summaryrefslogtreecommitdiff
path: root/Core/EM/OpalSecurity
diff options
context:
space:
mode:
Diffstat (limited to 'Core/EM/OpalSecurity')
-rw-r--r--Core/EM/OpalSecurity/AHCIOpalSec.c312
-rw-r--r--Core/EM/OpalSecurity/IDEOpalSec.c321
-rw-r--r--Core/EM/OpalSecurity/OpalSecurity.c553
-rw-r--r--Core/EM/OpalSecurity/OpalSecurity.chmbin0 -> 54923 bytes
-rw-r--r--Core/EM/OpalSecurity/OpalSecurity.cif14
-rw-r--r--Core/EM/OpalSecurity/OpalSecurity.h227
-rw-r--r--Core/EM/OpalSecurity/OpalSecurity.mak66
-rw-r--r--Core/EM/OpalSecurity/OpalSecurity.sdl33
8 files changed, 1526 insertions, 0 deletions
diff --git a/Core/EM/OpalSecurity/AHCIOpalSec.c b/Core/EM/OpalSecurity/AHCIOpalSec.c
new file mode 100644
index 0000000..998181d
--- /dev/null
+++ b/Core/EM/OpalSecurity/AHCIOpalSec.c
@@ -0,0 +1,312 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
+// $Header: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/AHCIOpalSec.c 5 12/21/11 8:32p Rajkumarkc $
+//
+// $Revision: 5 $
+//
+// $Date: 12/21/11 8:32p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/AHCIOpalSec.c $
+//
+// 5 12/21/11 8:32p Rajkumarkc
+// [TAG] EIP77142
+// [Category] BUG FIX & IMPROVEMENT
+// [Description] BUG FIX - Changed Little Endian format to Big Endian
+// format while sending commands.
+// IMPROVEMENT - Added support to Lock the Opal hdd
+// if it's unlocked on Bios POST.
+// [Files] IdeOpalSec.c, AhciOpalSec.c, OpalSecurity.c,
+// OpalSecurity.h, OpalSecurity.sdl
+//
+// 4 8/22/11 4:09a Anandakrishnanl
+// [TAG] EIP64040
+// [Category] Improvement
+// [Description] Opal Security - Changes requested for CodeReview by
+// customer
+// [Files] IdeOpalSec.c
+// AhciOpalSec.c
+//
+// 3 8/22/11 3:04a Anandakrishnanl
+// [TAG] EIP62912
+// [Category] Improvement
+// [Description] Opal Security Definitions Should be Moved to PIDEBUS.h
+// from StorageSecurityProtocol.h
+// StorageSecurityProtocol.h included in OPAL security driver module will
+// give build error when disabled without sdl token #if
+// OpalSecurity_SUPPORT properly placed in Ahcibus and IdeBus drivers. But
+// Bus driver should not depend on any tokens. For this reason need to
+// move OPAL_SEC_INIT_PROTOCOL_GUID in Pidebus.h
+// [Files] IdeBus.c
+// Pidebus.h
+// OpalSecurity.cif
+// OpalSecurity.h
+// IdeOpalSec.c
+// AhciOpalSec.c
+//
+// 2 5/19/11 5:58a Anandakrishnanl
+// [TAG] EIP53565
+// [Category] New Feature
+// [Description] UEFI2.3+ Specifications defines Storage Security
+// protocol which needs to be implemented
+// [Files] AhciBus.c,IdeBus.c,AHCIOpalSec.c,IDEOpalSec.c,OpalSecurity.c
+// ,OpalSecurity.chm,OpalSecurity.cif,OpalSecurity.h,OpalSecurity.mak,Opal
+// Security.sdl,PIDEBus.h,StorageSecurityProtocol.CIF,StorageSecurityProto
+// col.h
+//
+//
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: AHCIOpalSec.c
+//
+// Description: Opal Support
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "OpalSecurity.h"
+
+#define ZeroMemory(Buffer,Size) pBS->SetMem(Buffer,Size,0)
+
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: AhciSendData
+//
+// Description: Send a security protocol command to a device.
+//
+// Input:
+// This - Indicates a pointer to the calling context. Type
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is defined in the
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL description.
+// MediaId - ID of the medium to send data to.
+// Timeout - The timeout, in 100ns units, to use for the execution of the
+// security protocol command. A Timeout value of 0 means that this function
+// will wait indefinitely for the security protocol command to execute.
+// If Timeout is greater than zero, then this function will return
+// EFI_TIMEOUT if the time required to execute the receive data command
+// is greater than Timeout.
+// SecurityProtocolId - Security protocol ID of the security protocol
+// command to be sent.
+// SecurityProtocolSpecificData - Security protocol specific portion of
+// the security protocol command.
+// PayloadBufferSize - Size in bytes of the payload data buffer.
+// PayloadBuffer - A pointer to a buffer containing the security protocol
+// command specific payload data for the security protocol command.
+//
+// Output:
+// EFI_SUCCESS - The security protocol command completed successfully.
+// EFI_UNSUPPORTED - The given MediaId does not support security protocol
+// commands.
+// EFI_DEVICE_ERROR - The security protocol command completed with an error.
+// EFI_INVALID_PARAMETER - The PayloadBuffer or PayloadTransferSize is
+// NULL and PayloadBufferSize is non-zero.
+//
+//<AMI_PHDR_END>
+//**********************************************************************
+
+EFI_STATUS
+AhciSendData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ IN VOID *PayloadBuffer
+)
+{
+ EFI_STATUS Status;
+ UINT8 SectorCountL = 0;
+ UINT8 SectorCountH = 0;
+ COMMAND_STRUCTURE CommandStructure;
+ STORAGE_SECURITY_COMMAND_PROTOCOL *StorageSecurityProtocol = (STORAGE_SECURITY_COMMAND_PROTOCOL*)This;
+ SATA_DEVICE_INTERFACE *SataDevInterface = (SATA_DEVICE_INTERFACE *)StorageSecurityProtocol->BusInterface;
+ SATA_BLOCK_IO *SataBlkIo = SataDevInterface->SataBlkIo;
+
+ // Check for BlkIo presence
+ if(SataBlkIo == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ // Check for Media change
+ if(SataBlkIo->BlkIo.Media->MediaId != MediaId) {
+ return EFI_MEDIA_CHANGED;
+ }
+
+ SectorCountL = (UINT8)(PayloadBufferSize / SataBlkIo->BlkIo.Media->BlockSize);
+ SectorCountH = (UINT8)((PayloadBufferSize / SataBlkIo->BlkIo.Media->BlockSize)/0x100);
+
+ ZeroMemory (&CommandStructure, sizeof(COMMAND_STRUCTURE));
+
+ if(PayloadBufferSize != 0){
+ Status = SataDevInterface->AhciBusInterface->SataPioDataOut(
+ SataDevInterface,
+ PayloadBuffer,
+ (UINT32)PayloadBufferSize,
+ SecurityProtocolId,
+ SectorCountH,//TransferLength
+ 0,
+ (UINT8)(SecurityProtocolSpecificData >> 8) , //Com ID
+ 0,
+ (UINT8)SecurityProtocolSpecificData,
+ 0,
+ TRUSTED_SEND,
+ TRUE);
+
+ }else{
+ // For PayloadBufferSize zero, Trusted Non Data command should be used
+ // BIT 24 indicates Trusted Receive/Send
+ CommandStructure.LBAMid = (UINT8)(SecurityProtocolSpecificData >> 8);
+ CommandStructure.LBAHigh = (UINT8)SecurityProtocolSpecificData;
+ CommandStructure.Command = TRUSTED_NON_DATA;
+ CommandStructure.Features = SecurityProtocolId;
+ CommandStructure.Buffer = PayloadBuffer;
+ CommandStructure.ByteCount = (UINT32)PayloadBufferSize;
+ Status = SataDevInterface->AhciBusInterface->ExecuteNonDataCommand (SataDevInterface, CommandStructure);
+ }
+
+ return Status;
+}
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: ReceiveData
+//
+// Description: Send a security protocol command to a device that receives
+// data and/or the result of one or more commands sent by
+// SendData.
+//
+// Input:
+// This -Indicates a pointer to the calling context. Type
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is defined in the
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL description.
+// MediaId - ID of the medium to receive data from.
+// Timeout - The timeout, in 100ns units, to use for the execution of the
+// security protocol command. A Timeout value of 0 means that this
+// function will wait indefinitely for the security protocol command
+// to execute. If Timeout is greater than zero, then this function
+// will return.
+// SecurityProtocolId - Security protocol ID of the security protocol
+// command to be sent.
+// SecurityProtocolSpecificData - Security protocol specific portion of
+// the security protocol command.
+// PayloadBufferSize - Size in bytes of the payload data buffer.
+// PayloadBuffer - A pointer to a destination buffer to store the
+// security protocol command specific payload data for the
+// security protocol command. The caller is responsible
+// for either having implicit or explicit ownership of
+// the buffer.
+// PayloadTransferSize - A pointer to a buffer to store the size in bytes
+// of the data written to the payload data buffer.
+//
+// Output:
+// EFI_SUCCESS - The security protocol command completed successfully.
+// EFI_UNSUPPORTED - The given MediaId does not support security
+// protocol commands.
+// EFI_DEVICE_ERROR - The security protocol command completed with an error.
+// EFI_INVALID_PARAMETER - The PayloadBuffer or PayloadTransferSize is
+// NULL and PayloadBufferSize is non-zero.
+//<AMI_PHDR_END>
+//**********************************************************************
+EFI_STATUS
+AhciReceiveData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ OUT VOID *PayloadBuffer,
+ OUT UINTN *PayloadTransferSize
+)
+{
+ EFI_STATUS Status;
+ UINT8 SectorCountL = 0;
+ UINT8 SectorCountH = 0;
+ COMMAND_STRUCTURE CommandStructure;
+ STORAGE_SECURITY_COMMAND_PROTOCOL *StorageSecurityProtocol = (STORAGE_SECURITY_COMMAND_PROTOCOL*)This;
+ SATA_DEVICE_INTERFACE *SataDevInterface = (SATA_DEVICE_INTERFACE *)StorageSecurityProtocol->BusInterface;
+ SATA_BLOCK_IO *SataBlkIo = SataDevInterface->SataBlkIo;
+
+ // Check for BlkIo presence
+ if(SataBlkIo==NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ // Check for Media change
+ if(SataBlkIo->BlkIo.Media->MediaId != MediaId) {
+ return EFI_MEDIA_CHANGED;
+ }
+
+ SectorCountL = (UINT8)(PayloadBufferSize / SataBlkIo->BlkIo.Media->BlockSize);
+ SectorCountH = (UINT8)((PayloadBufferSize / SataBlkIo->BlkIo.Media->BlockSize)/0x100);
+
+ ZeroMemory (&CommandStructure, sizeof(COMMAND_STRUCTURE));
+
+ if(PayloadBufferSize != 0){
+ // For PayloadBufferSize non zero, Trusted Receive command should be used
+
+ if(PayloadTransferSize == NULL || PayloadBuffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ CommandStructure.SectorCount = (UINT16)SectorCountL;
+ CommandStructure.LBALow = (UINT8)SectorCountH;
+ CommandStructure.LBAMid = (UINT8)(SecurityProtocolSpecificData >> 8);
+ CommandStructure.LBAHigh = (UINT8)SecurityProtocolSpecificData;
+ CommandStructure.Command = TRUSTED_RECEIVE;
+ CommandStructure.Features = SecurityProtocolId;
+ CommandStructure.Buffer = PayloadBuffer;
+ CommandStructure.ByteCount = (UINT32)PayloadBufferSize ;
+ Status = SataDevInterface->AhciBusInterface->ExecutePioDataCommand (SataDevInterface, &CommandStructure, FALSE);
+ }else{
+ // For PayloadBufferSize zero, Trusted Non Data command should be used
+ // BIT 24 indicates Trusted Receive/Send
+ CommandStructure.LBAMid = (UINT8)(SecurityProtocolSpecificData >> 8);
+ CommandStructure.LBAHigh = (UINT8)SecurityProtocolSpecificData;
+ CommandStructure.LBALowExp = 0x01; // Trusted Receive
+ CommandStructure.Command = TRUSTED_NON_DATA;
+ CommandStructure.Features = SecurityProtocolId;
+ CommandStructure.Buffer = PayloadBuffer;
+ CommandStructure.ByteCount = (UINT32)PayloadBufferSize;
+ Status = SataDevInterface->AhciBusInterface->ExecuteNonDataCommand (SataDevInterface, CommandStructure);
+ }
+
+ if (!EFI_ERROR( Status) ) {
+ *PayloadTransferSize = CommandStructure.ByteCount;
+ } else {
+ *PayloadTransferSize = 0;
+ }
+
+ return Status;
+}
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Core/EM/OpalSecurity/IDEOpalSec.c b/Core/EM/OpalSecurity/IDEOpalSec.c
new file mode 100644
index 0000000..a478e63
--- /dev/null
+++ b/Core/EM/OpalSecurity/IDEOpalSec.c
@@ -0,0 +1,321 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
+// $Header: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/IDEOpalSec.c 4 12/21/11 8:33p Rajkumarkc $
+//
+// $Revision: 4 $
+//
+// $Date: 12/21/11 8:33p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/IDEOpalSec.c $
+//
+// 4 12/21/11 8:33p Rajkumarkc
+// [TAG] EIP77142
+// [Category] BUG FIX & IMPROVEMENT
+// [Description] BUG FIX - Changed Little Endian format to Big Endian
+// format while sending commands.
+// IMPROVEMENT - Added support to Lock the Opal hdd if it's
+// unlocked on Bios POST.
+// [Files] IdeOpalSec.c, AhciOpalSec.c, OpalSecurity.c,
+// OpalSecurity.h, OpalSecurity.sdl
+//
+// 3 8/22/11 4:03a Anandakrishnanl
+// [TAG] EIP64040
+// [Category] Improvement
+// [Description] Opal Security - Changes requested for CodeReview by
+// customer
+// [Files] IdeOpalSec.c
+// AhciOpalSec.c
+//
+// 2 8/22/11 3:03a Anandakrishnanl
+// [TAG] EIP62912
+// [Category] Improvement
+// [Description] Opal Security Definitions Should be Moved to PIDEBUS.h
+// from StorageSecurityProtocol.h
+// StorageSecurityProtocol.h included in OPAL security driver module will
+// give build error when disabled without sdl token #if
+// OpalSecurity_SUPPORT properly placed in Ahcibus and IdeBus drivers. But
+// Bus driver should not depend on any tokens. For this reason need to
+// move OPAL_SEC_INIT_PROTOCOL_GUID in Pidebus.h
+// [Files] IdeBus.c
+// Pidebus.h
+// OpalSecurity.cif
+// OpalSecurity.h
+// IdeOpalSec.c
+// AhciOpalSec.c
+//
+// 1 5/19/11 2:07a Anandakrishnanl
+// Opal Security Module Initial Check In
+//
+//
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: IDEOpalSec.c
+//
+// Description: IDE Opal Security Support
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "OpalSecurity.h"
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: IdeSendData
+//
+// Description: Send a security protocol command to a device.
+//
+// Input:
+// This - Indicates a pointer to the calling context. Type
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is defined in the
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL description.
+// MediaId - ID of the medium to send data to.
+// Timeout - The timeout, in 100ns units, to use for the execution of the
+// security protocol command. A Timeout value of 0 means that this
+// function will wait indefinitely for the security protocol command
+// to execute. If Timeout is greater than zero, then this function
+// will return EFI_TIMEOUT if the time required to execute the
+// receive data command is greater than Timeout.
+// SecurityProtocolId - Security protocol ID of the security protocol
+// command to be sent.
+// SecurityProtocolSpecificData - Security protocol specific portion of
+// the security protocol command.
+// PayloadBufferSize - Size in bytes of the payload data buffer.
+// PayloadBuffer - A pointer to a buffer containing the security protocol
+// command specific payload data for the security protocol command.
+// Output:
+// EFI_SUCCESS - The security protocol command completed successfully.
+// EFI_UNSUPPORTED - The given MediaId does not support security
+// protocol commands.
+// EFI_DEVICE_ERROR - The security protocol command completed with an error.
+// EFI_INVALID_PARAMETER - The PayloadBuffer or PayloadTransferSize is
+// NULL and PayloadBufferSize is non-zero.
+//
+//<AMI_PHDR_END>
+//**********************************************************************
+
+EFI_STATUS IdeSendData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ IN VOID *PayloadBuffer )
+{
+ EFI_STATUS Status;
+ UINT8 SectorCountL = 0;
+ UINT8 SectorCountH = 0;
+ STORAGE_SECURITY_COMMAND_PROTOCOL *StorageSecurityProtocol = (STORAGE_SECURITY_COMMAND_PROTOCOL*)This;
+ IDE_BUS_PROTOCOL *IdeBusInterface = (IDE_BUS_PROTOCOL*)StorageSecurityProtocol->BusInterface;
+ EFI_BLOCK_IO_PROTOCOL *Blockio = &(IdeBusInterface->IdeBlkIo->BlkIo);
+
+ // Check for BlkIo presence
+ if(Blockio == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ // Check for Media change
+ if(Blockio->Media->MediaId != MediaId) {
+ return EFI_MEDIA_CHANGED;
+ }
+
+ SectorCountL = (UINT8)(PayloadBufferSize / Blockio->Media->BlockSize);
+ SectorCountH = (UINT8)((PayloadBufferSize / Blockio->Media->BlockSize)/0x100);
+
+ if(PayloadBufferSize != 0){
+ // For PayloadBufferSize non zero, Trusted Send command should be used
+ if(PayloadBuffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ Status = IdeBusInterface->AtaPioDataOut(
+ IdeBusInterface,
+ PayloadBuffer,
+ (UINT32)PayloadBufferSize,
+ SecurityProtocolId,
+ SectorCountL, // Sector count - 512 bytes multiples
+ SectorCountH,//TransferLength
+ 0,
+ (UINT8)(SecurityProtocolSpecificData >> 8) , //Com ID
+ 0,
+ (UINT8)SecurityProtocolSpecificData,
+ 0,
+ IdeBusInterface->IdeDevice.Device << 4,
+ TRUSTED_SEND,
+ TRUE,
+ FALSE );
+ }else{
+ // For PayloadBufferSize zero, Trusted Non Data command should be used
+ // BIT 24 indicates Trusted Receive/Send
+ Status = IdeBusInterface->IdeNonDataCommand(IdeBusInterface,
+ SecurityProtocolId,
+ 0, // Reserved if command is Trusted Non-Data
+ 0, // Reserved if command is Trusted Non-Data
+ 0, // Reserved if command is Trusted Non-Data
+ 0, // Reserved if command is Trusted Non-Data
+ (UINT8)(SecurityProtocolSpecificData >> 8),//Com Id
+ 0,
+ (UINT8)SecurityProtocolSpecificData,
+ 0,
+ IdeBusInterface->IdeDevice.Device << 4,
+ TRUSTED_NON_DATA
+ );
+ }
+
+ return Status;
+}
+
+//**********************************************************************
+//<AMI_PHDR_START>
+//
+// Procedure: IdeReceiveData
+//
+// Description: Send a security protocol command to a device that receives
+// data and/or the result of one or more commands sent by
+// SendData.
+//
+// Input:
+// This -Indicates a pointer to the calling context. Type
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is defined in the
+// EFI_STORAGE_SECURITY_COMMAND_PROTOCOL description.
+// MediaId - ID of the medium to receive data from.
+// Timeout - The timeout, in 100ns units, to use for the execution of the
+// security protocol command. A Timeout value of 0 means that this
+// function will wait indefinitely for the security protocol command to
+// execute. If Timeout is greater than zero, then this function will
+// return.
+// SecurityProtocolId - Security protocol ID of the security protocol
+// command to be sent.
+// SecurityProtocolSpecificData - Security protocol specific portion of
+// the security protocol command.
+// PayloadBufferSize - Size in bytes of the payload data buffer.
+// PayloadBuffer - A pointer to a destination buffer to store the security
+// protocol command specific payload data for the security protocol
+// command. The caller is responsible for either having implicit or
+// explicit ownership of the buffer.
+// PayloadTransferSize - A pointer to a buffer to store the size in bytes
+// of the data written to the payload data buffer.
+//
+// Output:
+// EFI_SUCCESS - The security protocol command completed successfully.
+// EFI_UNSUPPORTED - The given MediaId does not support security
+// protocol commands.
+// EFI_DEVICE_ERROR - The security protocol command completed with an error.
+// EFI_INVALID_PARAMETER - The PayloadBuffer or PayloadTransferSize is
+// NULL and PayloadBufferSize is non-zero.
+//<AMI_PHDR_END>
+//**********************************************************************
+
+EFI_STATUS IdeReceiveData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ OUT VOID *PayloadBuffer,
+ OUT UINTN *PayloadTransferSize
+ )
+{
+ EFI_STATUS Status;
+ UINT8 Device = 0;
+ UINT8 SectorCountL = 0;
+ UINT8 SectorCountH = 0;
+ STORAGE_SECURITY_COMMAND_PROTOCOL *StorageSecurityProtocol = (STORAGE_SECURITY_COMMAND_PROTOCOL*)This;
+ IDE_BUS_PROTOCOL *IdeBusInterface = (IDE_BUS_PROTOCOL*)StorageSecurityProtocol->BusInterface;
+ EFI_BLOCK_IO_PROTOCOL *Blockio = &(IdeBusInterface->IdeBlkIo->BlkIo);
+
+ // Check for BlkIo presence
+ if(Blockio == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if(Blockio->Media->MediaId != MediaId) {
+ return EFI_MEDIA_CHANGED;
+ }
+
+ SectorCountL = (UINT8)(PayloadBufferSize / Blockio->Media->BlockSize);
+ SectorCountH = (UINT8)((PayloadBufferSize / Blockio->Media->BlockSize)/0x100);
+
+ if(PayloadBufferSize != 0){
+ // For PayloadBufferSize non zero, Trusted Receive command should be used
+
+ if(PayloadTransferSize == NULL || PayloadBuffer == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = IdeBusInterface->AtaPioDataIn(
+ IdeBusInterface,
+ PayloadBuffer,
+ (UINT32)PayloadBufferSize,
+ SecurityProtocolId,
+ SectorCountL, // Sector count - 512 bytes multiples
+ SectorCountH,//TransferLength
+ (UINT8)(SecurityProtocolSpecificData >> 8) , //Com ID
+ (UINT8)SecurityProtocolSpecificData,
+ IdeBusInterface->IdeDevice.Device << 4,
+ TRUSTED_RECEIVE,
+ FALSE );
+ }else{
+
+ // For PayloadBufferSize zero, Trusted Non Data command should be used
+ // BIT 24 indicates Trusted Receive/Send
+ UINT32 LBA = 0;
+
+ // IdeNonDataCommand supports only for 24 bits of LBA(Low, Mid and High). For 28 bit LBA
+ // we use device to fill remanining 4 bits (24:27).
+ // Needed since bit 24 indicates Trusted Receive/Send.
+ LBA = (SecurityProtocolSpecificData << 8) | (1 << 24);
+ Device = ((UINT8) ((UINT32) LBA >> 24 ) & 0x0f) | (IdeBusInterface->IdeDevice.Device << 4) | 0x40;
+
+ Status = IdeBusInterface->IdeNonDataCommand(
+ IdeBusInterface,
+ SecurityProtocolId,
+ 0, // Reserved if command is Trusted Non-Data
+ 0, // Reserved if command is Trusted Non-Data
+ 0, // Reserved if command is Trusted Non-Data
+ 0x01, // Trusted Receive
+ (UINT8)(SecurityProtocolSpecificData >> 8) , //Com ID - Discovery 0
+ 0,
+ (UINT8)SecurityProtocolSpecificData,
+ 0,
+ Device,
+ TRUSTED_NON_DATA );
+ }
+
+ if (!EFI_ERROR( Status) ) {
+ *PayloadTransferSize = PayloadBufferSize;
+ } else {
+ *PayloadTransferSize = 0;
+ }
+
+ return Status;
+}
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Core/EM/OpalSecurity/OpalSecurity.c b/Core/EM/OpalSecurity/OpalSecurity.c
new file mode 100644
index 0000000..f06d77a
--- /dev/null
+++ b/Core/EM/OpalSecurity/OpalSecurity.c
@@ -0,0 +1,553 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
+// $Header: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/OpalSecurity.c 3 12/21/11 8:36p Rajkumarkc $
+//
+// $Revision: 3 $
+//
+// $Date: 12/21/11 8:36p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/OpalSecurity.c $
+//
+// 3 12/21/11 8:36p Rajkumarkc
+// [TAG] EIP77142
+// [Category] BUG FIX & IMPROVEMENT
+// [Description] BUG FIX - Changed Little Endian format to Big Endian
+// format while sending commands.
+// IMPROVEMENT - Added support to Lock the Opal hdd if
+// it's unlocked on Bios POST.
+// [Files] IdeOpalSec.c, AhciOpalSec.c, OpalSecurity.c,
+// OpalSecurity.h, OpalSecurity.sdl
+//
+// 2 5/19/11 5:59a Anandakrishnanl
+// [TAG] EIP53565
+// [Category] New Feature
+// [Description] UEFI2.3+ Specifications defines Storage Security
+// protocol which needs to be implemented.
+// [Files] AhciBus.c,IdeBus.c,AHCIOpalSec.c,IDEOpalSec.c,OpalSecurity.c
+// ,OpalSecurity.chm,OpalSecurity.cif,OpalSecurity.h,OpalSecurity.mak,Opal
+// Security.sdl,PIDEBus.h,StorageSecurityProtocol.CIF,StorageSecurityProto
+// col.h
+//
+//<AMI_FHDR_START>
+//---------------------------------------------------------------------------
+//
+// Name: OpalSecurity.c
+//
+// Description: Opal Security Support
+//
+//---------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#include "OpalSecurity.h"
+
+static EFI_GUID gOpalSecInitProtocolGuid = OPAL_SEC_INIT_PROTOCOL_GUID;
+static EFI_GUID gStorageSecurityProtocolGuid = EFI_STORAGE_SECURITY_COMMAND_PROTOCOL_GUID;
+
+OPAL_SECURITY_INIT_PROTOCOL *gOpalSecInitProtocol;
+STORAGE_SECURITY_COMMAND_PROTOCOL *gStorageSecurityProtocol;
+
+//<AMI_PHDR_START>
+//----------------------------------------------------------------------------
+// Procedure: OpalSecEntryPoint
+//
+// Description: This function is the entry point for OpalSecurity
+// Driver.
+//
+// Input:
+// EFI_HANDLE ImageHandle Image handle.
+// EFI_SYSTEM_TABLE *SystemTable Pointer to the EFI system table.
+//
+// Output:
+// EFI_SUCCESS : OpalSecurity Interface successfully installed.
+//
+//----------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS
+OpalSecEntryPoint(
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+)
+{
+ EFI_HANDLE Handle = NULL;
+ EFI_STATUS Status = EFI_SUCCESS;
+
+ InitAmiLib( ImageHandle, SystemTable );
+
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ sizeof(OPAL_SECURITY_INIT_PROTOCOL),
+ (VOID**)&gOpalSecInitProtocol );
+
+ if ( EFI_ERROR( Status )){
+ return Status;
+ }
+
+ gOpalSecInitProtocol->InstallOpalSecurityInterface = InstallOpalSecurityInterface;
+ gOpalSecInitProtocol->UnInstallOpalSecurityInterface = UnInstallOpalSecurityInterface;
+
+ Status = pBS->InstallProtocolInterface(
+ &Handle,
+ &gOpalSecInitProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ gOpalSecInitProtocol
+ );
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: InstallOpalSecurityInterface
+//
+// Description: Installs StorageSecurityProtocol if the drive supports
+// Trusted commands
+//
+// Input:
+// IN VOID *BusInterface
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : StorageSecurity supported.
+// Others : Not supported.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS
+InstallOpalSecurityInterface(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag
+)
+{
+ EFI_STATUS Status ;
+ IDENTIFY_DATA IdentifyData;
+ EFI_HANDLE IdeDeviceHandle = NULL;
+
+ if ( ModeFlag == FALSE ){
+ IdentifyData = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDevice.IdentifyData;
+ IdeDeviceHandle = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDeviceHandle;
+ }else{
+ IdentifyData = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdentifyData;
+ IdeDeviceHandle = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdeDeviceHandle;
+ }
+
+ if(!(IdentifyData.Trusted_Computing_Support & 0x01)){
+ return EFI_UNSUPPORTED;
+ }
+
+ //
+ // StorageSecurity Protocol
+ //
+ Status = pBS->AllocatePool( EfiBootServicesData,
+ sizeof(EFI_STORAGE_SECURITY_COMMAND_PROTOCOL),
+ (VOID**)&gStorageSecurityProtocol );
+
+ if ( ModeFlag == FALSE ){
+ gStorageSecurityProtocol->ReceiveData = IdeReceiveData;
+ gStorageSecurityProtocol->SendData = IdeSendData;
+ }else{
+ gStorageSecurityProtocol->ReceiveData = AhciReceiveData;
+ gStorageSecurityProtocol->SendData = AhciSendData;
+ }
+ gStorageSecurityProtocol->BusInterface = BusInterface;
+
+ Status = pBS->InstallMultipleProtocolInterfaces(
+ &IdeDeviceHandle,
+ &gStorageSecurityProtocolGuid, gStorageSecurityProtocol,
+ NULL );
+
+// TPer Lock On Reset Feature Support
+#if TPer_LOCK_ON_RESET
+
+ // Below error status check is to determine if gStorageSecurityProtocol has been
+ // installed successfully or not. In case if code inserted in between, this check
+ // has to be handled properly.
+
+ if (!EFI_ERROR(Status)) {
+ GetAndStoreSecurityProtocolInformation(
+ (EFI_STORAGE_SECURITY_COMMAND_PROTOCOL*)gStorageSecurityProtocol,
+ BusInterface
+ );
+ IssueLockOnResetCommand(
+ (EFI_STORAGE_SECURITY_COMMAND_PROTOCOL*)gStorageSecurityProtocol,
+ BusInterface,
+ ModeFlag
+ );
+ }
+#endif
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: UnInstallOpalSecurityInterface
+//
+// Description: Uninstalls the Opal Security Init Protocol.
+//
+// Input:
+// IN VOID *BusInterface,
+// IN BOOLEAN ModeFlag
+//
+// Output:
+// EFI_SUCCESS : Security Mode supported.
+// EFI_DEVICE_ERROR/EFI_UNSUPPORTED : Not supported.
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+UnInstallOpalSecurityInterface(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag
+)
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+ EFI_HANDLE IdeDeviceHandle;
+
+ if ( ModeFlag == FALSE ){
+ IdeDeviceHandle = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDeviceHandle;
+ }else{
+ IdeDeviceHandle = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdeDeviceHandle;
+ }
+
+ //
+ // Install Devicepath and BLOCK_IO on a new handle
+ //
+ Status = pBS->UninstallMultipleProtocolInterfaces(
+ IdeDeviceHandle,
+ &gOpalSecInitProtocolGuid,
+ gOpalSecInitProtocol,
+ NULL );
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: GetAndStoreSecurityProtocolInformation
+//
+// Description: Get and store Security Protocol Information
+//
+// Input:
+// IN VOID *BusInterface,
+// IN BOOLEAN ModeFlag
+//
+// Output: NONE
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+GetAndStoreSecurityProtocolInformation(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN VOID *BusInterface
+)
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+ SP0_TRUSTED_RECEIVE_PARAMETER_DATA *QueryBuffer = NULL;
+ UINT16 ListLength = 0;
+ UINT8 SpByte = 0;
+
+ UINTN QueryBufferSize = sizeof(SP0_TRUSTED_RECEIVE_PARAMETER_DATA);
+
+ Status = pBS->AllocatePool(EfiBootServicesData, sizeof(UINT8)*QueryBufferSize, (VOID**)&QueryBuffer);
+ if(EFI_ERROR(Status))return EFI_OUT_OF_RESOURCES;
+
+ Status = GetSecurityProtocolInformation(This, QueryBuffer, &QueryBufferSize);
+ // GetSecurityProtocolInformation returns error Status. Unsupported Security Protocol.
+ if(EFI_ERROR(Status)) return EFI_UNSUPPORTED;
+
+ // The List Length field indicates the total length, in bytes, of the supported security protocol list.
+ ListLength = QueryBuffer->ListLengthHigh << 8 | QueryBuffer->ListLengthLow;
+
+ ((STORAGE_SECURITY_COMMAND_PROTOCOL*)This)->SupportedProtocolList = QueryBuffer;
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: GetSecurityProtocolInformation
+//
+// Description: Get Security Protocol Information
+//
+// Input: IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+// OUT VOID *QueryBuffer,
+// OUT UINTN *QueryBufferSize
+//
+//
+// Output: NONE
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+GetSecurityProtocolInformation(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN OUT VOID *QueryBuffer,
+ IN OUT UINTN *QueryBufferSize
+ )
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+
+ Status = This->ReceiveData( This,
+ 0,
+ 0,
+ SECURITY_PROTOCOL_INFORMATION, // Security Protocol ID
+ 0x00, // SP specific id
+ 0x200, // TranferLength
+ QueryBuffer,
+ QueryBufferSize
+ );
+ return Status;
+
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: IssueLockOnResetCommand
+//
+// Description: Issues LockOnReset Command.
+//
+// Input:
+// IN VOID *BusInterface,
+// IN BOOLEAN ModeFlag
+//
+// Output: NONE
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+IssueLockOnResetCommand(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag
+)
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+ IDENTIFY_DATA IdentifyData;
+ EFI_HANDLE IdeDeviceHandle = NULL;
+
+ UINT16 ListLength = 0;
+ UINT8 SpByte = 0;
+ SP0_TRUSTED_RECEIVE_PARAMETER_DATA *SupportedProtocolList = ((STORAGE_SECURITY_COMMAND_PROTOCOL*)This)->SupportedProtocolList;
+
+ if ( ModeFlag == FALSE ){
+ IdentifyData = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDevice.IdentifyData;
+ IdeDeviceHandle = ((IDE_BUS_PROTOCOL*)BusInterface)->IdeDeviceHandle;
+ }else{
+ IdentifyData = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdentifyData;
+ IdeDeviceHandle = ((SATA_DEVICE_INTERFACE*)BusInterface)->IdeDeviceHandle;
+ }
+
+ // The List Length field indicates the total length, in bytes, of the supported security protocol list.
+ ListLength = SupportedProtocolList->ListLengthHigh << 8 | SupportedProtocolList->ListLengthLow;
+ if(ListLength == 0) return EFI_UNSUPPORTED;
+
+ // Check the Secutiy supported Protocol List is 0xEE for IEEE 1667 or 0x02 for Native TCG
+ for(SpByte = 0; SpByte < ListLength; SpByte++){
+
+ if(SupportedProtocolList->SupportedSPList[SpByte] == SECURITY_PROTOCOL_2) {
+ // Found Supported Security Protocol list NativeTcg.Issue Tcg TPer Reset
+ Status = NativeTcgTPerReset(This);
+ break;
+ }
+
+ if(SupportedProtocolList->SupportedSPList[SpByte] == SECURITY_PROTOCOL_IEEE1667) {
+ // Found Supported Security Protocol list IEEE 1667. Issue Silo TPer Reset
+ // Check if IEEE 1667 bit (bit 7) set in the AdditionalSupported field to
+ // determine whether the device supports Trusted Send/Receive.
+
+ if(!(IdentifyData.Reserved_69_74[0] & 0x80)){
+ Status = IEEE67TPerReset(This);
+ break;
+ }
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: NativeTcgTPerReset
+//
+// Description: Native Tcg TPer Reset
+//
+// Input: IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+//
+// Output: NONE
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+EFI_STATUS
+NativeTcgTPerReset(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This
+){
+ EFI_STATUS Status = EFI_SUCCESS;
+ VOID *TcgResetDataBuffer = NULL;
+ UINT32 BufferSize = 0x200;
+
+ Status = pBS->AllocatePool(EfiBootServicesData, BufferSize, (VOID**)&TcgResetDataBuffer);
+ if(EFI_ERROR(Status))return EFI_OUT_OF_RESOURCES;
+
+ pBS->SetMem(TcgResetDataBuffer, BufferSize, 0);
+
+ // Determined the device supports Native TCG Security Support Protocol 2. Issue TPer Reset.
+ Status = This->SendData( This,
+ 0,
+ 0,
+ SECURITY_PROTOCOL_2, // Security Protocol 2 ID
+ 0x0400, // SP specific id
+ 0x200, // TranferLength - Non zero Value
+ TcgResetDataBuffer
+ );
+ pBS->FreePool(TcgResetDataBuffer);
+
+ return Status;
+
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: IEEE67TPerReset
+//
+// Description: IEEE67 TPer Reset
+//
+// Input: IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+//
+//
+// Output: NONE
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS
+IEEE67TPerReset(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This
+)
+{
+ EFI_STATUS Status = EFI_SUCCESS;
+ UINT16 SiloTypeIdentifier = 0;
+ UINT16 IeeeSilo = 0;
+ TCG_SILO_TYPE_IDENTIFIER *ProbeHostDataBuffer = NULL;
+ TCG_SILO_TYPE_IDENTIFIER *SupportedSilosArrayBuffer = NULL;
+
+ UINTN SupportedSilosArrayBufferSize = sizeof(TCG_SILO_TYPE_IDENTIFIER);
+ UINTN ProbeHostDataBufferSize = sizeof(TCG_SILO_TYPE_IDENTIFIER);
+
+ Status = pBS->AllocatePool(EfiBootServicesData, sizeof(UINT8)*ProbeHostDataBufferSize, (VOID**)&ProbeHostDataBuffer);
+ if(EFI_ERROR(Status))return EFI_OUT_OF_RESOURCES;
+
+ // Check if TPer has TCG silo by sending probe command to PROBE SILO
+ Status = This->SendData( This,
+ 0,
+ 0,
+ SECURITY_PROTOCOL_IEEE1667, // Security Protocol ID
+ 0x0100, // SP specific id
+ 0x200, // TranferLength
+ ProbeHostDataBuffer
+ );
+ if(!EFI_ERROR(Status)) {
+ Status = pBS->AllocatePool(EfiBootServicesData, sizeof(UINT8)*SupportedSilosArrayBufferSize, (VOID**)&SupportedSilosArrayBuffer);
+ if(EFI_ERROR(Status))return EFI_OUT_OF_RESOURCES;
+
+ // Followed by Trusted Receive Probe command to PROBE SILO
+ Status = This->ReceiveData( This,
+ 0,
+ 0,
+ SECURITY_PROTOCOL_IEEE1667, // Security Protocol ID
+ 0x0100, // SP specific id
+ 0x200, // TranferLength
+ SupportedSilosArrayBuffer,
+ &SupportedSilosArrayBufferSize
+ );
+
+ if(!EFI_ERROR(Status)) {
+ // Scan for Silo Identifier(0x0104) available to send TPer Reset silo command payload to Tcg Silo
+ SiloTypeIdentifier = SupportedSilosArrayBuffer->SiloTypeIdentifierHigh << 8 | SupportedSilosArrayBuffer->SiloTypeIdentifierLow;
+ // Search for IEEE std allocated identifiers only to find 0x0104 present: IEEE - 0100h to 01FFh
+ for(IeeeSilo = 0x100; IeeeSilo < 0x200; IeeeSilo++) {
+ if(IeeeSilo == SiloTypeIdentifier) {
+ Status = IssueTPerResetTcgSilo(This);
+ return Status;
+ }
+ }
+ }
+ }
+
+ return Status;
+}
+
+//<AMI_PHDR_START>
+//---------------------------------------------------------------------------
+//
+// Procedure: IssueTPerResetTcgSilo
+//
+// Description: Issue TPer Reset
+//
+// Input: IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+//
+//
+// Output: NONE
+//
+//---------------------------------------------------------------------------
+//<AMI_PHDR_END>
+
+EFI_STATUS
+IssueTPerResetTcgSilo(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This
+){
+ EFI_STATUS Status = EFI_SUCCESS;
+ TCG_SILO_TYPE_IDENTIFIER *IeeeResetDataBuffer = NULL;
+
+ UINTN IeeeResetDataBufferSize = sizeof(TCG_SILO_TYPE_IDENTIFIER);
+
+ Status = pBS->AllocatePool(EfiBootServicesData, sizeof(UINT8)*IeeeResetDataBufferSize, (VOID**)&IeeeResetDataBuffer);
+ if(EFI_ERROR(Status))return EFI_OUT_OF_RESOURCES;
+
+ // Determined the device supports TCG silo. Issue TPer Reset silo command payload to the TCG silo
+ Status = This->SendData( This,
+ 0,
+ 0,
+ SECURITY_PROTOCOL_IEEE1667, // Security Protocol ID
+ 0x0500, // SP specific id
+ 0x200, // TranferLength
+ IeeeResetDataBuffer
+ );
+ pBS->FreePool(IeeeResetDataBuffer);
+
+ return Status;
+}
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
diff --git a/Core/EM/OpalSecurity/OpalSecurity.chm b/Core/EM/OpalSecurity/OpalSecurity.chm
new file mode 100644
index 0000000..f94ae98
--- /dev/null
+++ b/Core/EM/OpalSecurity/OpalSecurity.chm
Binary files differ
diff --git a/Core/EM/OpalSecurity/OpalSecurity.cif b/Core/EM/OpalSecurity/OpalSecurity.cif
new file mode 100644
index 0000000..350a299
--- /dev/null
+++ b/Core/EM/OpalSecurity/OpalSecurity.cif
@@ -0,0 +1,14 @@
+<component>
+ name = "OpalSecurity"
+ category = eModule
+ LocalRoot = "core\em\OpalSecurity\"
+ RefName = "OpalSecurity"
+[files]
+"OpalSecurity.sdl"
+"OpalSecurity.mak"
+"OpalSecurity.c"
+"OpalSecurity.h"
+"IDEOpalSec.c"
+"AHCIOpalSec.c"
+"OpalSecurity.chm"
+<endComponent>
diff --git a/Core/EM/OpalSecurity/OpalSecurity.h b/Core/EM/OpalSecurity/OpalSecurity.h
new file mode 100644
index 0000000..3c78710
--- /dev/null
+++ b/Core/EM/OpalSecurity/OpalSecurity.h
@@ -0,0 +1,227 @@
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//*************************************************************************
+
+//**********************************************************************
+// $Header: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/OpalSecurity.h 3 12/21/11 8:37p Rajkumarkc $
+//
+// $Revision: 3 $
+//
+// $Date: 12/21/11 8:37p $
+//**********************************************************************
+// Revision History
+// ----------------
+// $Log: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/OpalSecurity.h $
+//
+// 3 12/21/11 8:37p Rajkumarkc
+// [TAG] EIP77142
+// [Category] BUG FIX & IMPROVEMENT
+// [Description] BUG FIX - Changed Little Endian format to Big Endian
+// format while sending commands.
+// IMPROVEMENT - Added support to Lock the Opal hdd if
+// it's unlocked on Bios POST.
+// [Files] IdeOpalSec.c, AhciOpalSec.c, OpalSecurity.c,
+// OpalSecurity.h, OpalSecurity.sdl
+//
+// 2 8/22/11 3:02a Anandakrishnanl
+// [TAG] EIP62912
+// [Category] Improvement
+// [Description] Opal Security Definitions Should be Moved to PIDEBUS.h
+// from StorageSecurityProtocol.h
+// StorageSecurityProtocol.h included in OPAL security driver module will
+// give build error when disabled without sdl token #if
+// OpalSecurity_SUPPORT properly placed in Ahcibus and IdeBus drivers. But
+// Bus driver should not depend on any tokens. For this reason need to
+// move OPAL_SEC_INIT_PROTOCOL_GUID in Pidebus.h
+// [Files] IdeBus.c
+// Pidebus.h
+// OpalSecurity.cif
+// OpalSecurity.h
+// IdeOpalSec.c
+// AhciOpalSec.c
+//
+// 1 5/19/11 2:07a Anandakrishnanl
+// Opal Security Module Initial Check In
+//
+//<AMI_FHDR_START>
+//----------------------------------------------------------------------------
+//
+// Name: OpalSecurity.h
+//
+// Description: This file contains the Includes, Definitions, typedefs, Variable
+// and External Declarations, Structure and function prototypes needed for the
+// OpalSecurity driver
+//
+//----------------------------------------------------------------------------
+//<AMI_FHDR_END>
+
+#ifndef _OpalSecurity_
+#define _OpalSecurity_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <Efi.h>
+#include <Token.h>
+#include <Dxe.h>
+#include <AmiDxeLib.h>
+#include "Protocol\PciIo.h"
+#include "Protocol\DevicePath.h"
+#include "protocol\DriverBinding.h"
+#include "protocol\BlockIo.h"
+#include "Protocol\PDiskInfo.h"
+#include "Protocol\PIDEController.h"
+#include "Protocol\PIDEBus.h"
+#include "Protocol\StorageSecurityCommand.h"
+#include "Protocol\PAhciBus.h"
+
+//
+// TCG Storage Security Protocol
+//
+#define SECURITY_PROTOCOL_INFORMATION 0x00
+#define SECURITY_PROTOCOL_1 0x01
+#define SECURITY_PROTOCOL_2 0x02
+#define SECURITY_PROTOCOL_SDCARD_TRUSTED_FLASH 0xED
+#define SECURITY_PROTOCOL_IEEE1667 0xEE
+
+EFI_STATUS InstallOpalSecurityInterface(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS UnInstallOpalSecurityInterface(
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag );
+
+EFI_STATUS IdeSendData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ IN VOID *PayloadBuffer );
+
+EFI_STATUS IdeReceiveData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ OUT VOID *PayloadBuffer,
+ OUT UINTN *PayloadTransferSize
+ );
+
+EFI_STATUS AhciReceiveData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ OUT VOID *PayloadBuffer,
+ OUT UINTN *PayloadTransferSize
+ );
+
+EFI_STATUS AhciSendData(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN UINT64 Timeout,
+ IN UINT8 SecurityProtocolId,
+ IN UINT16 SecurityProtocolSpecificData,
+ IN UINTN PayloadBufferSize,
+ IN VOID *PayloadBuffer
+);
+
+EFI_STATUS
+IssueLockOnResetCommand(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN VOID *BusInterface,
+ IN BOOLEAN ModeFlag
+);
+
+EFI_STATUS
+GetAndStoreSecurityProtocolInformation(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN VOID *BusInterface
+);
+
+EFI_STATUS
+GetSecurityProtocolInformation(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
+ IN OUT VOID *QueryBuffer,
+ IN OUT UINTN *QueryBufferSize
+);
+
+EFI_STATUS
+IEEE67TPerReset(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This
+);
+
+EFI_STATUS
+IssueTPerResetTcgSilo(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This
+);
+
+EFI_STATUS
+NativeTcgTPerReset(
+ IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This
+);
+
+typedef
+struct _SP0_TRUSTED_RECEIVE_PARAMETER_DATA {
+ UINT8 Reserved[6];
+ UINT8 ListLengthHigh;
+ UINT8 ListLengthLow;
+ UINT8 SupportedSPList[502];
+ UINT8 PadBytesHigh;
+ UINT8 PadBytesLow;
+}SP0_TRUSTED_RECEIVE_PARAMETER_DATA;
+
+typedef
+struct _TCG_SILO_TYPE_IDENTIFIER {
+ UINT8 Reserved[2];
+ UINT8 SiloTypeIdentifierHigh;
+ UINT8 SiloTypeIdentifierLow;
+}TCG_SILO_TYPE_IDENTIFIER;
+
+typedef
+struct _STORAGE_SECURITY_COMMAND_PROTOCOL {
+// Any new member field should be added at bottom of the structure below BusInterface
+ EFI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData;
+ EFI_STORAGE_SECURITY_SEND_DATA SendData;
+ VOID *BusInterface;
+ SP0_TRUSTED_RECEIVE_PARAMETER_DATA *SupportedProtocolList;
+}STORAGE_SECURITY_COMMAND_PROTOCOL;
+
+/****** DO NOT WRITE BELOW THIS LINE *******/
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+//*************************************************************************
+//*************************************************************************
+//** **
+//** (C)Copyright 1985-2011, American Megatrends, Inc. **
+//** **
+//** All Rights Reserved. **
+//** **
+//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+//** **
+//** Phone: (770)-246-8600 **
+//** **
+//*************************************************************************
+//************************************************************************* \ No newline at end of file
diff --git a/Core/EM/OpalSecurity/OpalSecurity.mak b/Core/EM/OpalSecurity/OpalSecurity.mak
new file mode 100644
index 0000000..5a0b346
--- /dev/null
+++ b/Core/EM/OpalSecurity/OpalSecurity.mak
@@ -0,0 +1,66 @@
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2011, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#**********************************************************************
+
+#**********************************************************************
+# $Header: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/OpalSecurity.mak 1 5/19/11 2:07a Anandakrishnanl $
+#
+# $Revision: 1 $
+#
+# $Date: 5/19/11 2:07a $
+#**********************************************************************
+# Revision History
+# ----------------
+# $Log: /Alaska/SOURCE/Modules/OpalSecurity/OPALSECURITY/OpalSecurity.mak $
+#
+# 1 5/19/11 2:07a Anandakrishnanl
+# Opal Security Module Initial Check In
+#
+#
+#**********************************************************************
+#<AMI_FHDR_START>
+#
+# Name: OpalSecurity.mak
+#
+# Description: Make file to build OpalSecurity module
+#
+#<AMI_FHDR_END>
+#**********************************************************************
+all : OpalSecurity
+
+OpalSecurity : $(BUILD_DIR)\OpalSecurity.mak OpalSecurityBin
+
+$(BUILD_DIR)\OpalSecurity.mak : $(OpalSecurity_DIR)\$(@B).cif $(OpalSecurity_DIR)\$(@B).mak $(BUILD_RULES)
+ $(CIF2MAK) $(OpalSecurity_DIR)\$(@B).cif $(CIF2MAK_DEFAULTS)
+
+OpalSecurityBin : $(AMIDXELIB)
+ $(MAKE) /$(MAKEFLAGS) $(BUILD_DEFAULTS)\
+ /f $(BUILD_DIR)\OpalSecurity.mak all\
+ GUID=59AF16B0-661D-4865-A381-38DE68385D8D\
+ ENTRY_POINT=OpalSecEntryPoint\
+ TYPE=BS_DRIVER \
+ COMPRESS=1\
+
+#**********************************************************************
+#**********************************************************************
+#** **
+#** (C)Copyright 1985-2011, American Megatrends, Inc. **
+#** **
+#** All Rights Reserved. **
+#** **
+#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 **
+#** **
+#** Phone: (770)-246-8600 **
+#** **
+#**********************************************************************
+#********************************************************************** \ No newline at end of file
diff --git a/Core/EM/OpalSecurity/OpalSecurity.sdl b/Core/EM/OpalSecurity/OpalSecurity.sdl
new file mode 100644
index 0000000..946531d
--- /dev/null
+++ b/Core/EM/OpalSecurity/OpalSecurity.sdl
@@ -0,0 +1,33 @@
+TOKEN
+ Name = OpalSecurity_SUPPORT
+ Value = "1"
+ TokenType = Boolean
+ TargetMAK = Yes
+ TargetH = Yes
+ Master = Yes
+ Help = "Main switch to enable OpalSecurity support in Project"
+End
+
+TOKEN
+ Name = "TPer_LOCK_ON_RESET"
+ Value = "0"
+ Help = "Issue eDrive Lock On Reset"
+ TokenType = Boolean
+ TargetH = Yes
+ TargetMAK = Yes
+End
+
+MODULE
+ Help = "Includes OpalSecurity.mak to Project"
+ File = "OpalSecurity.mak"
+End
+
+PATH
+ Name = "OpalSecurity_DIR"
+End
+
+ELINK
+ Name = "$(BUILD_DIR)\OpalSecurity.ffs"
+ Parent = "FV_MAIN"
+ InvokeOrder = AfterParent
+End