2 TCG MOR (Memory Overwrite Request) Lock Control support (SMM version).
4 This module initilizes MemoryOverwriteRequestControlLock variable.
5 This module adds Variable Hook and check MemoryOverwriteRequestControlLock.
7 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
8 This program and the accompanying materials
9 are licensed and made available under the terms and conditions of the BSD License
10 which accompanies this distribution. The full text of the license may be found at
11 http://opensource.org/licenses/bsd-license.php
13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
14 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
19 #include <Guid/MemoryOverwriteControl.h>
20 #include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
21 #include <Library/DebugLib.h>
22 #include <Library/BaseLib.h>
23 #include <Library/BaseMemoryLib.h>
31 VARIABLE_TYPE mMorVariableType
[] = {
32 {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
, &gEfiMemoryOverwriteControlDataGuid
},
33 {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
, &gEfiMemoryOverwriteRequestControlLockGuid
},
36 BOOLEAN mMorPassThru
= FALSE
;
38 #define MOR_LOCK_DATA_UNLOCKED 0x0
39 #define MOR_LOCK_DATA_LOCKED_WITHOUT_KEY 0x1
40 #define MOR_LOCK_DATA_LOCKED_WITH_KEY 0x2
42 #define MOR_LOCK_V1_SIZE 1
43 #define MOR_LOCK_V2_KEY_SIZE 8
46 MorLockStateUnlocked
= 0,
47 MorLockStateLocked
= 1,
50 BOOLEAN mMorLockInitializationRequired
= FALSE
;
51 UINT8 mMorLockKey
[MOR_LOCK_V2_KEY_SIZE
];
52 BOOLEAN mMorLockKeyEmpty
= TRUE
;
53 BOOLEAN mMorLockPassThru
= FALSE
;
54 MOR_LOCK_STATE mMorLockState
= MorLockStateUnlocked
;
57 Returns if this is MOR related variable.
59 @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
60 @param VendorGuid Unify identifier for vendor.
62 @retval TRUE The variable is MOR related.
63 @retval FALSE The variable is NOT MOR related.
67 IN CHAR16
*VariableName
,
68 IN EFI_GUID
*VendorGuid
73 for (Index
= 0; Index
< sizeof(mMorVariableType
)/sizeof(mMorVariableType
[0]); Index
++) {
74 if ((StrCmp (VariableName
, mMorVariableType
[Index
].VariableName
) == 0) &&
75 (CompareGuid (VendorGuid
, mMorVariableType
[Index
].VendorGuid
))) {
83 Returns if this is MOR lock variable.
85 @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
86 @param VendorGuid Unify identifier for vendor.
88 @retval TRUE The variable is MOR lock variable.
89 @retval FALSE The variable is NOT MOR lock variable.
93 IN CHAR16
*VariableName
,
94 IN EFI_GUID
*VendorGuid
97 if ((StrCmp (VariableName
, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
) == 0) &&
98 (CompareGuid (VendorGuid
, &gEfiMemoryOverwriteRequestControlLockGuid
))) {
105 Set MOR lock variable.
107 @param Data MOR Lock variable data.
109 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
110 defined by the Attributes.
111 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
112 DataSize exceeds the maximum allowed.
113 @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
114 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
115 @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
116 @retval EFI_WRITE_PROTECTED The variable in question is read-only.
117 @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
118 @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
119 set but the AuthInfo does NOT pass the validation check carried
121 @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
130 mMorLockPassThru
= TRUE
;
131 Status
= VariableServiceSetVariable (
132 MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
,
133 &gEfiMemoryOverwriteRequestControlLockGuid
,
134 EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
,
138 mMorLockPassThru
= FALSE
;
143 This service is an MorLock checker handler for the SetVariable().
145 @param VariableName the name of the vendor's variable, as a
146 Null-Terminated Unicode String
147 @param VendorGuid Unify identifier for vendor.
148 @param Attributes Point to memory location to return the attributes of variable. If the point
149 is NULL, the parameter would be ignored.
150 @param DataSize The size in bytes of Data-Buffer.
151 @param Data Point to the content of the variable.
153 @retval EFI_SUCCESS The MorLock check pass, and Variable driver can store the variable data.
154 @retval EFI_INVALID_PARAMETER The MorLock data or data size or attributes is not allowed.
155 @retval EFI_ACCESS_DENIED The MorLock is locked.
156 @retval EFI_WRITE_PROTECTED The MorLock deletion is not allowed.
157 @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this function.
158 Variable driver can just return EFI_SUCCESS.
161 SetVariableCheckHandlerMorLock (
162 IN CHAR16
*VariableName
,
163 IN EFI_GUID
*VendorGuid
,
164 IN UINT32 Attributes
,
174 if (Attributes
== 0 || DataSize
== 0 || Data
== NULL
) {
176 // Permit deletion for passthru request, deny it otherwise.
178 return mMorLockPassThru
? EFI_SUCCESS
: EFI_WRITE_PROTECTED
;
181 if ((Attributes
!= (EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
)) ||
182 ((DataSize
!= MOR_LOCK_V1_SIZE
) && (DataSize
!= MOR_LOCK_V2_KEY_SIZE
))) {
183 return EFI_INVALID_PARAMETER
;
187 // Do not check if the request is passthru.
189 if (mMorLockPassThru
) {
193 if (mMorLockState
== MorLockStateUnlocked
) {
197 if (DataSize
== MOR_LOCK_V1_SIZE
) {
199 // V1 - lock permanently
201 if (*(UINT8
*)Data
== MOR_LOCK_DATA_UNLOCKED
) {
205 Status
= SetMorLockVariable (MOR_LOCK_DATA_UNLOCKED
);
206 if (!EFI_ERROR (Status
)) {
208 // return EFI_ALREADY_STARTED to skip variable set.
210 return EFI_ALREADY_STARTED
;
217 } else if (*(UINT8
*)Data
== MOR_LOCK_DATA_LOCKED_WITHOUT_KEY
) {
221 Status
= SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY
);
222 if (!EFI_ERROR (Status
)) {
226 mMorLockState
= MorLockStateLocked
;
228 // return EFI_ALREADY_STARTED to skip variable set.
230 return EFI_ALREADY_STARTED
;
238 return EFI_INVALID_PARAMETER
;
240 } else if (DataSize
== MOR_LOCK_V2_KEY_SIZE
) {
242 // V2 lock and provision the key
246 // Need set here because the data value on flash is different
248 Status
= SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITH_KEY
);
249 if (EFI_ERROR(Status
)) {
251 // SetVar fail, do not provision the key
256 // Lock success, provision the key
258 mMorLockKeyEmpty
= FALSE
;
259 CopyMem (mMorLockKey
, Data
, MOR_LOCK_V2_KEY_SIZE
);
260 mMorLockState
= MorLockStateLocked
;
262 // return EFI_ALREADY_STARTED to skip variable set.
264 return EFI_ALREADY_STARTED
;
268 return EFI_OUT_OF_RESOURCES
;
274 if (mMorLockKeyEmpty
|| (DataSize
!= MOR_LOCK_V2_KEY_SIZE
)) {
275 return EFI_ACCESS_DENIED
;
277 if ((CompareMem (Data
, mMorLockKey
, MOR_LOCK_V2_KEY_SIZE
) == 0)) {
279 // Key match - unlock
283 // Need set here because the data value on flash is different
285 Status
= SetMorLockVariable (MOR_LOCK_DATA_UNLOCKED
);
286 if (EFI_ERROR (Status
)) {
295 mMorLockState
= MorLockStateUnlocked
;
296 mMorLockKeyEmpty
= TRUE
;
297 ZeroMem (mMorLockKey
, sizeof(mMorLockKey
));
299 // return EFI_ALREADY_STARTED to skip variable set.
301 return EFI_ALREADY_STARTED
;
305 // Key mismatch - Prevent Dictionary Attack
307 mMorLockState
= MorLockStateLocked
;
308 mMorLockKeyEmpty
= TRUE
;
309 ZeroMem (mMorLockKey
, sizeof(mMorLockKey
));
310 return EFI_ACCESS_DENIED
;
316 This service is an MOR/MorLock checker handler for the SetVariable().
318 @param[in] VariableName the name of the vendor's variable, as a
319 Null-Terminated Unicode String
320 @param[in] VendorGuid Unify identifier for vendor.
321 @param[in] Attributes Attributes bitmask to set for the variable.
322 @param[in] DataSize The size in bytes of Data-Buffer.
323 @param[in] Data Point to the content of the variable.
325 @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable
326 driver can store the variable data.
327 @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or
328 attributes is not allowed for MOR variable.
329 @retval EFI_ACCESS_DENIED The MOR/MorLock is locked.
330 @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this
331 function. Variable driver can just return
335 SetVariableCheckHandlerMor (
336 IN CHAR16
*VariableName
,
337 IN EFI_GUID
*VendorGuid
,
338 IN UINT32 Attributes
,
344 // do not handle non-MOR variable
346 if (!IsAnyMorVariable (VariableName
, VendorGuid
)) {
353 if (IsMorLockVariable (VariableName
, VendorGuid
)) {
354 return SetVariableCheckHandlerMorLock (
368 // Permit deletion for passthru request.
370 if (((Attributes
== 0) || (DataSize
== 0)) && mMorPassThru
) {
377 if ((Attributes
!= (EFI_VARIABLE_NON_VOLATILE
| EFI_VARIABLE_BOOTSERVICE_ACCESS
| EFI_VARIABLE_RUNTIME_ACCESS
)) ||
378 (DataSize
!= sizeof(UINT8
)) ||
380 return EFI_INVALID_PARAMETER
;
382 if (mMorLockState
== MorLockStateLocked
) {
384 // If lock, deny access
386 return EFI_ACCESS_DENIED
;
395 Initialization for MOR Control Lock.
397 @retval EFI_SUCCESS MorLock initialization success.
398 @return Others Some error occurs.
405 mMorLockInitializationRequired
= TRUE
;
410 Delayed initialization for MOR Control Lock at EndOfDxe.
412 This function performs any operations queued by MorLockInit().
415 MorLockInitAtEndOfDxe (
420 EFI_STATUS MorStatus
;
422 if (!mMorLockInitializationRequired
) {
424 // The EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL has never been installed, thus
425 // the variable write service is unavailable. This should never happen.
432 // Check if the MOR variable exists.
435 MorStatus
= VariableServiceGetVariable (
436 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
437 &gEfiMemoryOverwriteControlDataGuid
,
443 // We provided a zero-sized buffer, so the above call can never succeed.
445 ASSERT (EFI_ERROR (MorStatus
));
447 if (MorStatus
== EFI_BUFFER_TOO_SMALL
) {
449 // The MOR variable exists.
451 // Some OSes don't follow the TCG's Platform Reset Attack Mitigation spec
452 // in that the OS should never create the MOR variable, only read and write
453 // it -- these OSes (unintentionally) create MOR if the platform firmware
454 // does not produce it. Whether this is the case (from the last OS boot)
455 // can be deduced from the absence of the TCG / TCG2 protocols, as edk2's
456 // MOR implementation depends on (one of) those protocols.
458 if (VariableHaveTcgProtocols ()) {
460 // The MOR variable originates from the platform firmware; set the MOR
461 // Control Lock variable to report the locking capability to the OS.
463 SetMorLockVariable (0);
468 // The MOR variable's origin is inexplicable; delete it.
472 "%a: deleting unexpected / unsupported variable %g:%s\n",
474 &gEfiMemoryOverwriteControlDataGuid
,
475 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
479 VariableServiceSetVariable (
480 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
481 &gEfiMemoryOverwriteControlDataGuid
,
486 mMorPassThru
= FALSE
;
490 // The MOR variable is absent; the platform firmware does not support it.
491 // Lock the variable so that no other module may create it.
493 VariableLockRequestToLock (
495 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
496 &gEfiMemoryOverwriteControlDataGuid
500 // Delete the MOR Control Lock variable too (should it exists for some
501 // reason) and prevent other modules from creating it.
503 mMorLockPassThru
= TRUE
;
504 VariableServiceSetVariable (
505 MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
,
506 &gEfiMemoryOverwriteRequestControlLockGuid
,
511 mMorLockPassThru
= FALSE
;
513 VariableLockRequestToLock (
515 MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
,
516 &gEfiMemoryOverwriteRequestControlLockGuid