1 files changed, 28 insertions, 22 deletions

diff --git a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
index 7674ee5..cc8d5ef 100644
--- a/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
+++ b/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c
@@ -814,6 +814,7 @@ OpalSetLockingSpAuthorityEnabledAndPin(
   TCG_PARSE_STRUCT  ParseStruct;

   UINT32            Size;

   TCG_UID           ActiveKey;

+  TCG_RESULT        Ret;

 

   NULL_CHECK(LockingSpSession);

   NULL_CHECK(NewPin);

@@ -901,30 +902,35 @@ OpalSetLockingSpAuthorityEnabledAndPin(
   ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size));

   ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));

 

-  ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey));

-

-  ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));

-  ERROR_CHECK(TcgCreateSetAce(

-                  &CreateStruct,

-                  &Size,

-                  LockingSpSession->OpalBaseComId,

-                  LockingSpSession->ComIdExtension,

-                  LockingSpSession->TperSessionId,

-                  LockingSpSession->HostSessionId,

-                  (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,

-                  OPAL_LOCKING_SP_USER1_AUTHORITY,

-                  TCG_ACE_EXPRESSION_OR,

-                  OPAL_LOCKING_SP_ADMINS_AUTHORITY

-              ));

+  //

+  // For Pyrite type SSC, it not supports Active Key. 

+  // So here add check logic before enable it.

+  //

+  Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey);

+  if (Ret == TcgResultSuccess) {

+    ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));

+    ERROR_CHECK(TcgCreateSetAce(

+                    &CreateStruct,

+                    &Size,

+                    LockingSpSession->OpalBaseComId,

+                    LockingSpSession->ComIdExtension,

+                    LockingSpSession->TperSessionId,

+                    LockingSpSession->HostSessionId,

+                    (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY,

+                    OPAL_LOCKING_SP_USER1_AUTHORITY,

+                    TCG_ACE_EXPRESSION_OR,

+                    OPAL_LOCKING_SP_ADMINS_AUTHORITY

+                ));

 

-  ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));

+    ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus));

 

-  if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {

-    DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));

-    //

-    //TODO do we want to disable user1 if all permissions are not granted

-    //

-    return TcgResultFailure;

+    if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) {

+      DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n"));

+      //

+      // TODO do we want to disable user1 if all permissions are not granted

+      //

+      return TcgResultFailure;

+    }

   }

 

   ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf)));