A few days ago, as part of the UEFI 2.5 checkins, Tien Feng of Intel checked in new code to the EDK-II trunk, with a new UEFI Inline Cryptographic Interface protocol.
“The EFI_BLOCK_IO_CRYPTO_PROTOCOL defines a UEFI protocol that can be used by UEFI drivers and applications to perform block encryption on a storage device, such as UFS.”
The interface protocol provides services to abstract access to inline cryptographic capabilities. It has the abilities to get, configure and use pre-OS crypto support in disks, and can configure algorithms, key sizes and keys. It has interfaces such as Reset, GetCapabilities, SetConfiguration, GetConfiguration, ReadExtended, WriteExtended, and FlushBlocks. The latter are read/write/flush functions which encrypt/decrypt the data.
For more information, read MdePkg/Include/Protocol/BlockIoCrypto.h and search for EFI_BLOCK_IO_CRYPTO_PROTOCOL_GUID.
Firmware Security 