Partager via


Enhanced Storage Portable Device Commands

The following Windows Portable Devices Enhanced Storage authentication, certificate, and password silo commands are passed via the IEnhancedStorageSilo::SendCommand method. For details regarding the properties utilized by these commands, see Enhanced Storage Properties.

Authentication Silo Commands

ENHANCED_STORAGE_COMMAND_SILO_IS_AUTHENTICATION_SILO
This command will return whether or not the silo is an authentication silo.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_IS_AUTHENTICATION_SILO [VT_BOOLEAN]
ENHANCED_STORAGE_COMMAND_SILO_GET_AUTHENTICATION_STATE
This command will return the authentication state for the silo.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_AUTHENTICATION_STATE [VT_UI4]
Possible values for ENHANCED_STORAGE_PROPERTY_AUTHENTICATION_STATE result include:
UNKNOWN : Initial setting before PnP entry and the silo state is unknown.
NO_AUTHENTICATION_REQUIRED: The silo has not been provisioned.
NOT_AUTHENTICATED: The silo is not authenticated.
AUTHENTICATED: The silo is authenticated.
AUTHENTICATION_DENIED: Authentication was denied.
DEVICE_ERROR: The silo timed out or a device error occurred.
ENHANCED_STORAGE_COMMAND_START_AUTHENTICATION
This command will begin authentication for the silo. An application is required to register for callbacks in order to receive callbacks associated with authorization state changes.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_START_UNAUTHENTICATION
This command will begin deauthentication for the silo. An application is required to register for callbacks in order to receive callbacks associated with authorization state changes.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_SILO_ENUMERATE_SILOS
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_QUERY_SILO_TYPE [VT_UI4]
Valid values for this parameter include:
PDO_TYPE_DISK: Retrieve silo information for the disk.
PDO_TYPE_THIS: Retrieve silo information for the silo handling this request.
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_QUERY_SILO_RESULTS [VT_VECTOR | VT_U1]

Certificate Silo Commands

ENHANCED_STORAGE_COMMAND_CERT_HOST_CERTIFICATE_AUTHENTICATION
This command will attempt to initiate a host authentication based on an HCh (or XCh) from the silo. If an index or certificate is specified, it will be used. The default behavior is to attempt authentication of all HCh or XCh certificates present on the silo.
Access: Read
Parameters:
[Optional] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_INDEX [VT_UI4]
[Optional] ENHANCED_STORAGE_PROPERTY_CERTIFICATE [VT_VECTOR | VT_UI1]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_CERT_DEVICE_CERIFICATE_AUTHENTICATION
This command will attempt to initiate a device authentication. If an index or certificate is specified, it will be used. The certificate must be a ASCm or ASCh. The default behavior is to attempt authentication using the ASCm or all ASCh certificates present on the silo.
Access: Read
Parameters:
[Optional] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_INDEX [VT_UI4]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_CERT_ADMIN_CERTIFICATE_AUTHENTICATION
This command will attempt to initiate an administrative authentication based on the PCp or XCp certificate on the silo.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_CERT_INITIALIZE_TO_MANUFACTURER_STATE
This command will attempt to initialize the silo to the manufacturer state. This command requires a successful administrative authentication. If an administrative authentication has not yet been accomplished, the command will initiate an administrative authentication operation before initializing the silo to the manufacturer state.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_CERT_GET_CERTIFICATE_COUNT
This command will retrieve the number of certificate slots as well as the number of certificates stored in the silo.
Access: Read
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_MAX_CERTIFICATE_COUNT [VT_UINT]
ENHANCED_STORAGE_PROPERTY_STORED_CERTIFICATE_COUNT [VT_UINT]
ENHANCED_STORAGE_COMMAND_CERT_GET_CERTIFICATE
This command will return the certificate stored at the certificate index location. Index '0' is a special location that returns the ASCm chain in the PKCS7 format.
Access: Read
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_INDEX [VT_UI4]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE_TYPE [VT_UI4]
ENHANCED_STORAGE_PROPERTY_VALIDATION_POLICY [VT_UI4]
ENHANCED_STORAGE_PROPERTY_SIGNER_CERTIFICATE_INDEX [VT_UI4]
ENHANCED_STORAGE_PROPERTY_NEXT_CERTIFICATE_INDEX [VT_UI4]
ENHANCED_STORAGE_PROPERTY_NEXT_CERTIFICATE_OF_TYPE_INDEX [VT_UI4]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE_LENGTH [VT_UI4]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE [VT_UINT | VT_UI1]
ENHANCED_STORAGE_COMMAND_CERT_SET_CERTIFICATE
This command will set a certificate to the certificate index location. This command requires administrative authentication.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_INDEX [VT_UI4]
[Required] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_TYPE [VT_UI4]
[Required] ENHANCED_STORAGE_PROPERTY_VALIDATION_POLICY [VT_UI4]
[Required] ENHANCED_STORAGE_PROPERTY_SIGNER_CERTIFICATE_INDEX [VT_UI4]
[Required] ENHANCED_STORAGE_PROPERTY_CERTIFICATE [VT_UINT | VTUI1]
[!Note]
The Validation Policy parameter is required if the certificate is of a type PCp or HCh. The Signer Certificate Index parameter is required if the certificate is of a type ASCh or SCh.

Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_CERT_CREATE_CERTIFICATE_REQUEST
This command retrieves a certificate request from the silo. The returned certificate request can then be used to generate an ASCh certificate
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE_REQUEST [VT_VECTOR | VT_UI1]
ENHANCED_STORAGE_COMMAND_CERT_UNAUTHENTICATION
This command will reset the authentication state of the cert silo to the 'Initialized' state.
Access: Read/Write
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_CERT_GET_SILO_CAPABILITY
This command retrieves a capability from the silo. Data returned is in the format native to the silo.
Access: Read
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_CAPABILITY_TYPE [VT_UI4]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE_SILO_CAPABILITY [VT_VECTOR | VT_UI1]
ENHANCED_STORAGE_COMMAND_CERT_GET_SILO_CAPABILITIES
This command retrieves all capabilities from a silo as a collection.
Access: Read
Parameters:None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE_SILO_CAPABILITIES [VT_UNKNOWN]
ENHANCED_STORAGE_CAPABILITY_HASH_ALGS [VT_LPWSTR]
ENHANCED_STORAGE_CAPABILITY_ASYMMETRIC_KEY_CRYPTOGRAPHY [VT_LPWSTR]
ENHANCED_STORAGE_CAPABILITY_SIGNING_AGLS [VT_LPWSTR]
ENHANCED_STORAGE_CAPABILITY_RENDER_USER_DATA_UNUSABLE [VT_BOOL]
ENHANCED_STORAGE_CAPABILITY_CERTIFICATE_EXTENSION_PARSING [VT_BOOL]
ENHANCED_STORAGE_COMMAND_CERT_GET_ACT_FRIENDLY_NAME
This command retrieves the friendly name of the ACT containing the silo.
Access: Read
Parameters:None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
[Optional] ENHANCED_STORAGE_PROPERTY_CERTIFICATE_ACT_FRIENDLY_NAME [VT_LPWSTR]
ENHANCED_STORAGE_COMMAND_CERT_GET_SILO_GUID
This command will retrieve the GUID associated with the silo.
Access: Read
Parameters:None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_CERTIFICATE_SILO_GUID [VT_LPWSTR]

Password Silo Commands

ENHANCED_STORAGE_COMMAND_PASSWORD_AUTHORIZE_ACT_ACCESS
This command attempts to authenticate to the silo for access to the data in the ACT.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD_INDICATOR [VT_UI4]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_UNAUTHORIZE_ACT_ACCESS
This command attempts to deauthenticate to the silo for access to the data in the ACT.
Access: Read/Write
Parameters:
[Optional] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
[Optional] ENHANCED_STORAGE_PROPERTY_PASSWORD_INDICATOR [VT_UI4]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_QUERY_INFORMATION
This command queries the current silo password information.
Access: Read
Parameters: None
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_PROPERTY_AUTHENTICATION_STATE [VT_UI4]
ENHANCED_STORAGE_PROPERTY_PASSWORD_SILO_INFO [VT_VECTOR | VT_U1]
ENHANCED_STORAGE_PROPERTY_ADMIN_HINT [VT_LPWSTR]
ENHANCED_STORAGE_PROPERTY_USER_HINT [VT_LPWSTR]
ENHANCED_STORAGE_PROPERTY_USER_NAME [VT_LPWSTR]
ENHANCED_STORAGE_PROPERTY_SILO_NAME [VT_LPWSTR]
ENHANCED_STORAGE_COMMAND_PASSWORD_CONFIG_ADMINISTRATOR
This command configures the administrator account.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
[Optional] ENHANCED_STORAGE_PROPERTY_MAX_AUTH_FAILURES [VT_UI4]
[Optional] ENHANCED_STORAGE_PROPERTY_FRIENDLYNAME_SPECIFIED [VT_UI4]
[Optional] ENHANCED_STORAGE_PROPERTY_SILO_NAME [VT_LPWSTR]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_CREATE_USER
This command creates a user account.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_NEW_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_USER_HINT [VT_LPWSTR]
[Required] ENHANCED_STORAGE_PROPERTY_USER_NAME [VT_LPWSTR]
[Optional] ENHANCED_STORAGE_PROPERTY_MAX_AUTH_FAILURES [VT_UI4]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_DELETE_USER
This command deletes a user account.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_CHANGE_PASSWORD
This command changes the password for an administrator or user account.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD_INDICATOR [VT_UI4]
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_NEW_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_NEW_PASSWORD_INDICATOR [VT_UI4]
[Required] ENHANCED_STORAGE_PROPERTY_ADMIN_HINT [VT_LPWSTR]
[Required] ENHANCED_STORAGE_PROPERTY_USER_HINT [VT_LPWSTR]
[Optional] ENHANCED_STORAGE_PROPERTY_SECURITY_IDENTIFIER [VT_VECTOR | VT_U1]
[!Note]
While this command must be provided with either a User Hint or Admin password hint, only one of these may be specified per operation.

Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_INITIALIZE_USER_PASSWORD
This command initializes an existing user password.
Access: Read/Write
Parameters:
[Required] ENHANCED_STORAGE_PROPERTY_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_NEW_PASSWORD [VT_VECTOR | VT_U1]
[Required] ENHANCED_STORAGE_PROPERTY_NEW_HINT [VT_LPWSTR]
Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]
ENHANCED_STORAGE_COMMAND_PASSWORD_START_INITIALIZE_TO_MANUFACTURER_STATE
This command starts the initialization of the silo to the manufacturer state.
Access: Read/Write
Parameters:
[Optional] ENHANCED_STORAGE_SECURITY_IDENTIFIER [VT_VECTOR | VT_U1]
[!Note]
Depending on silo implementation, this parameter may be required in some scenarios.

Results:
WPD_PROPERTY_COMMON_HRESULT [VT_ERROR]