2 files changed, 52 insertions, 0 deletions

diff --git a/Redfish.md b/Redfish.md
index 1cdce980aa..aa5ab895de 100644
--- a/Redfish.md
+++ b/Redfish.md
@@ -904,6 +904,7 @@ other.
 #### Storage
 
 - CapacityBytes
+- EncryptionStatus
 - Links
 - Status
 
diff --git a/redfish-core/lib/storage.hpp b/redfish-core/lib/storage.hpp
index fe4842c02c..3bc8419be9 100644
--- a/redfish-core/lib/storage.hpp
+++ b/redfish-core/lib/storage.hpp
@@ -17,6 +17,7 @@
 
 #include "app.hpp"
 #include "dbus_utility.hpp"
+#include "generated/enums/drive.hpp"
 #include "health.hpp"
 #include "human_sort.hpp"
 #include "openbmc_dbus_rest.hpp"
@@ -440,6 +441,8 @@ inline void
             // this interface isn't required
             return;
         }
+        const std::string* encryptionStatus = nullptr;
+        const bool* isLocked = nullptr;
         for (const std::pair<std::string, dbus::utility::DbusVariantType>&
                  property : propertiesList)
         {
@@ -524,7 +527,55 @@ inline void
                         *lifeLeft;
                 }
             }
+            else if (propertyName == "EncryptionStatus")
+            {
+                encryptionStatus = std::get_if<std::string>(&property.second);
+                if (encryptionStatus == nullptr)
+                {
+                    BMCWEB_LOG_ERROR << "Illegal property: EncryptionStatus";
+                    messages::internalError(asyncResp->res);
+                    return;
+                }
+            }
+            else if (propertyName == "Locked")
+            {
+                isLocked = std::get_if<bool>(&property.second);
+                if (isLocked == nullptr)
+                {
+                    BMCWEB_LOG_ERROR << "Illegal property: Locked";
+                    messages::internalError(asyncResp->res);
+                    return;
+                }
+            }
+        }
+
+        if (encryptionStatus == nullptr || isLocked == nullptr ||
+            *encryptionStatus ==
+                "xyz.openbmc_project.Drive.DriveEncryptionState.Unknown")
+        {
+            return;
+        }
+        if (*encryptionStatus !=
+            "xyz.openbmc_project.Drive.DriveEncryptionState.Encrypted")
+        {
+            //"The drive is not currently encrypted."
+            asyncResp->res.jsonValue["EncryptionStatus"] =
+                drive::EncryptionStatus::Unencrypted;
+            return;
+        }
+        if (*isLocked)
+        {
+            //"The drive is currently encrypted and the data is not
+            // accessible to the user."
+            asyncResp->res.jsonValue["EncryptionStatus"] =
+                drive::EncryptionStatus::Locked;
+            return;
         }
+        // if not locked
+        // "The drive is currently encrypted but the data is accessible
+        // to the user in unencrypted form."
+        asyncResp->res.jsonValue["EncryptionStatus"] =
+            drive::EncryptionStatus::Unlocked;
         });
 }