]>
Commit | Line | Data |
---|---|---|
355b181f BB |
1 | /** @file -- VariablePolicyLib.c\r |
2 | Business logic for Variable Policy enforcement.\r | |
3 | \r | |
4 | Copyright (c) Microsoft Corporation.\r | |
5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
6 | \r | |
7 | **/\r | |
8 | \r | |
9 | #include <Uefi.h>\r | |
10 | \r | |
11 | #include <Library/SafeIntLib.h>\r | |
12 | #include <Library/MemoryAllocationLib.h>\r | |
13 | #include <Library/BaseMemoryLib.h>\r | |
14 | #include <Library/DebugLib.h>\r | |
15 | #include <Library/PcdLib.h>\r | |
16 | \r | |
17 | #include <Protocol/VariablePolicy.h>\r | |
18 | #include <Library/VariablePolicyLib.h>\r | |
19 | \r | |
355b181f BB |
20 | // IMPORTANT NOTE: This library is currently rife with multiple return statements\r |
21 | // for error handling. A refactor should remove these at some point.\r | |
22 | \r | |
23 | //\r | |
24 | // This library was designed with advanced unit-test features.\r | |
25 | // This define handles the configuration.\r | |
26 | #ifdef INTERNAL_UNIT_TEST\r | |
1436aea4 | 27 | #undef STATIC\r |
355b181f BB |
28 | #define STATIC // Nothing...\r |
29 | #endif\r | |
30 | \r | |
31 | // An abstracted GetVariable interface that enables configuration regardless of the environment.\r | |
1436aea4 | 32 | EFI_GET_VARIABLE mGetVariableHelper = NULL;\r |
355b181f BB |
33 | \r |
34 | // Master switch to lock this entire interface. Does not stop enforcement,\r | |
35 | // just prevents the configuration from being changed for the rest of the boot.\r | |
1436aea4 | 36 | STATIC BOOLEAN mInterfaceLocked = FALSE;\r |
355b181f BB |
37 | \r |
38 | // Master switch to disable the entire interface for a single boot.\r | |
39 | // This will disable all policy enforcement for the duration of the boot.\r | |
1436aea4 | 40 | STATIC BOOLEAN mProtectionDisabled = FALSE;\r |
355b181f BB |
41 | \r |
42 | // Table to hold all the current policies.\r | |
1436aea4 MK |
43 | UINT8 *mPolicyTable = NULL;\r |
44 | STATIC UINT32 mCurrentTableSize = 0;\r | |
45 | STATIC UINT32 mCurrentTableUsage = 0;\r | |
46 | STATIC UINT32 mCurrentTableCount = 0;\r | |
355b181f | 47 | \r |
1436aea4 | 48 | #define POLICY_TABLE_STEP_SIZE 0x1000\r |
355b181f BB |
49 | \r |
50 | // NOTE: DO NOT USE THESE MACROS on any structure that has not been validated.\r | |
51 | // Current table data has already been sanitized.\r | |
1436aea4 MK |
52 | #define GET_NEXT_POLICY(CurPolicy) (VARIABLE_POLICY_ENTRY*)((UINT8*)CurPolicy + CurPolicy->Size)\r |
53 | #define GET_POLICY_NAME(CurPolicy) (CHAR16*)((UINTN)CurPolicy + CurPolicy->OffsetToName)\r | |
355b181f | 54 | \r |
1436aea4 MK |
55 | #define MATCH_PRIORITY_EXACT 0\r |
56 | #define MATCH_PRIORITY_MAX MATCH_PRIORITY_EXACT\r | |
57 | #define MATCH_PRIORITY_MIN MAX_UINT8\r | |
355b181f BB |
58 | \r |
59 | /**\r | |
60 | An extra init hook that enables the RuntimeDxe library instance to\r | |
61 | register VirtualAddress change callbacks. Among other things.\r | |
62 | \r | |
63 | @retval EFI_SUCCESS Everything is good. Continue with init.\r | |
64 | @retval Others Uh... don't continue.\r | |
65 | \r | |
66 | **/\r | |
67 | EFI_STATUS\r | |
68 | VariablePolicyExtraInit (\r | |
69 | VOID\r | |
70 | );\r | |
71 | \r | |
72 | /**\r | |
73 | An extra deinit hook that enables the RuntimeDxe library instance to\r | |
74 | register VirtualAddress change callbacks. Among other things.\r | |
75 | \r | |
76 | @retval EFI_SUCCESS Everything is good. Continue with deinit.\r | |
77 | @retval Others Uh... don't continue.\r | |
78 | \r | |
79 | **/\r | |
80 | EFI_STATUS\r | |
81 | VariablePolicyExtraDeinit (\r | |
82 | VOID\r | |
83 | );\r | |
84 | \r | |
355b181f BB |
85 | /**\r |
86 | This helper function determines whether the structure of an incoming policy\r | |
87 | is valid and internally consistent.\r | |
88 | \r | |
89 | @param[in] NewPolicy Pointer to the incoming policy structure.\r | |
90 | \r | |
91 | @retval TRUE\r | |
92 | @retval FALSE Pointer is NULL, size is wrong, strings are empty, or\r | |
93 | substructures overlap.\r | |
94 | \r | |
95 | **/\r | |
96 | STATIC\r | |
97 | BOOLEAN\r | |
98 | IsValidVariablePolicyStructure (\r | |
1436aea4 | 99 | IN CONST VARIABLE_POLICY_ENTRY *NewPolicy\r |
355b181f BB |
100 | )\r |
101 | {\r | |
1436aea4 MK |
102 | EFI_STATUS Status;\r |
103 | UINTN EntryEnd;\r | |
104 | CHAR16 *CheckChar;\r | |
105 | UINTN WildcardCount;\r | |
355b181f BB |
106 | \r |
107 | // Sanitize some quick values.\r | |
1436aea4 | 108 | if ((NewPolicy == NULL) || (NewPolicy->Size == 0) ||\r |
355b181f | 109 | // Structure size should be at least as long as the minumum structure and a NULL string.\r |
1436aea4 | 110 | (NewPolicy->Size < sizeof (VARIABLE_POLICY_ENTRY)) ||\r |
355b181f | 111 | // Check for the known revision.\r |
1436aea4 MK |
112 | (NewPolicy->Version != VARIABLE_POLICY_ENTRY_REVISION))\r |
113 | {\r | |
355b181f BB |
114 | return FALSE;\r |
115 | }\r | |
116 | \r | |
117 | // Calculate the theoretical end of the structure and make sure\r | |
118 | // that the structure can fit in memory.\r | |
1436aea4 MK |
119 | Status = SafeUintnAdd ((UINTN)NewPolicy, NewPolicy->Size, &EntryEnd);\r |
120 | if (EFI_ERROR (Status)) {\r | |
355b181f BB |
121 | return FALSE;\r |
122 | }\r | |
123 | \r | |
124 | // Check for a valid Max Size.\r | |
125 | if (NewPolicy->MaxSize == 0) {\r | |
126 | return FALSE;\r | |
127 | }\r | |
128 | \r | |
129 | // Check for the valid list of lock policies.\r | |
1436aea4 MK |
130 | if ((NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK) &&\r |
131 | (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW) &&\r | |
132 | (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) &&\r | |
133 | (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE))\r | |
355b181f BB |
134 | {\r |
135 | return FALSE;\r | |
136 | }\r | |
137 | \r | |
138 | // If the policy type is VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE, make sure that the matching state variable Name\r | |
139 | // terminates before the OffsetToName for the matching policy variable Name.\r | |
140 | if (NewPolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {\r | |
141 | // Adjust CheckChar to the offset of the LockPolicy->Name.\r | |
1436aea4 MK |
142 | Status = SafeUintnAdd (\r |
143 | (UINTN)NewPolicy + sizeof (VARIABLE_POLICY_ENTRY),\r | |
144 | sizeof (VARIABLE_LOCK_ON_VAR_STATE_POLICY),\r | |
145 | (UINTN *)&CheckChar\r | |
146 | );\r | |
147 | if (EFI_ERROR (Status) || (EntryEnd <= (UINTN)CheckChar)) {\r | |
355b181f BB |
148 | return FALSE;\r |
149 | }\r | |
1436aea4 | 150 | \r |
355b181f BB |
151 | while (*CheckChar != CHAR_NULL) {\r |
152 | if (EntryEnd <= (UINTN)CheckChar) {\r | |
153 | return FALSE;\r | |
154 | }\r | |
1436aea4 | 155 | \r |
355b181f BB |
156 | CheckChar++;\r |
157 | }\r | |
1436aea4 | 158 | \r |
355b181f BB |
159 | // At this point we should have either exeeded the structure or be pointing at the last char in LockPolicy->Name.\r |
160 | // We should check to make sure that the policy Name comes immediately after this charcter.\r | |
1436aea4 | 161 | if ((UINTN)++ CheckChar != (UINTN)NewPolicy + NewPolicy->OffsetToName) {\r |
355b181f BB |
162 | return FALSE;\r |
163 | }\r | |
1436aea4 MK |
164 | \r |
165 | // If the policy type is any other value, make sure that the LockPolicy structure has a zero length.\r | |
355b181f | 166 | } else {\r |
1436aea4 | 167 | if (NewPolicy->OffsetToName != sizeof (VARIABLE_POLICY_ENTRY)) {\r |
355b181f BB |
168 | return FALSE;\r |
169 | }\r | |
170 | }\r | |
171 | \r | |
172 | // Check to make sure that the name has a terminating character\r | |
173 | // before the end of the structure.\r | |
174 | // We've already checked that the name is within the bounds of the structure.\r | |
175 | if (NewPolicy->Size != NewPolicy->OffsetToName) {\r | |
1436aea4 | 176 | CheckChar = (CHAR16 *)((UINTN)NewPolicy + NewPolicy->OffsetToName);\r |
355b181f BB |
177 | WildcardCount = 0;\r |
178 | while (*CheckChar != CHAR_NULL) {\r | |
179 | // Make sure there aren't excessive wildcards.\r | |
180 | if (*CheckChar == '#') {\r | |
181 | WildcardCount++;\r | |
182 | if (WildcardCount > MATCH_PRIORITY_MIN) {\r | |
183 | return FALSE;\r | |
184 | }\r | |
185 | }\r | |
1436aea4 | 186 | \r |
355b181f BB |
187 | // Make sure you're still within the bounds of the policy structure.\r |
188 | if (EntryEnd <= (UINTN)CheckChar) {\r | |
189 | return FALSE;\r | |
190 | }\r | |
1436aea4 | 191 | \r |
355b181f BB |
192 | CheckChar++;\r |
193 | }\r | |
194 | \r | |
195 | // Finally, we should be pointed at the very last character in Name, so we should be right\r | |
196 | // up against the end of the structure.\r | |
1436aea4 | 197 | if ((UINTN)++ CheckChar != EntryEnd) {\r |
355b181f BB |
198 | return FALSE;\r |
199 | }\r | |
200 | }\r | |
201 | \r | |
202 | return TRUE;\r | |
203 | }\r | |
204 | \r | |
355b181f BB |
205 | /**\r |
206 | This helper function evaluates a policy and determines whether it matches the target\r | |
207 | variable. If matched, will also return a value corresponding to the priority of the match.\r | |
208 | \r | |
209 | The rules for "best match" are listed in the Variable Policy Spec.\r | |
210 | Perfect name matches will return 0.\r | |
211 | Single wildcard characters will return the number of wildcard characters.\r | |
212 | Full namespaces will return MAX_UINT8.\r | |
213 | \r | |
214 | @param[in] EvalEntry Pointer to the policy entry being evaluated.\r | |
215 | @param[in] VariableName Same as EFI_SET_VARIABLE.\r | |
216 | @param[in] VendorGuid Same as EFI_SET_VARIABLE.\r | |
217 | @param[out] MatchPriority [Optional] On finding a match, this value contains the priority of the match.\r | |
218 | Lower number == higher priority. Only valid if a match found.\r | |
219 | \r | |
220 | @retval TRUE Current entry matches the target variable.\r | |
221 | @retval FALSE Current entry does not match at all.\r | |
222 | \r | |
223 | **/\r | |
224 | STATIC\r | |
225 | BOOLEAN\r | |
226 | EvaluatePolicyMatch (\r | |
1436aea4 MK |
227 | IN CONST VARIABLE_POLICY_ENTRY *EvalEntry,\r |
228 | IN CONST CHAR16 *VariableName,\r | |
229 | IN CONST EFI_GUID *VendorGuid,\r | |
230 | OUT UINT8 *MatchPriority OPTIONAL\r | |
355b181f BB |
231 | )\r |
232 | {\r | |
1436aea4 MK |
233 | BOOLEAN Result;\r |
234 | CHAR16 *PolicyName;\r | |
235 | UINT8 CalculatedPriority;\r | |
236 | UINTN Index;\r | |
355b181f | 237 | \r |
1436aea4 | 238 | Result = FALSE;\r |
355b181f BB |
239 | CalculatedPriority = MATCH_PRIORITY_EXACT;\r |
240 | \r | |
241 | // Step 1: If the GUID doesn't match, we're done. No need to evaluate anything else.\r | |
1436aea4 | 242 | if (!CompareGuid (&EvalEntry->Namespace, VendorGuid)) {\r |
355b181f BB |
243 | goto Exit;\r |
244 | }\r | |
245 | \r | |
246 | // If the GUID matches, check to see whether there is a Name associated\r | |
247 | // with the policy. If not, this policy matches the entire namespace.\r | |
248 | // Missing Name is indicated by size being equal to name.\r | |
249 | if (EvalEntry->Size == EvalEntry->OffsetToName) {\r | |
250 | CalculatedPriority = MATCH_PRIORITY_MIN;\r | |
1436aea4 | 251 | Result = TRUE;\r |
355b181f BB |
252 | goto Exit;\r |
253 | }\r | |
254 | \r | |
255 | // Now that we know the name exists, get it.\r | |
1436aea4 | 256 | PolicyName = GET_POLICY_NAME (EvalEntry);\r |
355b181f BB |
257 | \r |
258 | // Evaluate the name against the policy name and check for a match.\r | |
259 | // Account for any wildcards.\r | |
1436aea4 | 260 | Index = 0;\r |
355b181f BB |
261 | Result = TRUE;\r |
262 | // Keep going until the end of both strings.\r | |
263 | while (PolicyName[Index] != CHAR_NULL || VariableName[Index] != CHAR_NULL) {\r | |
264 | // If we don't have a match...\r | |
1436aea4 | 265 | if ((PolicyName[Index] != VariableName[Index]) || (PolicyName[Index] == '#')) {\r |
355b181f BB |
266 | // If this is a numerical wildcard, we can consider\r |
267 | // it a match if we alter the priority.\r | |
1436aea4 MK |
268 | if ((PolicyName[Index] == L'#') &&\r |
269 | (((L'0' <= VariableName[Index]) && (VariableName[Index] <= L'9')) ||\r | |
270 | ((L'A' <= VariableName[Index]) && (VariableName[Index] <= L'F')) ||\r | |
271 | ((L'a' <= VariableName[Index]) && (VariableName[Index] <= L'f'))))\r | |
272 | {\r | |
355b181f BB |
273 | if (CalculatedPriority < MATCH_PRIORITY_MIN) {\r |
274 | CalculatedPriority++;\r | |
275 | }\r | |
1436aea4 MK |
276 | \r |
277 | // Otherwise, not a match.\r | |
355b181f BB |
278 | } else {\r |
279 | Result = FALSE;\r | |
280 | goto Exit;\r | |
281 | }\r | |
282 | }\r | |
1436aea4 | 283 | \r |
355b181f BB |
284 | Index++;\r |
285 | }\r | |
286 | \r | |
287 | Exit:\r | |
1436aea4 | 288 | if (Result && (MatchPriority != NULL)) {\r |
355b181f BB |
289 | *MatchPriority = CalculatedPriority;\r |
290 | }\r | |
1436aea4 | 291 | \r |
355b181f BB |
292 | return Result;\r |
293 | }\r | |
294 | \r | |
355b181f BB |
295 | /**\r |
296 | This helper function walks the current policy table and returns a pointer\r | |
297 | to the best match, if any are found. Leverages EvaluatePolicyMatch() to\r | |
298 | determine "best".\r | |
299 | \r | |
300 | @param[in] VariableName Same as EFI_SET_VARIABLE.\r | |
301 | @param[in] VendorGuid Same as EFI_SET_VARIABLE.\r | |
302 | @param[out] ReturnPriority [Optional] If pointer is provided, return the\r | |
303 | priority of the match. Same as EvaluatePolicyMatch().\r | |
304 | Only valid if a match is returned.\r | |
305 | \r | |
306 | @retval VARIABLE_POLICY_ENTRY* Best match that was found.\r | |
307 | @retval NULL No match was found.\r | |
308 | \r | |
309 | **/\r | |
310 | STATIC\r | |
1436aea4 | 311 | VARIABLE_POLICY_ENTRY *\r |
355b181f | 312 | GetBestPolicyMatch (\r |
1436aea4 MK |
313 | IN CONST CHAR16 *VariableName,\r |
314 | IN CONST EFI_GUID *VendorGuid,\r | |
315 | OUT UINT8 *ReturnPriority OPTIONAL\r | |
355b181f BB |
316 | )\r |
317 | {\r | |
1436aea4 MK |
318 | VARIABLE_POLICY_ENTRY *BestResult;\r |
319 | VARIABLE_POLICY_ENTRY *CurrentEntry;\r | |
320 | UINT8 MatchPriority;\r | |
321 | UINT8 CurrentPriority;\r | |
322 | UINTN Index;\r | |
355b181f | 323 | \r |
1436aea4 | 324 | BestResult = NULL;\r |
355b181f BB |
325 | MatchPriority = MATCH_PRIORITY_EXACT;\r |
326 | \r | |
327 | // Walk all entries in the table, looking for matches.\r | |
1436aea4 | 328 | CurrentEntry = (VARIABLE_POLICY_ENTRY *)mPolicyTable;\r |
355b181f BB |
329 | for (Index = 0; Index < mCurrentTableCount; Index++) {\r |
330 | // Check for a match.\r | |
1436aea4 | 331 | if (EvaluatePolicyMatch (CurrentEntry, VariableName, VendorGuid, &CurrentPriority)) {\r |
355b181f | 332 | // If match is better, take it.\r |
1436aea4 MK |
333 | if ((BestResult == NULL) || (CurrentPriority < MatchPriority)) {\r |
334 | BestResult = CurrentEntry;\r | |
355b181f BB |
335 | MatchPriority = CurrentPriority;\r |
336 | }\r | |
337 | \r | |
338 | // If you've hit the highest-priority match, can exit now.\r | |
339 | if (MatchPriority == 0) {\r | |
340 | break;\r | |
341 | }\r | |
342 | }\r | |
343 | \r | |
344 | // If we're still in the loop, move to the next entry.\r | |
1436aea4 | 345 | CurrentEntry = GET_NEXT_POLICY (CurrentEntry);\r |
355b181f BB |
346 | }\r |
347 | \r | |
348 | // If a return priority was requested, return it.\r | |
349 | if (ReturnPriority != NULL) {\r | |
350 | *ReturnPriority = MatchPriority;\r | |
351 | }\r | |
352 | \r | |
353 | return BestResult;\r | |
354 | }\r | |
355 | \r | |
355b181f BB |
356 | /**\r |
357 | This API function validates and registers a new policy with\r | |
358 | the policy enforcement engine.\r | |
359 | \r | |
360 | @param[in] NewPolicy Pointer to the incoming policy structure.\r | |
361 | \r | |
362 | @retval EFI_SUCCESS\r | |
363 | @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.\r | |
364 | @retval EFI_ALREADY_STARTED An identical matching policy already exists.\r | |
365 | @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.\r | |
366 | @retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.\r | |
367 | @retval EFI_ABORTED A calculation error has prevented this function from completing.\r | |
368 | @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.\r | |
369 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
370 | \r | |
371 | **/\r | |
372 | EFI_STATUS\r | |
373 | EFIAPI\r | |
374 | RegisterVariablePolicy (\r | |
1436aea4 | 375 | IN CONST VARIABLE_POLICY_ENTRY *NewPolicy\r |
355b181f BB |
376 | )\r |
377 | {\r | |
1436aea4 MK |
378 | EFI_STATUS Status;\r |
379 | VARIABLE_POLICY_ENTRY *MatchPolicy;\r | |
380 | UINT8 MatchPriority;\r | |
381 | UINT32 NewSize;\r | |
382 | UINT8 *NewTable;\r | |
355b181f | 383 | \r |
1436aea4 | 384 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
385 | return EFI_NOT_READY;\r |
386 | }\r | |
1436aea4 | 387 | \r |
355b181f BB |
388 | if (mInterfaceLocked) {\r |
389 | return EFI_WRITE_PROTECTED;\r | |
390 | }\r | |
391 | \r | |
1436aea4 | 392 | if (!IsValidVariablePolicyStructure (NewPolicy)) {\r |
355b181f BB |
393 | return EFI_INVALID_PARAMETER;\r |
394 | }\r | |
395 | \r | |
396 | // Check to see whether an exact matching policy already exists.\r | |
1436aea4 MK |
397 | MatchPolicy = GetBestPolicyMatch (\r |
398 | GET_POLICY_NAME (NewPolicy),\r | |
399 | &NewPolicy->Namespace,\r | |
400 | &MatchPriority\r | |
401 | );\r | |
402 | if ((MatchPolicy != NULL) && (MatchPriority == MATCH_PRIORITY_EXACT)) {\r | |
355b181f BB |
403 | return EFI_ALREADY_STARTED;\r |
404 | }\r | |
405 | \r | |
406 | // If none exists, create it.\r | |
407 | // If we need more space, allocate that now.\r | |
1436aea4 MK |
408 | Status = SafeUint32Add (mCurrentTableUsage, NewPolicy->Size, &NewSize);\r |
409 | if (EFI_ERROR (Status)) {\r | |
355b181f BB |
410 | return EFI_ABORTED;\r |
411 | }\r | |
1436aea4 | 412 | \r |
355b181f BB |
413 | if (NewSize > mCurrentTableSize) {\r |
414 | // Use NewSize to calculate the new table size in units of POLICY_TABLE_STEP_SIZE.\r | |
415 | NewSize = (NewSize % POLICY_TABLE_STEP_SIZE) > 0 ?\r | |
1436aea4 MK |
416 | (NewSize / POLICY_TABLE_STEP_SIZE) + 1 :\r |
417 | (NewSize / POLICY_TABLE_STEP_SIZE);\r | |
355b181f | 418 | // Calculate the new table size in absolute bytes.\r |
1436aea4 MK |
419 | Status = SafeUint32Mult (NewSize, POLICY_TABLE_STEP_SIZE, &NewSize);\r |
420 | if (EFI_ERROR (Status)) {\r | |
355b181f BB |
421 | return EFI_ABORTED;\r |
422 | }\r | |
423 | \r | |
424 | // Reallocate and copy the table.\r | |
1436aea4 | 425 | NewTable = AllocateRuntimePool (NewSize);\r |
355b181f BB |
426 | if (NewTable == NULL) {\r |
427 | return EFI_OUT_OF_RESOURCES;\r | |
428 | }\r | |
1436aea4 MK |
429 | \r |
430 | CopyMem (NewTable, mPolicyTable, mCurrentTableUsage);\r | |
355b181f BB |
431 | mCurrentTableSize = NewSize;\r |
432 | if (mPolicyTable != NULL) {\r | |
1436aea4 | 433 | FreePool (mPolicyTable);\r |
355b181f | 434 | }\r |
1436aea4 | 435 | \r |
355b181f BB |
436 | mPolicyTable = NewTable;\r |
437 | }\r | |
1436aea4 | 438 | \r |
355b181f | 439 | // Copy the policy into the table.\r |
1436aea4 | 440 | CopyMem (mPolicyTable + mCurrentTableUsage, NewPolicy, NewPolicy->Size);\r |
355b181f BB |
441 | mCurrentTableUsage += NewPolicy->Size;\r |
442 | mCurrentTableCount += 1;\r | |
443 | \r | |
444 | // We're done here.\r | |
445 | \r | |
446 | return EFI_SUCCESS;\r | |
447 | }\r | |
448 | \r | |
355b181f BB |
449 | /**\r |
450 | This API function checks to see whether the parameters to SetVariable would\r | |
451 | be allowed according to the current variable policies.\r | |
452 | \r | |
453 | @param[in] VariableName Same as EFI_SET_VARIABLE.\r | |
454 | @param[in] VendorGuid Same as EFI_SET_VARIABLE.\r | |
455 | @param[in] Attributes Same as EFI_SET_VARIABLE.\r | |
456 | @param[in] DataSize Same as EFI_SET_VARIABLE.\r | |
457 | @param[in] Data Same as EFI_SET_VARIABLE.\r | |
458 | \r | |
459 | @retval EFI_SUCCESS A matching policy allows this update.\r | |
460 | @retval EFI_SUCCESS There are currently no policies that restrict this update.\r | |
461 | @retval EFI_SUCCESS The protections have been disable until the next reboot.\r | |
462 | @retval EFI_WRITE_PROTECTED Variable is currently locked.\r | |
463 | @retval EFI_INVALID_PARAMETER Attributes or size are invalid.\r | |
464 | @retval EFI_ABORTED A lock policy exists, but an error prevented evaluation.\r | |
465 | @retval EFI_NOT_READY Library has not been initialized.\r | |
466 | \r | |
467 | **/\r | |
468 | EFI_STATUS\r | |
469 | EFIAPI\r | |
470 | ValidateSetVariable (\r | |
1436aea4 MK |
471 | IN CHAR16 *VariableName,\r |
472 | IN EFI_GUID *VendorGuid,\r | |
473 | IN UINT32 Attributes,\r | |
474 | IN UINTN DataSize,\r | |
475 | IN VOID *Data\r | |
355b181f BB |
476 | )\r |
477 | {\r | |
1436aea4 MK |
478 | BOOLEAN IsDel;\r |
479 | VARIABLE_POLICY_ENTRY *ActivePolicy;\r | |
480 | EFI_STATUS Status;\r | |
481 | EFI_STATUS ReturnStatus;\r | |
482 | VARIABLE_LOCK_ON_VAR_STATE_POLICY *StateVarPolicy;\r | |
483 | CHAR16 *StateVarName;\r | |
484 | UINTN StateVarSize;\r | |
485 | UINT8 StateVar;\r | |
355b181f BB |
486 | \r |
487 | ReturnStatus = EFI_SUCCESS;\r | |
488 | \r | |
1436aea4 | 489 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
490 | ReturnStatus = EFI_NOT_READY;\r |
491 | goto Exit;\r | |
492 | }\r | |
493 | \r | |
494 | // Bail if the protections are currently disabled.\r | |
495 | if (mProtectionDisabled) {\r | |
496 | ReturnStatus = EFI_SUCCESS;\r | |
497 | goto Exit;\r | |
498 | }\r | |
499 | \r | |
500 | // Determine whether this is a delete operation.\r | |
501 | // If so, it will affect which tests are applied.\r | |
502 | if ((DataSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {\r | |
503 | IsDel = TRUE;\r | |
504 | } else {\r | |
505 | IsDel = FALSE;\r | |
506 | }\r | |
507 | \r | |
508 | // Find an active policy if one exists.\r | |
1436aea4 | 509 | ActivePolicy = GetBestPolicyMatch (VariableName, VendorGuid, NULL);\r |
355b181f BB |
510 | \r |
511 | // If we have an active policy, check it against the incoming data.\r | |
512 | if (ActivePolicy != NULL) {\r | |
513 | //\r | |
514 | // Only enforce size and attribute constraints when updating data, not deleting.\r | |
515 | if (!IsDel) {\r | |
516 | // Check for size constraints.\r | |
1436aea4 MK |
517 | if (((ActivePolicy->MinSize > 0) && (DataSize < ActivePolicy->MinSize)) ||\r |
518 | ((ActivePolicy->MaxSize > 0) && (DataSize > ActivePolicy->MaxSize)))\r | |
519 | {\r | |
355b181f | 520 | ReturnStatus = EFI_INVALID_PARAMETER;\r |
1436aea4 MK |
521 | DEBUG ((\r |
522 | DEBUG_VERBOSE,\r | |
523 | "%a - Bad Size. 0x%X <> 0x%X-0x%X\n",\r | |
524 | __FUNCTION__,\r | |
525 | DataSize,\r | |
526 | ActivePolicy->MinSize,\r | |
527 | ActivePolicy->MaxSize\r | |
528 | ));\r | |
355b181f BB |
529 | goto Exit;\r |
530 | }\r | |
531 | \r | |
532 | // Check for attribute constraints.\r | |
1436aea4 MK |
533 | if (((ActivePolicy->AttributesMustHave & Attributes) != ActivePolicy->AttributesMustHave) ||\r |
534 | ((ActivePolicy->AttributesCantHave & Attributes) != 0))\r | |
535 | {\r | |
355b181f | 536 | ReturnStatus = EFI_INVALID_PARAMETER;\r |
1436aea4 MK |
537 | DEBUG ((\r |
538 | DEBUG_VERBOSE,\r | |
539 | "%a - Bad Attributes. 0x%X <> 0x%X:0x%X\n",\r | |
540 | __FUNCTION__,\r | |
541 | Attributes,\r | |
542 | ActivePolicy->AttributesMustHave,\r | |
543 | ActivePolicy->AttributesCantHave\r | |
544 | ));\r | |
355b181f BB |
545 | goto Exit;\r |
546 | }\r | |
547 | }\r | |
548 | \r | |
549 | //\r | |
550 | // Lock policy check.\r | |
551 | //\r | |
552 | // Check for immediate lock.\r | |
553 | if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_NOW) {\r | |
554 | ReturnStatus = EFI_WRITE_PROTECTED;\r | |
555 | goto Exit;\r | |
1436aea4 | 556 | // Check for lock on create.\r |
355b181f BB |
557 | } else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) {\r |
558 | StateVarSize = 0;\r | |
1436aea4 MK |
559 | Status = mGetVariableHelper (\r |
560 | VariableName,\r | |
561 | VendorGuid,\r | |
562 | NULL,\r | |
563 | &StateVarSize,\r | |
564 | NULL\r | |
565 | );\r | |
355b181f BB |
566 | if (Status == EFI_BUFFER_TOO_SMALL) {\r |
567 | ReturnStatus = EFI_WRITE_PROTECTED;\r | |
568 | goto Exit;\r | |
569 | }\r | |
1436aea4 MK |
570 | \r |
571 | // Check for lock on state variable.\r | |
355b181f | 572 | } else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {\r |
1436aea4 MK |
573 | StateVarPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY *)((UINT8 *)ActivePolicy + sizeof (VARIABLE_POLICY_ENTRY));\r |
574 | StateVarName = (CHAR16 *)((UINT8 *)StateVarPolicy + sizeof (VARIABLE_LOCK_ON_VAR_STATE_POLICY));\r | |
575 | StateVarSize = sizeof (StateVar);\r | |
576 | Status = mGetVariableHelper (\r | |
577 | StateVarName,\r | |
578 | &StateVarPolicy->Namespace,\r | |
579 | NULL,\r | |
580 | &StateVarSize,\r | |
581 | &StateVar\r | |
582 | );\r | |
355b181f BB |
583 | \r |
584 | // If the variable was found, check the state. If matched, this variable is locked.\r | |
1436aea4 | 585 | if (!EFI_ERROR (Status)) {\r |
355b181f BB |
586 | if (StateVar == StateVarPolicy->Value) {\r |
587 | ReturnStatus = EFI_WRITE_PROTECTED;\r | |
588 | goto Exit;\r | |
589 | }\r | |
1436aea4 MK |
590 | \r |
591 | // EFI_NOT_FOUND and EFI_BUFFER_TOO_SMALL indicate that the state doesn't match.\r | |
592 | } else if ((Status != EFI_NOT_FOUND) && (Status != EFI_BUFFER_TOO_SMALL)) {\r | |
355b181f BB |
593 | // We don't know what happened, but it isn't good.\r |
594 | ReturnStatus = EFI_ABORTED;\r | |
595 | goto Exit;\r | |
596 | }\r | |
597 | }\r | |
598 | }\r | |
599 | \r | |
600 | Exit:\r | |
1436aea4 | 601 | DEBUG ((DEBUG_VERBOSE, "%a - Variable (%g:%s) returning %r.\n", __FUNCTION__, VendorGuid, VariableName, ReturnStatus));\r |
355b181f BB |
602 | return ReturnStatus;\r |
603 | }\r | |
604 | \r | |
355b181f BB |
605 | /**\r |
606 | This API function disables the variable policy enforcement. If it's\r | |
607 | already been called once, will return EFI_ALREADY_STARTED.\r | |
608 | \r | |
609 | @retval EFI_SUCCESS\r | |
610 | @retval EFI_ALREADY_STARTED Has already been called once this boot.\r | |
611 | @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.\r | |
612 | @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.\r | |
613 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
614 | \r | |
615 | **/\r | |
616 | EFI_STATUS\r | |
617 | EFIAPI\r | |
618 | DisableVariablePolicy (\r | |
619 | VOID\r | |
620 | )\r | |
621 | {\r | |
1436aea4 | 622 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
623 | return EFI_NOT_READY;\r |
624 | }\r | |
1436aea4 | 625 | \r |
355b181f BB |
626 | if (mProtectionDisabled) {\r |
627 | return EFI_ALREADY_STARTED;\r | |
628 | }\r | |
1436aea4 | 629 | \r |
355b181f BB |
630 | if (mInterfaceLocked) {\r |
631 | return EFI_WRITE_PROTECTED;\r | |
632 | }\r | |
1436aea4 | 633 | \r |
355b181f BB |
634 | if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {\r |
635 | return EFI_WRITE_PROTECTED;\r | |
636 | }\r | |
1436aea4 | 637 | \r |
355b181f BB |
638 | mProtectionDisabled = TRUE;\r |
639 | return EFI_SUCCESS;\r | |
640 | }\r | |
641 | \r | |
355b181f BB |
642 | /**\r |
643 | This API function will dump the entire contents of the variable policy table.\r | |
644 | \r | |
645 | Similar to GetVariable, the first call can be made with a 0 size and it will return\r | |
646 | the size of the buffer required to hold the entire table.\r | |
647 | \r | |
648 | @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.\r | |
649 | @param[in,out] Size On input, the size of the output buffer. On output, the size\r | |
650 | of the data returned.\r | |
651 | \r | |
652 | @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.\r | |
653 | @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.\r | |
654 | @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.\r | |
655 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
656 | \r | |
657 | **/\r | |
658 | EFI_STATUS\r | |
659 | EFIAPI\r | |
660 | DumpVariablePolicy (\r | |
1436aea4 MK |
661 | OUT UINT8 *Policy,\r |
662 | IN OUT UINT32 *Size\r | |
355b181f BB |
663 | )\r |
664 | {\r | |
1436aea4 | 665 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
666 | return EFI_NOT_READY;\r |
667 | }\r | |
668 | \r | |
669 | // Check the parameters.\r | |
1436aea4 | 670 | if ((Size == NULL) || ((*Size > 0) && (Policy == NULL))) {\r |
355b181f BB |
671 | return EFI_INVALID_PARAMETER;\r |
672 | }\r | |
673 | \r | |
674 | // Make sure the size is sufficient to hold the policy table.\r | |
675 | if (*Size < mCurrentTableUsage) {\r | |
676 | *Size = mCurrentTableUsage;\r | |
677 | return EFI_BUFFER_TOO_SMALL;\r | |
678 | }\r | |
679 | \r | |
680 | // If we're still here, copy the table and bounce.\r | |
1436aea4 | 681 | CopyMem (Policy, mPolicyTable, mCurrentTableUsage);\r |
355b181f BB |
682 | *Size = mCurrentTableUsage;\r |
683 | \r | |
684 | return EFI_SUCCESS;\r | |
685 | }\r | |
686 | \r | |
355b181f BB |
687 | /**\r |
688 | This API function returns whether or not the policy engine is\r | |
689 | currently being enforced.\r | |
690 | \r | |
691 | @retval TRUE\r | |
692 | @retval FALSE\r | |
693 | @retval FALSE Library has not yet been initialized.\r | |
694 | \r | |
695 | **/\r | |
696 | BOOLEAN\r | |
697 | EFIAPI\r | |
698 | IsVariablePolicyEnabled (\r | |
699 | VOID\r | |
700 | )\r | |
701 | {\r | |
1436aea4 | 702 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
703 | return FALSE;\r |
704 | }\r | |
1436aea4 | 705 | \r |
355b181f BB |
706 | return !mProtectionDisabled;\r |
707 | }\r | |
708 | \r | |
355b181f BB |
709 | /**\r |
710 | This API function locks the interface so that no more policy updates\r | |
711 | can be performed or changes made to the enforcement until the next boot.\r | |
712 | \r | |
713 | @retval EFI_SUCCESS\r | |
714 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
715 | \r | |
716 | **/\r | |
717 | EFI_STATUS\r | |
718 | EFIAPI\r | |
719 | LockVariablePolicy (\r | |
720 | VOID\r | |
721 | )\r | |
722 | {\r | |
1436aea4 | 723 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
724 | return EFI_NOT_READY;\r |
725 | }\r | |
1436aea4 | 726 | \r |
355b181f BB |
727 | if (mInterfaceLocked) {\r |
728 | return EFI_WRITE_PROTECTED;\r | |
729 | }\r | |
1436aea4 | 730 | \r |
355b181f BB |
731 | mInterfaceLocked = TRUE;\r |
732 | return EFI_SUCCESS;\r | |
733 | }\r | |
734 | \r | |
355b181f BB |
735 | /**\r |
736 | This API function returns whether or not the policy interface is locked\r | |
737 | for the remainder of the boot.\r | |
738 | \r | |
739 | @retval TRUE\r | |
740 | @retval FALSE\r | |
741 | @retval FALSE Library has not yet been initialized.\r | |
742 | \r | |
743 | **/\r | |
744 | BOOLEAN\r | |
745 | EFIAPI\r | |
746 | IsVariablePolicyInterfaceLocked (\r | |
747 | VOID\r | |
748 | )\r | |
749 | {\r | |
1436aea4 | 750 | if (!IsVariablePolicyLibInitialized ()) {\r |
355b181f BB |
751 | return FALSE;\r |
752 | }\r | |
1436aea4 | 753 | \r |
355b181f BB |
754 | return mInterfaceLocked;\r |
755 | }\r | |
756 | \r | |
355b181f BB |
757 | /**\r |
758 | This helper function initializes the library and sets\r | |
759 | up any required internal structures or handlers.\r | |
760 | \r | |
761 | Also registers the internal pointer for the GetVariable helper.\r | |
762 | \r | |
763 | @param[in] GetVariableHelper A function pointer matching the EFI_GET_VARIABLE prototype that will be used to\r | |
764 | check policy criteria that involve the existence of other variables.\r | |
765 | \r | |
766 | @retval EFI_SUCCESS\r | |
767 | @retval EFI_ALREADY_STARTED The initialize function has been called more than once without a call to\r | |
768 | deinitialize.\r | |
769 | \r | |
770 | **/\r | |
771 | EFI_STATUS\r | |
772 | EFIAPI\r | |
773 | InitVariablePolicyLib (\r | |
1436aea4 | 774 | IN EFI_GET_VARIABLE GetVariableHelper\r |
355b181f BB |
775 | )\r |
776 | {\r | |
1436aea4 | 777 | EFI_STATUS Status;\r |
355b181f BB |
778 | \r |
779 | Status = EFI_SUCCESS;\r | |
780 | \r | |
781 | if (mGetVariableHelper != NULL) {\r | |
782 | return EFI_ALREADY_STARTED;\r | |
783 | }\r | |
784 | \r | |
1436aea4 MK |
785 | if (!EFI_ERROR (Status)) {\r |
786 | Status = VariablePolicyExtraInit ();\r | |
355b181f BB |
787 | }\r |
788 | \r | |
1436aea4 | 789 | if (!EFI_ERROR (Status)) {\r |
355b181f BB |
790 | // Save an internal pointer to the GetVariableHelper.\r |
791 | mGetVariableHelper = GetVariableHelper;\r | |
792 | \r | |
793 | // Initialize the global state.\r | |
1436aea4 | 794 | mInterfaceLocked = FALSE;\r |
355b181f | 795 | mProtectionDisabled = FALSE;\r |
1436aea4 MK |
796 | mPolicyTable = NULL;\r |
797 | mCurrentTableSize = 0;\r | |
798 | mCurrentTableUsage = 0;\r | |
799 | mCurrentTableCount = 0;\r | |
355b181f BB |
800 | }\r |
801 | \r | |
802 | return Status;\r | |
803 | }\r | |
804 | \r | |
355b181f BB |
805 | /**\r |
806 | This helper function returns whether or not the library is currently initialized.\r | |
807 | \r | |
808 | @retval TRUE\r | |
809 | @retval FALSE\r | |
810 | \r | |
811 | **/\r | |
812 | BOOLEAN\r | |
813 | EFIAPI\r | |
814 | IsVariablePolicyLibInitialized (\r | |
815 | VOID\r | |
816 | )\r | |
817 | {\r | |
818 | return (mGetVariableHelper != NULL);\r | |
819 | }\r | |
820 | \r | |
355b181f BB |
821 | /**\r |
822 | This helper function tears down the library.\r | |
823 | \r | |
824 | Should generally only be used for test harnesses.\r | |
825 | \r | |
826 | @retval EFI_SUCCESS\r | |
827 | @retval EFI_NOT_READY Deinitialize was called without first calling initialize.\r | |
828 | \r | |
829 | **/\r | |
830 | EFI_STATUS\r | |
831 | EFIAPI\r | |
832 | DeinitVariablePolicyLib (\r | |
833 | VOID\r | |
834 | )\r | |
835 | {\r | |
1436aea4 | 836 | EFI_STATUS Status;\r |
355b181f BB |
837 | \r |
838 | Status = EFI_SUCCESS;\r | |
839 | \r | |
840 | if (mGetVariableHelper == NULL) {\r | |
841 | return EFI_NOT_READY;\r | |
842 | }\r | |
843 | \r | |
1436aea4 MK |
844 | if (!EFI_ERROR (Status)) {\r |
845 | Status = VariablePolicyExtraDeinit ();\r | |
355b181f BB |
846 | }\r |
847 | \r | |
1436aea4 MK |
848 | if (!EFI_ERROR (Status)) {\r |
849 | mGetVariableHelper = NULL;\r | |
850 | mInterfaceLocked = FALSE;\r | |
355b181f | 851 | mProtectionDisabled = FALSE;\r |
1436aea4 MK |
852 | mCurrentTableSize = 0;\r |
853 | mCurrentTableUsage = 0;\r | |
854 | mCurrentTableCount = 0;\r | |
355b181f BB |
855 | \r |
856 | if (mPolicyTable != NULL) {\r | |
1436aea4 | 857 | FreePool (mPolicyTable);\r |
355b181f BB |
858 | mPolicyTable = NULL;\r |
859 | }\r | |
860 | }\r | |
861 | \r | |
862 | return Status;\r | |
863 | }\r |