+//---------------------------------------------------------------------------
+// <AMI_PHDR_END>
+
+VOID IdeConnectControllerAfterConnectEverthing( )
+{
+
+ UINT8 Index;
+ UINT8 Index1;
+ UINTN DiskIoCount;
+ UINTN Count;
+ UINTN Count1;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINTN NumHandles;
+ EFI_STATUS Status;
+ EFI_OPEN_PROTOCOL_INFORMATION_ENTRY *DiskIoEntries = NULL;
+ EFI_OPEN_PROTOCOL_INFORMATION_ENTRY *Entries = NULL;
+ BOOLEAN RaidDriverBlocked=FALSE;
+ UINTN VarSize=sizeof(RaidDriverBlocked);
+
+
+
+ // If Conin Devices are not Present, RAID Option ROM will not be launched
+ // by CSM BlockIo as RegisterHddNotification fucntion would get control after
+ // connectEverything() is called from BDS. Rather it would be launched by
+ // ShadowAllLegacyOproms() and UEFI Boot option for RAID will not be formed as
+ // blockIo will not be installed by csm BlockIo driver. So Connect the RAID handle
+ // so that CSM BlockIo starts. And also if Password is installed the above said case
+ // will happen when no con in device is present.
+
+ Status = GetPciHandlesByClass(PCI_CL_MASS_STOR,
+ PCI_CL_MASS_STOR_SCL_RAID,
+ &NumHandles,
+ &HandleBuffer
+ );
+
+ // Connect the handle so that CSM BlockIo Launches RAID Option Rom.
+ if(!EFI_ERROR(Status)){
+
+ Status = pRS->GetVariable( L"RaidDriverBlockingStatus",
+ &gAmiGlobalVariableGuid,
+ NULL,
+ &VarSize,
+ &RaidDriverBlocked );
+
+
+ if((EFI_ERROR(Status)) || (RaidDriverBlocked == FALSE)) {
+ return;
+ }
+
+ for(Index=0; Index<NumHandles; Index++){
+
+ // We have blocked the Raid driver until password verification is done.
+ // Now we need to un block and connect the Raid driver after HddPassword verification is done
+ Status = pBS->OpenProtocolInformation(HandleBuffer[Index],
+ &gEfiDevicePathProtocolGuid,
+ &Entries,
+ &Count1
+ );
+
+ if(!EFI_ERROR(Status)) {
+ for(Index1=0; Index1 < Count1; Index1++) {
+ if (Entries[Index1].Attributes!=EFI_OPEN_PROTOCOL_BY_DRIVER) {
+ continue;
+ }
+
+ Status = pBS->CloseProtocol (
+ HandleBuffer[Index],
+ &gEfiDevicePathProtocolGuid,
+ Entries[Index1].AgentHandle,
+ Entries[Index1].ControllerHandle
+ );
+ }
+ }
+
+ pBS->ConnectController(HandleBuffer[Index],NULL,NULL,TRUE);
+ }
+
+ } else {
+
+ // Check for any device in IDE/AHCI mode not unlocked when no ConIn Device is not present.
+ // If found Connecting that Device using ConnectController() after the Device is unlocked.
+ // Open gEfiIdeControllerInitProtocolGuid which will be installed on each controller.
+ // This will be opened as EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER by each device handle.
+ // Connect that Handle where DiskIo will be installed and not opened by another driver.
+
+ Status = pBS->LocateHandleBuffer(ByProtocol,
+ &gEfiIdeControllerInitProtocolGuid,
+ NULL,
+ &Count,
+ &HandleBuffer);
+
+ if(!EFI_ERROR(Status)){
+ for(Index=0; Index < Count; Index++) {
+ Status = pBS->OpenProtocolInformation(HandleBuffer[Index],
+ &gEfiIdeControllerInitProtocolGuid,
+ &Entries,
+ &Count1
+ );
+ if(!EFI_ERROR(Status)) {
+ for(Index1=0; Index1 < Count1; Index1++) {
+ if (Entries[Index1].Attributes!=EFI_OPEN_PROTOCOL_BY_CHILD_CONTROLLER) {
+ continue;
+ }
+ Status = pBS->OpenProtocolInformation(Entries[Index1].ControllerHandle,
+ &gEfiDiskIoProtocolGuid,
+ &DiskIoEntries,
+ &DiskIoCount
+ );
+ if(!EFI_ERROR(Status)) {
+ if( DiskIoCount == 0 ) {
+ Status = pBS->ConnectController(Entries[Index1].ControllerHandle,
+ NULL,
+ NULL,
+ TRUE);
+ }
+ pBS->FreePool(DiskIoEntries);
+ }
+ }
+ pBS->FreePool(Entries);
+ }
+ }
+ }
+ }
+
+ if(HandleBuffer) {
+ pBS->FreePool(HandleBuffer);
+ }
+
+ return;
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2014, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
diff --git a/Core/EM/HddSecurity/IdeSecurityCommon.sd b/Core/EM/HddSecurity/IdeSecurityCommon.sd
new file mode 100644
index 0000000..f30be83
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecurityCommon.sd
@@ -0,0 +1,653 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2012, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityCommon.sd 1 4/25/13 9:21a Kapilporwal $
+//
+// $Revision: 1 $
+//
+// $Date: 4/25/13 9:21a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecurityCommon.sd $
+//
+// 1 4/25/13 9:21a Kapilporwal
+// [TAG] EIP108583
+// [Category] New Feature
+// [Description] support set HDD password in same page
+// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl,
+// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c,
+// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl
+//
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//**********************************************************************
+// Name: IdeSecurityCommon.sd
+//
+// Description: Ide Security in Setup.
+//**********************************************************************
+//<AMI_FHDR_END>
+
+
+#ifdef FORM_SET_VARSTORE
+ varstore IDE_SECURITY_CONFIG,
+ key = IDE_SECURITY_HD_1_KEY_ID,
+ name = IDESecDev,
+ guid = IDE_SECURITY_CONFIG_GUID;
+#endif // end of FORM_SET_VARSTORE
+
+#if defined(VFRCOMPILE) && !defined(CONTROLS_ARE_DEFINED)
+#define CONTROL_DEFINITION
+#endif
+
+#ifdef CONTROL_DEFINITION
+
+ #define IDE_SECURITY_DUMMY_DEFINITION\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_SECURITY_PROMPT),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_HDD_NAME1\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SECURITY_HDD_ONE),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_HDD_NAME2\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SECURITY_HDD_TWO),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_HDD_NAME3\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SECURITY_HDD_THREE),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_HDD_NAME4\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SECURITY_HDD_FOUR),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_HDD_NAME5\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SECURITY_HDD_FIVE),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_HDD_NAME6\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SECURITY_HDD_SIX),\
+ text = STRING_TOKEN(STR_EMPTY),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_SUPPORTED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_SUPPORTED),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_NOT_SUPPORTED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_SUPPORTED),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+
+ #define IDE_SECURITY_CONFIG_ENABLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_ENABLED),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_NOT_ENABLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_ENABLED),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+
+ #define IDE_SECURITY_CONFIG_LOCKED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_LOCKED),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+
+ #define IDE_SECURITY_CONFIG_NOT_LOCKED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_LOCKED),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_FROZEN\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_FROZEN),\
+ text = STRING_TOKEN(STR_YES),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_NOT_FROZEN\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_SEC_FROZEN),\
+ text = STRING_TOKEN(STR_NO),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_USER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED\
+ text\
+ help = STRING_TOKEN(STR_EMPTY),\
+ text = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_STS),\
+ text = STRING_TOKEN(STR_NOT_HDDS_INSTALLED),\
+ flags = 0,\
+ key = 0;\
+
+ #define IDE_SECURITY_NONSUPPORTED_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Supported[HDD_NUM] == 0;\
+ IDE_SECURITY_CONFIG_SUPPORTED\
+ endif;
+
+ #define IDE_SECURITY_SUPPORTED_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Supported[HDD_NUM] == 1;\
+ IDE_SECURITY_CONFIG_NOT_SUPPORTED\
+ endif;
+
+ #define IDE_SECURITY_NONENABLED_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled[HDD_NUM] == 0;\
+ IDE_SECURITY_CONFIG_ENABLED\
+ endif;
+
+ #define IDE_SECURITY_ENABLED_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Enabled[HDD_NUM] == 1;\
+ IDE_SECURITY_CONFIG_NOT_ENABLED\
+ endif;
+
+
+ #define IDE_SECURITY_NONLOCKED_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Locked[HDD_NUM] == 0;\
+ IDE_SECURITY_CONFIG_LOCKED\
+ endif;
+
+ #define IDE_SECURITY_LOCKED_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Locked[HDD_NUM] == 1;\
+ IDE_SECURITY_CONFIG_NOT_LOCKED\
+ endif;\
+
+ #define IDE_SECURITY_NONFROZEN_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 0;\
+ IDE_SECURITY_CONFIG_FROZEN\
+ endif;\
+
+ #define IDE_SECURITY_FROZEN_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ IDE_SECURITY_CONFIG_NOT_FROZEN\
+ endif;\
+
+ #define IDE_SECURITY_USERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus[HDD_NUM] == 0;\
+ IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS\
+ endif;\
+
+ #define IDE_SECURITY_USERPASSWORD_STATUS_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.UserPasswordStatus[HDD_NUM] == 1;\
+ IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED\
+ endif;
+
+ #define IDE_SECURITY_MASTERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus[HDD_NUM] == 0;\
+ IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS\
+ endif;
+
+
+ #define IDE_SECURITY_MASTERPASSWORD_STATUS_FEATURES(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.MasterPasswordStatus[HDD_NUM] == 1;\
+ IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED\
+ endif;
+
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES1(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF
+
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES1(HDD_NUM)\
+ suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF\
+ endif;
+
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES2(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD2,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF
+
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES2(HDD_NUM)\
+ suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD2,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF\
+ endif;
+
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES3(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD3,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF
+
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES3(HDD_NUM)\
+ suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD3,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF\
+ endif;
+
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES4(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD4,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF
+
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES4(HDD_NUM)\
+ suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD4,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF\
+ endif;
+
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES5(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD5,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF
+
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES5(HDD_NUM)\
+ suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD5,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF\
+ endif;
+
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES6(HDD_NUM)\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEUserPassword_HDD6,\
+ prompt = STRING_TOKEN(STR_IDE_USER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_USER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF
+
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES6(HDD_NUM)\
+ suppressif ideqval IDE_SECURITY_CONFIG.Frozen[HDD_NUM] == 1;\
+ grayoutif ideqval IDE_SECURITY_CONFIG.ShowMaster[HDD_NUM] == 0;\
+ suppressif ideqvallist IDE_SECURITY_CONFIG.Count == 0;\
+ password varid = IDE_SECURITY_CONFIG.IDEMasterPassword_HDD6,\
+ prompt = STRING_TOKEN(STR_IDE_MASTER_PASSWORD),\
+ help = STRING_TOKEN(STR_IDE_MASTER_PASSWORD_HELP),\
+ flags = 0,\
+ key = 0,\
+ minsize = 0,\
+ maxsize = IDE_PASSWORD_LENGTH,\
+ encoding = 1,\
+ endpassword;\
+ SUPPRESS_GRAYOUT_ENDIF\
+ endif;
+
+ #define IDE_SECURITY_FEATURES(HDD_NUM)\
+ IDE_SECURITY_NONSUPPORTED_FEATURES(HDD_NUM)\
+ IDE_SECURITY_SUPPORTED_FEATURES(HDD_NUM)\
+ IDE_SECURITY_NONENABLED_FEATURES(HDD_NUM)\
+ IDE_SECURITY_ENABLED_FEATURES(HDD_NUM)\
+ IDE_SECURITY_NONLOCKED_FEATURES(HDD_NUM)\
+ IDE_SECURITY_LOCKED_FEATURES(HDD_NUM)\
+ IDE_SECURITY_NONFROZEN_FEATURES(HDD_NUM)\
+ IDE_SECURITY_FROZEN_FEATURES(HDD_NUM)\
+ IDE_SECURITY_USERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\
+ IDE_SECURITY_USERPASSWORD_STATUS_FEATURES(HDD_NUM)\
+ IDE_SECURITY_MASTERPASSWORD_NONSTATUS_FEATURES(HDD_NUM)\
+ IDE_SECURITY_MASTERPASSWORD_STATUS_FEATURES(HDD_NUM)
+#endif
+
+#ifdef CONTROLS_WITH_DEFAULTS
+ #define IDE_SECURITY_HDD_NAME1
+ #define IDE_SECURITY_HDD_NAME2
+ #define IDE_SECURITY_HDD_NAME3
+ #define IDE_SECURITY_HDD_NAME4
+ #define IDE_SECURITY_HDD_NAME5
+ #define IDE_SECURITY_HDD_NAME6
+ #define IDE_SECURITY_CONFIG_SUPPORTED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_NOT_SUPPORTED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_ENABLED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_NOT_ENABLED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_LOCKED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_NOT_LOCKED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_FROZEN(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_NOT_FROZEN(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_USER_PASSWORD_STATUS_NOT_INSTALLED(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS(HDD_NUM)
+ #define IDE_SECURITY_CONFIG_MASTER_PASSWORD_STATUS_NOT_INSTALLED(HDD_NUM)
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES1(HDD_NUM)
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES1(HDD_NUM)
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES2(HDD_NUM)
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES2(HDD_NUM)
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES3(HDD_NUM)
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES3(HDD_NUM)
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES4(HDD_NUM)
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES4(HDD_NUM)
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES5(HDD_NUM)
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES5(HDD_NUM)
+ #define IDE_SECURITY_GET_USERPASSWORD_FEATURES6(HDD_NUM)
+ #define IDE_SECURITY_GET_MASTERPASSWORD_FEATURES6(HDD_NUM)
+ #define IDE_SECURITY_FEATURES(HDD_NUM)
+#endif
+
+#ifdef SECURITY_FORM_SET
+ #ifdef FORM_SET_ITEM
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6;
+ SEPARATOR
+ SEPARATOR
+ endif;
+ #endif
+
+
+ #ifdef FORM_SET_GOTO
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6;
+ goto HDD_PASSWORD_FORM_ID,
+ prompt = STRING_TOKEN(STR_HDD_SECURITY_CONFIG),
+ help = STRING_TOKEN(STR_IDE_SECURITY_HELP);
+ endif;
+ #endif// end of FORM_SET_GOTO
+
+ #ifdef FORM_SET_FORM
+ //
+ // Define forms
+ //
+ form formid = AUTO_ID(HDD_PASSWORD_FORM_ID),
+ title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG);
+
+ SEPARATOR
+ SUBTITLE(STRING_TOKEN(STR_HDD_PASSWORD_CONFIG))
+ SEPARATOR
+
+
+ //******************************************
+ //*************** HDD 1nd ******************
+ //******************************************
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6;
+ IDE_SECURITY_HDD_NAME1
+ endif;
+
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 1 2 3 4 5 6;
+ IDE_SECURITY_FEATURES(0)
+ IDE_SECURITY_GET_USERPASSWORD_FEATURES1(0)
+ #if DISPLAY_MASTER_PASSWORD
+ IDE_SECURITY_GET_MASTERPASSWORD_FEATURES1(0)
+ #endif
+ SEPARATOR
+ SEPARATOR
+ endif;
+
+
+ //******************************************
+ //*************** HDD 2nd ******************
+ //******************************************
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 2 3 4 5 6;
+ IDE_SECURITY_HDD_NAME2
+ endif;
+
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 2 3 4 5 6;
+ IDE_SECURITY_FEATURES(1)
+ IDE_SECURITY_GET_USERPASSWORD_FEATURES2(1)
+ #if DISPLAY_MASTER_PASSWORD
+ IDE_SECURITY_GET_MASTERPASSWORD_FEATURES2(1)
+ #endif
+ SEPARATOR
+ SEPARATOR
+ endif;
+
+ //******************************************
+ //*************** HDD 3rd ******************
+ //******************************************
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 3 4 5 6;
+ IDE_SECURITY_HDD_NAME3
+ endif;
+
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 3 4 5 6;
+ IDE_SECURITY_FEATURES(2)
+ IDE_SECURITY_GET_USERPASSWORD_FEATURES3(2)
+ #if DISPLAY_MASTER_PASSWORD
+ IDE_SECURITY_GET_MASTERPASSWORD_FEATURES3(2)
+ #endif
+ SEPARATOR
+ SEPARATOR
+ endif;
+
+ //******************************************
+ //*************** HDD 4th ******************
+ //******************************************
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 4 5 6;
+ IDE_SECURITY_HDD_NAME4
+ endif;
+
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 4 5 6;
+ IDE_SECURITY_FEATURES(3)
+ IDE_SECURITY_GET_USERPASSWORD_FEATURES4(3)
+ #if DISPLAY_MASTER_PASSWORD
+ IDE_SECURITY_GET_MASTERPASSWORD_FEATURES4(3)
+ #endif
+ SEPARATOR
+ SEPARATOR
+ endif;
+
+ //******************************************
+ //*************** HDD 5th ******************
+ //******************************************
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 5 6;
+ IDE_SECURITY_HDD_NAME5
+ endif;
+
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 5 6;
+ IDE_SECURITY_FEATURES(4)
+ IDE_SECURITY_GET_USERPASSWORD_FEATURES5(4)
+ #if DISPLAY_MASTER_PASSWORD
+ IDE_SECURITY_GET_MASTERPASSWORD_FEATURES5(4)
+ #endif
+ SEPARATOR
+ SEPARATOR
+ endif;
+
+ //******************************************
+ //*************** HDD 6th ******************
+ //******************************************
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 6;
+ IDE_SECURITY_HDD_NAME6
+ endif;
+
+ suppressif NOT ideqvallist IDE_SECURITY_CONFIG.Count == 6;
+ IDE_SECURITY_FEATURES(5)
+ IDE_SECURITY_GET_USERPASSWORD_FEATURES6(5)
+ #if DISPLAY_MASTER_PASSWORD
+ IDE_SECURITY_GET_MASTERPASSWORD_FEATURES6(5)
+ #endif
+ SEPARATOR
+ SEPARATOR
+ endif;
+
+ endform;
+ #endif // FORM_SET_FORM
+#endif // SECURITY_FORM_SET
+
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2008, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//********************************************************************** \ No newline at end of file
diff --git a/Core/EM/HddSecurity/IdeSecuritySetup.c b/Core/EM/HddSecurity/IdeSecuritySetup.c
new file mode 100644
index 0000000..ba1f57b
--- /dev/null
+++ b/Core/EM/HddSecurity/IdeSecuritySetup.c
@@ -0,0 +1,434 @@
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2010, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/HddSecurity/IdeSecuritySetup.c 4 4/25/13 9:22a Kapilporwal $
+//
+// $Revision: 4 $
+//
+// $Date: 4/25/13 9:22a $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/HddSecurity/IdeSecuritySetup.c $
+//
+// 4 4/25/13 9:22a Kapilporwal
+// [TAG] EIP108583
+// [Category] New Feature
+// [Description] support set HDD password in same page
+// [Files] IdeSecurity.cif, IdeSecurity.mak, IdeSecurity.sdl,
+// IdeSecurity.uni, IdeSecurityCommon.sd, IdeSecuritySetup.c,
+// HddPassword.c, HddPassword.h, HddPassword.mak, HddPassword.sdl
+//
+// 3 1/15/10 10:22a Yul
+// Coding Standard
+//
+// 2 12/09/09 12:18p Krishnakumarg
+// EIP 31797 : IDE Security API documentation. Added comments whereever
+// possible and modified files for coding standard
+//
+// 1 28/02/08 6:40p Anandakrishnanl
+// Created new HddSecurity module. Isolated IdeSecurity and IdeSmm from
+// IdeBus driver to be compatable with the AHCI Bus driver.
+//
+//
+//
+//**********************************************************************
+
+//<AMI_FHDR_START>
+//----------------------------------------------------------------------------
+//
+// Name: IdeSecuritySetup.c
+//
+// Description: Ide Security Setup Routines
+//
+// NOTE: Use this hook to dynamically change Ide Security Driver Setup screen
+// Strings.
+//
+//----------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include <AmiLib.h>
+#include <AmiDxeLib.h>
+#include <Setup.h>
+#include <SetupStrTokens.h>
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+#include "Protocol\PciIo.h"
+#include "Protocol\BlockIo.h"
+#include "Protocol\PDiskInfo.h"
+#include "Protocol\PIDEController.h"
+#include "Protocol\PIDEBus.h"
+#include "Protocol\PAhciBus.h"
+#include "Protocol\DevicePath.h"
+#include "Protocol\HiiString.h"
+#endif
+
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+
+EFI_GUID gDiskInfoProtocolGuid = EFI_DISK_INFO_PROTOCOL_GUID;
+EFI_GUID gDevicePathProtocolGuid = EFI_DEVICE_PATH_PROTOCOL_GUID;
+EFI_GUID gIDESecurityProtocolGuid = IDE_SECURITY_INTERFACE_GUID;
+
+// Store the names of HDDs present in the system. Dynamically updated.
+STRING_REF gHddSecurityName[6] =
+{
+ STRING_TOKEN(STR_SECURITY_HDD_ONE), STRING_TOKEN(STR_SECURITY_HDD_TWO),
+ STRING_TOKEN(STR_SECURITY_HDD_THREE), STRING_TOKEN(STR_SECURITY_HDD_FOUR),
+ STRING_TOKEN(STR_SECURITY_HDD_FIVE), STRING_TOKEN(STR_SECURITY_HDD_SIX)
+};
+
+static EFI_HII_STRING_PROTOCOL *HiiString = NULL;
+static EFI_GUID EfiVariableGuid = EFI_GLOBAL_VARIABLE;
+
+// Function Definitions
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: CheckSecurityStatus
+//
+// Description: return the Security Status Information
+//
+// Input: IN IDE_SECURITY_PROTOCOL *IDEPasswordSecurity,
+// IN OUT BOOLEAN *ReqStatus,
+// IN UINT16 Mask
+//
+// Output: BOOLEAN status in ReqStatus is valid
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN CheckSecurityStatus(
+ IN IDE_SECURITY_PROTOCOL *IDEPasswordSecurity,
+ IN OUT BOOLEAN *ReqStatus,
+ IN UINT16 Mask )
+{
+ UINT16 SecurityStatus = 0;
+ EFI_STATUS Status;
+
+ //
+ //get the security status of the device
+ //
+ Status = IDEPasswordSecurity->ReturnSecurityStatus( IDEPasswordSecurity, &SecurityStatus );
+
+ if ( EFI_ERROR( Status ))
+ return FALSE; // Unable to get IDE security status
+ // Mask security status based on supplied mask data
+ *ReqStatus = (BOOLEAN)((SecurityStatus & Mask) ? TRUE : FALSE );
+ return TRUE;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HiiGetString
+//
+// Description: return the String based on StringId
+//
+// Input: IN EFI_HII_HANDLE HiiHandle,
+// IN EFI_STRING_ID StringId,
+//
+// Output: EFI_STRING
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STRING HiiGetString(
+ IN EFI_HII_HANDLE HiiHandle,
+ IN EFI_STRING_ID StringId)
+{
+ EFI_STRING String = NULL;
+ UINTN StringSize = 0;
+ EFI_STATUS Status;
+ CHAR8* PlatformLang = NULL;
+ UINTN Size = 0;
+
+ if(HiiString == NULL) {
+ Status = pBS->LocateProtocol(&gEfiHiiStringProtocolGuid, NULL, (VOID **) &HiiString);
+ if(EFI_ERROR(Status))
+ return NULL;
+ }
+
+//language not provided - try platform language
+ Status = GetEfiVariable(L"PlatformLang", &EfiVariableGuid, NULL, &Size, &PlatformLang);
+ if(!EFI_ERROR(Status)) {
+ Status = HiiString->GetString(HiiString, PlatformLang, HiiHandle, StringId, String, &StringSize, NULL);
+ if(Status == EFI_BUFFER_TOO_SMALL) {
+ Status = pBS->AllocatePool(EfiBootServicesData, StringSize, &String);
+ if(!EFI_ERROR(Status))
+ Status = HiiString->GetString(HiiString, PlatformLang, HiiHandle, StringId, String, &StringSize, NULL);
+ }
+ pBS->FreePool(PlatformLang);
+ }
+ return (EFI_ERROR(Status)) ? NULL : String;
+}
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: HddPasswordGetDeviceName
+//
+// Description: Return the Drive String Name
+//
+// Input: IN EFI_HANDLE Controller - the handle of the drive
+// OUT CHAR16 **wsName - Pointer to the drive string
+//
+// Output: BOOLEAN - TRUE - drive string has been found and is in wsName
+// - FALSE - drive string has not been found
+//
+// Notes: it is the caller's responsibility to deallocate the space used for
+// wsName
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+BOOLEAN HddPasswordGetDeviceName(IN EFI_HANDLE Controller, OUT CHAR16 **wsName)
+{
+ EFI_STATUS Status;
+ SECURITY_PROTOCOL *Security = NULL;
+ CHAR16 *DeviceName;
+ BOOLEAN ReturnStatus = FALSE;
+
+ // Get the SECURITY_PROTOCOL (actually getting the IDE_SECURITY_PROTOCOL, but
+ // the SECURITY_PROTOCOL is an extended version with more information)
+ Status = pBS->HandleProtocol(Controller, &gIDESecurityProtocolGuid, &Security);
+ if ( !EFI_ERROR(Status) ) {
+ // Check the SATA controller operating mode, and based on the mode, get the UnicodeString
+ // name of the device
+ if ( Security->ModeFlag ) {
+ DeviceName = ((SATA_DEVICE_INTERFACE*)Security->BusInterface)->UDeviceName->UnicodeString;
+ } else {
+ DeviceName = ((IDE_BUS_PROTOCOL*)Security->BusInterface)->IdeDevice.UDeviceName->UnicodeString;
+ }
+
+ // Allocate space to copy the unicode device name string
+ *wsName = MallocZ(sizeof(CHAR16)*(Wcslen(DeviceName)+1));
+ if ( *wsName!=NULL ) {
+ Wcscpy( *wsName, DeviceName);
+ ReturnStatus = TRUE;
+ }
+ }
+
+ // Return true to signify that a device name was discovered
+ return ReturnStatus;
+}
+
+#endif
+
+// Function Definitions
+
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: InitIdeSecurityStrings
+//
+// Description: This function initializes the IdeSecurity setup option values
+//
+// Input: HiiHandle Handle to HII database
+// Class Indicates the setup class
+//
+// Output: None
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+VOID InitIdeSecurityStrings(
+ EFI_HII_HANDLE HiiHandle,
+ UINT16 Class )
+{
+#if defined(SECUITY_SETUP_ON_SAME_PAGE) && SECUITY_SETUP_ON_SAME_PAGE
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINT16 i, HDDCount = 0;
+ UINTN Count;
+ CHAR16 * Name, *Temp1;
+ BOOLEAN Locked;
+ IDE_SECURITY_PROTOCOL *IDEPasswordSecurity = NULL;
+ EFI_DEVICE_PATH_PROTOCOL *DevicePath;
+ EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;
+ PCI_DEVICE_PATH *PciDevicePath;
+ SECURITY_PROTOCOL *Security = NULL;
+ UINT32 HddPortNumber;
+ CHAR16 *Buff=L"P";
+ EFI_DISK_INFO_PROTOCOL *DiskInfoPtr=NULL;
+ UINT32 PortNumber;
+ UINT32 PMPortNumber;
+ BOOLEAN Flag = FALSE;
+
+ // Locate all handles with IDE_SECURITY_PROTOCOL installled
+ Status = pBS->LocateHandleBuffer( ByProtocol,
+ &gIDESecurityProtocolGuid,
+ NULL,
+ &Count,
+ &HandleBuffer);
+ if ( EFI_ERROR( Status )) {
+ return;
+ }
+
+ // For each handle in HandleBuffer
+ for ( i = 0; i < Count; i++ ) {
+ //
+ // Get the PasswordSecurity Protocol
+ //
+ Status = pBS->OpenProtocol( HandleBuffer[i],
+ &gIDESecurityProtocolGuid,
+ (VOID**) &IDEPasswordSecurity,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if ( EFI_ERROR( Status ))
+ continue;
+ //
+ // Get the DiskInfo Protocol
+ //
+ Status = pBS->OpenProtocol( HandleBuffer[i],
+ &gDiskInfoProtocolGuid,
+ (VOID**) &DiskInfoPtr,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if ( EFI_ERROR( Status )){
+ continue;
+ }
+ //
+ // Locate the device path Protocol
+ //
+ Status = pBS->OpenProtocol( HandleBuffer[i],
+ &gDevicePathProtocolGuid,
+ (VOID**)&DevicePath,
+ NULL,
+ HandleBuffer[i],
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if ( EFI_ERROR( Status )){
+ continue;
+ }
+
+ DevicePathNode = DevicePath;
+
+ //
+ // Traverse the Device Path structure till we reach HARDWARE_DEVICE_PATH
+ //
+ while (!isEndNode (DevicePathNode)) {
+
+ if ((DevicePathNode->Type == HARDWARE_DEVICE_PATH) &&
+ (DevicePathNode->SubType == HW_PCI_DP)){
+
+ PciDevicePath = (PCI_DEVICE_PATH *) DevicePathNode;
+ break;
+ }
+
+ DevicePathNode = NEXT_NODE (DevicePathNode);
+ }
+ // Check whether valid DevicePath found
+ if (PciDevicePath == NULL) continue;
+
+ Security=(SECURITY_PROTOCOL *)IDEPasswordSecurity;
+
+ if(Security->ModeFlag){
+ //
+ // Controller is in Ahci Mode, Call WhichIde function to find out Port Number
+ //
+ DiskInfoPtr->WhichIde(DiskInfoPtr,&PortNumber,&PMPortNumber);
+ //
+ // Assign the PortNumber to HddPortNumber.This Port Number is displayed in Setup.
+ //
+ HddPortNumber=PortNumber;
+ Flag=TRUE;
+
+ }else{
+
+#ifdef SB_TEMPLATE_VER
+#if SB_TEMPLATE_VER > 6
+{
+ UINT32 IdeChannel;
+ UINT32 IdeDevice;
+
+ if(gSbHddPolicyPtr==NULL){
+ Status=gBS->LocateProtocol(&gSbHddPolicyProtocolGuid,
+ NULL, \
+ &gSbHddPolicyPtr);
+ }
+
+ if(gSbHddPolicyPtr!=NULL){
+
+ //
+ // Find out the Primary/Secondary,Master/Slave Info from WhichIde function
+ //
+ DiskInfoPtr->WhichIde(DiskInfoPtr,&IdeChannel,&IdeDevice);
+ //
+ // Get the Port Number to which the HDD is connected
+ //
+ gSbHddPolicyPtr->GeneratePortNumber(PciDevicePath->Device,PciDevicePath->Function,
+ IdeChannel,IdeDevice,&PortNumber);
+
+ HddPortNumber=PortNumber;
+ Flag=TRUE;
+
+ }else{
+ //
+ // SB HDD Policy Protocol is not Present.
+ //
+ Flag=FALSE;
+ }
+}
+#endif
+#endif
+
+ }
+
+ if ( CheckSecurityStatus( IDEPasswordSecurity, &Locked, 0x0004 )) {
+ if ( HddPasswordGetDeviceName( HandleBuffer[i], &Name )) {
+ Name[12] = 0;
+ if(Flag){
+ //
+ // Display the the Port Number in Setup
+ //
+ InitString(HiiHandle, gHddSecurityName[i], L"%s%d:%s", L"P", HddPortNumber, Name);
+ }else{
+ //
+ // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT
+ // token to display the String Information.
+ //
+ Temp1 = HiiGetString( HiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT ));
+ InitString(HiiHandle, gHddSecurityName[i], L"%s%d:%s",Temp1,HDDCount,Name);
+ }
+ } else {
+ if(Flag){
+ //
+ // Display the the Port Number in Setup
+ //
+ InitString(HiiHandle, gHddSecurityName[i], L"%s%d", L"P", HddPortNumber);
+ }else{
+ //
+ // If SB HDD Policy Protocol is not Installed Use STR_IDE_SECURITY_PROMPT
+ // token to display the String Information.
+ //
+ Temp1 = HiiGetString( HiiHandle, STRING_TOKEN( STR_IDE_SECURITY_PROMPT ));
+ InitString(HiiHandle, gHddSecurityName[i], L"%s%d", Temp1, HDDCount);
+ }
+ }
+ HDDCount++;
+ }// end if
+
+ }// end of for
+#endif
+ return;
+}
+
+//**********************************************************************
+//**********************************************************************
+//** **
+//** (C)Copyright 1985-2010, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Pkwy, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//**********************************************************************
+//**********************************************************************