SecurityPkg/OpalPassword: Fix "Enable Feature" Menu disappear issue

https://bugzilla.tianocore.org/show_bug.cgi?id=1782

After change behavior to send BlockSid command at EndOfDxe point,
check device ownership command will return un-authority error, it
finally caused opal driver can't show "Enable Feature" menu.

Update the code logic to send detect device ownership command
before send BlockSID command.

Signed-off-by: Eric Dong <[email protected]>
Reviewed-by: Hao A Wu <[email protected]>

SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c

@@ -458,6 +458,11 @@ SendBlockSidCommand (
           DEBUG ((DEBUG_ERROR, "OpalBlockSid fail\n"));
           break;
         }
+
+        //
+        // Record BlockSID command has been sent.
+        //
+        Itr->OpalDisk.SentBlockSID = TRUE;
       }
 
       Itr = Itr->Next;
@@ -2204,6 +2209,12 @@ ProcessOpalRequest (
         ProcessOpalRequestEnableFeature (Dev, L"Enable Feature:");
       }
 
+      //
+      // Update Device ownership.
+      // Later BlockSID command may block the update.
+      //
+      OpalDiskUpdateOwnerShip (&Dev->OpalDisk);
+
       break;
     }
 

SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h

@@ -143,6 +143,7 @@ typedef struct {
   UINT8                                           Password[OPAL_MAX_PASSWORD_SIZE];
 
   UINT32                                          EstimateTimeCost;
+  BOOLEAN                                         SentBlockSID;           // Check whether BlockSid command has been sent.
 } OPAL_DISK;
 
 //

SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c

@@ -1215,6 +1215,40 @@ OpalDiskInitialize (
   return OpalDiskUpdateStatus (&Dev->OpalDisk);
 }
 
+/**
+  Update the device ownship
+
+  @param OpalDisk                The Opal device.
+
+  @retval EFI_SUCESS             Get ownership success.
+  @retval EFI_ACCESS_DENIED      Has send BlockSID command, can't change ownership.
+  @retval EFI_INVALID_PARAMETER  Not get Msid info before get ownership info.
+
+**/
+EFI_STATUS
+OpalDiskUpdateOwnerShip (
+  OPAL_DISK        *OpalDisk
+  )
+{
+  OPAL_SESSION  Session;
+
+  if (OpalDisk->MsidLength == 0) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (OpalDisk->SentBlockSID) {
+    return EFI_ACCESS_DENIED;
+  }
+
+  ZeroMem(&Session, sizeof(Session));
+  Session.Sscp = OpalDisk->Sscp;
+  Session.MediaId = OpalDisk->MediaId;
+  Session.OpalBaseComId = OpalDisk->OpalBaseComId;
+
+  OpalDisk->Owner = OpalUtilDetermineOwnership(&Session, OpalDisk->Msid, OpalDisk->MsidLength);
+  return EFI_SUCCESS;
+}
+
 /**
   Update the device info.
 
@@ -1223,6 +1257,7 @@ OpalDiskInitialize (
   @retval EFI_SUCESS             Initialize the device success.
   @retval EFI_DEVICE_ERROR       Get info from device failed.
   @retval EFI_INVALID_PARAMETER  Not get Msid info before get ownership info.
+  @retval EFI_ACCESS_DENIED      Has send BlockSID command, can't change ownership.
 
 **/
 EFI_STATUS
@@ -1243,15 +1278,6 @@ OpalDiskUpdateStatus (
     return EFI_DEVICE_ERROR;
   }
 
-  if (OpalDisk->MsidLength == 0) {
-    return EFI_INVALID_PARAMETER;
-  } else {
-    //
-    // Base on the Msid info to get the ownership, so Msid info must get first.
-    //
-    OpalDisk->Owner = OpalUtilDetermineOwnership(&Session, OpalDisk->Msid, OpalDisk->MsidLength);
-  }
-
-  return EFI_SUCCESS;
+  return OpalDiskUpdateOwnerShip (OpalDisk);
 }
 

SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h

@@ -357,4 +357,19 @@ OpalDiskInitialize (
   IN OPAL_DRIVER_DEVICE          *Dev
   );
 
+/**
+  Update the device ownership
+
+  @param OpalDisk                The Opal device.
+
+  @retval EFI_SUCESS             Get ownership success.
+  @retval EFI_ACCESS_DENIED      Has send BlockSID command, can't change ownership.
+  @retval EFI_INVALID_PARAMETER  Not get Msid info before get ownership info.
+
+**/
+EFI_STATUS
+OpalDiskUpdateOwnerShip (
+  OPAL_DISK        *OpalDisk
+  );
+
 #endif // _HII_H_