Revision: 17292
http://sourceforge.net/p/edk2/code/17292
Author: erictian
Date: 2015-05-05 07:27:52 +0000 (Tue, 05 May 2015)
Log Message:
-----------
MdePkg: Add UEFI2.5 Inline Cryptographic Interface definition
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Feng Tian <[email protected]>
Reviewed-by: Star Zeng <[email protected]>
Modified Paths:
--------------
trunk/edk2/MdePkg/MdePkg.dec
Added Paths:
-----------
trunk/edk2/MdePkg/Include/Protocol/BlockIoCrypto.h
Added: trunk/edk2/MdePkg/Include/Protocol/BlockIoCrypto.h
===================================================================
--- trunk/edk2/MdePkg/Include/Protocol/BlockIoCrypto.h
(rev 0)
+++ trunk/edk2/MdePkg/Include/Protocol/BlockIoCrypto.h 2015-05-05 07:27:52 UTC
(rev 17292)
@@ -0,0 +1,526 @@
+/** @file
+ The UEFI Inline Cryptographic Interface protocol provides services to
abstract
+ access to inline cryptographic capabilities.
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD
License
+ which accompanies this distribution. The full text of the license may be
found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BLOCK_IO_CRYPTO_H__
+#define __BLOCK_IO_CRYPTO_H__
+
+#include <Protocol/BlockIo.h>
+
+#define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \
+ { \
+ 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1,
0xe8} \
+ }
+
+typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL;
+
+///
+/// The struct of Block I/O Crypto Token.
+///
+typedef struct {
+ //
+ // If Event is NULL, then blocking I/O is performed. If Event is not NULL and
+ // non-blocking I/O is supported, then non-blocking I/O is performed, and
+ // Event will be signaled when the read request is completed and data was
+ // decrypted (when Index was specified).
+ //
+ EFI_EVENT Event;
+ //
+ // Defines whether or not the signaled event encountered an error.
+ //
+ EFI_STATUS TransactionStatus;
+} EFI_BLOCK_IO_CRYPTO_TOKEN;
+
+
+/**
+ Reset the block device hardware.
+
+ The Reset() function resets the block device hardware.
+
+ As part of the initialization process, the firmware/device will make a quick
but
+ reasonable attempt to verify that the device is functioning.
+
+ If the ExtendedVerificationflag is TRUE the firmware may take an extended
amount
+ of time to verify the device is operating on reset. Otherwise the reset
operation
+ is to occur as quickly as possible.
+
+ The hardware verification process is not defined by this specification and
is left
+ up to the platform firmware or driver to implement.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[in] ExtendedVerification Indicates that the driver may perform a
more exhausive
+ verfication operation of the device during
reset.
+
+ @retval EFI_SUCCESS The block device was reset.
+ @retval EFI_DEVICE_ERROR The block device is not functioning
correctly and could
+ not be reset.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ IN BOOLEAN ExtendedVerification
+ );
+
+/**
+ Get the capabilities of the underlying inline cryptographic interface.
+
+ The GetCapabilities() function determines whether pre-OS controllable inline
crypto
+ is supported by the system for the current disk and, if so, returns the
capabilities
+ of the crypto engine.
+
+ The caller is responsible for providing the Capabilities structure with a
sufficient
+ number of entries.
+
+ If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is
returned and the
+ CapabilityCount field contains the number of entries needed to contain the
capabilities.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[out] Capabilities Pointer to the
EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure.
+
+ @retval EFI_SUCCESS The ICI is ready for use.
+ @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The
number of
+ entries needed is returned in the
CapabilityCount field
+ of the structure.
+ @retval EFI_NO_RESPONSE No response was received from the ICI.
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access
the ICI.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER Capabilities is NULL.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities
+ );
+
+/**
+ Set the configuration of the underlying inline cryptographic interface.
+
+ The SetConfiguration() function allows the user to set the current
configuration of the
+ inline cryptographic interface and should be called before attempting any
crypto operations.
+
+ This configures the configuration table entries with algorithms, key sizes
and keys. Each
+ configured entry can later be referred to by index at the time of storage
transaction.
+
+ The configuration table index will refer to the combination ofKeyOwnerGuid,
Algorithm, and
+ CryptoKey.
+
+ KeyOwnerGuid identifies the component taking ownership of the entry. It
helps components to
+ identify their own entries, cooperate with other owner components, and avoid
conflicts. This
+ Guid identifier is there to help coordination between cooperating components
and not a security
+ or synchronization feature. The Nil GUID can be used by a component to
release use of entry
+ owned. It is also used to identify potentially available entries (see
GetConfiguration).
+
+ CryptoKey specifies algorithm-specific key material to use within parameters
of selected crypto
+ capability.
+
+ This function is called infrequently typically once, on device start, before
IO starts. It
+ can be called at later times in cases the number of keysused on the drive is
higher than what
+ can be configured at a time or a new key has to be added.
+
+ Components setting or changing an entry or entries for a given index or
indices must ensure
+ that IO referencing affected indices is temporarily blocked (run-down) at
the time of change.
+
+ Indices parameters in each parameter table entry allow to set only a portion
of the available
+ table entries in the crypto module anywhere from single entry to entire
table supported.
+
+ If corresponding table entry or entries being set are already in use by
another owner the call
+ should be failed and none of the entries should be modified. The interface
implementation must
+ enforce atomicity of this operation (should either succeed fully or fail
completely without
+ modifying state).
+
+ Note that components using GetConfiguration command to discover available
entries should be
+ prepared that by the time of calling SetConfiguration the previously
available entry may have
+ become occupied. Such components should be prepared to re-try the sequence
of operations.
+
+ Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the
implementation discover
+ and allocate available,if any, indices atomically.
+
+ An optional ResultingTable pointer can be provided by the caller to receive
the newly configured
+ entries. The array provided by the caller must have at least
ConfigurationCount of entries.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[in] ConfigurationCount Number of entries being configured with this
call.
+ @param[in] ConfigurationTable Pointer to a table used to populate the
configuration table.
+ @param[out] ResultingTable Optional pointer to a table that receives
the newly configured
+ entries.
+
+ @retval EFI_SUCCESS The ICI is ready for use.
+ @retval EFI_NO_RESPONSE No response was received from the ICI.
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access
the ICI.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL.
+ @retval EFI_INVALID_PARAMETER ConfigurationCount is 0.
+ @retval EFI_OUT_OF_RESOURCES Could not find the requested number of
available entries in the
+ configuration table.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ IN UINT64 ConfigurationCount,
+ IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable,
+ OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable
OPTIONAL
+ );
+
+
+/**
+ Get the configuration of the underlying inline cryptographic interface.
+
+ The GetConfiguration() function allows the user to get the configuration of
the inline
+ cryptographic interface.
+
+ Retrieves, entirely or partially, the currently configured key table. Note
that the keys
+ themselves are not retrieved, but rather just indices, owner GUIDs and
capabilities.
+
+ If fewer entries than specified by ConfigurationCount are returned, the
Index field of the
+ unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[in] StartIndex Configuration table index at which to start
the configuration
+ query.
+ @param[in] ConfigurationCount Number of entries to return in the response
table.
+ @param[in] KeyOwnerGuid Optional parameter to filter response down
to entries with a
+ given owner. A pointer to the Nil value can
be used to return
+ available entries. Set to NULL when no owner
filtering is required.
+ @param[out] ConfigurationTable Table of configured configuration table
entries (with no CryptoKey
+ returned): configuration table index,
KeyOwnerGuid, Capability.
+ Should have sufficient space to store up to
ConfigurationCount
+ entries.
+
+ @retval EFI_SUCCESS The ICI is ready for use.
+ @retval EFI_NO_RESPONSE No response was received from the ICI.
+ @retval EFI_DEVICE_ERROR An error occurred when attempting to access
the ICI.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_INVALID_PARAMETER Configuration table is NULL.
+ @retval EFI_INVALID_PARAMETER StartIndex is out of bounds.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ IN UINT64 StartIndex,
+ IN UINT64 ConfigurationCount,
+ IN EFI_GUID *KeyOwnerGuid
OPTIONAL,
+ OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable
+);
+
+/**
+ Reads the requested number of blocks from the device and optionally decrypts
+ them inline.
+
+ TheReadExtended() function allows the caller to perform a storage device read
+ operation. The function reads the requested number of blocks from the device
+ and then if Index is specified decrypts them inline. All the blocks are read
+ and decrypted (if decryption requested), or an error is returned.
+
+ If there is no media in the device, the function returns EFI_NO_MEDIA. If the
+ MediaId is not the ID for the current media in the device, the function
returns
+ EFI_MEDIA_CHANGED.
+
+ If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and
nonblocking
+ I/O is being used, the Event associated with this request will not be
signaled.
+
+ In addition to standard storage transaction parameters (LBA, IO size, and
buffer),
+ this command will also specify a configuration table Index and CryptoIvInput
+ when data has to be decrypted inline by the controller after being read from
+ the storage device. If an Index parameter is not specified, no decryption is
+ performed.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[in] MediaId The media ID that the read request is for.
+ @param[in] LBA The starting logical block address to read
from on
+ the device.
+ @param[in, out] Token A pointer to the token associated with the
transaction.
+ @param[in] BufferSize The size of the Buffer in bytes. This must be
a multiple
+ of the intrinsic block size of the device.
+ @param[out] Buffer A pointer to the destination buffer for the
data. The
+ caller is responsible for either having
implicit or
+ explicit ownership of the buffer.
+ @param[in] Index A pointer to the configuration table index.
This is
+ optional.
+ @param[in] CryptoIvInput A pointer to a buffer that contains additional
+ cryptographic parameters as required by the
capability
+ referenced by the configuration table index,
such as
+ cryptographic initialization vector.
+
+ @retval EFI_SUCCESS The read request was queued if Token-> Event
is not NULL.
+ The data was read correctly from the device if
the
+ Token->Event is NULL.
+ @retval EFI_DEVICE_ERROR The device reported an error while attempting
to perform
+ the read operation and/or decryption operation.
+ @retval EFI_NO_MEDIA There is no media in the device.
+ @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
+ @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of
the intrinsic
+ block size of the device.
+ @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains
LBAs that are
+ not valid, or the buffer is not on proper
alignment.
+ @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.
+ @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a
lack of
+ resources.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN EFI_LBA LBA,
+ IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,
+ IN UINT64 BufferSize,
+ OUT VOID *Buffer,
+ IN UINT64 *Index OPTIONAL,
+ IN VOID *CryptoIvInput OPTIONAL
+ );
+
+/**
+ Optionally encrypts a specified number of blocks inline and then writes to
the
+ device.
+
+ The WriteExtended() function allows the caller to perform a storage device
write
+ operation. The function encrypts the requested number of blocks inline if
Index
+ is specified and then writes them to the device. All the blocks are
encrypted
+ (if encryption requested) and written, or an error is returned.
+
+ If there is no media in the device, the function returns EFI_NO_MEDIA. If the
+ MediaId is not the ID for the current media in the device, the function
returns
+ EFI_MEDIA_CHANGED.
+
+ If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and
nonblocking
+ I/O is being used, the Event associated with this request will not be
signaled.
+
+ In addition to standard storage transaction parameters (LBA, IO size, and
buffer),
+ this command will also specify a configuration table Index and a
CryptoIvInput
+ when data has to be decrypted inline by the controller before being written
to
+ the storage device. If no Index parameter is specified, no encryption is
performed.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[in] MediaId The media ID that the read request is for.
+ @param[in] LBA The starting logical block address to read
from on
+ the device.
+ @param[in, out] Token A pointer to the token associated with the
transaction.
+ @param[in] BufferSize The size of the Buffer in bytes. This must be
a multiple
+ of the intrinsic block size of the device.
+ @param[in] Buffer A pointer to the source buffer for the data.
+ @param[in] Index A pointer to the configuration table index.
This is
+ optional.
+ @param[in] CryptoIvInput A pointer to a buffer that contains additional
+ cryptographic parameters as required by the
capability
+ referenced by the configuration table index,
such as
+ cryptographic initialization vector.
+
+ @retval EFI_SUCCESS The request to encrypt (optionally) and write
was queued
+ if Event is not NULL. The data was encrypted
(optionally)
+ and written correctly to the device if the
Event is NULL.
+ @retval EFI_WRITE_PROTECTED The device cannot be written to.
+ @retval EFI_NO_MEDIA There is no media in the device.
+ @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
+ @retval EFI_DEVICE_ERROR The device reported an error while attempting
to encrypt
+ blocks or to perform the write operation.
+ @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of
the intrinsic
+ block size of the device.
+ @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains
LBAs that are
+ not valid, or the buffer is not on proper
alignment.
+ @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect.
+ @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a
lack of
+ resources.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ IN UINT32 MediaId,
+ IN EFI_LBA LBA,
+ IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token,
+ IN UINT64 BufferSize,
+ IN VOID *Buffer,
+ IN UINT64 *Index OPTIONAL,
+ IN VOID *CryptoIvInput OPTIONAL
+ );
+
+/**
+ Flushes all modified data toa physical block device.
+
+ The FlushBlocks() function flushes all modified data to the physical block
device.
+ Any modified data that has to be encrypted must have been already encrypted
as a
+ part of WriteExtended() operation - inline crypto operation cannot be a part
of
+ flush operation.
+
+ All data written to the device prior to the flush must be physically written
before
+ returning EFI_SUCCESS from this function. This would include any cached data
the
+ driver may have cached, and cached data the device may have cached. A flush
may
+ cause a read request following the flush to force a device access.
+
+ If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED
is
+ returned and non-blocking I/O is being used, the Event associated with this
request
+ will not be signaled.
+
+ @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL
instance.
+ @param[in, out] Token A pointer to the token associated with the
transaction.
+
+ @retval EFI_SUCCESS The flush request was queued if Event is not
NULL. All
+ outstanding data was written correctly to the
device if
+ the Event is NULL.
+ @retval EFI_DEVICE_ERROR The device reported an error while attempting
to write data.
+ @retval EFI_WRITE_PROTECTED The device cannot be written to.
+ @retval EFI_NO_MEDIA There is no media in the device.
+ @retval EFI_MEDIA_CHANGED The MediaId is not for the current media.
+ @retval EFI_INVALID_PARAMETER This is NULL.
+ @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a
lack of
+ resources.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) (
+ IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This,
+ IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token
+ );
+
+typedef struct {
+ //
+ // GUID of the algorithm.
+ //
+ EFI_GUID Algorithm;
+ //
+ // Specifies KeySizein bits used with this Algorithm.
+ //
+ UINT64 KeySize;
+ //
+ // Specifies bitmask of block sizes supported by this algorithm.
+ // Bit j being set means that 2^j bytes crypto block size is supported.
+ //
+ UINT64 CryptoBlockSizeBitMask;
+} EFI_BLOCK_IO_CRYPTO_CAPABILITY;
+
+///
+/// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in
CryptoIvInput
+/// parameters passed to the ReadExtended and WriteExtended methods for Inline
+/// Cryptographic Interface.
+/// Its purpose is to pass size of the entire CryptoIvInputparameter memory
buffer to
+/// the Inline Cryptographic Interface.
+///
+typedef struct {
+ UINT64 InputSize;
+} EFI_BLOCK_IO_CRYPTO_IV_INPUT;
+
+#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \
+ { \
+ 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b,
0xec} \
+ }
+
+typedef struct {
+ EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;
+ UINT64 CryptoBlockNumber;
+ UINT64 CryptoBlockByteSize;
+} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS;
+
+#define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \
+ { \
+ 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86,
0x70} \
+ }
+
+typedef struct {
+ EFI_BLOCK_IO_CRYPTO_IV_INPUT Header;
+ UINT64 CryptoBlockByteOffset;
+ UINT64 CryptoBlockByteSize;
+} EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER;
+
+#define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF
+
+typedef struct {
+ //
+ // Is inline cryptographic capability supported on this device.
+ //
+ BOOLEAN Supported;
+ //
+ // Maximum number of keys that can be configured at the same time.
+ //
+ UINT64 KeyCount;
+ //
+ // Number of supported capabilities.
+ //
+ UINT64 CapabilityCount;
+ //
+ // Array of supported capabilities.
+ //
+ EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1];
+} EFI_BLOCK_IO_CRYPTO_CAPABILITIES;
+
+typedef struct {
+ //
+ // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY
can be
+ // used to set any available entry in the configuration table.
+ //
+ UINT64 Index;
+ //
+ // Identifies the owner of the configuration table entry. Entry can also be
used
+ // with the Nil value to clear key from the configuration table index.
+ //
+ EFI_GUID KeyOwnerGuid;
+ //
+ // A supported capability to be used. The CryptoBlockSizeBitMask field of the
+ // structure should have only one bit set from the supported mask.
+ //
+ EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;
+ //
+ // Pointer to the key. The size of the key is defined by the KeySize field of
+ // the capability specified by the Capability parameter.
+ //
+ VOID *CryptoKey;
+} EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY;
+
+typedef struct {
+ //
+ // Configuration table index.
+ //
+ UINT64 Index;
+ //
+ // Identifies the current owner of the entry.
+ //
+ EFI_GUID KeyOwnerGuid;
+ //
+ // The capability to be used. The CryptoBlockSizeBitMask field of the
structure
+ // has only one bit set from the supported mask.
+ //
+ EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability;
+} EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY;
+
+
+///
+/// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used
by UEFI
+/// drivers and applications to perform block encryption on a storage device,
such as UFS.
+///
+struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL {
+ EFI_BLOCK_IO_MEDIA *Media;
+ EFI_BLOCK_IO_CRYPTO_RESET Reset;
+ EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities;
+ EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration;
+ EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration;
+ EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended;
+ EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended;
+ EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks;
+};
+
+extern EFI_GUID gEfiBlockIoCryptoProtocolGuid;
+
+#endif
+
Modified: trunk/edk2/MdePkg/MdePkg.dec
===================================================================
--- trunk/edk2/MdePkg/MdePkg.dec 2015-05-05 02:58:51 UTC (rev 17291)
+++ trunk/edk2/MdePkg/MdePkg.dec 2015-05-05 07:27:52 UTC (rev 17292)
@@ -1435,6 +1435,9 @@
## Include/Protocol/Hash2.h
gEfiHash2ProtocolGuid = { 0x55b1d734, 0xc5e1, 0x49db, { 0x96,
0x47, 0xb1, 0x6a, 0xfb, 0xe, 0x30, 0x5b }}
+ ## Include/Protocol/BlockIoCrypto.h
+ gEfiBlockIoCryptoProtocolGuid = { 0xa00490ba, 0x3f1a, 0x4b4c, { 0xab,
0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8 }}
+
#
# [Error.gEfiMdePkgTokenSpaceGuid]
# 0x80000001 | Invalid value provided.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
