1 /** @file 2 The UEFI Inline Cryptographic Interface protocol provides services to abstract 3 access to inline cryptographic capabilities. 4 5 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> 6 This program and the accompanying materials 7 are licensed and made available under the terms and conditions of the BSD License 8 which accompanies this distribution. The full text of the license may be found at 9 http://opensource.org/licenses/bsd-license.php 10 11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. 13 14 **/ 15 16 #ifndef __BLOCK_IO_CRYPTO_H__ 17 #define __BLOCK_IO_CRYPTO_H__ 18 19 #include <Protocol/BlockIo.h> 20 21 #define EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID \ 22 { \ 23 0xa00490ba, 0x3f1a, 0x4b4c, {0xab, 0x90, 0x4f, 0xa9, 0x97, 0x26, 0xa1, 0xe8} \ 24 } 25 26 typedef struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL EFI_BLOCK_IO_CRYPTO_PROTOCOL; 27 28 /// 29 /// The struct of Block I/O Crypto Token. 30 /// 31 typedef struct { 32 // 33 // If Event is NULL, then blocking I/O is performed. If Event is not NULL and 34 // non-blocking I/O is supported, then non-blocking I/O is performed, and 35 // Event will be signaled when the read request is completed and data was 36 // decrypted (when Index was specified). 37 // 38 EFI_EVENT Event; 39 // 40 // Defines whether or not the signaled event encountered an error. 41 // 42 EFI_STATUS TransactionStatus; 43 } EFI_BLOCK_IO_CRYPTO_TOKEN; 44 45 typedef struct { 46 // 47 // GUID of the algorithm. 48 // 49 EFI_GUID Algorithm; 50 // 51 // Specifies KeySizein bits used with this Algorithm. 52 // 53 UINT64 KeySize; 54 // 55 // Specifies bitmask of block sizes supported by this algorithm. 56 // Bit j being set means that 2^j bytes crypto block size is supported. 57 // 58 UINT64 CryptoBlockSizeBitMask; 59 } EFI_BLOCK_IO_CRYPTO_CAPABILITY; 60 61 /// 62 /// EFI_BLOCK_IO_CRYPTO_IV_INPUT structure is used as a common header in CryptoIvInput 63 /// parameters passed to the ReadExtended and WriteExtended methods for Inline 64 /// Cryptographic Interface. 65 /// Its purpose is to pass size of the entire CryptoIvInputparameter memory buffer to 66 /// the Inline Cryptographic Interface. 67 /// 68 typedef struct { 69 UINT64 InputSize; 70 } EFI_BLOCK_IO_CRYPTO_IV_INPUT; 71 72 #define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_XTS \ 73 { \ 74 0x2f87ba6a, 0x5c04, 0x4385, {0xa7, 0x80, 0xf3, 0xbf, 0x78, 0xa9, 0x7b, 0xec} \ 75 } 76 77 extern EFI_GUID gEfiBlockIoCryptoAlgoAesXtsGuid; 78 79 typedef struct { 80 EFI_BLOCK_IO_CRYPTO_IV_INPUT Header; 81 UINT64 CryptoBlockNumber; 82 UINT64 CryptoBlockByteSize; 83 } EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_XTS; 84 85 #define EFI_BLOCK_IO_CRYPTO_ALGO_GUID_AES_CBC_MICROSOFT_BITLOCKER \ 86 { \ 87 0x689e4c62, 0x70bf, 0x4cf3, {0x88, 0xbb, 0x33, 0xb3, 0x18, 0x26, 0x86, 0x70} \ 88 } 89 90 extern EFI_GUID gEfiBlockIoCryptoAlgoAesCbcMsBitlockerGuid; 91 92 typedef struct { 93 EFI_BLOCK_IO_CRYPTO_IV_INPUT Header; 94 UINT64 CryptoBlockByteOffset; 95 UINT64 CryptoBlockByteSize; 96 } EFI_BLOCK_IO_CRYPTO_IV_INPUT_AES_CBC_MICROSOFT_BITLOCKER; 97 98 #define EFI_BLOCK_IO_CRYPTO_INDEX_ANY 0xFFFFFFFFFFFFFFFF 99 100 typedef struct { 101 // 102 // Is inline cryptographic capability supported on this device. 103 // 104 BOOLEAN Supported; 105 // 106 // Maximum number of keys that can be configured at the same time. 107 // 108 UINT64 KeyCount; 109 // 110 // Number of supported capabilities. 111 // 112 UINT64 CapabilityCount; 113 // 114 // Array of supported capabilities. 115 // 116 EFI_BLOCK_IO_CRYPTO_CAPABILITY Capabilities[1]; 117 } EFI_BLOCK_IO_CRYPTO_CAPABILITIES; 118 119 typedef struct { 120 // 121 // Configuration table index. A special Index EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be 122 // used to set any available entry in the configuration table. 123 // 124 UINT64 Index; 125 // 126 // Identifies the owner of the configuration table entry. Entry can also be used 127 // with the Nil value to clear key from the configuration table index. 128 // 129 EFI_GUID KeyOwnerGuid; 130 // 131 // A supported capability to be used. The CryptoBlockSizeBitMask field of the 132 // structure should have only one bit set from the supported mask. 133 // 134 EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability; 135 // 136 // Pointer to the key. The size of the key is defined by the KeySize field of 137 // the capability specified by the Capability parameter. 138 // 139 VOID *CryptoKey; 140 } EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY; 141 142 typedef struct { 143 // 144 // Configuration table index. 145 // 146 UINT64 Index; 147 // 148 // Identifies the current owner of the entry. 149 // 150 EFI_GUID KeyOwnerGuid; 151 // 152 // The capability to be used. The CryptoBlockSizeBitMask field of the structure 153 // has only one bit set from the supported mask. 154 // 155 EFI_BLOCK_IO_CRYPTO_CAPABILITY Capability; 156 } EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY; 157 158 /** 159 Reset the block device hardware. 160 161 The Reset() function resets the block device hardware. 162 163 As part of the initialization process, the firmware/device will make a quick but 164 reasonable attempt to verify that the device is functioning. 165 166 If the ExtendedVerificationflag is TRUE the firmware may take an extended amount 167 of time to verify the device is operating on reset. Otherwise the reset operation 168 is to occur as quickly as possible. 169 170 The hardware verification process is not defined by this specification and is left 171 up to the platform firmware or driver to implement. 172 173 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 174 @param[in] ExtendedVerification Indicates that the driver may perform a more exhausive 175 verification operation of the device during reset. 176 177 @retval EFI_SUCCESS The block device was reset. 178 @retval EFI_DEVICE_ERROR The block device is not functioning correctly and could 179 not be reset. 180 @retval EFI_INVALID_PARAMETER This is NULL. 181 182 **/ 183 typedef 184 EFI_STATUS 185 (EFIAPI *EFI_BLOCK_IO_CRYPTO_RESET) ( 186 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 187 IN BOOLEAN ExtendedVerification 188 ); 189 190 /** 191 Get the capabilities of the underlying inline cryptographic interface. 192 193 The GetCapabilities() function determines whether pre-OS controllable inline crypto 194 is supported by the system for the current disk and, if so, returns the capabilities 195 of the crypto engine. 196 197 The caller is responsible for providing the Capabilities structure with a sufficient 198 number of entries. 199 200 If the structure is too small, the EFI_BUFFER_TOO_SMALL error code is returned and the 201 CapabilityCount field contains the number of entries needed to contain the capabilities. 202 203 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 204 @param[out] Capabilities Pointer to the EFI_BLOCK_IO_CRYPTO_CAPABILITIES structure. 205 206 @retval EFI_SUCCESS The ICI is ready for use. 207 @retval EFI_BUFFER_TOO_SMALL The Capabilities structure was too small. The number of 208 entries needed is returned in the CapabilityCount field 209 of the structure. 210 @retval EFI_NO_RESPONSE No response was received from the ICI. 211 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI. 212 @retval EFI_INVALID_PARAMETER This is NULL. 213 @retval EFI_INVALID_PARAMETER Capabilities is NULL. 214 215 **/ 216 typedef 217 EFI_STATUS 218 (EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES) ( 219 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 220 OUT EFI_BLOCK_IO_CRYPTO_CAPABILITIES *Capabilities 221 ); 222 223 /** 224 Set the configuration of the underlying inline cryptographic interface. 225 226 The SetConfiguration() function allows the user to set the current configuration of the 227 inline cryptographic interface and should be called before attempting any crypto operations. 228 229 This configures the configuration table entries with algorithms, key sizes and keys. Each 230 configured entry can later be referred to by index at the time of storage transaction. 231 232 The configuration table index will refer to the combination ofKeyOwnerGuid, Algorithm, and 233 CryptoKey. 234 235 KeyOwnerGuid identifies the component taking ownership of the entry. It helps components to 236 identify their own entries, cooperate with other owner components, and avoid conflicts. This 237 Guid identifier is there to help coordination between cooperating components and not a security 238 or synchronization feature. The Nil GUID can be used by a component to release use of entry 239 owned. It is also used to identify potentially available entries (see GetConfiguration). 240 241 CryptoKey specifies algorithm-specific key material to use within parameters of selected crypto 242 capability. 243 244 This function is called infrequently typically once, on device start, before IO starts. It 245 can be called at later times in cases the number of keysused on the drive is higher than what 246 can be configured at a time or a new key has to be added. 247 248 Components setting or changing an entry or entries for a given index or indices must ensure 249 that IO referencing affected indices is temporarily blocked (run-down) at the time of change. 250 251 Indices parameters in each parameter table entry allow to set only a portion of the available 252 table entries in the crypto module anywhere from single entry to entire table supported. 253 254 If corresponding table entry or entries being set are already in use by another owner the call 255 should be failed and none of the entries should be modified. The interface implementation must 256 enforce atomicity of this operation (should either succeed fully or fail completely without 257 modifying state). 258 259 Note that components using GetConfiguration command to discover available entries should be 260 prepared that by the time of calling SetConfiguration the previously available entry may have 261 become occupied. Such components should be prepared to re-try the sequence of operations. 262 263 Alternatively EFI_BLOCK_IO_CRYPTO_INDEX_ANY can be used to have the implementation discover 264 and allocate available,if any, indices atomically. 265 266 An optional ResultingTable pointer can be provided by the caller to receive the newly configured 267 entries. The array provided by the caller must have at least ConfigurationCount of entries. 268 269 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 270 @param[in] ConfigurationCount Number of entries being configured with this call. 271 @param[in] ConfigurationTable Pointer to a table used to populate the configuration table. 272 @param[out] ResultingTable Optional pointer to a table that receives the newly configured 273 entries. 274 275 @retval EFI_SUCCESS The ICI is ready for use. 276 @retval EFI_NO_RESPONSE No response was received from the ICI. 277 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI. 278 @retval EFI_INVALID_PARAMETER This is NULL. 279 @retval EFI_INVALID_PARAMETER ConfigurationTable is NULL. 280 @retval EFI_INVALID_PARAMETER ConfigurationCount is 0. 281 @retval EFI_OUT_OF_RESOURCES Could not find the requested number of available entries in the 282 configuration table. 283 284 **/ 285 typedef 286 EFI_STATUS 287 (EFIAPI *EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION) ( 288 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 289 IN UINT64 ConfigurationCount, 290 IN EFI_BLOCK_IO_CRYPTO_CONFIGURATION_TABLE_ENTRY *ConfigurationTable, 291 OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ResultingTable OPTIONAL 292 ); 293 294 /** 295 Get the configuration of the underlying inline cryptographic interface. 296 297 The GetConfiguration() function allows the user to get the configuration of the inline 298 cryptographic interface. 299 300 Retrieves, entirely or partially, the currently configured key table. Note that the keys 301 themselves are not retrieved, but rather just indices, owner GUIDs and capabilities. 302 303 If fewer entries than specified by ConfigurationCount are returned, the Index field of the 304 unused entries is set to EFI_BLOCK_IO_CRYPTO_INDEX_ANY. 305 306 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 307 @param[in] StartIndex Configuration table index at which to start the configuration 308 query. 309 @param[in] ConfigurationCount Number of entries to return in the response table. 310 @param[in] KeyOwnerGuid Optional parameter to filter response down to entries with a 311 given owner. A pointer to the Nil value can be used to return 312 available entries. Set to NULL when no owner filtering is required. 313 @param[out] ConfigurationTable Table of configured configuration table entries (with no CryptoKey 314 returned): configuration table index, KeyOwnerGuid, Capability. 315 Should have sufficient space to store up to ConfigurationCount 316 entries. 317 318 @retval EFI_SUCCESS The ICI is ready for use. 319 @retval EFI_NO_RESPONSE No response was received from the ICI. 320 @retval EFI_DEVICE_ERROR An error occurred when attempting to access the ICI. 321 @retval EFI_INVALID_PARAMETER This is NULL. 322 @retval EFI_INVALID_PARAMETER Configuration table is NULL. 323 @retval EFI_INVALID_PARAMETER StartIndex is out of bounds. 324 325 **/ 326 typedef 327 EFI_STATUS 328 (EFIAPI *EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION) ( 329 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 330 IN UINT64 StartIndex, 331 IN UINT64 ConfigurationCount, 332 IN EFI_GUID *KeyOwnerGuid OPTIONAL, 333 OUT EFI_BLOCK_IO_CRYPTO_RESPONSE_CONFIGURATION_ENTRY *ConfigurationTable 334 ); 335 336 /** 337 Reads the requested number of blocks from the device and optionally decrypts 338 them inline. 339 340 TheReadExtended() function allows the caller to perform a storage device read 341 operation. The function reads the requested number of blocks from the device 342 and then if Index is specified decrypts them inline. All the blocks are read 343 and decrypted (if decryption requested), or an error is returned. 344 345 If there is no media in the device, the function returns EFI_NO_MEDIA. If the 346 MediaId is not the ID for the current media in the device, the function returns 347 EFI_MEDIA_CHANGED. 348 349 If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking 350 I/O is being used, the Event associated with this request will not be signaled. 351 352 In addition to standard storage transaction parameters (LBA, IO size, and buffer), 353 this command will also specify a configuration table Index and CryptoIvInput 354 when data has to be decrypted inline by the controller after being read from 355 the storage device. If an Index parameter is not specified, no decryption is 356 performed. 357 358 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 359 @param[in] MediaId The media ID that the read request is for. 360 @param[in] LBA The starting logical block address to read from on 361 the device. 362 @param[in, out] Token A pointer to the token associated with the transaction. 363 @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple 364 of the intrinsic block size of the device. 365 @param[out] Buffer A pointer to the destination buffer for the data. The 366 caller is responsible for either having implicit or 367 explicit ownership of the buffer. 368 @param[in] Index A pointer to the configuration table index. This is 369 optional. 370 @param[in] CryptoIvInput A pointer to a buffer that contains additional 371 cryptographic parameters as required by the capability 372 referenced by the configuration table index, such as 373 cryptographic initialization vector. 374 375 @retval EFI_SUCCESS The read request was queued if Token-> Event is not NULL. 376 The data was read correctly from the device if the 377 Token->Event is NULL. 378 @retval EFI_DEVICE_ERROR The device reported an error while attempting to perform 379 the read operation and/or decryption operation. 380 @retval EFI_NO_MEDIA There is no media in the device. 381 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. 382 @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic 383 block size of the device. 384 @retval EFI_INVALID_PARAMETER This is NULL, or the read request contains LBAs that are 385 not valid, or the buffer is not on proper alignment. 386 @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect. 387 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of 388 resources. 389 390 **/ 391 typedef 392 EFI_STATUS 393 (EFIAPI *EFI_BLOCK_IO_CRYPTO_READ_EXTENDED) ( 394 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 395 IN UINT32 MediaId, 396 IN EFI_LBA LBA, 397 IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token, 398 IN UINT64 BufferSize, 399 OUT VOID *Buffer, 400 IN UINT64 *Index OPTIONAL, 401 IN VOID *CryptoIvInput OPTIONAL 402 ); 403 404 /** 405 Optionally encrypts a specified number of blocks inline and then writes to the 406 device. 407 408 The WriteExtended() function allows the caller to perform a storage device write 409 operation. The function encrypts the requested number of blocks inline if Index 410 is specified and then writes them to the device. All the blocks are encrypted 411 (if encryption requested) and written, or an error is returned. 412 413 If there is no media in the device, the function returns EFI_NO_MEDIA. If the 414 MediaId is not the ID for the current media in the device, the function returns 415 EFI_MEDIA_CHANGED. 416 417 If EFI_DEVICE_ERROR, EFI_NO_MEDIA, or EFI_MEDIA_CHANGED is returned and nonblocking 418 I/O is being used, the Event associated with this request will not be signaled. 419 420 In addition to standard storage transaction parameters (LBA, IO size, and buffer), 421 this command will also specify a configuration table Index and a CryptoIvInput 422 when data has to be decrypted inline by the controller before being written to 423 the storage device. If no Index parameter is specified, no encryption is performed. 424 425 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 426 @param[in] MediaId The media ID that the read request is for. 427 @param[in] LBA The starting logical block address to read from on 428 the device. 429 @param[in, out] Token A pointer to the token associated with the transaction. 430 @param[in] BufferSize The size of the Buffer in bytes. This must be a multiple 431 of the intrinsic block size of the device. 432 @param[in] Buffer A pointer to the source buffer for the data. 433 @param[in] Index A pointer to the configuration table index. This is 434 optional. 435 @param[in] CryptoIvInput A pointer to a buffer that contains additional 436 cryptographic parameters as required by the capability 437 referenced by the configuration table index, such as 438 cryptographic initialization vector. 439 440 @retval EFI_SUCCESS The request to encrypt (optionally) and write was queued 441 if Event is not NULL. The data was encrypted (optionally) 442 and written correctly to the device if the Event is NULL. 443 @retval EFI_WRITE_PROTECTED The device cannot be written to. 444 @retval EFI_NO_MEDIA There is no media in the device. 445 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. 446 @retval EFI_DEVICE_ERROR The device reported an error while attempting to encrypt 447 blocks or to perform the write operation. 448 @retval EFI_BAD_BUFFER_SIZE The BufferSize parameter is not a multiple of the intrinsic 449 block size of the device. 450 @retval EFI_INVALID_PARAMETER This is NULL, or the write request contains LBAs that are 451 not valid, or the buffer is not on proper alignment. 452 @retval EFI_INVALID_PARAMETER CryptoIvInput is incorrect. 453 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of 454 resources. 455 456 **/ 457 typedef 458 EFI_STATUS 459 (EFIAPI *EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED) ( 460 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 461 IN UINT32 MediaId, 462 IN EFI_LBA LBA, 463 IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token, 464 IN UINT64 BufferSize, 465 IN VOID *Buffer, 466 IN UINT64 *Index OPTIONAL, 467 IN VOID *CryptoIvInput OPTIONAL 468 ); 469 470 /** 471 Flushes all modified data toa physical block device. 472 473 The FlushBlocks() function flushes all modified data to the physical block device. 474 Any modified data that has to be encrypted must have been already encrypted as a 475 part of WriteExtended() operation - inline crypto operation cannot be a part of 476 flush operation. 477 478 All data written to the device prior to the flush must be physically written before 479 returning EFI_SUCCESS from this function. This would include any cached data the 480 driver may have cached, and cached data the device may have cached. A flush may 481 cause a read request following the flush to force a device access. 482 483 If EFI_DEVICE_ERROR, EFI_NO_MEDIA, EFI_WRITE_PROTECTED or EFI_MEDIA_CHANGED is 484 returned and non-blocking I/O is being used, the Event associated with this request 485 will not be signaled. 486 487 @param[in] This Pointer to the EFI_BLOCK_IO_CRYPTO_PROTOCOL instance. 488 @param[in, out] Token A pointer to the token associated with the transaction. 489 490 @retval EFI_SUCCESS The flush request was queued if Event is not NULL. All 491 outstanding data was written correctly to the device if 492 the Event is NULL. 493 @retval EFI_DEVICE_ERROR The device reported an error while attempting to write data. 494 @retval EFI_WRITE_PROTECTED The device cannot be written to. 495 @retval EFI_NO_MEDIA There is no media in the device. 496 @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. 497 @retval EFI_INVALID_PARAMETER This is NULL. 498 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of 499 resources. 500 501 **/ 502 typedef 503 EFI_STATUS 504 (EFIAPI *EFI_BLOCK_IO_CRYPTO_FLUSH) ( 505 IN EFI_BLOCK_IO_CRYPTO_PROTOCOL *This, 506 IN OUT EFI_BLOCK_IO_CRYPTO_TOKEN *Token 507 ); 508 509 /// 510 /// The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI 511 /// drivers and applications to perform block encryption on a storage device, such as UFS. 512 /// 513 struct _EFI_BLOCK_IO_CRYPTO_PROTOCOL { 514 EFI_BLOCK_IO_MEDIA *Media; 515 EFI_BLOCK_IO_CRYPTO_RESET Reset; 516 EFI_BLOCK_IO_CRYPTO_GET_CAPABILITIES GetCapabilities; 517 EFI_BLOCK_IO_CRYPTO_SET_CONFIGURATION SetConfiguration; 518 EFI_BLOCK_IO_CRYPTO_GET_CONFIGURATION GetConfiguration; 519 EFI_BLOCK_IO_CRYPTO_READ_EXTENDED ReadExtended; 520 EFI_BLOCK_IO_CRYPTO_WRITE_EXTENDED WriteExtended; 521 EFI_BLOCK_IO_CRYPTO_FLUSH FlushBlocks; 522 }; 523 524 extern EFI_GUID gEfiBlockIoCryptoProtocolGuid; 525 526 #endif 527 528