From nobody Fri Mar 29 10:09:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+48176+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48176+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1569550805; cv=none; d=zoho.com; s=zohoarc; b=mFz9+stXkrxuT/iAzSjhLARIQBt1FtEZt2sy47ujr6f9zPoRjqHFm//ZAF7c0d0u2WEUs6bFOBiS0D8ySHg/BDoR9fmFxwTrZXhrN1duwlcqMU/Wj8Lu6ePrBzbsQyjlxWUrG3AK+iXyPj9B68Iz6C2XtcRP2WvBd8CH2eti4eM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569550805; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=wys04Da39Poq/mZQ7i4xzkuH76GSlLY/Sca+JNSwtb8=; b=ARxdnMzAXw8YRu6kbB8APjcLRCrBwK6plOvmJXgGu2I+8ZADtpXCDWZQ+xJXqqZwVcWyh4yTqN8SBZNDfO2tkpa8RRBAaJVVZA7FyD0DUMELpZgtGjAPkDCkpC30pyKs7Ea+54uyQFerLLmM2cqmfDbm24RNJRponUiFca91U/w= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48176+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1569550805569531.846314610925; Thu, 26 Sep 2019 19:20:05 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id UtYoYY1788612xV5GEVpv4SE; Thu, 26 Sep 2019 19:20:03 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by groups.io with SMTP; Thu, 26 Sep 2019 19:20:02 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2019 19:20:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,553,1559545200"; d="scan'208";a="193021224" X-Received: from cjzurch-desk.amr.corp.intel.com ([10.9.70.181]) by orsmga003.jf.intel.com with ESMTP; 26 Sep 2019 19:20:00 -0700 From: "Zurcher, Christopher J" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v8 1/4] MdePkg: Implement SCSI commands for Security Protocol In/Out Date: Thu, 26 Sep 2019 19:19:57 -0700 Message-Id: <20190927022000.36920-2-christopher.j.zurcher@intel.com> In-Reply-To: <20190927022000.36920-1-christopher.j.zurcher@intel.com> References: <20190927022000.36920-1-christopher.j.zurcher@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,christopher.j.zurcher@intel.com X-Gm-Message-State: 8dz8JCJfvs8bLx2j7ttyXOPFx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1569550803; bh=9S5ghJ6l4REde4kBg8E+sz9z5OMQQ4B91VkfYwETU9E=; h=Cc:Date:From:Reply-To:Subject:To; b=SgmEm4o4WMTJd9vCjAyrhMtDTNKi+/ikyiIdVzSaSRLgl99soFaO88JS7BUaTCGzqMP 4OvlXSL53gO3J23xaumaicL2n3Y2E00KHYrKm7CEUf9hZkokgVzffVsf735TCDlbUTZ+2 hiEhPAi43bqqDYFKXg28cIArQH3H3wCR3ao= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1546 This patch implements the Security Protocol In and Security Protocol Out commands in UefiScsiLib to prepare support for the Storage Security Command Protocol. Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher Reviewed-by: Hao A Wu --- MdePkg/Include/IndustryStandard/Scsi.h | 48 ++-- MdePkg/Include/Library/UefiScsiLib.h | 130 ++++++++++- MdePkg/Library/UefiScsiLib/UefiScsiLib.c | 229 +++++++++++++++++++- 3 files changed, 388 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/IndustryStandard/Scsi.h b/MdePkg/Include/Indust= ryStandard/Scsi.h index cbe5709fe5..d03886417f 100644 --- a/MdePkg/Include/IndustryStandard/Scsi.h +++ b/MdePkg/Include/IndustryStandard/Scsi.h @@ -1,7 +1,7 @@ /** @file Support for SCSI-2 standard =20 - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -163,6 +163,12 @@ #define EFI_SCSI_OP_SEND_MESSAGE10 0x2a #define EFI_SCSI_OP_SEND_MESSAGE12 0xaa =20 +// +// Additional commands for Secure Transactions +// +#define EFI_SCSI_OP_SECURITY_PROTOCOL_IN 0xa2 +#define EFI_SCSI_OP_SECURITY_PROTOCOL_OUT 0xb5 + // // SCSI Data Transfer Direction // @@ -172,22 +178,30 @@ // // Peripheral Device Type Definitions // -#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g. = magnetic disk) -#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device (e= .g. magnetic tape) -#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device -#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device -#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. som= e optical disks) -#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD-ROM device -#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device -#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.g.= some optical disks) -#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.g.= jukeboxes) -#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device -#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graphic= arts pre-press devices) -#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graphic= arts pre-press devices) -// -// 0Ch - 1Eh are reserved -// -#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type +#define EFI_SCSI_TYPE_DISK 0x00 ///< Direct-access device (e.g= . magnetic disk) +#define EFI_SCSI_TYPE_TAPE 0x01 ///< Sequential-access device = (e.g. magnetic tape) +#define EFI_SCSI_TYPE_PRINTER 0x02 ///< Printer device +#define EFI_SCSI_TYPE_PROCESSOR 0x03 ///< Processor device +#define EFI_SCSI_TYPE_WORM 0x04 ///< Write-once device (e.g. s= ome optical disks) +#define EFI_SCSI_TYPE_CDROM 0x05 ///< CD/DVD device +#define EFI_SCSI_TYPE_SCANNER 0x06 ///< Scanner device (obsolete) +#define EFI_SCSI_TYPE_OPTICAL 0x07 ///< Optical memory device (e.= g. some optical disks) +#define EFI_SCSI_TYPE_MEDIUMCHANGER 0x08 ///< Medium changer device (e.= g. jukeboxes) +#define EFI_SCSI_TYPE_COMMUNICATION 0x09 ///< Communications device (ob= solete) +#define EFI_SCSI_TYPE_ASCIT8_1 0x0A ///< Defined by ASC IT8 (Graph= ic arts pre-press devices) +#define EFI_SCSI_TYPE_ASCIT8_2 0x0B ///< Defined by ASC IT8 (Graph= ic arts pre-press devices) +#define EFI_SCSI_TYPE_RAID 0x0C ///< Storage array controller = device (e.g., RAID) +#define EFI_SCSI_TYPE_SES 0x0D ///< Enclosure services device +#define EFI_SCSI_TYPE_RBC 0x0E ///< Simplified direct-access = device (e.g., magnetic disk) +#define EFI_SCSI_TYPE_OCRW 0x0F ///< Optical card reader/write= r device +#define EFI_SCSI_TYPE_BRIDGE 0x10 ///< Bridge Controller Commands +#define EFI_SCSI_TYPE_OSD 0x11 ///< Object-based Storage Devi= ce +#define EFI_SCSI_TYPE_AUTOMATION 0x12 ///< Automation/Drive Interface +#define EFI_SCSI_TYPE_SECURITYMANAGER 0x13 ///< Security manager device +#define EFI_SCSI_TYPE_RESERVED_LOW 0x14 ///< Reserved (low) +#define EFI_SCSI_TYPE_RESERVED_HIGH 0x1D ///< Reserved (high) +#define EFI_SCSI_TYPE_WLUN 0x1E ///< Well known logical unit +#define EFI_SCSI_TYPE_UNKNOWN 0x1F ///< Unknown or no device type =20 // // Page Codes for INQUIRY command diff --git a/MdePkg/Include/Library/UefiScsiLib.h b/MdePkg/Include/Library/= UefiScsiLib.h index 10dd81902b..2a81883ca9 100644 --- a/MdePkg/Include/Library/UefiScsiLib.h +++ b/MdePkg/Include/Library/UefiScsiLib.h @@ -5,7 +5,7 @@ for hard drive, CD and DVD devices that are the most common SCSI boot ta= rgets used by UEFI platforms. This library class depends on SCSI I/O Protocol defined in UEFI Specific= ation and SCSI-2 industry standard. =20 -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -813,6 +813,134 @@ ScsiWrite16Command ( ); =20 =20 +/** + Execute Security Protocol In SCSI command on a specific SCSI target. + + Executes the SCSI Security Protocol In command on the SCSI target specif= ied by ScsiIo. + If Timeout is zero, then this function waits indefinitely for the comman= d to complete. + If Timeout is greater than zero, then the command is executed and will t= imeout after + Timeout 100 ns units. + If ScsiIo is NULL, then ASSERT(). + If SenseDataLength is NULL, then ASSERT(). + If HostAdapterStatus is NULL, then ASSERT(). + If TargetStatus is NULL, then ASSERT(). + If TransferLength is NULL, then ASSERT(). + + If SenseDataLength is non-zero and SenseData is not NULL, SenseData must= meet buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + If DataLength is non-zero and DataBuffer is not NULL, DataBuffer must me= et buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + @param[in] ScsiIo SCSI IO Protocol to use. + @param[in] Timeout The length of timeout period. + @param[in, out] SenseData A pointer to output sense data. + @param[in, out] SenseDataLength The length of output sense dat= a. + @param[out] HostAdapterStatus The status of Host Adapter. + @param[out] TargetStatus The status of the target. + @param[in] SecurityProtocol The Security Protocol to use. + @param[in] SecurityProtocolSpecific The Security Protocol Specific= data. + @param[in] Inc512 If TRUE, 512 increment (INC_51= 2) bit will be set for the + SECURITY PROTOCOL IN command. + @param[in] DataLength The size in bytes of the data = buffer. + @param[in, out] DataBuffer A pointer to a data buffer. + @param[out] TransferLength A pointer to a buffer to store= the size in + bytes of the data written to t= he data buffer. + + @retval EFI_SUCCESS Command is executed successfully. + @retval EFI_BAD_BUFFER_SIZE The SCSI Request Packet was execute= d, but the entire DataBuffer could + not be transferred. The actual numb= er of bytes transferred is returned in TransferLength. + @retval EFI_NOT_READY The SCSI Request Packet could not b= e sent because there are too many + SCSI Command Packets already queued. + @retval EFI_DEVICE_ERROR A device error occurred while attem= pting to send SCSI Request Packet. + @retval EFI_UNSUPPORTED The command described by the SCSI R= equest Packet is not supported by + the SCSI initiator(i.e., SCSI Host= Controller) + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the SCSI Request Packet to execute. + @retval EFI_INVALID_PARAMETER The contents of the SCSI Request Pa= cket are invalid. + +**/ +EFI_STATUS +EFIAPI +ScsiSecurityProtocolInCommand ( + IN EFI_SCSI_IO_PROTOCOL *ScsiIo, + IN UINT64 Timeout, + IN OUT VOID *SenseData, OPTIONAL + IN OUT UINT8 *SenseDataLength, + OUT UINT8 *HostAdapterStatus, + OUT UINT8 *TargetStatus, + IN UINT8 SecurityProtocol, + IN UINT16 SecurityProtocolSpecific, + IN BOOLEAN Inc512, + IN UINTN DataLength, + IN OUT VOID *DataBuffer, OPTIONAL + OUT UINTN *TransferLength + ); + + +/** + Execute Security Protocol Out SCSI command on a specific SCSI target. + + Executes the SCSI Security Protocol Out command on the SCSI target speci= fied by ScsiIo. + If Timeout is zero, then this function waits indefinitely for the comman= d to complete. + If Timeout is greater than zero, then the command is executed and will t= imeout after + Timeout 100 ns units. + If ScsiIo is NULL, then ASSERT(). + If SenseDataLength is NULL, then ASSERT(). + If HostAdapterStatus is NULL, then ASSERT(). + If TargetStatus is NULL, then ASSERT(). + + If SenseDataLength is non-zero and SenseData is not NULL, SenseData must= meet buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + If DataLength is non-zero and DataBuffer is not NULL, DataBuffer must me= et buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + @param[in] ScsiIo SCSI IO Protocol to use. + @param[in] Timeout The length of timeout period. + @param[in, out] SenseData A pointer to output sense data. + @param[in, out] SenseDataLength The length of output sense dat= a. + @param[out] HostAdapterStatus The status of Host Adapter. + @param[out] TargetStatus The status of the target. + @param[in] SecurityProtocol The Security Protocol to use. + @param[in] SecurityProtocolSpecific The Security Protocol Specific= data. + @param[in] Inc512 If TRUE, 512 increment (INC_51= 2) bit will be set for the + SECURITY PROTOCOL OUT command. + @param[in] DataLength The size in bytes of the trans= fer data. + @param[in, out] DataBuffer A pointer to a data buffer. + + @retval EFI_SUCCESS Command is executed successfully. + @retval EFI_BAD_BUFFER_SIZE The SCSI Request Packet was execute= d, but the entire DataBuffer could + not be transferred. The actual numb= er of bytes transferred is returned in DataLength. + @retval EFI_NOT_READY The SCSI Request Packet could not b= e sent because there are too many + SCSI Command Packets already queued. + @retval EFI_DEVICE_ERROR A device error occurred while attem= pting to send SCSI Request Packet. + @retval EFI_UNSUPPORTED The command described by the SCSI R= equest Packet is not supported by + the SCSI initiator(i.e., SCSI Host= Controller) + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the SCSI Request Packet to execute. + @retval EFI_INVALID_PARAMETER The contents of the SCSI Request Pa= cket are invalid. + +**/ +EFI_STATUS +EFIAPI +ScsiSecurityProtocolOutCommand ( + IN EFI_SCSI_IO_PROTOCOL *ScsiIo, + IN UINT64 Timeout, + IN OUT VOID *SenseData, OPTIONAL + IN OUT UINT8 *SenseDataLength, + OUT UINT8 *HostAdapterStatus, + OUT UINT8 *TargetStatus, + IN UINT8 SecurityProtocol, + IN UINT16 SecurityProtocolSpecific, + IN BOOLEAN Inc512, + IN UINTN DataLength, + IN OUT VOID *DataBuffer OPTIONAL + ); + + /** Execute blocking/non-blocking Read(10) SCSI command on a specific SCSI target. diff --git a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c b/MdePkg/Library/Uefi= ScsiLib/UefiScsiLib.c index c7491d1436..13a2a1912c 100644 --- a/MdePkg/Library/UefiScsiLib/UefiScsiLib.c +++ b/MdePkg/Library/UefiScsiLib/UefiScsiLib.c @@ -1,7 +1,7 @@ /** @file UEFI SCSI Library implementation =20 - Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -23,6 +23,7 @@ // #define EFI_SCSI_OP_LENGTH_SIX 0x6 #define EFI_SCSI_OP_LENGTH_TEN 0xa +#define EFI_SCSI_OP_LENGTH_TWELVE 0xc #define EFI_SCSI_OP_LENGTH_SIXTEEN 0x10 =20 // @@ -1280,6 +1281,232 @@ ScsiWrite16Command ( } =20 =20 +/** + Execute Security Protocol In SCSI command on a specific SCSI target. + + Executes the SCSI Security Protocol In command on the SCSI target specif= ied by ScsiIo. + If Timeout is zero, then this function waits indefinitely for the comman= d to complete. + If Timeout is greater than zero, then the command is executed and will t= imeout after + Timeout 100 ns units. + If ScsiIo is NULL, then ASSERT(). + If SenseDataLength is NULL, then ASSERT(). + If HostAdapterStatus is NULL, then ASSERT(). + If TargetStatus is NULL, then ASSERT(). + If TransferLength is NULL, then ASSERT(). + + If SenseDataLength is non-zero and SenseData is not NULL, SenseData must= meet buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + If DataLength is non-zero and DataBuffer is not NULL, DataBuffer must me= et buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + @param[in] ScsiIo SCSI IO Protocol to use. + @param[in] Timeout The length of timeout period. + @param[in, out] SenseData A pointer to output sense data. + @param[in, out] SenseDataLength The length of output sense dat= a. + @param[out] HostAdapterStatus The status of Host Adapter. + @param[out] TargetStatus The status of the target. + @param[in] SecurityProtocol The Security Protocol to use. + @param[in] SecurityProtocolSpecific The Security Protocol Specific= data. + @param[in] Inc512 If TRUE, 512 increment (INC_51= 2) bit will be set for the + SECURITY PROTOCOL IN command. + @param[in] DataLength The size in bytes of the data = buffer. + @param[in, out] DataBuffer A pointer to a data buffer. + @param[out] TransferLength A pointer to a buffer to store= the size in + bytes of the data written to t= he data buffer. + + @retval EFI_SUCCESS Command is executed successfully. + @retval EFI_BAD_BUFFER_SIZE The SCSI Request Packet was execute= d, but the entire DataBuffer could + not be transferred. The actual numb= er of bytes transferred is returned in TransferLength. + @retval EFI_NOT_READY The SCSI Request Packet could not b= e sent because there are too many + SCSI Command Packets already queued. + @retval EFI_DEVICE_ERROR A device error occurred while attem= pting to send SCSI Request Packet. + @retval EFI_UNSUPPORTED The command described by the SCSI R= equest Packet is not supported by + the SCSI initiator(i.e., SCSI Host= Controller) + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the SCSI Request Packet to execute. + @retval EFI_INVALID_PARAMETER The contents of the SCSI Request Pa= cket are invalid. + +**/ +EFI_STATUS +EFIAPI +ScsiSecurityProtocolInCommand ( + IN EFI_SCSI_IO_PROTOCOL *ScsiIo, + IN UINT64 Timeout, + IN OUT VOID *SenseData, OPTIONAL + IN OUT UINT8 *SenseDataLength, + OUT UINT8 *HostAdapterStatus, + OUT UINT8 *TargetStatus, + IN UINT8 SecurityProtocol, + IN UINT16 SecurityProtocolSpecific, + IN BOOLEAN Inc512, + IN UINTN DataLength, + IN OUT VOID *DataBuffer, OPTIONAL + OUT UINTN *TransferLength + ) +{ + EFI_SCSI_IO_SCSI_REQUEST_PACKET CommandPacket; + EFI_STATUS Status; + UINT8 Cdb[EFI_SCSI_OP_LENGTH_TWELVE]; + + ASSERT (SenseDataLength !=3D NULL); + ASSERT (HostAdapterStatus !=3D NULL); + ASSERT (TargetStatus !=3D NULL); + ASSERT (ScsiIo !=3D NULL); + ASSERT (TransferLength !=3D NULL); + ASSERT (DataLength <=3D MAX_UINT32); + + ZeroMem (&CommandPacket, sizeof (EFI_SCSI_IO_SCSI_REQUEST_PACKET)); + ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TWELVE); + + CommandPacket.Timeout =3D Timeout; + CommandPacket.InDataBuffer =3D DataBuffer; + CommandPacket.SenseData =3D SenseData; + CommandPacket.InTransferLength =3D (UINT32) DataLength; + CommandPacket.Cdb =3D Cdb; + // + // Fill Cdb for Security Protocol In Command + // + Cdb[0] =3D EFI_SCSI_OP_SECURITY_PROTOCOL_IN; + Cdb[1] =3D SecurityProtocol; + WriteUnaligned16 ((UINT16 *)&Cdb[2], SwapBytes16 (SecurityProtocolSpecif= ic)); + + if (Inc512) { + if (DataLength % 512 !=3D 0) { + return EFI_INVALID_PARAMETER; + } + Cdb[4] =3D BIT7; + WriteUnaligned32 ((UINT32 *)&Cdb[6], SwapBytes32 ((UINT32) DataLength = / 512)); + } else { + WriteUnaligned32 ((UINT32 *)&Cdb[6], SwapBytes32 ((UINT32) DataLength)= ); + } + + CommandPacket.CdbLength =3D EFI_SCSI_OP_LENGTH_TWELVE; + CommandPacket.DataDirection =3D EFI_SCSI_DATA_IN; + CommandPacket.SenseDataLength =3D *SenseDataLength; + + Status =3D ScsiIo->ExecuteScsiCommand (ScsiIo, &C= ommandPacket, NULL); + + *HostAdapterStatus =3D CommandPacket.HostAdapterStatus; + *TargetStatus =3D CommandPacket.TargetStatus; + *SenseDataLength =3D CommandPacket.SenseDataLength; + *TransferLength =3D (UINTN) CommandPacket.InTransferLength; + + return Status; +} + + +/** + Execute Security Protocol Out SCSI command on a specific SCSI target. + + Executes the SCSI Security Protocol Out command on the SCSI target speci= fied by ScsiIo. + If Timeout is zero, then this function waits indefinitely for the comman= d to complete. + If Timeout is greater than zero, then the command is executed and will t= imeout after + Timeout 100 ns units. + If ScsiIo is NULL, then ASSERT(). + If SenseDataLength is NULL, then ASSERT(). + If HostAdapterStatus is NULL, then ASSERT(). + If TargetStatus is NULL, then ASSERT(). + + If SenseDataLength is non-zero and SenseData is not NULL, SenseData must= meet buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + If DataLength is non-zero and DataBuffer is not NULL, DataBuffer must me= et buffer + alignment requirement defined in EFI_SCSI_IO_PROTOCOL. Otherwise EFI_INV= ALID_PARAMETER + gets returned. + + @param[in] ScsiIo SCSI IO Protocol to use. + @param[in] Timeout The length of timeout period. + @param[in, out] SenseData A pointer to output sense data. + @param[in, out] SenseDataLength The length of output sense dat= a. + @param[out] HostAdapterStatus The status of Host Adapter. + @param[out] TargetStatus The status of the target. + @param[in] SecurityProtocol The Security Protocol to use. + @param[in] SecurityProtocolSpecific The Security Protocol Specific= data. + @param[in] Inc512 If TRUE, 512 increment (INC_51= 2) bit will be set for the + SECURITY PROTOCOL OUT command. + @param[in] DataLength The size in bytes of the trans= fer data. + @param[in, out] DataBuffer A pointer to a data buffer. + + @retval EFI_SUCCESS Command is executed successfully. + @retval EFI_BAD_BUFFER_SIZE The SCSI Request Packet was execute= d, but the entire DataBuffer could + not be transferred. The actual numb= er of bytes transferred is returned in DataLength. + @retval EFI_NOT_READY The SCSI Request Packet could not b= e sent because there are too many + SCSI Command Packets already queued. + @retval EFI_DEVICE_ERROR A device error occurred while attem= pting to send SCSI Request Packet. + @retval EFI_UNSUPPORTED The command described by the SCSI R= equest Packet is not supported by + the SCSI initiator(i.e., SCSI Host= Controller) + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the SCSI Request Packet to execute. + @retval EFI_INVALID_PARAMETER The contents of the SCSI Request Pa= cket are invalid. + +**/ +EFI_STATUS +EFIAPI +ScsiSecurityProtocolOutCommand ( + IN EFI_SCSI_IO_PROTOCOL *ScsiIo, + IN UINT64 Timeout, + IN OUT VOID *SenseData, OPTIONAL + IN OUT UINT8 *SenseDataLength, + OUT UINT8 *HostAdapterStatus, + OUT UINT8 *TargetStatus, + IN UINT8 SecurityProtocol, + IN UINT16 SecurityProtocolSpecific, + IN BOOLEAN Inc512, + IN UINTN DataLength, + IN OUT VOID *DataBuffer OPTIONAL + ) +{ + EFI_SCSI_IO_SCSI_REQUEST_PACKET CommandPacket; + EFI_STATUS Status; + UINT8 Cdb[EFI_SCSI_OP_LENGTH_TWELVE]; + + ASSERT (SenseDataLength !=3D NULL); + ASSERT (HostAdapterStatus !=3D NULL); + ASSERT (TargetStatus !=3D NULL); + ASSERT (ScsiIo !=3D NULL); + ASSERT (DataLength <=3D MAX_UINT32); + + ZeroMem (&CommandPacket, sizeof (EFI_SCSI_IO_SCSI_REQUEST_PACKET)); + ZeroMem (Cdb, EFI_SCSI_OP_LENGTH_TWELVE); + + CommandPacket.Timeout =3D Timeout; + CommandPacket.OutDataBuffer =3D DataBuffer; + CommandPacket.SenseData =3D SenseData; + CommandPacket.OutTransferLength =3D (UINT32) DataLength; + CommandPacket.Cdb =3D Cdb; + // + // Fill Cdb for Security Protocol Out Command + // + Cdb[0] =3D EFI_SCSI_OP_SECURITY_PROTOCOL_OUT; + Cdb[1] =3D SecurityProtocol; + WriteUnaligned16 ((UINT16 *)&Cdb[2], SwapBytes16 (SecurityProtocolSpecif= ic)); + + if (Inc512) { + if (DataLength % 512 !=3D 0) { + return EFI_INVALID_PARAMETER; + } + Cdb[4] =3D BIT7; + WriteUnaligned32 ((UINT32 *)&Cdb[6], SwapBytes32 ((UINT32) DataLength = / 512)); + } else { + WriteUnaligned32 ((UINT32 *)&Cdb[6], SwapBytes32 ((UINT32) DataLength)= ); + } + + CommandPacket.CdbLength =3D EFI_SCSI_OP_LENGTH_TWELVE; + CommandPacket.DataDirection =3D EFI_SCSI_DATA_OUT; + CommandPacket.SenseDataLength =3D *SenseDataLength; + + Status =3D ScsiIo->ExecuteScsiCommand (ScsiIo, &C= ommandPacket, NULL); + + *HostAdapterStatus =3D CommandPacket.HostAdapterStatus; + *TargetStatus =3D CommandPacket.TargetStatus; + *SenseDataLength =3D CommandPacket.SenseDataLength; + + return Status; +} + + /** Internal helper notify function in which update the result of the non-blocking SCSI Read/Write commands and signal caller event. --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48176): https://edk2.groups.io/g/devel/message/48176 Mute This Topic: https://groups.io/mt/34306979/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 10:09:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+48177+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48177+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1569550807; cv=none; d=zoho.com; s=zohoarc; b=Rqc17kVlkpYDhJRKKB8ZVUhSyUUB3Z6RLTRCzZ9rRagMEiDq9HYTfqlNngiduEi+WdyaD5EIO3NF8lwFmU+GVKhfqE0uLwnEpsfTSW/SOMWBF7swz2W+DMYspbkhZAfEGgiIN0fuZV2R8Vo6NtNz3thRkAylfiFwFFtaPH/0nnM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569550807; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=RvSoIWU3RWxVPUH9NLccbbCq6D9w6ujg6722UoD5uhE=; b=mGz4d0vzCHadgsbOVrJOocU9zAn30GwPZ34u20FCjo7hrOSpCrG2gBedn4cdWmwWOlNKBSVPFlOnrMfmhHjrDpBQKCPhmAnd9z+WzH8L5lSR+MMqcENA8YhA6LNK85t+4f6HEfeRnVJdt8tQMddsZaiiNsVwizqPflMvhspkiuE= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48177+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1569550807686665.5773920060618; Thu, 26 Sep 2019 19:20:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fZNjYY1788612x8wU1TjEEN6; Thu, 26 Sep 2019 19:20:04 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by groups.io with SMTP; Thu, 26 Sep 2019 19:20:02 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2019 19:20:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,553,1559545200"; d="scan'208";a="193021228" X-Received: from cjzurch-desk.amr.corp.intel.com ([10.9.70.181]) by orsmga003.jf.intel.com with ESMTP; 26 Sep 2019 19:20:00 -0700 From: "Zurcher, Christopher J" To: devel@edk2.groups.io Cc: Michael D Kinney , Jiewen Yao , Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v8 2/4] MdeModulePkg/UfsPassThruDxe: Check for RPMB W-LUN (SecurityLun) Date: Thu, 26 Sep 2019 19:19:58 -0700 Message-Id: <20190927022000.36920-3-christopher.j.zurcher@intel.com> In-Reply-To: <20190927022000.36920-1-christopher.j.zurcher@intel.com> References: <20190927022000.36920-1-christopher.j.zurcher@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,christopher.j.zurcher@intel.com X-Gm-Message-State: 9FpCX5sq6tfhyXhg7fl3nmEpx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1569550804; bh=149T2GTlkx48iLgu89QLH4mKaoKM88y8bJKlcilWVm4=; h=Cc:Date:From:Reply-To:Subject:To; b=FqhVrQOgzIfgMszHPFaMsDgZKfPYzjAvhZA2acjBG6vKm4bptF8fFFic5ru+d1+URee gXq0uF9jQ1Lv/SqtpJFqFlJVWjiF1T39fKWFvxU0i0hog+S1ujBFMJW+anMsdfZ67EW6a tP9aAmc6ccNMz77DwqdtkkKplAJcPlagASs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1546 Currently UfsPassThru only checks for 8 common LUNs. This adds a check for the RPMB Well-known LUN and sets the corresponding bit-mask. Further handling of the WLUN is already present in the driver. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher Reviewed-by: Hao A Wu --- MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c b/MdeModuleP= kg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c index b12404aacb..26c5a8b855 100644 --- a/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c +++ b/MdeModulePkg/Bus/Ufs/UfsPassThruDxe/UfsPassThru.c @@ -822,7 +822,9 @@ UfsPassThruDriverBindingStart ( UINTN UfsHcBase; UINT32 Index; UFS_UNIT_DESC UnitDescriptor; + UFS_DEV_DESC DeviceDescriptor; UINT32 UnitDescriptorSize; + UINT32 DeviceDescriptorSize; =20 Status =3D EFI_SUCCESS; UfsHc =3D NULL; @@ -916,7 +918,6 @@ UfsPassThruDriverBindingStart ( =20 // // Check if 8 common luns are active and set corresponding bit mask. - // TODO: Parse device descriptor to decide if exposing RPMB LUN to upper= layer for authentication access. // UnitDescriptorSize =3D sizeof (UFS_UNIT_DESC); for (Index =3D 0; Index < 8; Index++) { @@ -931,6 +932,20 @@ UfsPassThruDriverBindingStart ( } } =20 + // + // Check if RPMB WLUN is supported and set corresponding bit mask. + // + DeviceDescriptorSize =3D sizeof (UFS_DEV_DESC); + Status =3D UfsRwDeviceDesc (Private, TRUE, UfsDeviceDesc, 0, 0, &DeviceD= escriptor, &DeviceDescriptorSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to read device descriptor, status =3D %r\= n", Status)); + } else { + if (DeviceDescriptor.SecurityLun =3D=3D 0x1) { + DEBUG ((DEBUG_INFO, "UFS WLUN RPMB is supported\n")); + Private->Luns.BitMask |=3D BIT11; + } + } + // // Start the asynchronous interrupt monitor // --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48177): https://edk2.groups.io/g/devel/message/48177 Mute This Topic: https://groups.io/mt/34306980/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 10:09:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+48178+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48178+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1569550806; cv=none; d=zoho.com; s=zohoarc; b=FDz2uF1HIBmC6Fx8ZkAxBh6gGje/7IOvR1rIa62NMUOWCzGI2vuuF56dghdjMywGDMojB5WoWzI7n4PJj79m6ed7TqAnYv2c6vBaR0i9sWckZT2O1E2HVqQvUmfwBYwGLFOqb+oqx24XWnBxi4K0gNv6YqGZrr9QV11TLncS64M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569550806; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=hbCVY/5u7EMx37GcmadcQmzouJL18admFEWGlYlxyfs=; b=VVSS0HqXOahb+Z+8w9Tv74/3FaF4BCy1bc27ZFbqNwCAgw01iIrTGDK+jourYk4FIahtBcH8C3+epnapegpNVG1RO2SVgHdiSg3mfMMp0pZktSs8u7zPhMzHyuwuXE6OhxndOHa+ZZaoeW3ZwPoj28CagKKWJmK5qYtwmtEaCPM= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48178+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1569550806703760.8879030884617; Thu, 26 Sep 2019 19:20:06 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id TnwJYY1788612x5wQZSxSlBP; Thu, 26 Sep 2019 19:20:04 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by groups.io with SMTP; Thu, 26 Sep 2019 19:20:02 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2019 19:20:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,553,1559545200"; d="scan'208";a="193021231" X-Received: from cjzurch-desk.amr.corp.intel.com ([10.9.70.181]) by orsmga003.jf.intel.com with ESMTP; 26 Sep 2019 19:20:00 -0700 From: "Zurcher, Christopher J" To: devel@edk2.groups.io Cc: Michael D Kinney , Jiewen Yao , Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v8 3/4] MdeModulePkg/ScsiBusDxe: Clean up Peripheral Type check Date: Thu, 26 Sep 2019 19:19:59 -0700 Message-Id: <20190927022000.36920-4-christopher.j.zurcher@intel.com> In-Reply-To: <20190927022000.36920-1-christopher.j.zurcher@intel.com> References: <20190927022000.36920-1-christopher.j.zurcher@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,christopher.j.zurcher@intel.com X-Gm-Message-State: ITdBIxmQ7dLwmsT0SEOdXJm9x1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1569550804; bh=FoU2BjKF3E0Dxno9T/KQn4WhFMu3i0wpui/sQVmJnaE=; h=Cc:Date:From:Reply-To:Subject:To; b=rQfbzQ5+kIEItyoJpbh9sC55BmKKCoPtWrFu83WfPjXHc3ucz5fpq0UZ8t9q0QjVtHx BeIu4L+zGb3MaYLruhx8Wo4lR5ZM1QYCnZ+es7SCk5PSu1WZolJbiuhOCcGiXemtC+ktq AbMsdcIpyHq28ad2IzbPszRF1qqKqwK0crk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1546 Replacing "magic numbers" in the Peripheral Type check with defines for the reserved range from IndustryStandard/Scsi.h Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher Reviewed-by: Hao A Wu --- MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c b/MdeModulePkg/Bus/= Scsi/ScsiBusDxe/ScsiBus.c index c4069aec0f..1caffd38cd 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c +++ b/MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBus.c @@ -2,7 +2,7 @@ SCSI Bus driver that layers on every SCSI Pass Thru and Extended SCSI Pass Thru protocol in the system. =20 -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -1368,7 +1368,8 @@ DiscoverScsiDevice ( goto Done; } =20 - if (0x1e >=3D InquiryData->Peripheral_Type && InquiryData->Peripheral_Ty= pe >=3D 0xa) { + if ((InquiryData->Peripheral_Type >=3D EFI_SCSI_TYPE_RESERVED_LOW) && + (InquiryData->Peripheral_Type <=3D EFI_SCSI_TYPE_RESERVED_HIGH)) { ScsiDeviceFound =3D FALSE; goto Done; } --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48178): https://edk2.groups.io/g/devel/message/48178 Mute This Topic: https://groups.io/mt/34306981/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri Mar 29 10:09:12 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+48179+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48179+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1569550807; cv=none; d=zoho.com; s=zohoarc; b=ijWiO27aDUI8eqdMUe1g/+ob32+QVLae9yhL7sur+bTLYXYapUm/GD9M9U7zS9qBVnHFPRisBsCqTHEpIBTpmkII9jGLX+cBiMdvepE8Adwvll+P5Zk3gQWWp6aFt3X2LLgcZUIcVW7Fvm4gi3G3Ffdtja/SE6NOgg4VW8VQdrs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569550807; h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To:ARC-Authentication-Results; bh=Yo0mLvLEnpRFKQMwQeyPZn+9sW5rTBy6DHTbiCVDIyU=; b=bQR6tsl45rkTkMKiScg93aWpTmpeqvw8M0OVboXK9buK0LJivUob09Krguwo7+wrNbGt/302iGOsj9DdRH87KKJKJ4C9T5HI1RCTnWHJaFLnhAOKDTylqwpFJ7iqlFBug9QUKVDPVkL8eLh0zZtDcHvCLd6b4Te5CelSSiHRXBs= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+48179+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1569550807068619.0622266199964; Thu, 26 Sep 2019 19:20:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id cq4BYY1788612x2yJdJaBZha; Thu, 26 Sep 2019 19:20:04 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by groups.io with SMTP; Thu, 26 Sep 2019 19:20:03 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2019 19:20:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,553,1559545200"; d="scan'208";a="193021233" X-Received: from cjzurch-desk.amr.corp.intel.com ([10.9.70.181]) by orsmga003.jf.intel.com with ESMTP; 26 Sep 2019 19:20:00 -0700 From: "Zurcher, Christopher J" To: devel@edk2.groups.io Cc: Michael D Kinney , Jiewen Yao , Jian J Wang , Liming Gao Subject: [edk2-devel] [PATCH v8 4/4] MdeModulePkg/ScsiDiskDxe: Support Storage Security Command Protocol Date: Thu, 26 Sep 2019 19:20:00 -0700 Message-Id: <20190927022000.36920-5-christopher.j.zurcher@intel.com> In-Reply-To: <20190927022000.36920-1-christopher.j.zurcher@intel.com> References: <20190927022000.36920-1-christopher.j.zurcher@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,christopher.j.zurcher@intel.com X-Gm-Message-State: ViFIL7CQeDghOhGhf96HeY0gx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1569550804; bh=EGT7Ot7O+X8oIMUHEFSP3qRTPQGX7ah1yrdsAJLnBlg=; h=Cc:Date:From:Reply-To:Subject:To; b=mKWWOjWPhTpaJpJS9ORzRMJEZ+v5AskP9SSLwMC7HgHm5w7e01ANSnGkF8gWXf9vCM4 AGTEFL9P+gyTcxiwawsB8J21T2vpVRCxwUo0ozZ8aHsoyQ4A8jEKo94n1zoDwk040IA3F R16RjakfYVzLbmovW+Y3fpyDjvWbN+++lEs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1546 This patch implements the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL in the ScsiDiskDxe driver. Support is currently limited to the RPMB Well-known LUN for UFS devices. Cc: Michael D Kinney Cc: Jiewen Yao Cc: Jian J Wang Cc: Liming Gao Signed-off-by: Christopher J Zurcher Reviewed-by: Hao A Wu --- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf | 3 +- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h | 171 +++++- MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c | 616 ++++++++++++++++++= +- 3 files changed, 774 insertions(+), 16 deletions(-) diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf b/MdeModuleP= kg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf index 5500d828e9..40818e669b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf @@ -3,7 +3,7 @@ # It detects the SCSI disk media and installs Block I/O and Block I/O2 Pr= otocol on # the device handle. # -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -52,6 +52,7 @@ gEfiBlockIoProtocolGuid ## BY_START gEfiBlockIo2ProtocolGuid ## BY_START gEfiEraseBlockProtocolGuid ## BY_START + gEfiStorageSecurityCommandProtocolGuid ## BY_START gEfiScsiIoProtocolGuid ## TO_START gEfiScsiPassThruProtocolGuid ## TO_START gEfiExtScsiPassThruProtocolGuid ## TO_START diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h b/MdeModulePkg/Bu= s/Scsi/ScsiDiskDxe/ScsiDisk.h index 42c0aaaa95..2d8679ec6f 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.h @@ -1,7 +1,7 @@ /** @file Header file for SCSI Disk Driver. =20 -Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2004 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -22,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include =20 =20 #include @@ -38,6 +39,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #define IS_DEVICE_FIXED(a) (a)->FixedDevice ? 1 : 0 =20 +#define IS_ALIGNED(addr, size) (((UINTN) (addr) & (size - 1)) =3D=3D 0) + +#define UFS_WLUN_RPMB 0xC4 + typedef struct { UINT32 MaxLbaCnt; UINT32 MaxBlkDespCnt; @@ -51,6 +56,8 @@ typedef struct { =20 EFI_HANDLE Handle; =20 + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL StorageSecurity; + EFI_BLOCK_IO_PROTOCOL BlkIo; EFI_BLOCK_IO2_PROTOCOL BlkIo2; EFI_BLOCK_IO_MEDIA BlkIoMedia; @@ -95,6 +102,7 @@ typedef struct { #define SCSI_DISK_DEV_FROM_BLKIO(a) CR (a, SCSI_DISK_DEV, BlkIo, SCSI_DIS= K_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_BLKIO2(a) CR (a, SCSI_DISK_DEV, BlkIo2, SCSI_D= ISK_DEV_SIGNATURE) #define SCSI_DISK_DEV_FROM_ERASEBLK(a) CR (a, SCSI_DISK_DEV, EraseBlock, = SCSI_DISK_DEV_SIGNATURE) +#define SCSI_DISK_DEV_FROM_STORSEC(a) CR (a, SCSI_DISK_DEV, StorageSecuri= ty, SCSI_DISK_DEV_SIGNATURE) =20 #define SCSI_DISK_DEV_FROM_DISKINFO(a) CR (a, SCSI_DISK_DEV, DiskInfo, SCS= I_DISK_DEV_SIGNATURE) =20 @@ -638,6 +646,151 @@ ScsiDiskEraseBlocks ( ); =20 =20 +/** + Send a security protocol command to a device that receives data and/or t= he result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given = MediaId. + The security protocol command sent is defined by SecurityProtocolId and = contains + the security protocol specific data SecurityProtocolSpecificData. The fu= nction + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol comma= nd is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the s= ecurity + protocol command, the function shall copy PayloadBufferSize bytes into t= he + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is= non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the fu= nction shall + return EFI_UNSUPPORTED. If there is no media in the device, the function= returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the = device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, th= e function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the functio= n shall + return EFI_SUCCESS. If the security protocol command completes with an e= rror, the + function shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling = context. + @param MediaId ID of the medium to receive data fr= om. + @param Timeout The timeout, in 100ns units, to use= for the execution + of the security protocol command. A= Timeout value of 0 + means that this function will wait = indefinitely for the + security protocol command to execut= e. If Timeout is greater + than zero, then this function will = return EFI_TIMEOUT if the + time required to execute the receiv= e data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol= " parameter of + the security protocol command to be= sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol= Specific" parameter + of the security protocol command to= be sent. + @param PayloadBufferSize Size in bytes of the payload data b= uffer. + @param PayloadBuffer A pointer to a destination buffer t= o store the security + protocol command specific payload d= ata for the security + protocol command. The caller is res= ponsible for having + either implicit or explicit ownersh= ip of the buffer. + @param PayloadTransferSize A pointer to a buffer to store the = size in bytes of the + data written to the payload data bu= ffer. + + @retval EFI_SUCCESS The security protocol command compl= eted successfully. + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small= to store the available + data from the device. The PayloadBu= ffer contains the truncated data. + @retval EFI_UNSUPPORTED The given MediaId does not support = security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command compl= eted with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current = media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransfe= rSize is NULL and + PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the security + protocol command to execute. + +**/ +EFI_STATUS +EFIAPI +ScsiDiskReceiveData ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId OPTIONAL, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize + ); + +/** + Send a security protocol command to a device. + + The SendData function sends a security protocol command containing the p= ayload + PayloadBuffer to the given MediaId. The security protocol command sent is + defined by SecurityProtocolId and contains the security protocol specifi= c data + SecurityProtocolSpecificData. If the underlying protocol command require= s a + specific padding for the command payload, the SendData function shall ad= d padding + bytes to the command payload to satisfy the padding requirements. + + For devices supporting the SCSI command set, the security protocol comma= nd is sent + using the SECURITY PROTOCOL OUT command defined in SPC-4. + + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function= shall + return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the fu= nction + shall return EFI_UNSUPPORTED. If there is no media in the device, the fu= nction + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media= in the + device, the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, th= e function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the functio= n shall return + EFI_SUCCESS. If the security protocol command completes with an error, t= he function + shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling = context. + @param MediaId ID of the medium to receive data fr= om. + @param Timeout The timeout, in 100ns units, to use= for the execution + of the security protocol command. A= Timeout value of 0 + means that this function will wait = indefinitely for the + security protocol command to execut= e. If Timeout is greater + than zero, then this function will = return EFI_TIMEOUT if the + time required to execute the receiv= e data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol= " parameter of + the security protocol command to be= sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol= Specific" parameter + of the security protocol command to= be sent. + @param PayloadBufferSize Size in bytes of the payload data b= uffer. + @param PayloadBuffer A pointer to a destination buffer t= o store the security + protocol command specific payload d= ata for the security + protocol command. + + @retval EFI_SUCCESS The security protocol command compl= eted successfully. + @retval EFI_UNSUPPORTED The given MediaId does not support = security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command compl= eted with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current = media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and Paylo= adBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the security + protocol command to execute. + +**/ +EFI_STATUS +EFIAPI +ScsiDiskSendData ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId OPTIONAL, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer + ); + + /** Provides inquiry information for the controller type. =20 @@ -1428,4 +1581,20 @@ DetermineInstallEraseBlock ( IN EFI_HANDLE ChildHandle ); =20 +/** + Determine if EFI Storage Security Command Protocol should be produced. + + @param ScsiDiskDevice The pointer of SCSI_DISK_DEV. + @param ChildHandle Handle of device. + + @retval TRUE Should produce EFI Storage Security Command Protocol. + @retval FALSE Should not produce EFI Storage Security Command Protoco= l. + +**/ +BOOLEAN +DetermineInstallStorageSecurity ( + IN SCSI_DISK_DEV *ScsiDiskDevice, + IN EFI_HANDLE ChildHandle + ); + #endif diff --git a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c b/MdeModulePkg/Bu= s/Scsi/ScsiDiskDxe/ScsiDisk.c index fbdf927a11..6bfcf03a4b 100644 --- a/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c +++ b/MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDisk.c @@ -1,7 +1,7 @@ /** @file SCSI disk driver that layers on every SCSI IO protocol in the system. =20 -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -151,7 +151,9 @@ ScsiDiskDriverBindingSupported ( =20 Status =3D ScsiIo->GetDeviceType (ScsiIo, &DeviceType); if (!EFI_ERROR (Status)) { - if ((DeviceType =3D=3D EFI_SCSI_TYPE_DISK) || (DeviceType =3D=3D EFI_S= CSI_TYPE_CDROM)) { + if ((DeviceType =3D=3D EFI_SCSI_TYPE_DISK) || + (DeviceType =3D=3D EFI_SCSI_TYPE_CDROM) || + (DeviceType =3D=3D EFI_SCSI_TYPE_WLUN)) { Status =3D EFI_SUCCESS; } else { Status =3D EFI_UNSUPPORTED; @@ -238,6 +240,8 @@ ScsiDiskDriverBindingStart ( ScsiDiskDevice->BlkIo2.ReadBlocksEx =3D ScsiDiskReadBlocks= Ex; ScsiDiskDevice->BlkIo2.WriteBlocksEx =3D ScsiDiskWriteBlock= sEx; ScsiDiskDevice->BlkIo2.FlushBlocksEx =3D ScsiDiskFlushBlock= sEx; + ScsiDiskDevice->StorageSecurity.ReceiveData =3D ScsiDiskReceiveDat= a; + ScsiDiskDevice->StorageSecurity.SendData =3D ScsiDiskSendData; ScsiDiskDevice->EraseBlock.Revision =3D EFI_ERASE_BLOCK_PR= OTOCOL_REVISION; ScsiDiskDevice->EraseBlock.EraseLengthGranularity =3D 1; ScsiDiskDevice->EraseBlock.EraseBlocks =3D ScsiDiskEraseBlock= s; @@ -258,6 +262,10 @@ ScsiDiskDriverBindingStart ( ScsiDiskDevice->BlkIo.Media->ReadOnly =3D TRUE; MustReadCapacity =3D FALSE; break; + + case EFI_SCSI_TYPE_WLUN: + MustReadCapacity =3D FALSE; + break; } // // The Sense Data Array's initial size is 6 @@ -309,8 +317,8 @@ ScsiDiskDriverBindingStart ( // Determine if Block IO & Block IO2 should be produced on this contro= ller // handle // - if (DetermineInstallBlockIo(Controller)) { - InitializeInstallDiskInfo(ScsiDiskDevice, Controller); + if (DetermineInstallBlockIo (Controller)) { + InitializeInstallDiskInfo (ScsiDiskDevice, Controller); Status =3D gBS->InstallMultipleProtocolInterfaces ( &Controller, &gEfiBlockIoProtocolGuid, @@ -321,16 +329,27 @@ ScsiDiskDriverBindingStart ( &ScsiDiskDevice->DiskInfo, NULL ); - if (!EFI_ERROR(Status)) { - if (DetermineInstallEraseBlock(ScsiDiskDevice, Controller)) { + if (!EFI_ERROR (Status)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, Controller)) { Status =3D gBS->InstallProtocolInterface ( &Controller, &gEfiEraseBlockProtocolGuid, EFI_NATIVE_INTERFACE, &ScsiDiskDevice->EraseBlock ); - if (EFI_ERROR(Status)) { - DEBUG ((EFI_D_ERROR, "ScsiDisk: Failed to install the Erase Bl= ock Protocol! Status =3D %r\n", Status)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "ScsiDisk: Failed to install the Erase Bl= ock Protocol! Status =3D %r\n", Status)); + } + } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, Controller)) { + Status =3D gBS->InstallProtocolInterface ( + &Controller, + &gEfiStorageSecurityCommandProtocolGuid, + EFI_NATIVE_INTERFACE, + &ScsiDiskDevice->StorageSecurity + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "ScsiDisk: Failed to install the Storage = Security Command Protocol! Status =3D %r\n", Status)); } } ScsiDiskDevice->ControllerNameTable =3D NULL; @@ -585,7 +604,7 @@ ScsiDiskReadBlocks ( &ScsiDiskDevice->BlkIo2, &ScsiDiskDevice->BlkIo2 ); - if (DetermineInstallEraseBlock(ScsiDiskDevice, ScsiDiskDevice->Handl= e)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { gBS->ReinstallProtocolInterface ( ScsiDiskDevice->Handle, &gEfiEraseBlockProtocolGuid, @@ -593,6 +612,14 @@ ScsiDiskReadBlocks ( &ScsiDiskDevice->EraseBlock ); } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } if (Media->MediaPresent) { Status =3D EFI_MEDIA_CHANGED; } else { @@ -606,6 +633,11 @@ ScsiDiskReadBlocks ( // BlockSize =3D Media->BlockSize; =20 + if (BlockSize =3D=3D 0) { + Status =3D EFI_DEVICE_ERROR; + goto Done; + } + NumberOfBlocks =3D BufferSize / BlockSize; =20 if (!(Media->MediaPresent)) { @@ -721,7 +753,7 @@ ScsiDiskWriteBlocks ( &ScsiDiskDevice->BlkIo2, &ScsiDiskDevice->BlkIo2 ); - if (DetermineInstallEraseBlock(ScsiDiskDevice, ScsiDiskDevice->Handl= e)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { gBS->ReinstallProtocolInterface ( ScsiDiskDevice->Handle, &gEfiEraseBlockProtocolGuid, @@ -729,6 +761,14 @@ ScsiDiskWriteBlocks ( &ScsiDiskDevice->EraseBlock ); } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } if (Media->MediaPresent) { Status =3D EFI_MEDIA_CHANGED; } else { @@ -742,6 +782,11 @@ ScsiDiskWriteBlocks ( // BlockSize =3D Media->BlockSize; =20 + if (BlockSize =3D=3D 0) { + Status =3D EFI_DEVICE_ERROR; + goto Done; + } + NumberOfBlocks =3D BufferSize / BlockSize; =20 if (!(Media->MediaPresent)) { @@ -947,7 +992,7 @@ ScsiDiskReadBlocksEx ( &ScsiDiskDevice->BlkIo2, &ScsiDiskDevice->BlkIo2 ); - if (DetermineInstallEraseBlock(ScsiDiskDevice, ScsiDiskDevice->Handl= e)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { gBS->ReinstallProtocolInterface ( ScsiDiskDevice->Handle, &gEfiEraseBlockProtocolGuid, @@ -955,6 +1000,14 @@ ScsiDiskReadBlocksEx ( &ScsiDiskDevice->EraseBlock ); } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } if (Media->MediaPresent) { Status =3D EFI_MEDIA_CHANGED; } else { @@ -968,6 +1021,11 @@ ScsiDiskReadBlocksEx ( // BlockSize =3D Media->BlockSize; =20 + if (BlockSize =3D=3D 0) { + Status =3D EFI_DEVICE_ERROR; + goto Done; + } + NumberOfBlocks =3D BufferSize / BlockSize; =20 if (!(Media->MediaPresent)) { @@ -1110,7 +1168,7 @@ ScsiDiskWriteBlocksEx ( &ScsiDiskDevice->BlkIo2, &ScsiDiskDevice->BlkIo2 ); - if (DetermineInstallEraseBlock(ScsiDiskDevice, ScsiDiskDevice->Handl= e)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { gBS->ReinstallProtocolInterface ( ScsiDiskDevice->Handle, &gEfiEraseBlockProtocolGuid, @@ -1118,6 +1176,14 @@ ScsiDiskWriteBlocksEx ( &ScsiDiskDevice->EraseBlock ); } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } if (Media->MediaPresent) { Status =3D EFI_MEDIA_CHANGED; } else { @@ -1131,6 +1197,11 @@ ScsiDiskWriteBlocksEx ( // BlockSize =3D Media->BlockSize; =20 + if (BlockSize =3D=3D 0) { + Status =3D EFI_DEVICE_ERROR; + goto Done; + } + NumberOfBlocks =3D BufferSize / BlockSize; =20 if (!(Media->MediaPresent)) { @@ -1263,7 +1334,7 @@ ScsiDiskFlushBlocksEx ( &ScsiDiskDevice->BlkIo2, &ScsiDiskDevice->BlkIo2 ); - if (DetermineInstallEraseBlock(ScsiDiskDevice, ScsiDiskDevice->Handl= e)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { gBS->ReinstallProtocolInterface ( ScsiDiskDevice->Handle, &gEfiEraseBlockProtocolGuid, @@ -1271,6 +1342,14 @@ ScsiDiskFlushBlocksEx ( &ScsiDiskDevice->EraseBlock ); } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } if (Media->MediaPresent) { Status =3D EFI_MEDIA_CHANGED; } else { @@ -1644,7 +1723,7 @@ ScsiDiskEraseBlocks ( &ScsiDiskDevice->BlkIo2, &ScsiDiskDevice->BlkIo2 ); - if (DetermineInstallEraseBlock(ScsiDiskDevice, ScsiDiskDevice->Handl= e)) { + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { gBS->ReinstallProtocolInterface ( ScsiDiskDevice->Handle, &gEfiEraseBlockProtocolGuid, @@ -1652,6 +1731,14 @@ ScsiDiskEraseBlocks ( &ScsiDiskDevice->EraseBlock ); } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } Status =3D EFI_MEDIA_CHANGED; goto Done; } @@ -1708,6 +1795,431 @@ Done: return Status; } =20 +/** + Send a security protocol command to a device that receives data and/or t= he result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given = MediaId. + The security protocol command sent is defined by SecurityProtocolId and = contains + the security protocol specific data SecurityProtocolSpecificData. The fu= nction + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol comma= nd is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + If PayloadBufferSize is too small to store the available data from the s= ecurity + protocol command, the function shall copy PayloadBufferSize bytes into t= he + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is= non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the fu= nction shall + return EFI_UNSUPPORTED. If there is no media in the device, the function= returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the = device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, th= e function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the functio= n shall + return EFI_SUCCESS. If the security protocol command completes with an e= rror, the + function shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling = context. + @param MediaId ID of the medium to receive data fr= om. + @param Timeout The timeout, in 100ns units, to use= for the execution + of the security protocol command. A= Timeout value of 0 + means that this function will wait = indefinitely for the + security protocol command to execut= e. If Timeout is greater + than zero, then this function will = return EFI_TIMEOUT if the + time required to execute the receiv= e data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol= " parameter of + the security protocol command to be= sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol= Specific" parameter + of the security protocol command to= be sent. + @param PayloadBufferSize Size in bytes of the payload data b= uffer. + @param PayloadBuffer A pointer to a destination buffer t= o store the security + protocol command specific payload d= ata for the security + protocol command. The caller is res= ponsible for having + either implicit or explicit ownersh= ip of the buffer. + @param PayloadTransferSize A pointer to a buffer to store the = size in bytes of the + data written to the payload data bu= ffer. + + @retval EFI_SUCCESS The security protocol command compl= eted successfully. + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small= to store the available + data from the device. The PayloadBu= ffer contains the truncated data. + @retval EFI_UNSUPPORTED The given MediaId does not support = security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command compl= eted with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current = media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransfe= rSize is NULL and + PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the security + protocol command to execute. + +**/ +EFI_STATUS +EFIAPI +ScsiDiskReceiveData ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId OPTIONAL, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize + ) +{ + SCSI_DISK_DEV *ScsiDiskDevice; + EFI_BLOCK_IO_MEDIA *Media; + EFI_STATUS Status; + BOOLEAN MediaChange; + EFI_TPL OldTpl; + UINT8 SenseDataLength; + UINT8 HostAdapterStatus; + UINT8 TargetStatus; + VOID *AlignedBuffer; + BOOLEAN AlignedBufferAllocated; + + AlignedBuffer =3D NULL; + MediaChange =3D FALSE; + AlignedBufferAllocated =3D FALSE; + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); + ScsiDiskDevice =3D SCSI_DISK_DEV_FROM_STORSEC (This); + Media =3D ScsiDiskDevice->BlkIo.Media; + + SenseDataLength =3D (UINT8) (ScsiDiskDevice->SenseDataNumber * sizeof (E= FI_SCSI_SENSE_DATA)); + + if (!IS_DEVICE_FIXED (ScsiDiskDevice)) { + Status =3D ScsiDiskDetectMedia (ScsiDiskDevice, FALSE, &MediaChange); + if (EFI_ERROR (Status)) { + Status =3D EFI_DEVICE_ERROR; + goto Done; + } + + if (MediaChange) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiBlockIoProtocolGuid, + &ScsiDiskDevice->BlkIo, + &ScsiDiskDevice->BlkIo + ); + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiBlockIo2ProtocolGuid, + &ScsiDiskDevice->BlkIo2, + &ScsiDiskDevice->BlkIo2 + ); + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiEraseBlockProtocolGuid, + &ScsiDiskDevice->EraseBlock, + &ScsiDiskDevice->EraseBlock + ); + } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } + if (Media->MediaPresent) { + Status =3D EFI_MEDIA_CHANGED; + } else { + Status =3D EFI_NO_MEDIA; + } + goto Done; + } + } + + // + // Validate Media + // + if (!(Media->MediaPresent)) { + Status =3D EFI_NO_MEDIA; + goto Done; + } + + if ((MediaId !=3D 0) && (MediaId !=3D Media->MediaId)) { + Status =3D EFI_MEDIA_CHANGED; + goto Done; + } + + if (PayloadBufferSize !=3D 0) { + if ((PayloadBuffer =3D=3D NULL) || (PayloadTransferSize =3D=3D NULL)) { + Status =3D EFI_INVALID_PARAMETER; + goto Done; + } + + if ((ScsiDiskDevice->ScsiIo->IoAlign > 1) && !IS_ALIGNED (PayloadBuffe= r, ScsiDiskDevice->ScsiIo->IoAlign)) { + AlignedBuffer =3D AllocateAlignedBuffer (ScsiDiskDevice, PayloadBuff= erSize); + if (AlignedBuffer =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + ZeroMem (AlignedBuffer, PayloadBufferSize); + AlignedBufferAllocated =3D TRUE; + } else { + AlignedBuffer =3D PayloadBuffer; + } + } + + Status =3D ScsiSecurityProtocolInCommand ( + ScsiDiskDevice->ScsiIo, + Timeout, + ScsiDiskDevice->SenseData, + &SenseDataLength, + &HostAdapterStatus, + &TargetStatus, + SecurityProtocolId, + SecurityProtocolSpecificData, + FALSE, + PayloadBufferSize, + AlignedBuffer, + PayloadTransferSize + ); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (AlignedBufferAllocated) { + CopyMem (PayloadBuffer, AlignedBuffer, PayloadBufferSize); + } + + if (PayloadBufferSize < *PayloadTransferSize) { + Status =3D EFI_WARN_BUFFER_TOO_SMALL; + goto Done; + } + + Status =3D CheckHostAdapterStatus (HostAdapterStatus); + if (EFI_ERROR (Status)) { + goto Done; + } + + Status =3D CheckTargetStatus (TargetStatus); + if (EFI_ERROR (Status)) { + goto Done; + } + +Done: + if (AlignedBufferAllocated) { + ZeroMem (AlignedBuffer, PayloadBufferSize); + FreeAlignedBuffer (AlignedBuffer, PayloadBufferSize); + } + gBS->RestoreTPL (OldTpl); + return Status; +} + +/** + Send a security protocol command to a device. + + The SendData function sends a security protocol command containing the p= ayload + PayloadBuffer to the given MediaId. The security protocol command sent is + defined by SecurityProtocolId and contains the security protocol specifi= c data + SecurityProtocolSpecificData. If the underlying protocol command require= s a + specific padding for the command payload, the SendData function shall ad= d padding + bytes to the command payload to satisfy the padding requirements. + + For devices supporting the SCSI command set, the security protocol comma= nd is sent + using the SECURITY PROTOCOL OUT command defined in SPC-4. + + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function= shall + return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the fu= nction + shall return EFI_UNSUPPORTED. If there is no media in the device, the fu= nction + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media= in the + device, the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, th= e function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the functio= n shall return + EFI_SUCCESS. If the security protocol command completes with an error, t= he function + shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling = context. + @param MediaId ID of the medium to receive data fr= om. + @param Timeout The timeout, in 100ns units, to use= for the execution + of the security protocol command. A= Timeout value of 0 + means that this function will wait = indefinitely for the + security protocol command to execut= e. If Timeout is greater + than zero, then this function will = return EFI_TIMEOUT if the + time required to execute the receiv= e data command is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol= " parameter of + the security protocol command to be= sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol= Specific" parameter + of the security protocol command to= be sent. + @param PayloadBufferSize Size in bytes of the payload data b= uffer. + @param PayloadBuffer A pointer to a destination buffer t= o store the security + protocol command specific payload d= ata for the security + protocol command. + + @retval EFI_SUCCESS The security protocol command compl= eted successfully. + @retval EFI_UNSUPPORTED The given MediaId does not support = security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command compl= eted with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current = media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and Paylo= adBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting fo= r the security + protocol command to execute. + +**/ +EFI_STATUS +EFIAPI +ScsiDiskSendData ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId OPTIONAL, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer + ) +{ + SCSI_DISK_DEV *ScsiDiskDevice; + EFI_BLOCK_IO_MEDIA *Media; + EFI_STATUS Status; + BOOLEAN MediaChange; + EFI_TPL OldTpl; + UINT8 SenseDataLength; + UINT8 HostAdapterStatus; + UINT8 TargetStatus; + VOID *AlignedBuffer; + BOOLEAN AlignedBufferAllocated; + + AlignedBuffer =3D NULL; + MediaChange =3D FALSE; + AlignedBufferAllocated =3D FALSE; + OldTpl =3D gBS->RaiseTPL (TPL_CALLBACK); + ScsiDiskDevice =3D SCSI_DISK_DEV_FROM_STORSEC (This); + Media =3D ScsiDiskDevice->BlkIo.Media; + + SenseDataLength =3D (UINT8) (ScsiDiskDevice->SenseDataNumber * sizeof (E= FI_SCSI_SENSE_DATA)); + + if (!IS_DEVICE_FIXED (ScsiDiskDevice)) { + Status =3D ScsiDiskDetectMedia (ScsiDiskDevice, FALSE, &MediaChange); + if (EFI_ERROR (Status)) { + Status =3D EFI_DEVICE_ERROR; + goto Done; + } + + if (MediaChange) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiBlockIoProtocolGuid, + &ScsiDiskDevice->BlkIo, + &ScsiDiskDevice->BlkIo + ); + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiBlockIo2ProtocolGuid, + &ScsiDiskDevice->BlkIo2, + &ScsiDiskDevice->BlkIo2 + ); + if (DetermineInstallEraseBlock (ScsiDiskDevice, ScsiDiskDevice->Hand= le)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiEraseBlockProtocolGuid, + &ScsiDiskDevice->EraseBlock, + &ScsiDiskDevice->EraseBlock + ); + } + if (DetermineInstallStorageSecurity (ScsiDiskDevice, ScsiDiskDevice-= >Handle)) { + gBS->ReinstallProtocolInterface ( + ScsiDiskDevice->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + &ScsiDiskDevice->StorageSecurity, + &ScsiDiskDevice->StorageSecurity + ); + } + if (Media->MediaPresent) { + Status =3D EFI_MEDIA_CHANGED; + } else { + Status =3D EFI_NO_MEDIA; + } + goto Done; + } + } + + // + // Validate Media + // + if (!(Media->MediaPresent)) { + Status =3D EFI_NO_MEDIA; + goto Done; + } + + if ((MediaId !=3D 0) && (MediaId !=3D Media->MediaId)) { + Status =3D EFI_MEDIA_CHANGED; + goto Done; + } + + if (Media->ReadOnly) { + Status =3D EFI_WRITE_PROTECTED; + goto Done; + } + + if (PayloadBufferSize !=3D 0) { + if (PayloadBuffer =3D=3D NULL) { + Status =3D EFI_INVALID_PARAMETER; + goto Done; + } + + if ((ScsiDiskDevice->ScsiIo->IoAlign > 1) && !IS_ALIGNED (PayloadBuffe= r, ScsiDiskDevice->ScsiIo->IoAlign)) { + AlignedBuffer =3D AllocateAlignedBuffer (ScsiDiskDevice, PayloadBuff= erSize); + if (AlignedBuffer =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + CopyMem (AlignedBuffer, PayloadBuffer, PayloadBufferSize); + AlignedBufferAllocated =3D TRUE; + } else { + AlignedBuffer =3D PayloadBuffer; + } + } + + Status =3D ScsiSecurityProtocolOutCommand ( + ScsiDiskDevice->ScsiIo, + Timeout, + ScsiDiskDevice->SenseData, + &SenseDataLength, + &HostAdapterStatus, + &TargetStatus, + SecurityProtocolId, + SecurityProtocolSpecificData, + FALSE, + PayloadBufferSize, + AlignedBuffer + ); + if (EFI_ERROR (Status)) { + goto Done; + } + + Status =3D CheckHostAdapterStatus (HostAdapterStatus); + if (EFI_ERROR (Status)) { + goto Done; + } + + Status =3D CheckTargetStatus (TargetStatus); + if (EFI_ERROR (Status)) { + goto Done; + } + +Done: + if (AlignedBufferAllocated) { + ZeroMem (AlignedBuffer, PayloadBufferSize); + FreeAlignedBuffer (AlignedBuffer, PayloadBufferSize); + } + gBS->RestoreTPL (OldTpl); + return Status; +} + =20 /** Detect Device and read out capacity ,if error occurs, parse the sense ke= y. @@ -1812,6 +2324,15 @@ ScsiDiskDetectMedia ( NeedReadCapacity =3D TRUE; } =20 + // + // READ_CAPACITY command is not supported by any of the UFS WLUNs. + // + if (ScsiDiskDevice->DeviceType =3D=3D EFI_SCSI_TYPE_WLUN) { + NeedReadCapacity =3D FALSE; + MustReadCapacity =3D FALSE; + ScsiDiskDevice->BlkIo.Media->MediaPresent =3D TRUE; + } + // // either NeedReadCapacity is TRUE, or MustReadCapacity is TRUE, // retrieve capacity via Read Capacity command @@ -5358,6 +5879,14 @@ DetermineInstallEraseBlock ( RetVal =3D TRUE; CapacityData16 =3D NULL; =20 + // + // UNMAP command is not supported by any of the UFS WLUNs. + // + if (ScsiDiskDevice->DeviceType =3D=3D EFI_SCSI_TYPE_WLUN) { + RetVal =3D FALSE; + goto Done; + } + Status =3D gBS->HandleProtocol ( ChildHandle, &gEfiDevicePathProtocolGuid, @@ -5460,6 +5989,65 @@ Done: return RetVal; } =20 +/** + Determine if EFI Storage Security Command Protocol should be produced. + + @param ScsiDiskDevice The pointer of SCSI_DISK_DEV. + @param ChildHandle Handle of device. + + @retval TRUE Should produce EFI Storage Security Command Protocol. + @retval FALSE Should not produce EFI Storage Security Command Protoco= l. + +**/ +BOOLEAN +DetermineInstallStorageSecurity ( + IN SCSI_DISK_DEV *ScsiDiskDevice, + IN EFI_HANDLE ChildHandle + ) +{ + EFI_STATUS Status; + UFS_DEVICE_PATH *UfsDevice; + BOOLEAN RetVal; + EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; + + UfsDevice =3D NULL; + RetVal =3D TRUE; + + Status =3D gBS->HandleProtocol ( + ChildHandle, + &gEfiDevicePathProtocolGuid, + (VOID **) &DevicePathNode + ); + // + // Device Path protocol must be installed on the device handle. + // + ASSERT_EFI_ERROR (Status); + + while (!IsDevicePathEndType (DevicePathNode)) { + // + // For now, only support Storage Security Command Protocol on UFS devi= ces. + // + if ((DevicePathNode->Type =3D=3D MESSAGING_DEVICE_PATH) && + (DevicePathNode->SubType =3D=3D MSG_UFS_DP)) { + UfsDevice =3D (UFS_DEVICE_PATH *) DevicePathNode; + break; + } + + DevicePathNode =3D NextDevicePathNode (DevicePathNode); + } + if (UfsDevice =3D=3D NULL) { + RetVal =3D FALSE; + goto Done; + } + + if (UfsDevice->Lun !=3D UFS_WLUN_RPMB) { + RetVal =3D FALSE; + } + +Done: + return RetVal; +} + /** Provides inquiry information for the controller type. =20 --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#48179): https://edk2.groups.io/g/devel/message/48179 Mute This Topic: https://groups.io/mt/34306982/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-