2 Implement all four UEFI Runtime Variable services for the nonvolatile
3 and volatile storage space and install variable architecture protocol
4 based on SMM variable module.
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
11 RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
12 to receive data buffer. The size should be checked carefully.
14 InitCommunicateBuffer() is really function to check the variable data size.
16 Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.<BR>
17 This program and the accompanying materials
18 are licensed and made available under the terms and conditions of the BSD License
19 which accompanies this distribution. The full text of the license may be found at
20 http://opensource.org/licenses/bsd-license.php
22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
23 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
28 #include <Protocol/VariableWrite.h>
29 #include <Protocol/Variable.h>
30 #include <Protocol/SmmCommunication.h>
31 #include <Protocol/SmmVariable.h>
33 #include <Library/UefiBootServicesTableLib.h>
34 #include <Library/UefiRuntimeServicesTableLib.h>
35 #include <Library/MemoryAllocationLib.h>
36 #include <Library/UefiDriverEntryPoint.h>
37 #include <Library/UefiRuntimeLib.h>
38 #include <Library/BaseMemoryLib.h>
39 #include <Library/DebugLib.h>
40 #include <Library/PcdLib.h>
41 #include <Library/UefiLib.h>
42 #include <Library/BaseLib.h>
44 #include <Guid/EventGroup.h>
45 #include <Guid/AuthenticatedVariableFormat.h>
46 #include <Guid/SmmVariableCommon.h>
48 EFI_HANDLE mHandle
= NULL
;
49 EFI_SMM_VARIABLE_PROTOCOL
*mSmmVariable
= NULL
;
50 EFI_EVENT mVirtualAddressChangeEvent
= NULL
;
51 EFI_SMM_COMMUNICATION_PROTOCOL
*mSmmCommunication
= NULL
;
52 UINT8
*mVariableBuffer
= NULL
;
53 UINT8
*mVariableBufferPhysical
= NULL
;
54 UINTN mVariableBufferSize
;
58 Initialize the communicate buffer using DataSize and Function.
60 The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
63 Caution: This function may receive untrusted input.
64 The data size external input, so this function will validate it carefully to avoid buffer overflow.
66 @param[out] DataPtr Points to the data in the communicate buffer.
67 @param[in] DataSize The data size to send to SMM.
68 @param[in] Function The function number to initialize the communicate header.
70 @retval EFI_INVALID_PARAMETER The data size is too big.
71 @retval EFI_SUCCESS Find the specified variable.
75 InitCommunicateBuffer (
76 OUT VOID
**DataPtr OPTIONAL
,
81 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
82 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
85 if (DataSize
+ SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
> mVariableBufferSize
) {
86 return EFI_INVALID_PARAMETER
;
89 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) mVariableBuffer
;
90 CopyGuid (&SmmCommunicateHeader
->HeaderGuid
, &gEfiSmmVariableProtocolGuid
);
91 SmmCommunicateHeader
->MessageLength
= DataSize
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
93 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*) SmmCommunicateHeader
->Data
;
94 SmmVariableFunctionHeader
->Function
= Function
;
95 if (DataPtr
!= NULL
) {
96 *DataPtr
= SmmVariableFunctionHeader
->Data
;
104 Send the data in communicate buffer to SMM.
106 @param[in] DataSize This size of the function header and the data.
108 @retval EFI_SUCCESS Success is returned from the functin in SMM.
109 @retval Others Failure is returned from the function in SMM.
113 SendCommunicateBuffer (
119 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
120 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
122 CommSize
= DataSize
+ SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
123 Status
= mSmmCommunication
->Communicate (mSmmCommunication
, mVariableBufferPhysical
, &CommSize
);
124 ASSERT_EFI_ERROR (Status
);
126 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) mVariableBuffer
;
127 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*)SmmCommunicateHeader
->Data
;
128 return SmmVariableFunctionHeader
->ReturnStatus
;
133 This code finds variable in storage blocks (Volatile or Non-Volatile).
135 Caution: This function may receive untrusted input.
136 The data size is external input, so this function will validate it carefully to avoid buffer overflow.
138 @param[in] VariableName Name of Variable to be found.
139 @param[in] VendorGuid Variable vendor GUID.
140 @param[out] Attributes Attribute value of the variable found.
141 @param[in, out] DataSize Size of Data found. If size is less than the
142 data, this value contains the required size.
143 @param[out] Data Data pointer.
145 @retval EFI_INVALID_PARAMETER Invalid parameter.
146 @retval EFI_SUCCESS Find the specified variable.
147 @retval EFI_NOT_FOUND Not found.
148 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
153 RuntimeServiceGetVariable (
154 IN CHAR16
*VariableName
,
155 IN EFI_GUID
*VendorGuid
,
156 OUT UINT32
*Attributes OPTIONAL
,
157 IN OUT UINTN
*DataSize
,
163 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
165 if (VariableName
== NULL
|| VendorGuid
== NULL
|| DataSize
== NULL
) {
166 return EFI_INVALID_PARAMETER
;
169 if ((*DataSize
!= 0) && (Data
== NULL
)) {
170 return EFI_INVALID_PARAMETER
;
174 // Init the communicate buffer. The buffer data size is:
175 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize + DataSize.
177 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + StrSize (VariableName
) + *DataSize
;
178 Status
= InitCommunicateBuffer ((VOID
**)&SmmVariableHeader
, PayloadSize
, SMM_VARIABLE_FUNCTION_GET_VARIABLE
);
179 if (EFI_ERROR (Status
)) {
182 ASSERT (SmmVariableHeader
!= NULL
);
184 CopyGuid (&SmmVariableHeader
->Guid
, VendorGuid
);
185 SmmVariableHeader
->DataSize
= *DataSize
;
186 SmmVariableHeader
->NameSize
= StrSize (VariableName
);
187 if (Attributes
== NULL
) {
188 SmmVariableHeader
->Attributes
= 0;
190 SmmVariableHeader
->Attributes
= *Attributes
;
192 CopyMem (SmmVariableHeader
->Name
, VariableName
, SmmVariableHeader
->NameSize
);
197 Status
= SendCommunicateBuffer (PayloadSize
);
200 // Get data from SMM.
202 *DataSize
= SmmVariableHeader
->DataSize
;
203 if (Attributes
!= NULL
) {
204 *Attributes
= SmmVariableHeader
->Attributes
;
207 if (EFI_ERROR (Status
)) {
211 CopyMem (Data
, (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
, SmmVariableHeader
->DataSize
);
218 This code Finds the Next available variable.
220 @param[in, out] VariableNameSize Size of the variable name.
221 @param[in, out] VariableName Pointer to variable name.
222 @param[in, out] VendorGuid Variable Vendor Guid.
224 @retval EFI_INVALID_PARAMETER Invalid parameter.
225 @retval EFI_SUCCESS Find the specified variable.
226 @retval EFI_NOT_FOUND Not found.
227 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
232 RuntimeServiceGetNextVariableName (
233 IN OUT UINTN
*VariableNameSize
,
234 IN OUT CHAR16
*VariableName
,
235 IN OUT EFI_GUID
*VendorGuid
240 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*SmmGetNextVariableName
;
242 if (VariableNameSize
== NULL
|| VariableName
== NULL
|| VendorGuid
== NULL
) {
243 return EFI_INVALID_PARAMETER
;
247 // Init the communicate buffer. The buffer data size is:
248 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
250 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
) + *VariableNameSize
;
251 Status
= InitCommunicateBuffer ((VOID
**)&SmmGetNextVariableName
, PayloadSize
, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME
);
252 if (EFI_ERROR (Status
)) {
255 ASSERT (SmmGetNextVariableName
!= NULL
);
257 SmmGetNextVariableName
->NameSize
= *VariableNameSize
;
258 CopyGuid (&SmmGetNextVariableName
->Guid
, VendorGuid
);
259 CopyMem (SmmGetNextVariableName
->Name
, VariableName
, *VariableNameSize
);
264 Status
= SendCommunicateBuffer (PayloadSize
);
267 // Get data from SMM.
269 *VariableNameSize
= SmmGetNextVariableName
->NameSize
;
270 if (EFI_ERROR (Status
)) {
274 CopyGuid (VendorGuid
, &SmmGetNextVariableName
->Guid
);
275 CopyMem (VariableName
, SmmGetNextVariableName
->Name
, SmmGetNextVariableName
->NameSize
);
281 This code sets variable in storage blocks (Volatile or Non-Volatile).
283 Caution: This function may receive untrusted input.
284 The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
286 @param[in] VariableName Name of Variable to be found.
287 @param[in] VendorGuid Variable vendor GUID.
288 @param[in] Attributes Attribute value of the variable found
289 @param[in] DataSize Size of Data found. If size is less than the
290 data, this value contains the required size.
291 @param[in] Data Data pointer.
293 @retval EFI_INVALID_PARAMETER Invalid parameter.
294 @retval EFI_SUCCESS Set successfully.
295 @retval EFI_OUT_OF_RESOURCES Resource not enough to set variable.
296 @retval EFI_NOT_FOUND Not found.
297 @retval EFI_WRITE_PROTECTED Variable is read-only.
302 RuntimeServiceSetVariable (
303 IN CHAR16
*VariableName
,
304 IN EFI_GUID
*VendorGuid
,
305 IN UINT32 Attributes
,
312 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
315 // Check input parameters.
317 if (VariableName
== NULL
|| VariableName
[0] == 0 || VendorGuid
== NULL
) {
318 return EFI_INVALID_PARAMETER
;
321 if (DataSize
!= 0 && Data
== NULL
) {
322 return EFI_INVALID_PARAMETER
;
326 // Init the communicate buffer. The buffer data size is:
327 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
329 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + StrSize (VariableName
) + DataSize
;
330 Status
= InitCommunicateBuffer ((VOID
**)&SmmVariableHeader
, PayloadSize
, SMM_VARIABLE_FUNCTION_SET_VARIABLE
);
331 if (EFI_ERROR (Status
)) {
334 ASSERT (SmmVariableHeader
!= NULL
);
336 CopyGuid ((EFI_GUID
*) &SmmVariableHeader
->Guid
, VendorGuid
);
337 SmmVariableHeader
->DataSize
= DataSize
;
338 SmmVariableHeader
->NameSize
= StrSize (VariableName
);
339 SmmVariableHeader
->Attributes
= Attributes
;
340 CopyMem (SmmVariableHeader
->Name
, VariableName
, SmmVariableHeader
->NameSize
);
341 CopyMem ((UINT8
*) SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
, Data
, DataSize
);
346 Status
= SendCommunicateBuffer (PayloadSize
);
353 This code returns information about the EFI variables.
355 @param[in] Attributes Attributes bitmask to specify the type of variables
356 on which to return information.
357 @param[out] MaximumVariableStorageSize Pointer to the maximum size of the storage space available
358 for the EFI variables associated with the attributes specified.
359 @param[out] RemainingVariableStorageSize Pointer to the remaining size of the storage space available
360 for EFI variables associated with the attributes specified.
361 @param[out] MaximumVariableSize Pointer to the maximum size of an individual EFI variables
362 associated with the attributes specified.
364 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied.
365 @retval EFI_SUCCESS Query successfully.
366 @retval EFI_UNSUPPORTED The attribute is not supported on this platform.
371 RuntimeServiceQueryVariableInfo (
372 IN UINT32 Attributes
,
373 OUT UINT64
*MaximumVariableStorageSize
,
374 OUT UINT64
*RemainingVariableStorageSize
,
375 OUT UINT64
*MaximumVariableSize
380 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*SmmQueryVariableInfo
;
382 if(MaximumVariableStorageSize
== NULL
|| RemainingVariableStorageSize
== NULL
|| MaximumVariableSize
== NULL
|| Attributes
== 0) {
383 return EFI_INVALID_PARAMETER
;
387 // Init the communicate buffer. The buffer data size is:
388 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize;
390 PayloadSize
= sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
);
391 Status
= InitCommunicateBuffer ((VOID
**)&SmmQueryVariableInfo
, PayloadSize
, SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO
);
392 if (EFI_ERROR (Status
)) {
395 ASSERT (SmmQueryVariableInfo
!= NULL
);
397 SmmQueryVariableInfo
->Attributes
= Attributes
;
402 Status
= SendCommunicateBuffer (PayloadSize
);
403 if (EFI_ERROR (Status
)) {
408 // Get data from SMM.
410 *MaximumVariableSize
= SmmQueryVariableInfo
->MaximumVariableSize
;
411 *MaximumVariableStorageSize
= SmmQueryVariableInfo
->MaximumVariableStorageSize
;
412 *RemainingVariableStorageSize
= SmmQueryVariableInfo
->RemainingVariableStorageSize
;
419 Exit Boot Services Event notification handler.
421 Notify SMM variable driver about the event.
423 @param[in] Event Event whose notification function is being invoked.
424 @param[in] Context Pointer to the notification function's context.
435 // Init the communicate buffer. The buffer data size is:
436 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
438 InitCommunicateBuffer (NULL
, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE
);
443 SendCommunicateBuffer (0);
448 On Ready To Boot Services Event notification handler.
450 Notify SMM variable driver about the event.
452 @param[in] Event Event whose notification function is being invoked
453 @param[in] Context Pointer to the notification function's context
464 // Init the communicate buffer. The buffer data size is:
465 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
467 InitCommunicateBuffer (NULL
, 0, SMM_VARIABLE_FUNCTION_READY_TO_BOOT
);
472 SendCommunicateBuffer (0);
477 Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
479 This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
480 It convers pointer to new virtual address.
482 @param[in] Event Event whose notification function is being invoked.
483 @param[in] Context Pointer to the notification function's context.
488 VariableAddressChangeEvent (
493 EfiConvertPointer (0x0, (VOID
**) &mVariableBuffer
);
494 EfiConvertPointer (0x0, (VOID
**) &mSmmCommunication
);
499 Initialize variable service and install Variable Architectural protocol.
501 @param[in] Event Event whose notification function is being invoked.
502 @param[in] Context Pointer to the notification function's context.
514 Status
= gBS
->LocateProtocol (&gEfiSmmVariableProtocolGuid
, NULL
, (VOID
**)&mSmmVariable
);
515 if (EFI_ERROR (Status
)) {
519 Status
= gBS
->LocateProtocol (&gEfiSmmCommunicationProtocolGuid
, NULL
, (VOID
**) &mSmmCommunication
);
520 ASSERT_EFI_ERROR (Status
);
523 // Allocate memory for variable store.
525 mVariableBufferSize
= SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
526 mVariableBufferSize
+= MAX (PcdGet32 (PcdMaxVariableSize
), PcdGet32 (PcdMaxHardwareErrorVariableSize
));
527 mVariableBuffer
= AllocateRuntimePool (mVariableBufferSize
);
528 ASSERT (mVariableBuffer
!= NULL
);
531 // Save the buffer physical address used for SMM conmunication.
533 mVariableBufferPhysical
= mVariableBuffer
;
535 gRT
->GetVariable
= RuntimeServiceGetVariable
;
536 gRT
->GetNextVariableName
= RuntimeServiceGetNextVariableName
;
537 gRT
->SetVariable
= RuntimeServiceSetVariable
;
538 gRT
->QueryVariableInfo
= RuntimeServiceQueryVariableInfo
;
541 // Install the Variable Architectural Protocol on a new handle.
543 Status
= gBS
->InstallProtocolInterface (
545 &gEfiVariableArchProtocolGuid
,
546 EFI_NATIVE_INTERFACE
,
549 ASSERT_EFI_ERROR (Status
);
554 SMM Non-Volatile variable write service is ready notify event handler.
556 @param[in] Event Event whose notification function is being invoked.
557 @param[in] Context Pointer to the notification function's context.
562 SmmVariableWriteReady (
571 // Check whether the protocol is installed or not.
573 Status
= gBS
->LocateProtocol (&gSmmVariableWriteGuid
, NULL
, (VOID
**) &ProtocolOps
);
574 if (EFI_ERROR (Status
)) {
578 Status
= gBS
->InstallProtocolInterface (
580 &gEfiVariableWriteArchProtocolGuid
,
581 EFI_NATIVE_INTERFACE
,
584 ASSERT_EFI_ERROR (Status
);
589 Variable Driver main entry point. The Variable driver places the 4 EFI
590 runtime services in the EFI System Table and installs arch protocols
591 for variable read and write services being available. It also registers
592 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
594 @param[in] ImageHandle The firmware allocated handle for the EFI image.
595 @param[in] SystemTable A pointer to the EFI System Table.
597 @retval EFI_SUCCESS Variable service successfully initialized.
602 VariableSmmRuntimeInitialize (
603 IN EFI_HANDLE ImageHandle
,
604 IN EFI_SYSTEM_TABLE
*SystemTable
607 VOID
*SmmVariableRegistration
;
608 VOID
*SmmVariableWriteRegistration
;
609 EFI_EVENT OnReadyToBootEvent
;
610 EFI_EVENT ExitBootServiceEvent
;
613 // Smm variable service is ready
615 EfiCreateProtocolNotifyEvent (
616 &gEfiSmmVariableProtocolGuid
,
620 &SmmVariableRegistration
624 // Smm Non-Volatile variable write service is ready
626 EfiCreateProtocolNotifyEvent (
627 &gSmmVariableWriteGuid
,
629 SmmVariableWriteReady
,
631 &SmmVariableWriteRegistration
635 // Register the event to reclaim variable for OS usage.
637 EfiCreateEventReadyToBootEx (
645 // Register the event to inform SMM variable that it is at runtime.
652 &gEfiEventExitBootServicesGuid
,
653 &ExitBootServiceEvent
657 // Register the event to convert the pointer for runtime.
662 VariableAddressChangeEvent
,
664 &gEfiEventVirtualAddressChangeGuid
,
665 &mVirtualAddressChangeEvent