/** @file
TcgStorageSecurity.h -- Header for TcgStorageSecurity
Copyright (c) HR650X BIOS Decompilation Project
**/
#ifndef __TCGSTORAGESECURITY_H__
#define __TCGSTORAGESECURITY_H__
#include "../uefi_headers/Uefi.h"
//
// Function Prototypes
//
EFI_STATUS
EFIAPI
SendReceiveRaw(
VOID
);
EFI_STATUS
EFIAPI
DriverInitEntry(
VOID
);
EFI_STATUS
EFIAPI
TcgStorageSecuritySupported(
VOID
);
EFI_STATUS
EFIAPI
TcgStorageSecurityStart(
VOID
);
EFI_STATUS
EFIAPI
TcgStorageSecurityStop(
VOID
);
EFI_STATUS
EFIAPI
TcgRetrieveSecurityStatus(
VOID
);
EFI_STATUS
EFIAPI
TcgSendReceive(
VOID
);
EFI_STATUS
EFIAPI
TcgGetInfo(
VOID
);
EFI_STATUS
EFIAPI
TcgSetPassword(
VOID
);
EFI_STATUS
EFIAPI
TcgReset(
VOID
);
EFI_STATUS
EFIAPI
TcgBlockSid(
VOID
);
EFI_STATUS
EFIAPI
GetSupportedProtocols(
VOID
);
EFI_STATUS
EFIAPI
OpenSessionWithAdminSpMsid(
VOID
);
EFI_STATUS
EFIAPI
CloseSession(
VOID
);
EFI_STATUS
EFIAPI
GetLevel0DiscoveryData(
VOID
);
EFI_STATUS
EFIAPI
ParseLevel0DiscoveryData(
VOID
);
EFI_STATUS
EFIAPI
OpenLockingSpSession(
VOID
);
EFI_STATUS
EFIAPI
ReadLockingRange(
VOID
);
EFI_STATUS
EFIAPI
SetLockingRange(
VOID
);
EFI_STATUS
EFIAPI
ConfigureLockingRange(
VOID
);
EFI_STATUS
EFIAPI
SetSidCredential(
VOID
);
EFI_STATUS
EFIAPI
InitializeTcgSessions(
VOID
);
EFI_STATUS
EFIAPI
GetMsidCredential(
VOID
);
EFI_STATUS
EFIAPI
GetOpalSecurityStatus(
VOID
);
EFI_STATUS
EFIAPI
UpdateLockingStatus(
VOID
);
EFI_STATUS
EFIAPI
CopyPciDataToS3Buffer(
VOID
);
EFI_STATUS
EFIAPI
RestoreS3Data(
VOID
);
EFI_STATUS
EFIAPI
InitializeS3Data(
VOID
);
EFI_STATUS
EFIAPI
_ModuleEntryPoint(
VOID
);
EFI_STATUS
EFIAPI
protocol GUIDs and device path protocols(
VOID
);
EFI_STATUS
EFIAPI
EFI_GUID gEfiTcgStorageProtocolGuid;(
VOID
);
EFI_STATUS
EFIAPI
data references(
VOID
);
EFI_STATUS
EFIAPI
UINTN gImageHandle = 0;(
VOID
);
EFI_STATUS
EFIAPI
global state(
VOID
);
EFI_STATUS
EFIAPI
n0x180 = 0;(
VOID
);
EFI_STATUS
EFIAPI
tables(
VOID
);
EFI_STATUS
EFIAPI
gTcgStorageProtocolGuid = { 0xCA1E3F1A, 0x2D84, 0x46C8, { 0x9B, 0x2E, 0x23, 0x51, 0xC0, 0xB9, 0x1B, 0x94 } };(
VOID
);
EFI_STATUS
EFIAPI
data used by Level 0 discovery parsing(
VOID
);
EFI_STATUS
EFIAPI
UINT8 FeatureTper[];(
VOID
);
EFI_STATUS
EFIAPI
input parameters using UEFI Boot Services Table Library(
VOID
);
EFI_STATUS
EFIAPI
(gImageHandle != 0);(
VOID
);
EFI_STATUS
EFIAPI
platform-specific initialization(
VOID
);
EFI_STATUS
EFIAPI
for PCI OPAL presence and configure CMOS(
VOID
);
EFI_STATUS
EFIAPI
= PciRead32 (PCI_LIB_ADDRESS (0, 0, 0, 0));(
VOID
);
EFI_STATUS
EFIAPI
chipset register for OPAL(
VOID
);
EFI_STATUS
EFIAPI
(PCI_LIB_ADDRESS (0, 0, 0, 0xA4), BIT7);(
VOID
);
EFI_STATUS
EFIAPI
CMOS for TCG enable(
VOID
);
EFI_STATUS
EFIAPI
((IoRead8 (0x71) & 0x0F) == 0) {(
VOID
);
EFI_STATUS
EFIAPI
platform type via memory-mapped I/O(
VOID
);
EFI_STATUS
EFIAPI
((MmioRead8 (0xFEDAF0490) & 0x02) != 0) {(
VOID
);
EFI_STATUS
EFIAPI
if controller supports EFI Storage Security Command Protocol(
VOID
);
EFI_STATUS
EFIAPI
= gBS->OpenProtocol ((
VOID
);
EFI_STATUS
EFIAPI
the Storage Security Command Protocol(
VOID
);
EFI_STATUS
EFIAPI
if TCG security protocol (0x01) is supported(
VOID
);
EFI_STATUS
EFIAPI
= GetSupportedProtocols (TcgProtocol, 1);(
VOID
);
EFI_STATUS
EFIAPI
if the protocol is already installed (already started)(
VOID
);
EFI_STATUS
EFIAPI
protocol context(
VOID
);
EFI_STATUS
EFIAPI
= gBS->AllocatePool ((
VOID
);
EFI_STATUS
EFIAPI
up function dispatch table(
VOID
);
EFI_STATUS
EFIAPI
back to driver context and set flags(
VOID
);
EFI_STATUS
EFIAPI
context(
VOID
);
EFI_STATUS
EFIAPI
per-controller session data(
VOID
);
EFI_STATUS
EFIAPI
= InitializeTcgSessions (TcgProtocol, 1);(
VOID
);
EFI_STATUS
EFIAPI
initial security status(
VOID
);
EFI_STATUS
EFIAPI
= TcgRetrieveSecurityStatus (Context, &SecurityStatus);(
VOID
);
EFI_STATUS
EFIAPI
TPER reset / Block SID if needed(
VOID
);
EFI_STATUS
EFIAPI
(!(SecurityStatus & TCG_SECURITY_STATUS_FROZEN) &&(
VOID
);
EFI_STATUS
EFIAPI
TPER reset for locked drives(
VOID
);
EFI_STATUS
EFIAPI
= OpenSessionWithAdminSpMsid ((
VOID
);
EFI_STATUS
EFIAPI
the protocol on the controller handle(
VOID
);
EFI_STATUS
EFIAPI
= gBS->InstallMultipleProtocolInterfaces ((
VOID
);
EFI_STATUS
EFIAPI
protocol notification for Block SID(
VOID
);
EFI_STATUS
EFIAPI
(gBlockSidStorageProtocol == NULL) {(
VOID
);
EFI_STATUS
EFIAPI
timer event for periodic S3 data save(
VOID
);
EFI_STATUS
EFIAPI
(gSidBlockCommandInterface == NULL) {(
VOID
);
EFI_STATUS
EFIAPI
the protocol and free context(
VOID
);
EFI_STATUS
EFIAPI
= gBS->UninstallMultipleProtocolInterfaces ((
VOID
);
EFI_STATUS
EFIAPI
the storage security command protocol(
VOID
);
EFI_STATUS
EFIAPI
Storage Protocol Interface Functions(
VOID
);
EFI_STATUS
EFIAPI
TPER context based on primary/secondary binding(
VOID
);
EFI_STATUS
EFIAPI
(Index == 1) {(
VOID
);
EFI_STATUS
EFIAPI
operations: Locking range related(
VOID
);
EFI_STATUS
EFIAPI
= GetOpalSecurityStatus (TcgContext->DriverContext, Index);(
VOID
);
EFI_STATUS
EFIAPI
locked: perform ReadLockingRange(
VOID
);
EFI_STATUS
EFIAPI
= ReadLockingRange (TperContext, Buffer);(
VOID
);
EFI_STATUS
EFIAPI
locked: perform full Locking SP session(
VOID
);
EFI_STATUS
EFIAPI
= OpenLockingSpSession (TperContext, Buffer);(
VOID
);
EFI_STATUS
EFIAPI
locking state to ReadWrite (0x02)(
VOID
);
EFI_STATUS
EFIAPI
= OPAL_LOCKING_STATE_READWRITE;(
VOID
);
EFI_STATUS
EFIAPI
operations: Set SID credential / MSID related(
VOID
);
EFI_STATUS
EFIAPI
= SetSidCredential (TperContext, Buffer);(
VOID
);
EFI_STATUS
EFIAPI
operations: C_PIN_SID / credential handling(
VOID
);
EFI_STATUS
EFIAPI
((Operation & BIT0) != 0) {(
VOID
);
EFI_STATUS
EFIAPI
for Block SID feature(
VOID
);
EFI_STATUS
EFIAPI
(*(UINT16 *)((UINTN)TperContext + 82) == TCG_FEATURE_CODE_BLOCK_SID) {(
VOID
);
EFI_STATUS
EFIAPI
C_PIN_SID vs C_PIN_MSID equality(
VOID
);
EFI_STATUS
EFIAPI
((*(UINT8 *)((UINTN)TperContext + 86) & SID_BLOCK_STATUS_C_PIN_SID) == 0) {(
VOID
);
EFI_STATUS
EFIAPI
SID supported(
VOID
);
EFI_STATUS
EFIAPI
if SID is already blocked(
VOID
);
EFI_STATUS
EFIAPI
((*(UINT8 *)((UINTN)TperContext + 86) & SID_BLOCK_STATUS_SID_VALUE) != 0) {(
VOID
);
EFI_STATUS
EFIAPI
blocked(
VOID
);
EFI_STATUS
EFIAPI
TPER reset via Admin SP session(
VOID
);
EFI_STATUS
EFIAPI
OpenSessionWithAdminSpMsid ((
VOID
);
EFI_STATUS
EFIAPI
if Block SID feature is supported (feature code 0x0402 = 1026)(
VOID
);
EFI_STATUS
EFIAPI
(*(UINT16 *)((UINTN)TperContext + 82) != 0x0402) {(
VOID
);
EFI_STATUS
EFIAPI
C_PIN_SID is not equal to C_PIN_MSID(
VOID
);
EFI_STATUS
EFIAPI
= *(UINT8 *)((UINTN)TperContext + 86);(
VOID
);
EFI_STATUS
EFIAPI
((SidStatus & SID_BLOCK_STATUS_SID_VALUE) != 0) {(
VOID
);
EFI_STATUS
EFIAPI
and send Block SID command(
VOID
);
EFI_STATUS
EFIAPI
(gSidBlockPassword[0] != 0) {(
VOID
);
EFI_STATUS
EFIAPI
session and issue Block SID(
VOID
);
EFI_STATUS
EFIAPI
bytes(
VOID
);
EFI_STATUS
EFIAPI
Helper Functions(
VOID
);
EFI_STATUS
EFIAPI
seconds(
VOID
);
EFI_STATUS
EFIAPI
* 8(
VOID
);
EFI_STATUS
EFIAPI
supported protocols(
VOID
);
EFI_STATUS
EFIAPI
(Buffer, sizeof (Buffer));(
VOID
);
EFI_STATUS
EFIAPI
protocol 0 = list(
VOID
);
EFI_STATUS
EFIAPI
BufferSize(
VOID
);
EFI_STATUS
EFIAPI
protocol list (big-endian byte count at offset 6)(
VOID
);
EFI_STATUS
EFIAPI
= Buffer + 8;(
VOID
);
EFI_STATUS
EFIAPI
of supported protocols(
VOID
);
EFI_STATUS
EFIAPI
for protocol 0x01 (TCG / OPAL)(
VOID
);
EFI_STATUS
EFIAPI
(SpIndex = 0; SpIndex < SpCount; SpIndex++) {(
VOID
);
EFI_STATUS
EFIAPI
session open request(
VOID
);
EFI_STATUS
EFIAPI
(Request, sizeof (Request));(
VOID
);
EFI_STATUS
EFIAPI
manager / start session(
VOID
);
EFI_STATUS
EFIAPI
SP UID (0x00000000)(
VOID
);
EFI_STATUS
EFIAPI
(e.g. 0x01 = Admin1, 0x02 = Admin2)(
VOID
);
EFI_STATUS
EFIAPI
method header (8 bytes)(
VOID
);
EFI_STATUS
EFIAPI
((UINT64 *)&Request[16], (UINT64)0x0000000000000003); // SMUID + method(
VOID
);
EFI_STATUS
EFIAPI
the command(
VOID
);
EFI_STATUS
EFIAPI
= sizeof (Request);(
VOID
);
EFI_STATUS
EFIAPI
protocol(
VOID
);
EFI_STATUS
EFIAPI
TransferLength(
VOID
);
EFI_STATUS
EFIAPI
close session request (end session)(
VOID
);
EFI_STATUS
EFIAPI
(CloseRequest, sizeof (CloseRequest));(
VOID
);
EFI_STATUS
EFIAPI
manager(
VOID
);
EFI_STATUS
EFIAPI
close session via security protocol 0x01(
VOID
);
EFI_STATUS
EFIAPI
= SendReceiveRaw ((
VOID
);
EFI_STATUS
EFIAPI
second timeout(
VOID
);
EFI_STATUS
EFIAPI
discovery buffer(
VOID
);
EFI_STATUS
EFIAPI
= sizeof (UINTN) * 64;(
VOID
);
EFI_STATUS
EFIAPI
timeout and other params(
VOID
);
EFI_STATUS
EFIAPI
= 10000000; // 10 seconds default(
VOID
);
EFI_STATUS
EFIAPI
layer request(
VOID
);
EFI_STATUS
EFIAPI
0x0100(
VOID
);
EFI_STATUS
EFIAPI
if this is a Level 0 session(
VOID
);
EFI_STATUS
EFIAPI
= (UINT8 *)DeviceContext;(
VOID
);
EFI_STATUS
EFIAPI
seconds for non-Level0(
VOID
);
EFI_STATUS
EFIAPI
discovery receive(
VOID
);
EFI_STATUS
EFIAPI
= 512;(
VOID
);
EFI_STATUS
EFIAPI
ID(
VOID
);
EFI_STATUS
EFIAPI
the discovery response(
VOID
);
EFI_STATUS
EFIAPI
= ParseLevel0DiscoveryData (DeviceContext, Buffer);(
VOID
);
EFI_STATUS
EFIAPI
the TCG Level 0 discovery header (first 48 bytes)(
VOID
);
EFI_STATUS
EFIAPI
includes: Length (4), Version (2), Reserved, VendorID, etc.(
VOID
);
EFI_STATUS
EFIAPI
= (UINT8 *)Data + 48; // +12 dwords(
VOID
);
EFI_STATUS
EFIAPI
feature descriptors(
VOID
);
EFI_STATUS
EFIAPI
descriptor: FeatureCode(2) + Version(1) + Length(1) + Data(Length)(
VOID
);
EFI_STATUS
EFIAPI
((UINTN)(Data - (UINT8 *)DiscoveryBuffer) < RemainingLength) {(
VOID
);
EFI_STATUS
EFIAPI
//(
VOID
);
EFI_STATUS
EFIAPI
feature: byte 0 of data has TPER flags(
VOID
);
EFI_STATUS
EFIAPI
feature: byte 0 of data has locking flags(
VOID
);
EFI_STATUS
EFIAPI
feature: 32 bytes of geometry data(
VOID
);
EFI_STATUS
EFIAPI
((VOID *)((UINTN)Context + 30), FeatureData, 32);(
VOID
);
EFI_STATUS
EFIAPI
SSC V2(
VOID
);
EFI_STATUS
EFIAPI
SSC V2 feature descriptor(
VOID
);
EFI_STATUS
EFIAPI
V1(
VOID
);
EFI_STATUS
EFIAPI
V2 (alternate)(
VOID
);
EFI_STATUS
EFIAPI
feature descriptor: similar structure(
VOID
);
EFI_STATUS
EFIAPI
SID(
VOID
);
EFI_STATUS
EFIAPI
SID feature descriptor(
VOID
);
EFI_STATUS
EFIAPI
to next descriptor(
VOID
);
EFI_STATUS
EFIAPI
+= FeatureLength + 4;(
VOID
);
EFI_STATUS
EFIAPI
session with Locking SP using the stored MSID/PIN(
VOID
);
EFI_STATUS
EFIAPI
is a simplified wrapper around the TCG session open method.(
VOID
);
EFI_STATUS
EFIAPI
EFI_SUCCESS;(
VOID
);
EFI_STATUS
EFIAPI
locking range info via TCG method calls(
VOID
);
EFI_STATUS
EFIAPI
locking range config method call(
VOID
);
EFI_STATUS
EFIAPI
locking range state to desired value(
VOID
);
EFI_STATUS
EFIAPI
C_PIN_SID using the provided credential buffer.(
VOID
);
EFI_STATUS
EFIAPI
session with Admin SP, sends Set method for C_PIN_SID.(
VOID
);
EFI_STATUS
EFIAPI
session buffer(
VOID
);
EFI_STATUS
EFIAPI
based on binding index(
VOID
);
EFI_STATUS
EFIAPI
context: use device path node and PFA(
VOID
);
EFI_STATUS
EFIAPI
(SessionData, (VOID *)((UINTN)DeviceContext + 904), sizeof (UINTN));(
VOID
);
EFI_STATUS
EFIAPI
context: use secondary binding data(
VOID
);
EFI_STATUS
EFIAPI
(SessionData, (VOID *)((UINTN)DeviceContext + 4256), sizeof (UINTN));(
VOID
);
EFI_STATUS
EFIAPI
Level 0 Discovery data(
VOID
);
EFI_STATUS
EFIAPI
= GetLevel0DiscoveryData (SessionData);(
VOID
);
EFI_STATUS
EFIAPI
and retrieve MSID credential (C_PIN_MSID)(
VOID
);
EFI_STATUS
EFIAPI
(gMsidCredential[0] == 0) {(
VOID
);
EFI_STATUS
EFIAPI
MSID credential retrieval (Get C_PIN_MSID_UID)(
VOID
);
EFI_STATUS
EFIAPI
((DEBUG_INFO, "Get C_PIN_MSID_UID\n"));(
VOID
);
EFI_STATUS
EFIAPI
session pointer in the appropriate context slot(
VOID
);
EFI_STATUS
EFIAPI
Get method for C_PIN_MSID UID(
VOID
);
EFI_STATUS
EFIAPI
sends a TCG command to read C_PIN_MSID value from(
VOID
);
EFI_STATUS
EFIAPI
Admin SP, using the stored credential UID.(
VOID
);
EFI_STATUS
EFIAPI
locking flags(
VOID
);
EFI_STATUS
EFIAPI
= (*(UINT8 *)(TperContext + 25) & 0x07);(
VOID
);
EFI_STATUS
EFIAPI
SID blocked status (SID is blocked if BIT1 set at offset 86)(
VOID
);
EFI_STATUS
EFIAPI
((*(UINT8 *)(TperContext + 86) & 0x02) != 0) {(
VOID
);
EFI_STATUS
EFIAPI
the system via S3 buffer that locking state changed(
VOID
);
EFI_STATUS
EFIAPI
Resume Data Management(
VOID
);
EFI_STATUS
EFIAPI
buffer capacity (0x180 entries max)(
VOID
);
EFI_STATUS
EFIAPI
(n0x180 >= TCG_S3_BUFFER_SLOTS) {(
VOID
);
EFI_STATUS
EFIAPI
at slot position (3 UINT64 per slot = 24 bytes)(
VOID
);
EFI_STATUS
EFIAPI
= n0x180;(
VOID
);
EFI_STATUS
EFIAPI
all stored entries and perform PCI config writes(
VOID
);
EFI_STATUS
EFIAPI
(SlotIndex = 0; SlotIndex < Count; SlotIndex++) {(
VOID
);
EFI_STATUS
EFIAPI
and Dispatch(
VOID
);
EFI_STATUS
EFIAPI
of (BDF, Register, Value) triples for S3 save(
VOID
);
EFI_STATUS
EFIAPI
struct {(
VOID
);
EFI_STATUS
EFIAPI
entries come from the PciS3Table in the HOB(
VOID
);
EFI_STATUS
EFIAPI
= 5; // 5 entries: 5 descriptors * 12 bytes each = 60 bytes(
VOID
);
EFI_STATUS
EFIAPI
Binding Protocol instance(
VOID
);
EFI_STATUS
EFIAPI
gDriverBinding = {(
VOID
);
EFI_STATUS
EFIAPI
installation notification entries(
VOID
);
EFI_STATUS
EFIAPI
gTcgStorageSecurityEvent;(
VOID
);
#endif /* __TCGSTORAGESECURITY_H__ */
Ajax Dong