24.3 Storage Security Protocol Implementation

The implementation of the Storage Security Protocol is only required if the mass storage device supports the SPC-4 or ATA8-ACS security commands. The implementation of the Storage Security Protocol is typically found in the file Block.c. Appendix A contains a template for a BlockIo.c file for a UEFI Driver. The list of tasks to implement the Storage Security Protocol is as follows:

  • Add global variable for the EFI_STORAGE_SECURITY_COMMAND_PROTOCOL instance to BlockIo.c.

  • Implement the Storage Security Command Protocol services in BlockIo.c.

This example shows the protocol interface structure for the optional Storage Security Command Protocol for reference. It is composed of two services to send and receive data.

Example 238-Storage Security Command Protocol
typedef struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
  EFI_STORAGE_SECURITY_COMMAND_PROTOCOL;

///
/// The EFI_STORAGE_SECURITY_COMMAND_PROTOCOL is used to send security protocol
/// commands to a mass storage device. Two types of security protocol commands
/// are supported. SendData sends a command with data to a device. ReceiveData
/// sends a command that receives data and/or the result of one or more commands
/// sent by SendData.
///
/// The security protocol command formats supported shall be based on the
/// definition of the SECURITY PROTOCOL IN and SECURITY PROTOCOL OUT commands
/// defined in SPC-4 If the device uses the SCSI command set, no translation is
/// needed in the firmware and the firmware can package the parameters into a
/// SECURITY PROTOCOL IN or SECURITY PROTOCOL OUT command and send the command to
/// the device. If the device uses a non-SCSI command set, the firmware shall map
/// the command and data payload to the corresponding command and payload format
/// defined in the non-SCSI command set (for example, TRUSTED RECEIVE and TRUSTED
/// SEND in ATA8-ACS).
///
/// The firmware shall automatically add an EFI_STORAGE_SECURITY_COMMAND_PROTOCOL
/// for any storage devices detected during system boot that support SPC-4,
/// ATA8-ACS or their successors.
///
struct _EFI_STORAGE_SECURITY_COMMAND_PROTOCOL {
  EFI_STORAGE_SECURITY_RECEIVE_DATA ReceiveData;
  EFI_STORAGE_SECURITY_SEND_DATA SendData;
};

extern EFI_GUID gEfiStorageSecurityCommandProtocolGuid;

The EDK II has a complete implementation of the Storage Security Protocol for ATA device in the MdeModulePkg in the directory MdeModulePkg/Bus/Ata/AtaBusDxe. This can be used as a reference for implementations of the Storage Security Protocol for mass storage devices on other bus types.