From: Maggie Chu <maggie.chu@intel.com>
https://bugzilla.tianocore.org/show_bug.cgi?id=3004
Secure erase is performed by generating a new encryption key,
this is only available if encryption is supported.
This commit will hide "secure erase" option from setup page
if connected device doesn't support encryption.
Signed-off-by: Maggie Chu <maggie.chu@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
index b5b6aec98c..bf5e374163 100644
--- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
+++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
@@ -88,7 +88,11 @@ OpalSupportGetAvailableActions(
// Secure erase is performed by generating a new encryption key
// this is only available if encryption is supported
//
- AvalDiskActions->SecureErase = 1;
+ if (SupportedAttributes->MediaEncryption) {
+ AvalDiskActions->SecureErase = 1;
+ } else {
+ AvalDiskActions->SecureErase = 0;
+ }
} else {
AvalDiskActions->PsidRevert = 0;
AvalDiskActions->SecureErase = 0;
--
2.16.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#66237): https://edk2.groups.io/g/devel/message/66237
Mute This Topic: https://groups.io/mt/77523234/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Thanks Maggie. My feeling is that it is weird and unnecessary to put MediaEncryption check under (PyriteSscV2 || MediaEncryption) =============== if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) { if (SupportedAttributes->MediaEncryption) { } } =============== Is that necessary to check PyriteSscV2 for SecureErase ? If it is not needed, can we write code in below way to make logic clear? =============== if (SupportedAttributes->PyriteSscV2) { ... } else { ... } if (SupportedAttributes->MediaEncryption) { ... } else { ... } =============== > -----Original Message----- > From: Chu, Maggie <maggie.chu@intel.com> > Sent: Thursday, October 15, 2020 3:15 PM > To: devel@edk2.groups.io > Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>; > Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; > Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com> > Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if > encryption is supported > > From: Maggie Chu <maggie.chu@intel.com> > > https://bugzilla.tianocore.org/show_bug.cgi?id=3004 > > Secure erase is performed by generating a new encryption key, > this is only available if encryption is supported. > This commit will hide "secure erase" option from setup page > if connected device doesn't support encryption. > > Signed-off-by: Maggie Chu <maggie.chu@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > --- > SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > index b5b6aec98c..bf5e374163 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions( > // Secure erase is performed by generating a new encryption key > > // this is only available if encryption is supported > > // > > - AvalDiskActions->SecureErase = 1; > > + if (SupportedAttributes->MediaEncryption) { > > + AvalDiskActions->SecureErase = 1; > > + } else { > > + AvalDiskActions->SecureErase = 0; > > + } > > } else { > > AvalDiskActions->PsidRevert = 0; > > AvalDiskActions->SecureErase = 0; > > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66575): https://edk2.groups.io/g/devel/message/66575 Mute This Topic: https://groups.io/mt/77523234/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Eric Dong <eric.dong@intel.com> -----Original Message----- From: Chu, Maggie <maggie.chu@intel.com> Sent: Thursday, October 15, 2020 3:15 PM To: devel@edk2.groups.io Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com> Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if encryption is supported From: Maggie Chu <maggie.chu@intel.com> https://bugzilla.tianocore.org/show_bug.cgi?id=3004 Secure erase is performed by generating a new encryption key, this is only available if encryption is supported. This commit will hide "secure erase" option from setup page if connected device doesn't support encryption. Signed-off-by: Maggie Chu <maggie.chu@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> --- SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c index b5b6aec98c..bf5e374163 100644 --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions( // Secure erase is performed by generating a new encryption key // this is only available if encryption is supported // - AvalDiskActions->SecureErase = 1; + if (SupportedAttributes->MediaEncryption) { + AvalDiskActions->SecureErase = 1; + } else { + AvalDiskActions->SecureErase = 0; + } } else { AvalDiskActions->PsidRevert = 0; AvalDiskActions->SecureErase = 0; -- 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66296): https://edk2.groups.io/g/devel/message/66296 Mute This Topic: https://groups.io/mt/77523234/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > -----Original Message----- > From: Chu, Maggie <maggie.chu@intel.com> > Sent: Thursday, October 15, 2020 3:15 PM > To: devel@edk2.groups.io > Cc: Chu, Maggie <maggie.chu@intel.com>; Dong, Eric <eric.dong@intel.com>; > Wang, Jian J <jian.j.wang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; > Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com> > Subject: [PATCH] SecurityPkg/OpalPassword: Secure erase is available if > encryption is supported > > From: Maggie Chu <maggie.chu@intel.com> > > https://bugzilla.tianocore.org/show_bug.cgi?id=3004 > > Secure erase is performed by generating a new encryption key, > this is only available if encryption is supported. > This commit will hide "secure erase" option from setup page > if connected device doesn't support encryption. > > Signed-off-by: Maggie Chu <maggie.chu@intel.com> > Cc: Eric Dong <eric.dong@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > --- > SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > index b5b6aec98c..bf5e374163 100644 > --- a/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > +++ b/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c > @@ -88,7 +88,11 @@ OpalSupportGetAvailableActions( > // Secure erase is performed by generating a new encryption key > > // this is only available if encryption is supported > > // > > - AvalDiskActions->SecureErase = 1; > > + if (SupportedAttributes->MediaEncryption) { > > + AvalDiskActions->SecureErase = 1; > > + } else { > > + AvalDiskActions->SecureErase = 0; > > + } > > } else { > > AvalDiskActions->PsidRevert = 0; > > AvalDiskActions->SecureErase = 0; > > -- > 2.16.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#66254): https://edk2.groups.io/g/devel/message/66254 Mute This Topic: https://groups.io/mt/77523234/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.