For Pyrite SSC device, it may not supports Active Key, So add check logic before enable it.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <[email protected]> Cc: Feng, Tian <[email protected]> --- .../Library/TcgStorageOpalLib/TcgStorageOpalCore.c | 50 ++++++++++++---------- 1 file changed, 28 insertions(+), 22 deletions(-) diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c index 2db5ffe..f4f5f30 100644 --- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c +++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c @@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin( TCG_PARSE_STRUCT ParseStruct; UINT32 Size; TCG_UID ActiveKey; + TCG_RESULT Ret; NULL_CHECK(LockingSpSession); NULL_CHECK(NewPin); @@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin( ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); - ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey)); - - ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); - ERROR_CHECK(TcgCreateSetAce( - &CreateStruct, - &Size, - LockingSpSession->OpalBaseComId, - LockingSpSession->ComIdExtension, - LockingSpSession->TperSessionId, - LockingSpSession->HostSessionId, - (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, - OPAL_LOCKING_SP_USER1_AUTHORITY, - TCG_ACE_EXPRESSION_OR, - OPAL_LOCKING_SP_ADMINS_AUTHORITY - )); + // + // For Pyrite type SSC, it not supports Active Key. + // So here add check logic before enable it. + // + Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey); + if (Ret == TcgResultSuccess) { + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetAce( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + )); - ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus)); - if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { - DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); - // - //TODO do we want to disable user1 if all permissions are not granted - // - return TcgResultFailure; + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); + // + // TODO do we want to disable user1 if all permissions are not granted + // + return TcgResultFailure; + } } ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); -- 2.6.4.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
