Re: [edk2] [PATCH v1 1/1] SecurityPkg/HddPassword: Add Security feature set support for ATA dev

[Ni, Ray]

+
+/**
+  Entry point of the notification callback function itself within the PEIM.
+  It is to unlock HDD password for S3.
+
+  @param  PeiServices  Indirect reference to the PEI Services Table.
+  @param  NotifyDescriptor Address of the notification descriptor data 
structure.
+  @param  Ppi  Address of the PPI that was installed.
+
+  @return Status of the notification.
+  The status code returned from this function is ignored.
+**/
+EFI_STATUS
+EFIAPI
+HddPasswordAtaPassThruNotify (
+  IN EFI_PEI_SERVICES  **PeiServices,
+  IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+  IN VOID  *Ppi
+  )
+{
+  HDD_PASSWORD_PEI_DRIVER_PRIVATE_DATA*Private;
+
+  DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__));
+
+  Private = HDD_PASSWORD_PEI_PRIVATE_DATA_FROM_THIS_NOTIFY (NotifyDesc);
+  UnlockHddPassword (Private);


Similar comments as that I gave to 13/13 OpalPasswordPei change,
we could use the 3rd parameter "Ppi" to simplify the code.
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH v1 1/1] SecurityPkg/HddPassword: Add Security feature set support for ATA dev

[Hao Wu]

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1529

This commit will add the 'Security feature set' support for ATA devices.

According to the AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS)
specification, the Security feature set is an optional feature. In
summary, the feature is a password system that restricts access to user
data stored on an ATA device. A more detailed introduction of this feature
can be referred from the ATA8-ACS spec.

The HddPassword driver is composed of 2 parts:
* A DXE driver and
* A PEI driver

The DXE driver consumes EFI_ATA_PASS_THRU_PROTOCOL instances and installs
an HII GUI to manage the devices. If the managing device supports Security
feature set, the HII page will provide the user with the ability to
set/update/disable the password for this device. Also, if a password is
being set via the Security feature set, a popup window will show during
boot requesting the user to input password.

Another feature supported by this driver is that for those managing
devices with password set, they will be automatically unlocked during the
S3 resume. This is done by the co-work of the DXE driver and the PEI
driver:

The DXE driver will save the password and the identication information for
these devices into a LockBox, which is only allowed to restore during S3
resume.

The PEI driver, during S3 resume, will restore the content in the LockBox
and will consume EDKII_PEI_ATA_PASS_THRU_PPI instances to unlock devices.

Cc: Eric Dong 
Cc: Ray Ni 
Cc: Chao Zhang 
Cc: Jiewen Yao 
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu 
---
 SecurityPkg/SecurityPkg.dsc   |6 +
 SecurityPkg/HddPassword/HddPasswordDxe.inf|   75 +
 SecurityPkg/HddPassword/HddPasswordPei.inf|   54 +
 SecurityPkg/HddPassword/HddPasswordCommon.h   |   61 +
 SecurityPkg/HddPassword/HddPasswordDxe.h  |  148 +
 SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h |   63 +
 SecurityPkg/HddPassword/HddPasswordPei.h  |   64 +
 SecurityPkg/HddPassword/HddPassword.vfr   |  188 ++
 SecurityPkg/HddPassword/HddPasswordDxe.c  | 2816 
 SecurityPkg/HddPassword/HddPasswordPei.c  |  461 
 SecurityPkg/HddPassword/HddPasswordStrings.uni|   48 +
 11 files changed, 3984 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index ab887e8c4d..5577ff0687 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -287,6 +287,12 @@
   SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf
   SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf
 
+  #
+  # HDD Password solution
+  #
+  SecurityPkg/HddPassword/HddPasswordDxe.inf
+  SecurityPkg/HddPassword/HddPasswordPei.inf
+
 [BuildOptions]
MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256
   INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256
diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf 
b/SecurityPkg/HddPassword/HddPasswordDxe.inf
new file mode 100644
index 00..7a3fc2f88c
--- /dev/null
+++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf
@@ -0,0 +1,75 @@
+## @file
+#  HddPasswordDxe driver which is used to set/clear hdd password at attached 
harddisk
+#  devices.
+#
+#  Copyright (c) 2019, Intel Corporation. All rights reserved.
+#
+#  This program and the accompanying materials
+#  are licensed and made available under the terms and conditions of the BSD 
License
+#  which accompanies this distribution.  The full text of the license may be 
found at
+#  http://opensource.org/licenses/bsd-license.php
+#
+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR 
IMPLIED.
+#
+##
+
+[Defines]
+  INF_VERSION= 0x00010005
+  BASE_NAME  = HddPasswordDxe
+  FILE_GUID  = 9BD549CD-86D1-4925-9F7D-3686DDD876FC
+  MODULE_TYPE= DXE_DRIVER
+  VERSION_STRING = 1.0
+  ENTRY_POINT= HddPasswordDxeInit
+
+#
+# The following information is for reference only and not required by the 
build tools.
+#
+#  VALID_ARCHITECTURES   = IA32 X64 IPF EBC
+#
+
+[Sources]
+  HddPasswordDxe.c
+  HddPasswordDxe.h
+  HddPasswordHiiDataStruc.h
+  HddPassword.vfr
+  HddPasswordStrings.uni
+  HddPasswordCommon.h
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  MemoryAllocationLib
+  UefiBootServicesTableLib
+  UefiDriverEntryPoint
+  UefiHiiServicesLib
+  UefiRuntimeServicesTableLib
+  DxeServicesTableLib
+  BaseMemoryLib
+  DebugLib
+  HiiLib
+  PrintLib
+  UefiLib
+  LockBoxLib
+  S3BootScriptLib
+  PciLib
+  BaseCryptLib
+
+[Guids]
+  gEfiIfrTianoGuid  ## CONSUMES ## GUID
+  gEfiEndOfDxeEventGroupGuid## CONSUMES ## Event
+  gS3StorageDeviceInitListGuid  ## SOMETIMES_PRODUCES ## 
UNDEFINED
+