]>
Commit | Line | Data |
---|---|---|
1c837cd5 | 1 | /** @file\r |
2 | \r | |
481ffd6f | 3 | Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>\r |
1c837cd5 | 4 | \r |
9d510e61 | 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
1c837cd5 | 6 | \r |
7 | **/\r | |
8 | \r | |
9 | #include <PiSmm.h>\r | |
10 | #include <Library/SmmServicesTableLib.h>\r | |
11 | #include <Library/BaseLib.h>\r | |
12 | #include <Library/BaseMemoryLib.h>\r | |
13 | #include <Library/LockBoxLib.h>\r | |
14 | #include <Library/DebugLib.h>\r | |
15 | #include <Guid/SmmLockBox.h>\r | |
6bd4af30 SZ |
16 | #include <Guid/EndOfS3Resume.h>\r |
17 | #include <Protocol/SmmReadyToLock.h>\r | |
18 | #include <Protocol/SmmEndOfDxe.h>\r | |
19 | #include <Protocol/SmmSxDispatch2.h>\r | |
1c837cd5 | 20 | \r |
21 | #include "SmmLockBoxLibPrivate.h"\r | |
22 | \r | |
23 | /**\r | |
24 | We need handle this library carefully. Only one library instance will construct the environment.\r | |
25 | Below 2 global variable can only be used in constructor. They should NOT be used in any other library functions.\r | |
26 | **/\r | |
27 | SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext;\r | |
28 | LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue);\r | |
29 | \r | |
738df706 | 30 | BOOLEAN mSmmConfigurationTableInstalled = FALSE;\r |
6bd4af30 SZ |
31 | VOID *mSmmLockBoxRegistrationSmmEndOfDxe = NULL;\r |
32 | VOID *mSmmLockBoxRegistrationSmmReadyToLock = NULL;\r | |
33 | VOID *mSmmLockBoxRegistrationEndOfS3Resume = NULL;\r | |
34 | BOOLEAN mSmmLockBoxSmmReadyToLock = FALSE;\r | |
35 | BOOLEAN mSmmLockBoxDuringS3Resume = FALSE;\r | |
738df706 | 36 | \r |
1c837cd5 | 37 | /**\r |
38 | This function return SmmLockBox context from SMST.\r | |
39 | \r | |
40 | @return SmmLockBox context from SMST.\r | |
41 | **/\r | |
42 | SMM_LOCK_BOX_CONTEXT *\r | |
43 | InternalGetSmmLockBoxContext (\r | |
44 | VOID\r | |
45 | )\r | |
46 | {\r | |
47 | UINTN Index;\r | |
48 | \r | |
49 | //\r | |
50 | // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone\r | |
51 | //\r | |
52 | for (Index = 0; Index < gSmst->NumberOfTableEntries; Index++) {\r | |
53 | if (CompareGuid (&gSmst->SmmConfigurationTable[Index].VendorGuid, &gEfiSmmLockBoxCommunicationGuid)) {\r | |
54 | //\r | |
55 | // Found. That means some other library instance is already run.\r | |
56 | // No need to install again, just return.\r | |
57 | //\r | |
58 | return (SMM_LOCK_BOX_CONTEXT *)gSmst->SmmConfigurationTable[Index].VendorTable;\r | |
59 | }\r | |
60 | }\r | |
61 | \r | |
62 | //\r | |
63 | // Not found.\r | |
64 | //\r | |
65 | return NULL;\r | |
66 | }\r | |
67 | \r | |
6bd4af30 SZ |
68 | /**\r |
69 | Notification for SMM ReadyToLock protocol.\r | |
70 | \r | |
71 | @param[in] Protocol Points to the protocol's unique identifier.\r | |
72 | @param[in] Interface Points to the interface instance.\r | |
73 | @param[in] Handle The handle on which the interface was installed.\r | |
74 | \r | |
75 | @retval EFI_SUCCESS Notification runs successfully.\r | |
76 | **/\r | |
77 | EFI_STATUS\r | |
78 | EFIAPI\r | |
79 | SmmLockBoxSmmReadyToLockNotify (\r | |
80 | IN CONST EFI_GUID *Protocol,\r | |
81 | IN VOID *Interface,\r | |
82 | IN EFI_HANDLE Handle\r | |
83 | )\r | |
84 | {\r | |
85 | mSmmLockBoxSmmReadyToLock = TRUE;\r | |
86 | return EFI_SUCCESS;\r | |
87 | }\r | |
88 | \r | |
89 | /**\r | |
90 | Main entry point for an SMM handler dispatch or communicate-based callback.\r | |
91 | \r | |
92 | @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r | |
93 | @param[in] Context Points to an optional handler context which was specified when the\r | |
94 | handler was registered.\r | |
95 | @param[in,out] CommBuffer A pointer to a collection of data in memory that will\r | |
96 | be conveyed from a non-SMM environment into an SMM environment.\r | |
97 | @param[in,out] CommBufferSize The size of the CommBuffer.\r | |
98 | \r | |
99 | @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers\r | |
100 | should still be called.\r | |
101 | @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should\r | |
102 | still be called.\r | |
103 | @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still\r | |
104 | be called.\r | |
105 | @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r | |
106 | **/\r | |
107 | EFI_STATUS\r | |
108 | EFIAPI\r | |
109 | SmmLockBoxS3EntryCallBack (\r | |
110 | IN EFI_HANDLE DispatchHandle,\r | |
111 | IN CONST VOID *Context OPTIONAL,\r | |
112 | IN OUT VOID *CommBuffer OPTIONAL,\r | |
113 | IN OUT UINTN *CommBufferSize OPTIONAL\r | |
114 | )\r | |
115 | {\r | |
116 | mSmmLockBoxDuringS3Resume = TRUE;\r | |
117 | return EFI_SUCCESS;\r | |
118 | }\r | |
119 | \r | |
120 | /**\r | |
121 | Notification for SMM EndOfDxe protocol.\r | |
122 | \r | |
123 | @param[in] Protocol Points to the protocol's unique identifier.\r | |
124 | @param[in] Interface Points to the interface instance.\r | |
125 | @param[in] Handle The handle on which the interface was installed.\r | |
126 | \r | |
127 | @retval EFI_SUCCESS Notification runs successfully.\r | |
128 | **/\r | |
129 | EFI_STATUS\r | |
130 | EFIAPI\r | |
131 | SmmLockBoxSmmEndOfDxeNotify (\r | |
132 | IN CONST EFI_GUID *Protocol,\r | |
133 | IN VOID *Interface,\r | |
134 | IN EFI_HANDLE Handle\r | |
135 | )\r | |
136 | {\r | |
137 | EFI_STATUS Status;\r | |
138 | EFI_SMM_SX_DISPATCH2_PROTOCOL *SxDispatch;\r | |
139 | EFI_SMM_SX_REGISTER_CONTEXT EntryRegisterContext;\r | |
140 | EFI_HANDLE S3EntryHandle;\r | |
141 | \r | |
142 | //\r | |
143 | // Locate SmmSxDispatch2 protocol.\r | |
144 | //\r | |
145 | Status = gSmst->SmmLocateProtocol (\r | |
146 | &gEfiSmmSxDispatch2ProtocolGuid,\r | |
147 | NULL,\r | |
148 | (VOID **)&SxDispatch\r | |
149 | );\r | |
150 | if (!EFI_ERROR (Status) && (SxDispatch != NULL)) {\r | |
151 | //\r | |
152 | // Register a S3 entry callback function to\r | |
153 | // determine if it will be during S3 resume.\r | |
154 | //\r | |
155 | EntryRegisterContext.Type = SxS3;\r | |
156 | EntryRegisterContext.Phase = SxEntry;\r | |
157 | Status = SxDispatch->Register (\r | |
158 | SxDispatch,\r | |
159 | SmmLockBoxS3EntryCallBack,\r | |
160 | &EntryRegisterContext,\r | |
161 | &S3EntryHandle\r | |
162 | );\r | |
163 | ASSERT_EFI_ERROR (Status);\r | |
164 | }\r | |
165 | \r | |
166 | return EFI_SUCCESS;\r | |
167 | }\r | |
168 | \r | |
169 | /**\r | |
170 | Notification for SMM EndOfS3Resume protocol.\r | |
171 | \r | |
172 | @param[in] Protocol Points to the protocol's unique identifier.\r | |
173 | @param[in] Interface Points to the interface instance.\r | |
174 | @param[in] Handle The handle on which the interface was installed.\r | |
175 | \r | |
176 | @retval EFI_SUCCESS Notification runs successfully.\r | |
177 | **/\r | |
178 | EFI_STATUS\r | |
179 | EFIAPI\r | |
180 | SmmLockBoxEndOfS3ResumeNotify (\r | |
181 | IN CONST EFI_GUID *Protocol,\r | |
182 | IN VOID *Interface,\r | |
183 | IN EFI_HANDLE Handle\r | |
184 | )\r | |
185 | {\r | |
186 | mSmmLockBoxDuringS3Resume = FALSE;\r | |
187 | return EFI_SUCCESS;\r | |
188 | }\r | |
189 | \r | |
1c837cd5 | 190 | /**\r |
191 | Constructor for SmmLockBox library.\r | |
192 | This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later.\r | |
193 | \r | |
194 | @param[in] ImageHandle Image handle of this driver.\r | |
195 | @param[in] SystemTable A Pointer to the EFI System Table.\r | |
196 | \r | |
d1102dba | 197 | @retval EFI_SUCEESS\r |
1c837cd5 | 198 | @return Others Some error occurs.\r |
199 | **/\r | |
200 | EFI_STATUS\r | |
201 | EFIAPI\r | |
da9d39c2 | 202 | SmmLockBoxSmmConstructor (\r |
1c837cd5 | 203 | IN EFI_HANDLE ImageHandle,\r |
204 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
205 | )\r | |
206 | {\r | |
207 | EFI_STATUS Status;\r | |
208 | SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;\r | |
209 | \r | |
481ffd6f | 210 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructor - Enter\n"));\r |
1c837cd5 | 211 | \r |
6bd4af30 SZ |
212 | //\r |
213 | // Register SmmReadyToLock notification.\r | |
214 | //\r | |
215 | Status = gSmst->SmmRegisterProtocolNotify (\r | |
216 | &gEfiSmmReadyToLockProtocolGuid,\r | |
217 | SmmLockBoxSmmReadyToLockNotify,\r | |
218 | &mSmmLockBoxRegistrationSmmReadyToLock\r | |
219 | );\r | |
220 | ASSERT_EFI_ERROR (Status);\r | |
221 | \r | |
222 | //\r | |
223 | // Register SmmEndOfDxe notification.\r | |
224 | //\r | |
225 | Status = gSmst->SmmRegisterProtocolNotify (\r | |
226 | &gEfiSmmEndOfDxeProtocolGuid,\r | |
227 | SmmLockBoxSmmEndOfDxeNotify,\r | |
228 | &mSmmLockBoxRegistrationSmmEndOfDxe\r | |
229 | );\r | |
230 | ASSERT_EFI_ERROR (Status);\r | |
231 | \r | |
232 | //\r | |
233 | // Register EndOfS3Resume notification.\r | |
234 | //\r | |
235 | Status = gSmst->SmmRegisterProtocolNotify (\r | |
236 | &gEdkiiEndOfS3ResumeGuid,\r | |
237 | SmmLockBoxEndOfS3ResumeNotify,\r | |
238 | &mSmmLockBoxRegistrationEndOfS3Resume\r | |
239 | );\r | |
240 | ASSERT_EFI_ERROR (Status);\r | |
241 | \r | |
1c837cd5 | 242 | //\r |
243 | // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone\r | |
244 | //\r | |
245 | SmmLockBoxContext = InternalGetSmmLockBoxContext ();\r | |
246 | if (SmmLockBoxContext != NULL) {\r | |
247 | //\r | |
248 | // Find it. That means some other library instance is already run.\r | |
249 | // No need to install again, just return.\r | |
250 | //\r | |
481ffd6f HW |
251 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - already installed\n"));\r |
252 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructor - Exit\n"));\r | |
1c837cd5 | 253 | return EFI_SUCCESS;\r |
254 | }\r | |
255 | \r | |
256 | //\r | |
257 | // If no one install this, it means this is first instance. Install it.\r | |
258 | //\r | |
259 | if (sizeof(UINTN) == sizeof(UINT64)) {\r | |
260 | mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_64;\r | |
261 | } else {\r | |
262 | mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_32;\r | |
263 | }\r | |
264 | mSmmLockBoxContext.LockBoxDataAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)&mLockBoxQueue;\r | |
265 | \r | |
266 | Status = gSmst->SmmInstallConfigurationTable (\r | |
267 | gSmst,\r | |
268 | &gEfiSmmLockBoxCommunicationGuid,\r | |
269 | &mSmmLockBoxContext,\r | |
270 | sizeof(mSmmLockBoxContext)\r | |
271 | );\r | |
272 | ASSERT_EFI_ERROR (Status);\r | |
738df706 | 273 | mSmmConfigurationTableInstalled = TRUE;\r |
1c837cd5 | 274 | \r |
481ffd6f HW |
275 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - %x\n", (UINTN)&mSmmLockBoxContext));\r |
276 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib LockBoxDataAddress - %x\n", (UINTN)&mLockBoxQueue));\r | |
277 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructor - Exit\n"));\r | |
1c837cd5 | 278 | \r |
279 | return Status;\r | |
280 | }\r | |
281 | \r | |
738df706 SZ |
282 | /**\r |
283 | Destructor for SmmLockBox library.\r | |
284 | This is used to uninstall SmmLockBoxCommunication configuration table\r | |
285 | if it has been installed in Constructor.\r | |
286 | \r | |
287 | @param[in] ImageHandle Image handle of this driver.\r | |
288 | @param[in] SystemTable A Pointer to the EFI System Table.\r | |
289 | \r | |
290 | @retval EFI_SUCEESS The destructor always returns EFI_SUCCESS.\r | |
291 | \r | |
292 | **/\r | |
293 | EFI_STATUS\r | |
294 | EFIAPI\r | |
295 | SmmLockBoxSmmDestructor (\r | |
296 | IN EFI_HANDLE ImageHandle,\r | |
297 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
298 | )\r | |
299 | {\r | |
300 | EFI_STATUS Status;\r | |
301 | \r | |
481ffd6f | 302 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmDestructor in %a module\n", gEfiCallerBaseName));\r |
738df706 SZ |
303 | \r |
304 | if (mSmmConfigurationTableInstalled) {\r | |
305 | Status = gSmst->SmmInstallConfigurationTable (\r | |
306 | gSmst,\r | |
307 | &gEfiSmmLockBoxCommunicationGuid,\r | |
308 | NULL,\r | |
309 | 0\r | |
310 | );\r | |
311 | ASSERT_EFI_ERROR (Status);\r | |
481ffd6f | 312 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib uninstall SmmLockBoxCommunication configuration table\n"));\r |
738df706 SZ |
313 | }\r |
314 | \r | |
6bd4af30 SZ |
315 | if (mSmmLockBoxRegistrationSmmReadyToLock != NULL) {\r |
316 | //\r | |
317 | // Unregister SmmReadyToLock notification.\r | |
318 | //\r | |
319 | Status = gSmst->SmmRegisterProtocolNotify (\r | |
320 | &gEfiSmmReadyToLockProtocolGuid,\r | |
321 | NULL,\r | |
322 | &mSmmLockBoxRegistrationSmmReadyToLock\r | |
323 | );\r | |
324 | ASSERT_EFI_ERROR (Status);\r | |
325 | }\r | |
326 | if (mSmmLockBoxRegistrationSmmEndOfDxe != NULL) {\r | |
327 | //\r | |
328 | // Unregister SmmEndOfDxe notification.\r | |
329 | //\r | |
330 | Status = gSmst->SmmRegisterProtocolNotify (\r | |
331 | &gEfiSmmEndOfDxeProtocolGuid,\r | |
332 | NULL,\r | |
333 | &mSmmLockBoxRegistrationSmmEndOfDxe\r | |
334 | );\r | |
335 | ASSERT_EFI_ERROR (Status);\r | |
336 | }\r | |
337 | if (mSmmLockBoxRegistrationEndOfS3Resume != NULL) {\r | |
338 | //\r | |
339 | // Unregister EndOfS3Resume notification.\r | |
340 | //\r | |
341 | Status = gSmst->SmmRegisterProtocolNotify (\r | |
342 | &gEdkiiEndOfS3ResumeGuid,\r | |
343 | NULL,\r | |
344 | &mSmmLockBoxRegistrationEndOfS3Resume\r | |
345 | );\r | |
346 | ASSERT_EFI_ERROR (Status);\r | |
347 | }\r | |
348 | \r | |
738df706 SZ |
349 | return EFI_SUCCESS;\r |
350 | }\r | |
351 | \r | |
1c837cd5 | 352 | /**\r |
353 | This function return SmmLockBox queue address.\r | |
354 | \r | |
355 | @return SmmLockBox queue address.\r | |
356 | **/\r | |
357 | LIST_ENTRY *\r | |
358 | InternalGetLockBoxQueue (\r | |
359 | VOID\r | |
360 | )\r | |
361 | {\r | |
362 | SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;\r | |
363 | \r | |
364 | SmmLockBoxContext = InternalGetSmmLockBoxContext ();\r | |
365 | ASSERT (SmmLockBoxContext != NULL);\r | |
366 | if (SmmLockBoxContext == NULL) {\r | |
367 | return NULL;\r | |
368 | }\r | |
369 | return (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress;\r | |
370 | }\r | |
371 | \r | |
372 | /**\r | |
373 | This function find LockBox by GUID.\r | |
374 | \r | |
375 | @param Guid The guid to indentify the LockBox\r | |
376 | \r | |
377 | @return LockBoxData\r | |
378 | **/\r | |
379 | SMM_LOCK_BOX_DATA *\r | |
380 | InternalFindLockBoxByGuid (\r | |
381 | IN EFI_GUID *Guid\r | |
382 | )\r | |
383 | {\r | |
384 | LIST_ENTRY *Link;\r | |
385 | SMM_LOCK_BOX_DATA *LockBox;\r | |
386 | LIST_ENTRY *LockBoxQueue;\r | |
387 | \r | |
388 | LockBoxQueue = InternalGetLockBoxQueue ();\r | |
389 | ASSERT (LockBoxQueue != NULL);\r | |
390 | \r | |
391 | for (Link = LockBoxQueue->ForwardLink;\r | |
392 | Link != LockBoxQueue;\r | |
393 | Link = Link->ForwardLink) {\r | |
394 | LockBox = BASE_CR (\r | |
395 | Link,\r | |
396 | SMM_LOCK_BOX_DATA,\r | |
397 | Link\r | |
398 | );\r | |
399 | if (CompareGuid (&LockBox->Guid, Guid)) {\r | |
400 | return LockBox;\r | |
401 | }\r | |
402 | }\r | |
403 | return NULL;\r | |
404 | }\r | |
405 | \r | |
406 | /**\r | |
407 | This function will save confidential information to lockbox.\r | |
408 | \r | |
409 | @param Guid the guid to identify the confidential information\r | |
410 | @param Buffer the address of the confidential information\r | |
411 | @param Length the length of the confidential information\r | |
412 | \r | |
413 | @retval RETURN_SUCCESS the information is saved successfully.\r | |
414 | @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0\r | |
415 | @retval RETURN_ALREADY_STARTED the requested GUID already exist.\r | |
416 | @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.\r | |
417 | @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r | |
418 | @retval RETURN_NOT_STARTED it is too early to invoke this interface\r | |
419 | @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r | |
420 | **/\r | |
421 | RETURN_STATUS\r | |
422 | EFIAPI\r | |
423 | SaveLockBox (\r | |
424 | IN GUID *Guid,\r | |
425 | IN VOID *Buffer,\r | |
426 | IN UINTN Length\r | |
427 | )\r | |
428 | {\r | |
429 | SMM_LOCK_BOX_DATA *LockBox;\r | |
430 | EFI_PHYSICAL_ADDRESS SmramBuffer;\r | |
431 | EFI_STATUS Status;\r | |
432 | LIST_ENTRY *LockBoxQueue;\r | |
433 | \r | |
481ffd6f | 434 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Enter\n"));\r |
1c837cd5 | 435 | \r |
436 | //\r | |
437 | // Basic check\r | |
438 | //\r | |
439 | if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {\r | |
481ffd6f | 440 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));\r |
1c837cd5 | 441 | return EFI_INVALID_PARAMETER;\r |
442 | }\r | |
443 | \r | |
444 | //\r | |
445 | // Find LockBox\r | |
446 | //\r | |
447 | LockBox = InternalFindLockBoxByGuid (Guid);\r | |
448 | if (LockBox != NULL) {\r | |
481ffd6f | 449 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_ALREADY_STARTED));\r |
1c837cd5 | 450 | return EFI_ALREADY_STARTED;\r |
451 | }\r | |
452 | \r | |
453 | //\r | |
454 | // Allocate SMRAM buffer\r | |
455 | //\r | |
456 | Status = gSmst->SmmAllocatePages (\r | |
457 | AllocateAnyPages,\r | |
458 | EfiRuntimeServicesData,\r | |
459 | EFI_SIZE_TO_PAGES (Length),\r | |
460 | &SmramBuffer\r | |
461 | );\r | |
462 | ASSERT_EFI_ERROR (Status);\r | |
463 | if (EFI_ERROR (Status)) {\r | |
481ffd6f | 464 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));\r |
1c837cd5 | 465 | return EFI_OUT_OF_RESOURCES;\r |
466 | }\r | |
467 | \r | |
468 | //\r | |
469 | // Allocate LockBox\r | |
470 | //\r | |
471 | Status = gSmst->SmmAllocatePool (\r | |
472 | EfiRuntimeServicesData,\r | |
473 | sizeof(*LockBox),\r | |
474 | (VOID **)&LockBox\r | |
475 | );\r | |
476 | ASSERT_EFI_ERROR (Status);\r | |
477 | if (EFI_ERROR (Status)) {\r | |
478 | gSmst->SmmFreePages (SmramBuffer, EFI_SIZE_TO_PAGES (Length));\r | |
481ffd6f | 479 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));\r |
1c837cd5 | 480 | return EFI_OUT_OF_RESOURCES;\r |
481 | }\r | |
482 | \r | |
483 | //\r | |
484 | // Save data\r | |
485 | //\r | |
486 | CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)Buffer, Length);\r | |
487 | \r | |
488 | //\r | |
489 | // Insert LockBox to queue\r | |
490 | //\r | |
491 | LockBox->Signature = SMM_LOCK_BOX_DATA_SIGNATURE;\r | |
492 | CopyMem (&LockBox->Guid, Guid, sizeof(EFI_GUID));\r | |
493 | LockBox->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;\r | |
494 | LockBox->Length = (UINT64)Length;\r | |
05ca95e2 | 495 | LockBox->Attributes = 0;\r |
1c837cd5 | 496 | LockBox->SmramBuffer = SmramBuffer;\r |
ef96ba3c SZ |
497 | \r |
498 | DEBUG ((\r | |
481ffd6f | 499 | DEBUG_INFO,\r |
ef96ba3c SZ |
500 | "LockBoxGuid - %g, SmramBuffer - 0x%lx, Length - 0x%lx\n",\r |
501 | &LockBox->Guid,\r | |
502 | LockBox->SmramBuffer,\r | |
503 | LockBox->Length\r | |
504 | ));\r | |
505 | \r | |
1c837cd5 | 506 | LockBoxQueue = InternalGetLockBoxQueue ();\r |
507 | ASSERT (LockBoxQueue != NULL);\r | |
508 | InsertTailList (LockBoxQueue, &LockBox->Link);\r | |
509 | \r | |
510 | //\r | |
511 | // Done\r | |
512 | //\r | |
481ffd6f | 513 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_SUCCESS));\r |
1c837cd5 | 514 | return EFI_SUCCESS;\r |
515 | }\r | |
516 | \r | |
517 | /**\r | |
518 | This function will set lockbox attributes.\r | |
519 | \r | |
520 | @param Guid the guid to identify the confidential information\r | |
521 | @param Attributes the attributes of the lockbox\r | |
522 | \r | |
523 | @retval RETURN_SUCCESS the information is saved successfully.\r | |
524 | @retval RETURN_INVALID_PARAMETER attributes is invalid.\r | |
525 | @retval RETURN_NOT_FOUND the requested GUID not found.\r | |
526 | @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r | |
527 | @retval RETURN_NOT_STARTED it is too early to invoke this interface\r | |
528 | @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r | |
529 | **/\r | |
530 | RETURN_STATUS\r | |
531 | EFIAPI\r | |
532 | SetLockBoxAttributes (\r | |
533 | IN GUID *Guid,\r | |
534 | IN UINT64 Attributes\r | |
535 | )\r | |
536 | {\r | |
537 | SMM_LOCK_BOX_DATA *LockBox;\r | |
538 | \r | |
481ffd6f | 539 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Enter\n"));\r |
1c837cd5 | 540 | \r |
541 | //\r | |
542 | // Basic check\r | |
543 | //\r | |
544 | if ((Guid == NULL) ||\r | |
6bd4af30 | 545 | ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) {\r |
481ffd6f | 546 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER));\r |
6bd4af30 SZ |
547 | return EFI_INVALID_PARAMETER;\r |
548 | }\r | |
549 | \r | |
550 | if (((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) &&\r | |
551 | ((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0)) {\r | |
481ffd6f HW |
552 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER));\r |
553 | DEBUG ((DEBUG_INFO, " LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE and LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY\n\n"));\r | |
554 | DEBUG ((DEBUG_INFO, " can not be set together\n"));\r | |
1c837cd5 | 555 | return EFI_INVALID_PARAMETER;\r |
556 | }\r | |
557 | \r | |
558 | //\r | |
559 | // Find LockBox\r | |
560 | //\r | |
561 | LockBox = InternalFindLockBoxByGuid (Guid);\r | |
562 | if (LockBox == NULL) {\r | |
481ffd6f | 563 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_NOT_FOUND));\r |
1c837cd5 | 564 | return EFI_NOT_FOUND;\r |
565 | }\r | |
566 | \r | |
6bd4af30 SZ |
567 | if ((((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) &&\r |
568 | ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0)) ||\r | |
569 | (((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) &&\r | |
570 | ((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0))) {\r | |
481ffd6f HW |
571 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes 0x%lx 0x%lx - Exit (%r)\n", LockBox->Attributes, Attributes, EFI_INVALID_PARAMETER));\r |
572 | DEBUG ((DEBUG_INFO, " LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE and LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY\n\n"));\r | |
573 | DEBUG ((DEBUG_INFO, " can not be set together\n"));\r | |
6bd4af30 SZ |
574 | return EFI_INVALID_PARAMETER;\r |
575 | }\r | |
576 | \r | |
1c837cd5 | 577 | //\r |
578 | // Update data\r | |
579 | //\r | |
580 | LockBox->Attributes = Attributes;\r | |
581 | \r | |
582 | //\r | |
583 | // Done\r | |
584 | //\r | |
481ffd6f | 585 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_SUCCESS));\r |
1c837cd5 | 586 | return EFI_SUCCESS;\r |
587 | }\r | |
588 | \r | |
589 | /**\r | |
590 | This function will update confidential information to lockbox.\r | |
591 | \r | |
592 | @param Guid the guid to identify the original confidential information\r | |
593 | @param Offset the offset of the original confidential information\r | |
594 | @param Buffer the address of the updated confidential information\r | |
595 | @param Length the length of the updated confidential information\r | |
596 | \r | |
597 | @retval RETURN_SUCCESS the information is saved successfully.\r | |
598 | @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.\r | |
599 | @retval RETURN_NOT_FOUND the requested GUID not found.\r | |
99383667 HW |
600 | @retval RETURN_BUFFER_TOO_SMALL for lockbox without attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY,\r |
601 | the original buffer to too small to hold new information.\r | |
602 | @retval RETURN_OUT_OF_RESOURCES for lockbox with attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY,\r | |
603 | no enough resource to save the information.\r | |
1c837cd5 | 604 | @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r |
605 | @retval RETURN_NOT_STARTED it is too early to invoke this interface\r | |
606 | @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r | |
607 | **/\r | |
608 | RETURN_STATUS\r | |
609 | EFIAPI\r | |
610 | UpdateLockBox (\r | |
611 | IN GUID *Guid,\r | |
612 | IN UINTN Offset,\r | |
613 | IN VOID *Buffer,\r | |
614 | IN UINTN Length\r | |
615 | )\r | |
616 | {\r | |
617 | SMM_LOCK_BOX_DATA *LockBox;\r | |
99383667 HW |
618 | EFI_PHYSICAL_ADDRESS SmramBuffer;\r |
619 | EFI_STATUS Status;\r | |
1c837cd5 | 620 | \r |
481ffd6f | 621 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Enter\n"));\r |
1c837cd5 | 622 | \r |
623 | //\r | |
624 | // Basic check\r | |
625 | //\r | |
99383667 HW |
626 | if ((Guid == NULL) || (Buffer == NULL) || (Length == 0) ||\r |
627 | (Length > MAX_UINTN - Offset)) {\r | |
481ffd6f | 628 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));\r |
1c837cd5 | 629 | return EFI_INVALID_PARAMETER;\r |
630 | }\r | |
631 | \r | |
632 | //\r | |
633 | // Find LockBox\r | |
634 | //\r | |
635 | LockBox = InternalFindLockBoxByGuid (Guid);\r | |
636 | if (LockBox == NULL) {\r | |
481ffd6f | 637 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_NOT_FOUND));\r |
1c837cd5 | 638 | return EFI_NOT_FOUND;\r |
639 | }\r | |
640 | \r | |
641 | //\r | |
642 | // Update data\r | |
643 | //\r | |
644 | if (LockBox->Length < Offset + Length) {\r | |
99383667 HW |
645 | if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0) {\r |
646 | //\r | |
647 | // If 'LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY' attribute is set, enlarge the\r | |
648 | // LockBox.\r | |
649 | //\r | |
650 | DEBUG ((\r | |
651 | DEBUG_INFO,\r | |
652 | "SmmLockBoxSmmLib UpdateLockBox - Origin LockBox too small, enlarge.\n"\r | |
653 | ));\r | |
654 | \r | |
655 | if (EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES ((UINTN)LockBox->Length)) < Offset + Length) {\r | |
656 | //\r | |
657 | // In SaveLockBox(), the SMRAM buffer allocated for LockBox is of page\r | |
658 | // granularity. Here, if the required size is larger than the origin size\r | |
659 | // of the pages, allocate new buffer from SMRAM to enlarge the LockBox.\r | |
660 | //\r | |
661 | DEBUG ((\r | |
662 | DEBUG_INFO,\r | |
663 | "SmmLockBoxSmmLib UpdateLockBox - Allocate new buffer to enlarge.\n"\r | |
664 | ));\r | |
665 | Status = gSmst->SmmAllocatePages (\r | |
666 | AllocateAnyPages,\r | |
667 | EfiRuntimeServicesData,\r | |
668 | EFI_SIZE_TO_PAGES (Offset + Length),\r | |
669 | &SmramBuffer\r | |
670 | );\r | |
671 | if (EFI_ERROR (Status)) {\r | |
672 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));\r | |
673 | return EFI_OUT_OF_RESOURCES;\r | |
674 | }\r | |
675 | \r | |
676 | //\r | |
677 | // Copy origin data to the new SMRAM buffer and wipe the content in the\r | |
678 | // origin SMRAM buffer.\r | |
679 | //\r | |
680 | CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);\r | |
681 | ZeroMem ((VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);\r | |
682 | gSmst->SmmFreePages (LockBox->SmramBuffer, EFI_SIZE_TO_PAGES ((UINTN)LockBox->Length));\r | |
683 | \r | |
684 | LockBox->SmramBuffer = SmramBuffer;\r | |
685 | }\r | |
686 | \r | |
687 | //\r | |
688 | // Handle uninitialized content in the LockBox.\r | |
689 | //\r | |
690 | if (Offset > LockBox->Length) {\r | |
691 | ZeroMem (\r | |
692 | (VOID *)((UINTN)LockBox->SmramBuffer + (UINTN)LockBox->Length),\r | |
693 | Offset - (UINTN)LockBox->Length\r | |
694 | );\r | |
695 | }\r | |
696 | LockBox->Length = Offset + Length;\r | |
697 | } else {\r | |
698 | //\r | |
699 | // If 'LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY' attribute is NOT set, return\r | |
700 | // EFI_BUFFER_TOO_SMALL directly.\r | |
701 | //\r | |
702 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));\r | |
703 | return EFI_BUFFER_TOO_SMALL;\r | |
704 | }\r | |
1c837cd5 | 705 | }\r |
579b5ef2 | 706 | ASSERT ((UINTN)LockBox->SmramBuffer <= (MAX_ADDRESS - Offset));\r |
1c837cd5 | 707 | CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length);\r |
708 | \r | |
709 | //\r | |
710 | // Done\r | |
711 | //\r | |
481ffd6f | 712 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_SUCCESS));\r |
1c837cd5 | 713 | return EFI_SUCCESS;\r |
714 | }\r | |
715 | \r | |
716 | /**\r | |
717 | This function will restore confidential information from lockbox.\r | |
718 | \r | |
719 | @param Guid the guid to identify the confidential information\r | |
720 | @param Buffer the address of the restored confidential information\r | |
721 | NULL means restored to original address, Length MUST be NULL at same time.\r | |
722 | @param Length the length of the restored confidential information\r | |
723 | \r | |
724 | @retval RETURN_SUCCESS the information is restored successfully.\r | |
725 | @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.\r | |
d1102dba | 726 | @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no\r |
1c837cd5 | 727 | LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.\r |
728 | @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.\r | |
729 | @retval RETURN_NOT_FOUND the requested GUID not found.\r | |
730 | @retval RETURN_NOT_STARTED it is too early to invoke this interface\r | |
731 | @retval RETURN_ACCESS_DENIED not allow to restore to the address\r | |
732 | @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r | |
733 | **/\r | |
734 | RETURN_STATUS\r | |
735 | EFIAPI\r | |
736 | RestoreLockBox (\r | |
737 | IN GUID *Guid,\r | |
738 | IN VOID *Buffer, OPTIONAL\r | |
739 | IN OUT UINTN *Length OPTIONAL\r | |
740 | )\r | |
741 | {\r | |
742 | SMM_LOCK_BOX_DATA *LockBox;\r | |
743 | VOID *RestoreBuffer;\r | |
744 | \r | |
481ffd6f | 745 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Enter\n"));\r |
1c837cd5 | 746 | \r |
747 | //\r | |
748 | // Restore this, Buffer and Length MUST be both NULL or both non-NULL\r | |
749 | //\r | |
750 | if ((Guid == NULL) ||\r | |
751 | ((Buffer == NULL) && (Length != NULL)) ||\r | |
752 | ((Buffer != NULL) && (Length == NULL))) {\r | |
481ffd6f | 753 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));\r |
1c837cd5 | 754 | return EFI_INVALID_PARAMETER;\r |
755 | }\r | |
756 | \r | |
757 | //\r | |
758 | // Find LockBox\r | |
759 | //\r | |
760 | LockBox = InternalFindLockBoxByGuid (Guid);\r | |
761 | if (LockBox == NULL) {\r | |
762 | //\r | |
763 | // Not found\r | |
764 | //\r | |
481ffd6f | 765 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_NOT_FOUND));\r |
1c837cd5 | 766 | return EFI_NOT_FOUND;\r |
767 | }\r | |
768 | \r | |
6bd4af30 SZ |
769 | if (((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0) &&\r |
770 | mSmmLockBoxSmmReadyToLock &&\r | |
771 | !mSmmLockBoxDuringS3Resume) {\r | |
772 | //\r | |
773 | // With LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY,\r | |
774 | // this LockBox can be restored in S3 resume only.\r | |
775 | //\r | |
776 | return EFI_ACCESS_DENIED;\r | |
777 | }\r | |
778 | \r | |
1c837cd5 | 779 | //\r |
780 | // Set RestoreBuffer\r | |
781 | //\r | |
782 | if (Buffer != NULL) {\r | |
783 | //\r | |
784 | // restore to new buffer\r | |
785 | //\r | |
786 | RestoreBuffer = Buffer;\r | |
787 | } else {\r | |
788 | //\r | |
789 | // restore to original buffer\r | |
790 | //\r | |
791 | if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) {\r | |
481ffd6f | 792 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_WRITE_PROTECTED));\r |
1c837cd5 | 793 | return EFI_WRITE_PROTECTED;\r |
794 | }\r | |
795 | RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer;\r | |
796 | }\r | |
797 | \r | |
798 | //\r | |
799 | // Set RestoreLength\r | |
800 | //\r | |
801 | if (Length != NULL) {\r | |
802 | if (*Length < (UINTN)LockBox->Length) {\r | |
803 | //\r | |
804 | // Input buffer is too small to hold all data.\r | |
805 | //\r | |
806 | *Length = (UINTN)LockBox->Length;\r | |
481ffd6f | 807 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));\r |
1c837cd5 | 808 | return EFI_BUFFER_TOO_SMALL;\r |
809 | }\r | |
810 | *Length = (UINTN)LockBox->Length;\r | |
811 | }\r | |
812 | \r | |
813 | //\r | |
814 | // Restore data\r | |
815 | //\r | |
816 | CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);\r | |
817 | \r | |
818 | //\r | |
819 | // Done\r | |
820 | //\r | |
481ffd6f | 821 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_SUCCESS));\r |
1c837cd5 | 822 | return EFI_SUCCESS;\r |
823 | }\r | |
824 | \r | |
825 | /**\r | |
826 | This function will restore confidential information from all lockbox which have RestoreInPlace attribute.\r | |
827 | \r | |
828 | @retval RETURN_SUCCESS the information is restored successfully.\r | |
829 | @retval RETURN_NOT_STARTED it is too early to invoke this interface\r | |
830 | @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r | |
831 | **/\r | |
832 | RETURN_STATUS\r | |
833 | EFIAPI\r | |
834 | RestoreAllLockBoxInPlace (\r | |
835 | VOID\r | |
836 | )\r | |
837 | {\r | |
838 | SMM_LOCK_BOX_DATA *LockBox;\r | |
839 | LIST_ENTRY *Link;\r | |
840 | LIST_ENTRY *LockBoxQueue;\r | |
841 | \r | |
481ffd6f | 842 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n"));\r |
1c837cd5 | 843 | \r |
844 | LockBoxQueue = InternalGetLockBoxQueue ();\r | |
845 | ASSERT (LockBoxQueue != NULL);\r | |
846 | \r | |
847 | //\r | |
848 | // Restore all, Buffer and Length MUST be NULL\r | |
849 | //\r | |
850 | for (Link = LockBoxQueue->ForwardLink;\r | |
851 | Link != LockBoxQueue;\r | |
852 | Link = Link->ForwardLink) {\r | |
853 | LockBox = BASE_CR (\r | |
854 | Link,\r | |
855 | SMM_LOCK_BOX_DATA,\r | |
856 | Link\r | |
857 | );\r | |
858 | if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) {\r | |
859 | //\r | |
860 | // Restore data\r | |
861 | //\r | |
862 | CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);\r | |
863 | }\r | |
864 | }\r | |
865 | //\r | |
866 | // Done\r | |
867 | //\r | |
481ffd6f | 868 | DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Exit (%r)\n", EFI_SUCCESS));\r |
1c837cd5 | 869 | return EFI_SUCCESS;\r |
870 | }\r | |
871 | \r |