--- /dev/null
+/** @file\r
+ SmmLockBox guid header file.\r
+\r
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _SMM_LOCK_BOX_GUID_H_\r
+#define _SMM_LOCK_BOX_GUID_H_\r
+\r
+#define EFI_SMM_LOCK_BOX_COMMUNICATION_GUID \\r
+ {0x2a3cfebd, 0x27e8, 0x4d0a, {0x8b, 0x79, 0xd6, 0x88, 0xc2, 0xa3, 0xe1, 0xc0}}\r
+\r
+//\r
+// Below data structure is used for communication between PEI/DXE to SMM.\r
+//\r
+\r
+#define EFI_SMM_LOCK_BOX_COMMAND_SAVE 0x1\r
+#define EFI_SMM_LOCK_BOX_COMMAND_UPDATE 0x2\r
+#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE 0x3\r
+#define EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES 0x4\r
+#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE 0x5\r
+\r
+typedef struct {\r
+ UINT32 Command;\r
+ UINT32 DataLength;\r
+ UINT64 ReturnStatus;\r
+} EFI_SMM_LOCK_BOX_PARAMETER_HEADER;\r
+\r
+typedef struct {\r
+ EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;\r
+ GUID Guid;\r
+ PHYSICAL_ADDRESS Buffer;\r
+ UINT64 Length;\r
+} EFI_SMM_LOCK_BOX_PARAMETER_SAVE;\r
+\r
+typedef struct {\r
+ EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;\r
+ GUID Guid;\r
+ UINT64 Offset;\r
+ PHYSICAL_ADDRESS Buffer;\r
+ UINT64 Length;\r
+} EFI_SMM_LOCK_BOX_PARAMETER_UPDATE;\r
+\r
+typedef struct {\r
+ EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;\r
+ GUID Guid;\r
+ PHYSICAL_ADDRESS Buffer;\r
+ UINT64 Length;\r
+} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE;\r
+\r
+typedef struct {\r
+ EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;\r
+ GUID Guid;\r
+ UINT64 Attributes;\r
+} EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES;\r
+\r
+typedef struct {\r
+ EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;\r
+} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE;\r
+\r
+extern EFI_GUID gEfiSmmLockBoxCommunicationGuid;\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+ This library is only intended to be used by DXE modules that need save\r
+ confidential information to LockBox and get it by PEI modules in S3 phase.\r
+\r
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _LOCK_BOX_LIB_H_\r
+#define _LOCK_BOX_LIB_H_\r
+\r
+/**\r
+ This function will save confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the confidential information\r
+ @param Length the length of the confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0\r
+ @retval RETURN_ALREADY_STARTED the requested GUID already exist.\r
+ @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SaveLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ );\r
+\r
+/**\r
+ This function will set lockbox attributes.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Attributes the attributes of the lockbox\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER attributes is invalid.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SetLockBoxAttributes (\r
+ IN GUID *Guid,\r
+ IN UINT64 Attributes\r
+ );\r
+\r
+//\r
+// With this flag, this LockBox can be restored to this Buffer with RestoreAllLockBoxInPlace()\r
+//\r
+#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0\r
+\r
+/**\r
+ This function will update confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the original confidential information\r
+ @param Offset the offset of the original confidential information\r
+ @param Buffer the address of the updated confidential information\r
+ @param Length the length of the updated confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+UpdateLockBox (\r
+ IN GUID *Guid,\r
+ IN UINTN Offset,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ );\r
+\r
+/**\r
+ This function will restore confidential information from lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the restored confidential information\r
+ NULL means restored to original address, Length MUST be NULL at same time.\r
+ @param Length the length of the restored confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.\r
+ @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no \r
+ LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.\r
+ @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_ACCESS_DENIED not allow to restore to the address\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer, OPTIONAL\r
+ IN OUT UINTN *Length OPTIONAL\r
+ );\r
+\r
+/**\r
+ This function will restore confidential information from all lockbox which have RestoreInPlace attribute.\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreAllLockBoxInPlace (\r
+ VOID\r
+ );\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+ LockBox protocol header file.\r
+ This is used to resolve dependency problem. The LockBox implementation\r
+ install this to broadcast that LockBox API is ready. The driver who will\r
+ use LockBox at its ENTRYPOINT should add this dependency.\r
+\r
+Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _LOCK_BOX_PROTOCOL_H_\r
+#define _LOCK_BOX_PROTOCOL_H_\r
+\r
+///\r
+/// Global ID for the EFI LOCK BOX Protocol.\r
+///\r
+#define EFI_LOCK_BOX_PROTOCOL_GUID \\r
+ { 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }}\r
+\r
+extern EFI_GUID gEfiLockBoxProtocolGuid;\r
+\r
+#endif\r
--- /dev/null
+/** @file\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <Uefi.h>\r
+#include <Library/DebugLib.h>\r
+\r
+/**\r
+ This function will save confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the confidential information\r
+ @param Length the length of the confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0\r
+ @retval RETURN_ALREADY_STARTED the requested GUID already exist.\r
+ @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SaveLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ return RETURN_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will set lockbox attributes.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Attributes the attributes of the lockbox\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER attributes is invalid.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SetLockBoxAttributes (\r
+ IN GUID *Guid,\r
+ IN UINT64 Attributes\r
+ )\r
+{\r
+ return RETURN_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will update confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the original confidential information\r
+ @param Offset the offset of the original confidential information\r
+ @param Buffer the address of the updated confidential information\r
+ @param Length the length of the updated confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+UpdateLockBox (\r
+ IN GUID *Guid,\r
+ IN UINTN Offset,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ return RETURN_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will restore confidential information from lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the restored confidential information\r
+ NULL means restored to original address, Length MUST be NULL at same time.\r
+ @param Length the length of the restored confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.\r
+ @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no \r
+ LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.\r
+ @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_ACCESS_DENIED not allow to restore to the address\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer, OPTIONAL\r
+ IN OUT UINTN *Length OPTIONAL\r
+ )\r
+{\r
+ return RETURN_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will restore confidential information from all lockbox which have RestoreInPlace attribute.\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreAllLockBoxInPlace (\r
+ VOID\r
+ )\r
+{\r
+ return RETURN_SUCCESS;\r
+}\r
--- /dev/null
+## @file\r
+# Component description file for LockBox library.\r
+#\r
+# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+#\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions\r
+# of the BSD License which accompanies this distribution. The\r
+# full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+#\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = LockBoxNullLib\r
+ FILE_GUID = 0BA38EBD-E190-4df7-8EC4-0A6E2B43772D\r
+ MODULE_TYPE = BASE\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = LockBoxLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION DXE_SMM_DRIVER\r
+\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 \r
+#\r
+\r
+[Sources]\r
+ LockBoxNullLib.c\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+\r
+[LibraryClasses]\r
+ BaseLib\r
+\r
--- /dev/null
+/** @file\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiDxe.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/LockBoxLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Protocol/SmmCommunication.h>\r
+#include <Guid/SmmLockBox.h>\r
+\r
+#include "SmmLockBoxLibPrivate.h"\r
+\r
+/**\r
+ This function will save confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the confidential information\r
+ @param Length the length of the confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0\r
+ @retval RETURN_ALREADY_STARTED the requested GUID already exist.\r
+ @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SaveLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;\r
+ EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave;\r
+ EFI_SMM_COMMUNICATE_HEADER *CommHeader;\r
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE)];\r
+ UINTN CommSize;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SaveLockBox - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Get needed resource\r
+ //\r
+ Status = gBS->LocateProtocol (\r
+ &gEfiSmmCommunicationProtocolGuid,\r
+ NULL,\r
+ (VOID **)&SmmCommunication\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return EFI_NOT_STARTED;\r
+ }\r
+\r
+ //\r
+ // Prepare parameter\r
+ //\r
+ CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];\r
+ CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));\r
+ CommHeader->MessageLength = sizeof(*LockBoxParameterSave);\r
+\r
+ LockBoxParameterSave = (EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];\r
+ LockBoxParameterSave->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SAVE;\r
+ LockBoxParameterSave->Header.DataLength = sizeof(*LockBoxParameterSave);\r
+ LockBoxParameterSave->Header.ReturnStatus = (UINT64)-1;\r
+ CopyMem (&LockBoxParameterSave->Guid, Guid, sizeof(*Guid));\r
+ LockBoxParameterSave->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;\r
+ LockBoxParameterSave->Length = (UINT64)Length;\r
+\r
+ //\r
+ // Send command\r
+ //\r
+ CommSize = sizeof(CommBuffer);\r
+ Status = SmmCommunication->Communicate (\r
+ SmmCommunication,\r
+ &CommBuffer[0],\r
+ &CommSize\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = (EFI_STATUS)LockBoxParameterSave->Header.ReturnStatus;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SaveLockBox - Exit (%r)\n", Status));\r
+\r
+ //\r
+ // Done\r
+ //\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function will set lockbox attributes.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Attributes the attributes of the lockbox\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER attributes is invalid.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SetLockBoxAttributes (\r
+ IN GUID *Guid,\r
+ IN UINT64 Attributes\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;\r
+ EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttributes;\r
+ EFI_SMM_COMMUNICATE_HEADER *CommHeader;\r
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)];\r
+ UINTN CommSize;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) ||\r
+ ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Get needed resource\r
+ //\r
+ Status = gBS->LocateProtocol (\r
+ &gEfiSmmCommunicationProtocolGuid,\r
+ NULL,\r
+ (VOID **)&SmmCommunication\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return EFI_NOT_STARTED;\r
+ }\r
+\r
+ //\r
+ // Prepare parameter\r
+ //\r
+ CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];\r
+ CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));\r
+ CommHeader->MessageLength = sizeof(*LockBoxParameterSetAttributes);\r
+\r
+ LockBoxParameterSetAttributes = (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];\r
+ LockBoxParameterSetAttributes->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES;\r
+ LockBoxParameterSetAttributes->Header.DataLength = sizeof(*LockBoxParameterSetAttributes);\r
+ LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)-1;\r
+ CopyMem (&LockBoxParameterSetAttributes->Guid, Guid, sizeof(*Guid));\r
+ LockBoxParameterSetAttributes->Attributes = (UINT64)Attributes;\r
+\r
+ //\r
+ // Send command\r
+ //\r
+ CommSize = sizeof(CommBuffer);\r
+ Status = SmmCommunication->Communicate (\r
+ SmmCommunication,\r
+ &CommBuffer[0],\r
+ &CommSize\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = (EFI_STATUS)LockBoxParameterSetAttributes->Header.ReturnStatus;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Exit (%r)\n", Status));\r
+\r
+ //\r
+ // Done\r
+ //\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function will update confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the original confidential information\r
+ @param Offset the offset of the original confidential information\r
+ @param Buffer the address of the updated confidential information\r
+ @param Length the length of the updated confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+UpdateLockBox (\r
+ IN GUID *Guid,\r
+ IN UINTN Offset,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;\r
+ EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate;\r
+ EFI_SMM_COMMUNICATE_HEADER *CommHeader;\r
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)];\r
+ UINTN CommSize;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib UpdateLockBox - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Get needed resource\r
+ //\r
+ Status = gBS->LocateProtocol (\r
+ &gEfiSmmCommunicationProtocolGuid,\r
+ NULL,\r
+ (VOID **)&SmmCommunication\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return EFI_NOT_STARTED;\r
+ }\r
+\r
+ //\r
+ // Prepare parameter\r
+ //\r
+ CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];\r
+ CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));\r
+ CommHeader->MessageLength = sizeof(*LockBoxParameterUpdate);\r
+\r
+ LockBoxParameterUpdate = (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];\r
+ LockBoxParameterUpdate->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_UPDATE;\r
+ LockBoxParameterUpdate->Header.DataLength = sizeof(*LockBoxParameterUpdate);\r
+ LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)-1;\r
+ CopyMem (&LockBoxParameterUpdate->Guid, Guid, sizeof(*Guid));\r
+ LockBoxParameterUpdate->Offset = (UINT64)Offset;\r
+ LockBoxParameterUpdate->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;\r
+ LockBoxParameterUpdate->Length = (UINT64)Length;\r
+\r
+ //\r
+ // Send command\r
+ //\r
+ CommSize = sizeof(CommBuffer);\r
+ Status = SmmCommunication->Communicate (\r
+ SmmCommunication,\r
+ &CommBuffer[0],\r
+ &CommSize\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = (EFI_STATUS)LockBoxParameterUpdate->Header.ReturnStatus;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib UpdateLockBox - Exit (%r)\n", Status));\r
+\r
+ //\r
+ // Done\r
+ //\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function will restore confidential information from lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the restored confidential information\r
+ NULL means restored to original address, Length MUST be NULL at same time.\r
+ @param Length the length of the restored confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.\r
+ @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no \r
+ LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.\r
+ @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_ACCESS_DENIED not allow to restore to the address\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer, OPTIONAL\r
+ IN OUT UINTN *Length OPTIONAL\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;\r
+ EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore;\r
+ EFI_SMM_COMMUNICATE_HEADER *CommHeader;\r
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)];\r
+ UINTN CommSize;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreLockBox - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) ||\r
+ ((Buffer == NULL) && (Length != NULL)) ||\r
+ ((Buffer != NULL) && (Length == NULL))) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Get needed resource\r
+ //\r
+ Status = gBS->LocateProtocol (\r
+ &gEfiSmmCommunicationProtocolGuid,\r
+ NULL,\r
+ (VOID **)&SmmCommunication\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return EFI_NOT_STARTED;\r
+ }\r
+\r
+ //\r
+ // Prepare parameter\r
+ //\r
+ CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];\r
+ CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));\r
+ CommHeader->MessageLength = sizeof(*LockBoxParameterRestore);\r
+\r
+ LockBoxParameterRestore = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];\r
+ LockBoxParameterRestore->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE;\r
+ LockBoxParameterRestore->Header.DataLength = sizeof(*LockBoxParameterRestore);\r
+ LockBoxParameterRestore->Header.ReturnStatus = (UINT64)-1;\r
+ CopyMem (&LockBoxParameterRestore->Guid, Guid, sizeof(*Guid));\r
+ LockBoxParameterRestore->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;\r
+ if (Length != NULL) {\r
+ LockBoxParameterRestore->Length = (EFI_PHYSICAL_ADDRESS)*Length;\r
+ } else {\r
+ LockBoxParameterRestore->Length = 0;\r
+ }\r
+\r
+ //\r
+ // Send command\r
+ //\r
+ CommSize = sizeof(CommBuffer);\r
+ Status = SmmCommunication->Communicate (\r
+ SmmCommunication,\r
+ &CommBuffer[0],\r
+ &CommSize\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ if (Length != NULL) {\r
+ *Length = (UINTN)LockBoxParameterRestore->Length;\r
+ }\r
+\r
+ Status = (EFI_STATUS)LockBoxParameterRestore->Header.ReturnStatus;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreLockBox - Exit (%r)\n", Status));\r
+\r
+ //\r
+ // Done\r
+ //\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function will restore confidential information from all lockbox which have RestoreInPlace attribute.\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreAllLockBoxInPlace (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;\r
+ EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace;\r
+ EFI_SMM_COMMUNICATE_HEADER *CommHeader;\r
+ UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)];\r
+ UINTN CommSize;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Enter\n"));\r
+\r
+ //\r
+ // Get needed resource\r
+ //\r
+ Status = gBS->LocateProtocol (\r
+ &gEfiSmmCommunicationProtocolGuid,\r
+ NULL,\r
+ (VOID **)&SmmCommunication\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return EFI_NOT_STARTED;\r
+ }\r
+\r
+ //\r
+ // Prepare parameter\r
+ //\r
+ CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];\r
+ CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));\r
+ CommHeader->MessageLength = sizeof(*LockBoxParameterRestoreAllInPlace);\r
+\r
+ LockBoxParameterRestoreAllInPlace = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];\r
+ LockBoxParameterRestoreAllInPlace->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE;\r
+ LockBoxParameterRestoreAllInPlace->Header.DataLength = sizeof(*LockBoxParameterRestoreAllInPlace);\r
+ LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)-1;\r
+\r
+ //\r
+ // Send command\r
+ //\r
+ CommSize = sizeof(CommBuffer);\r
+ Status = SmmCommunication->Communicate (\r
+ SmmCommunication,\r
+ &CommBuffer[0],\r
+ &CommSize\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = (EFI_STATUS)LockBoxParameterRestoreAllInPlace->Header.ReturnStatus;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Exit (%r)\n", Status));\r
+\r
+ //\r
+ // Done\r
+ //\r
+ return Status;\r
+}\r
+\r
--- /dev/null
+## @file\r
+# Component description file for LockBox library.\r
+#\r
+# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+#\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions\r
+# of the BSD License which accompanies this distribution. The\r
+# full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+#\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SmmLockBoxDxeLib\r
+ FILE_GUID = 4A0054B4-3CA8-4e1b-9339-9B58D5FBB7D2\r
+ MODULE_TYPE = DXE_DRIVER\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = LockBoxLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 \r
+#\r
+\r
+[Sources]\r
+ SmmLockBoxDxeLib.c\r
+ SmmLockBoxLibPrivate.h\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+\r
+[LibraryClasses]\r
+ UefiBootServicesTableLib\r
+ UefiRuntimeServicesTableLib\r
+ BaseLib\r
+ BaseMemoryLib\r
+ DebugLib\r
+\r
+[Guids]\r
+ gEfiSmmLockBoxCommunicationGuid ## CONSUMED\r
+\r
+[Protocols]\r
+ gEfiSmmCommunicationProtocolGuid ## CONSUMED\r
--- /dev/null
+/** @file\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#ifndef _SMM_LOCK_BOX_LIB_PRIVATE_H_\r
+#define _SMM_LOCK_BOX_LIB_PRIVATE_H_\r
+\r
+#include <Uefi.h>\r
+\r
+#pragma pack(push, 1)\r
+\r
+//\r
+// Below data structure is used for lockbox registration in SMST\r
+//\r
+\r
+#define SMM_LOCK_BOX_SIGNATURE_32 SIGNATURE_64 ('L','O','C','K','B','_','3','2')\r
+#define SMM_LOCK_BOX_SIGNATURE_64 SIGNATURE_64 ('L','O','C','K','B','_','6','4')\r
+\r
+typedef struct {\r
+ UINT64 Signature;\r
+ EFI_PHYSICAL_ADDRESS LockBoxDataAddress;\r
+} SMM_LOCK_BOX_CONTEXT;\r
+\r
+//\r
+// Below data structure is used for lockbox management\r
+//\r
+\r
+#define SMM_LOCK_BOX_DATA_SIGNATURE SIGNATURE_64 ('L','O','C','K','B','O','X','D')\r
+\r
+typedef struct {\r
+ UINT64 Signature;\r
+ EFI_GUID Guid;\r
+ EFI_PHYSICAL_ADDRESS Buffer;\r
+ UINT64 Length;\r
+ UINT64 Attributes;\r
+ EFI_PHYSICAL_ADDRESS SmramBuffer;\r
+ LIST_ENTRY Link;\r
+} SMM_LOCK_BOX_DATA;\r
+\r
+#pragma pack(pop)\r
+\r
+#endif\r
+\r
--- /dev/null
+/** @file\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiSmm.h>\r
+#include <Library/SmmServicesTableLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/LockBoxLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Guid/SmmLockBox.h>\r
+\r
+#include "SmmLockBoxLibPrivate.h"\r
+\r
+/**\r
+ We need handle this library carefully. Only one library instance will construct the environment.\r
+ Below 2 global variable can only be used in constructor. They should NOT be used in any other library functions.\r
+**/\r
+SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext;\r
+LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue);\r
+\r
+/**\r
+ This function return SmmLockBox context from SMST.\r
+\r
+ @return SmmLockBox context from SMST.\r
+**/\r
+SMM_LOCK_BOX_CONTEXT *\r
+InternalGetSmmLockBoxContext (\r
+ VOID\r
+ )\r
+{\r
+ UINTN Index;\r
+\r
+ //\r
+ // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone\r
+ //\r
+ for (Index = 0; Index < gSmst->NumberOfTableEntries; Index++) {\r
+ if (CompareGuid (&gSmst->SmmConfigurationTable[Index].VendorGuid, &gEfiSmmLockBoxCommunicationGuid)) {\r
+ //\r
+ // Found. That means some other library instance is already run.\r
+ // No need to install again, just return.\r
+ //\r
+ return (SMM_LOCK_BOX_CONTEXT *)gSmst->SmmConfigurationTable[Index].VendorTable;\r
+ }\r
+ }\r
+\r
+ //\r
+ // Not found.\r
+ //\r
+ return NULL;\r
+}\r
+\r
+/**\r
+ Constructor for SmmLockBox library.\r
+ This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later.\r
+\r
+ @param[in] ImageHandle Image handle of this driver.\r
+ @param[in] SystemTable A Pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCEESS \r
+ @return Others Some error occurs.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SmmLockBoxSmmConstructuor (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Enter\n"));\r
+\r
+ //\r
+ // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone\r
+ //\r
+ SmmLockBoxContext = InternalGetSmmLockBoxContext ();\r
+ if (SmmLockBoxContext != NULL) {\r
+ //\r
+ // Find it. That means some other library instance is already run.\r
+ // No need to install again, just return.\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - already installed\n"));\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n"));\r
+ return EFI_SUCCESS;\r
+ }\r
+\r
+ //\r
+ // If no one install this, it means this is first instance. Install it.\r
+ //\r
+ if (sizeof(UINTN) == sizeof(UINT64)) {\r
+ mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_64;\r
+ } else {\r
+ mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_32;\r
+ }\r
+ mSmmLockBoxContext.LockBoxDataAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)&mLockBoxQueue;\r
+\r
+ Status = gSmst->SmmInstallConfigurationTable (\r
+ gSmst,\r
+ &gEfiSmmLockBoxCommunicationGuid,\r
+ &mSmmLockBoxContext,\r
+ sizeof(mSmmLockBoxContext)\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - %x\n", (UINTN)&mSmmLockBoxContext));\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib LockBoxDataAddress - %x\n", (UINTN)&mLockBoxQueue));\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n"));\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ This function return SmmLockBox queue address.\r
+\r
+ @return SmmLockBox queue address.\r
+**/\r
+LIST_ENTRY *\r
+InternalGetLockBoxQueue (\r
+ VOID\r
+ )\r
+{\r
+ SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;\r
+\r
+ SmmLockBoxContext = InternalGetSmmLockBoxContext ();\r
+ ASSERT (SmmLockBoxContext != NULL);\r
+ if (SmmLockBoxContext == NULL) {\r
+ return NULL;\r
+ }\r
+ return (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress;\r
+}\r
+\r
+/**\r
+ This function find LockBox by GUID.\r
+\r
+ @param Guid The guid to indentify the LockBox\r
+\r
+ @return LockBoxData\r
+**/\r
+SMM_LOCK_BOX_DATA *\r
+InternalFindLockBoxByGuid (\r
+ IN EFI_GUID *Guid\r
+ )\r
+{\r
+ LIST_ENTRY *Link;\r
+ SMM_LOCK_BOX_DATA *LockBox;\r
+ LIST_ENTRY *LockBoxQueue;\r
+\r
+ LockBoxQueue = InternalGetLockBoxQueue ();\r
+ ASSERT (LockBoxQueue != NULL);\r
+\r
+ for (Link = LockBoxQueue->ForwardLink;\r
+ Link != LockBoxQueue;\r
+ Link = Link->ForwardLink) {\r
+ LockBox = BASE_CR (\r
+ Link,\r
+ SMM_LOCK_BOX_DATA,\r
+ Link\r
+ );\r
+ if (CompareGuid (&LockBox->Guid, Guid)) {\r
+ return LockBox;\r
+ }\r
+ }\r
+ return NULL;\r
+}\r
+\r
+/**\r
+ This function will save confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the confidential information\r
+ @param Length the length of the confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0\r
+ @retval RETURN_ALREADY_STARTED the requested GUID already exist.\r
+ @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SaveLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ SMM_LOCK_BOX_DATA *LockBox;\r
+ EFI_PHYSICAL_ADDRESS SmramBuffer;\r
+ EFI_STATUS Status;\r
+ LIST_ENTRY *LockBoxQueue;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Find LockBox\r
+ //\r
+ LockBox = InternalFindLockBoxByGuid (Guid);\r
+ if (LockBox != NULL) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_ALREADY_STARTED));\r
+ return EFI_ALREADY_STARTED;\r
+ }\r
+\r
+ //\r
+ // Allocate SMRAM buffer\r
+ //\r
+ Status = gSmst->SmmAllocatePages (\r
+ AllocateAnyPages,\r
+ EfiRuntimeServicesData,\r
+ EFI_SIZE_TO_PAGES (Length),\r
+ &SmramBuffer\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ //\r
+ // Allocate LockBox\r
+ //\r
+ Status = gSmst->SmmAllocatePool (\r
+ EfiRuntimeServicesData,\r
+ sizeof(*LockBox),\r
+ (VOID **)&LockBox\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ gSmst->SmmFreePages (SmramBuffer, EFI_SIZE_TO_PAGES (Length));\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
+ //\r
+ // Save data\r
+ //\r
+ CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)Buffer, Length);\r
+\r
+ //\r
+ // Insert LockBox to queue\r
+ //\r
+ LockBox->Signature = SMM_LOCK_BOX_DATA_SIGNATURE;\r
+ CopyMem (&LockBox->Guid, Guid, sizeof(EFI_GUID));\r
+ LockBox->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;\r
+ LockBox->Length = (UINT64)Length;\r
+ LockBox->SmramBuffer = SmramBuffer;\r
+ \r
+ LockBoxQueue = InternalGetLockBoxQueue ();\r
+ ASSERT (LockBoxQueue != NULL);\r
+ InsertTailList (LockBoxQueue, &LockBox->Link);\r
+\r
+ //\r
+ // Done\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_SUCCESS));\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will set lockbox attributes.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Attributes the attributes of the lockbox\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER attributes is invalid.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+SetLockBoxAttributes (\r
+ IN GUID *Guid,\r
+ IN UINT64 Attributes\r
+ )\r
+{\r
+ SMM_LOCK_BOX_DATA *LockBox;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) ||\r
+ ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER));\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Find LockBox\r
+ //\r
+ LockBox = InternalFindLockBoxByGuid (Guid);\r
+ if (LockBox == NULL) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_NOT_FOUND));\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Update data\r
+ //\r
+ LockBox->Attributes = Attributes;\r
+\r
+ //\r
+ // Done\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_SUCCESS));\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will update confidential information to lockbox.\r
+\r
+ @param Guid the guid to identify the original confidential information\r
+ @param Offset the offset of the original confidential information\r
+ @param Buffer the address of the updated confidential information\r
+ @param Length the length of the updated confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is saved successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.\r
+ @retval RETURN_ACCESS_DENIED it is too late to invoke this interface\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+UpdateLockBox (\r
+ IN GUID *Guid,\r
+ IN UINTN Offset,\r
+ IN VOID *Buffer,\r
+ IN UINTN Length\r
+ )\r
+{\r
+ SMM_LOCK_BOX_DATA *LockBox;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Enter\n"));\r
+\r
+ //\r
+ // Basic check\r
+ //\r
+ if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Find LockBox\r
+ //\r
+ LockBox = InternalFindLockBoxByGuid (Guid);\r
+ if (LockBox == NULL) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_NOT_FOUND));\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Update data\r
+ //\r
+ if (LockBox->Length < Offset + Length) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
+ CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length);\r
+\r
+ //\r
+ // Done\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_SUCCESS));\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will restore confidential information from lockbox.\r
+\r
+ @param Guid the guid to identify the confidential information\r
+ @param Buffer the address of the restored confidential information\r
+ NULL means restored to original address, Length MUST be NULL at same time.\r
+ @param Length the length of the restored confidential information\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.\r
+ @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no \r
+ LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.\r
+ @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.\r
+ @retval RETURN_NOT_FOUND the requested GUID not found.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_ACCESS_DENIED not allow to restore to the address\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreLockBox (\r
+ IN GUID *Guid,\r
+ IN VOID *Buffer, OPTIONAL\r
+ IN OUT UINTN *Length OPTIONAL\r
+ )\r
+{\r
+ SMM_LOCK_BOX_DATA *LockBox;\r
+ VOID *RestoreBuffer;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Enter\n"));\r
+\r
+ //\r
+ // Restore this, Buffer and Length MUST be both NULL or both non-NULL\r
+ //\r
+ if ((Guid == NULL) ||\r
+ ((Buffer == NULL) && (Length != NULL)) ||\r
+ ((Buffer != NULL) && (Length == NULL))) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
+ //\r
+ // Find LockBox\r
+ //\r
+ LockBox = InternalFindLockBoxByGuid (Guid);\r
+ if (LockBox == NULL) {\r
+ //\r
+ // Not found\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_NOT_FOUND));\r
+ return EFI_NOT_FOUND;\r
+ }\r
+\r
+ //\r
+ // Set RestoreBuffer\r
+ //\r
+ if (Buffer != NULL) {\r
+ //\r
+ // restore to new buffer\r
+ //\r
+ RestoreBuffer = Buffer;\r
+ } else {\r
+ //\r
+ // restore to original buffer\r
+ //\r
+ if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) {\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_WRITE_PROTECTED));\r
+ return EFI_WRITE_PROTECTED;\r
+ }\r
+ RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer;\r
+ }\r
+\r
+ //\r
+ // Set RestoreLength\r
+ //\r
+ if (Length != NULL) {\r
+ if (*Length < (UINTN)LockBox->Length) {\r
+ //\r
+ // Input buffer is too small to hold all data.\r
+ //\r
+ *Length = (UINTN)LockBox->Length;\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));\r
+ return EFI_BUFFER_TOO_SMALL;\r
+ }\r
+ *Length = (UINTN)LockBox->Length;\r
+ }\r
+\r
+ //\r
+ // Restore data\r
+ //\r
+ CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);\r
+\r
+ //\r
+ // Done\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_SUCCESS));\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ This function will restore confidential information from all lockbox which have RestoreInPlace attribute.\r
+\r
+ @retval RETURN_SUCCESS the information is restored successfully.\r
+ @retval RETURN_NOT_STARTED it is too early to invoke this interface\r
+ @retval RETURN_UNSUPPORTED the service is not supported by implementaion.\r
+**/\r
+RETURN_STATUS\r
+EFIAPI\r
+RestoreAllLockBoxInPlace (\r
+ VOID\r
+ )\r
+{\r
+ SMM_LOCK_BOX_DATA *LockBox;\r
+ LIST_ENTRY *Link;\r
+ LIST_ENTRY *LockBoxQueue;\r
+\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n"));\r
+\r
+ LockBoxQueue = InternalGetLockBoxQueue ();\r
+ ASSERT (LockBoxQueue != NULL);\r
+\r
+ //\r
+ // Restore all, Buffer and Length MUST be NULL\r
+ //\r
+ for (Link = LockBoxQueue->ForwardLink;\r
+ Link != LockBoxQueue;\r
+ Link = Link->ForwardLink) {\r
+ LockBox = BASE_CR (\r
+ Link,\r
+ SMM_LOCK_BOX_DATA,\r
+ Link\r
+ );\r
+ if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) {\r
+ //\r
+ // Restore data\r
+ //\r
+ CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);\r
+ }\r
+ }\r
+ //\r
+ // Done\r
+ //\r
+ DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Exit (%r)\n", EFI_SUCCESS));\r
+ return EFI_SUCCESS;\r
+}\r
+\r
--- /dev/null
+## @file\r
+# Component description file for LockBox library.\r
+#\r
+# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+#\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions\r
+# of the BSD License which accompanies this distribution. The\r
+# full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+#\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SmmLockBoxSmmLib\r
+ FILE_GUID = E04894D6-290D-4171-A362-0ACFD939F3C8\r
+ MODULE_TYPE = DXE_SMM_DRIVER\r
+ VERSION_STRING = 1.0\r
+ LIBRARY_CLASS = LockBoxLib|DXE_SMM_DRIVER\r
+ CONSTRUCTOR = SmmLockBoxSmmConstructuor\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 \r
+#\r
+\r
+[Sources]\r
+ SmmLockBoxSmmLib.c\r
+ SmmLockBoxLibPrivate.h\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+\r
+[LibraryClasses]\r
+ SmmServicesTableLib\r
+ BaseLib\r
+ DebugLib\r
+\r
+[Guids]\r
+ gEfiSmmLockBoxCommunicationGuid ## COMSUMED\r
## Include/Guid/RecoveryDevice.h\r
gRecoveryOnDataCdGuid = { 0x5CAC0099, 0x0DC9, 0x48E5, { 0x80, 0x68, 0xBB, 0x95, 0xF5, 0x40, 0x0A, 0x9F }}\r
\r
+ ## Include/Guid/SmmLockBox.h\r
+ gEfiSmmLockBoxCommunicationGuid = { 0x2a3cfebd, 0x27e8, 0x4d0a, { 0x8b, 0x79, 0xd6, 0x88, 0xc2, 0xa3, 0xe1, 0xc0 }}\r
+\r
[Ppis]\r
## Include/Ppi/AtaController.h\r
gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a, 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}\r
## This protocol allows the error level mask for DEBUG() macros to be adjusted for DXE Phase modules\r
# Include/Guid/DebugMask.h \r
gEfiDebugMaskProtocolGuid = { 0x4c8a2451, 0xc207, 0x405b, {0x96, 0x94, 0x99, 0xea, 0x13, 0x25, 0x13, 0x41} }\r
+\r
+ ## Include/Protocol/LockBox.h\r
+ gEfiLockBoxProtocolGuid = { 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }}\r
+\r
[PcdsFeatureFlag]\r
## Indicate whether platform can support update capsule across a system reset\r
gEfiMdeModulePkgTokenSpaceGuid.PcdSupportUpdateCapsuleReset|FALSE|BOOLEAN|0x0001001d\r
\r
[LibraryClasses.common.DXE_DRIVER]\r
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf\r
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf\r
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf\r
\r
[LibraryClasses.common.DXE_RUNTIME_DRIVER]\r
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf\r
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf\r
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf\r
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf\r
\r
[LibraryClasses.common.SMM_CORE]\r
MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf\r
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf\r
MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf\r
SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf\r
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf\r
\r
[LibraryClasses.common.UEFI_DRIVER]\r
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf\r
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf\r
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf\r
+ LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf\r
\r
[LibraryClasses.common.UEFI_APPLICATION]\r
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf\r
MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf\r
MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf\r
MdeModulePkg/Library/DxeDebugPrintErrorLevelLib/DxeDebugPrintErrorLevelLib.inf\r
+ MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf\r
+ MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf\r
\r
MdeModulePkg/Universal/CapsulePei/CapsulePei.inf\r
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf\r
MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf\r
MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf\r
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf\r
+ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf\r
MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.inf\r
MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf\r
MdeModulePkg/Library/DxeSmmPerformanceLib/DxeSmmPerformanceLib.inf\r
--- /dev/null
+/** @file\r
+\r
+Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions\r
+of the BSD License which accompanies this distribution. The\r
+full text of the license may be found at\r
+http://opensource.org/licenses/bsd-license.php\r
+\r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+\r
+**/\r
+\r
+#include <PiSmm.h>\r
+#include <Library/UefiDriverEntryPoint.h>\r
+#include <Library/UefiBootServicesTableLib.h>\r
+#include <Library/UefiRuntimeServicesTableLib.h>\r
+#include <Library/SmmServicesTableLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/LockBoxLib.h>\r
+#include <Protocol/SmmReadyToLock.h>\r
+#include <Protocol/SmmCommunication.h>\r
+#include <Protocol/SmmAccess2.h>\r
+#include <Protocol/LockBox.h>\r
+#include <Guid/SmmLockBox.h>\r
+\r
+BOOLEAN mLocked = FALSE;\r
+\r
+EFI_SMRAM_DESCRIPTOR *mSmramRanges;\r
+UINTN mSmramRangeCount;\r
+\r
+/**\r
+ This function check if the address is in SMRAM.\r
+\r
+ @param Buffer the buffer address to be checked.\r
+ @param Length the buffer length to be checked.\r
+\r
+ @retval TRUE this address is in SMRAM.\r
+ @retval FALSE this address is NOT in SMRAM.\r
+**/\r
+BOOLEAN\r
+IsAddressInSmram (\r
+ IN EFI_PHYSICAL_ADDRESS Buffer,\r
+ IN UINT64 Length\r
+ )\r
+{\r
+ UINTN Index;\r
+\r
+ for (Index = 0; Index < mSmramRangeCount; Index ++) {\r
+ if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||\r
+ ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {\r
+ return TRUE;\r
+ }\r
+ }\r
+\r
+ return FALSE;\r
+}\r
+\r
+/**\r
+ Dispatch function for SMM lock box save.\r
+\r
+ @param LockBoxParameterSave parameter of lock box save \r
+**/\r
+VOID\r
+SmmLockBoxSave (\r
+ IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ //\r
+ // Sanity check\r
+ //\r
+ if (mLocked) {\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));\r
+ LockBoxParameterSave->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
+ return ;\r
+ }\r
+\r
+ //\r
+ // Save data\r
+ //\r
+ Status = SaveLockBox (\r
+ &LockBoxParameterSave->Guid,\r
+ (VOID *)(UINTN)LockBoxParameterSave->Buffer,\r
+ (UINTN)LockBoxParameterSave->Length\r
+ );\r
+ LockBoxParameterSave->Header.ReturnStatus = (UINT64)Status;\r
+ return ;\r
+}\r
+\r
+/**\r
+ Dispatch function for SMM lock box set attributes.\r
+\r
+ @param LockBoxParameterSetAttributes parameter of lock box set attributes\r
+**/\r
+VOID\r
+SmmLockBoxSetAttributes (\r
+ IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttributes\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ //\r
+ // Sanity check\r
+ //\r
+ if (mLocked) {\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));\r
+ LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
+ return ;\r
+ }\r
+\r
+ //\r
+ // Update data\r
+ //\r
+ Status = SetLockBoxAttributes (\r
+ &LockBoxParameterSetAttributes->Guid,\r
+ LockBoxParameterSetAttributes->Attributes\r
+ );\r
+ LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)Status;\r
+ return ;\r
+}\r
+\r
+/**\r
+ Dispatch function for SMM lock box update.\r
+\r
+ @param LockBoxParameterUpdate parameter of lock box update \r
+**/\r
+VOID\r
+SmmLockBoxUpdate (\r
+ IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ //\r
+ // Sanity check\r
+ //\r
+ if (mLocked) {\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));\r
+ LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
+ return ;\r
+ }\r
+\r
+ //\r
+ // Update data\r
+ //\r
+ Status = UpdateLockBox (\r
+ &LockBoxParameterUpdate->Guid,\r
+ (UINTN)LockBoxParameterUpdate->Offset,\r
+ (VOID *)(UINTN)LockBoxParameterUpdate->Buffer,\r
+ (UINTN)LockBoxParameterUpdate->Length\r
+ );\r
+ LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)Status;\r
+ return ;\r
+}\r
+\r
+/**\r
+ Dispatch function for SMM lock box restore.\r
+\r
+ @param LockBoxParameterRestore parameter of lock box restore \r
+**/\r
+VOID\r
+SmmLockBoxRestore (\r
+ IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ //\r
+ // Sanity check\r
+ //\r
+ if (IsAddressInSmram (LockBoxParameterRestore->Buffer, LockBoxParameterRestore->Length)) {\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox Restore address in SMRAM!\n"));\r
+ LockBoxParameterRestore->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;\r
+ return ;\r
+ }\r
+\r
+ //\r
+ // Restore data\r
+ //\r
+ Status = RestoreLockBox (\r
+ &LockBoxParameterRestore->Guid,\r
+ (VOID *)(UINTN)LockBoxParameterRestore->Buffer,\r
+ (UINTN *)&LockBoxParameterRestore->Length\r
+ );\r
+ LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status;\r
+ return ;\r
+}\r
+\r
+/**\r
+ Dispatch function for SMM lock box restore all in place.\r
+\r
+ @param LockBoxParameterRestoreAllInPlace parameter of lock box restore all in place\r
+**/\r
+VOID\r
+SmmLockBoxRestoreAllInPlace (\r
+ IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+\r
+ Status = RestoreAllLockBoxInPlace ();\r
+ LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)Status;\r
+ return ;\r
+}\r
+\r
+/**\r
+ Dispatch function for a Software SMI handler.\r
+\r
+ @param DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
+ @param Context Points to an optional handler context which was specified when the\r
+ handler was registered.\r
+ @param CommBuffer A pointer to a collection of data in memory that will\r
+ be conveyed from a non-SMM environment into an SMM environment.\r
+ @param CommBufferSize The size of the CommBuffer.\r
+\r
+ @retval EFI_SUCCESS Command is handled successfully.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SmmLockBoxHandler (\r
+ IN EFI_HANDLE DispatchHandle,\r
+ IN CONST VOID *Context OPTIONAL,\r
+ IN OUT VOID *CommBuffer OPTIONAL,\r
+ IN OUT UINTN *CommBufferSize OPTIONAL\r
+ )\r
+{\r
+ EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader;\r
+\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Enter\n"));\r
+\r
+ LockBoxParameterHeader = (EFI_SMM_LOCK_BOX_PARAMETER_HEADER *)((UINTN)CommBuffer);\r
+\r
+ LockBoxParameterHeader->ReturnStatus = (UINT64)-1;\r
+\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox LockBoxParameterHeader - %x\n", (UINTN)LockBoxParameterHeader));\r
+\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox Command - %x\n", (UINTN)LockBoxParameterHeader->Command));\r
+\r
+ switch (LockBoxParameterHeader->Command) {\r
+ case EFI_SMM_LOCK_BOX_COMMAND_SAVE:\r
+ SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)(UINTN)LockBoxParameterHeader);\r
+ break;\r
+ case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:\r
+ SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)LockBoxParameterHeader);\r
+ break;\r
+ case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:\r
+ SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)(UINTN)LockBoxParameterHeader);\r
+ break;\r
+ case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:\r
+ SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)(UINTN)LockBoxParameterHeader);\r
+ break;\r
+ case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:\r
+ SmmLockBoxRestoreAllInPlace ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)(UINTN)LockBoxParameterHeader);\r
+ break;\r
+ default:\r
+ break;\r
+ }\r
+\r
+ LockBoxParameterHeader->Command = (UINT32)-1;\r
+\r
+ DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Exit\n"));\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Smm Ready To Lock event notification handler.\r
+\r
+ It sets a flag indicating that SMRAM has been locked.\r
+ \r
+ @param[in] Protocol Points to the protocol's unique identifier.\r
+ @param[in] Interface Points to the interface instance.\r
+ @param[in] Handle The handle on which the interface was installed.\r
+\r
+ @retval EFI_SUCCESS Notification handler runs successfully.\r
+ **/\r
+EFI_STATUS\r
+EFIAPI\r
+SmmReadyToLockEventNotify (\r
+ IN CONST EFI_GUID *Protocol,\r
+ IN VOID *Interface,\r
+ IN EFI_HANDLE Handle\r
+ )\r
+{\r
+ mLocked = TRUE;\r
+ return EFI_SUCCESS;\r
+}\r
+\r
+/**\r
+ Entry Point for LockBox SMM driver.\r
+\r
+ @param[in] ImageHandle Image handle of this driver.\r
+ @param[in] SystemTable A Pointer to the EFI System Table.\r
+\r
+ @retval EFI_SUCEESS \r
+ @return Others Some error occurs.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+SmmLockBoxEntryPoint (\r
+ IN EFI_HANDLE ImageHandle,\r
+ IN EFI_SYSTEM_TABLE *SystemTable\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_HANDLE DispatchHandle;\r
+ VOID *Registration;\r
+ EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r
+ UINTN Size;\r
+\r
+ //\r
+ // Get SMRAM information\r
+ //\r
+ Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Size = 0;\r
+ Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);\r
+ ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r
+\r
+ Status = gSmst->SmmAllocatePool (\r
+ EfiRuntimeServicesData,\r
+ Size,\r
+ (VOID **)&mSmramRanges\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r
+\r
+ //\r
+ // Register LockBox communication handler\r
+ //\r
+ Status = gSmst->SmiHandlerRegister (\r
+ SmmLockBoxHandler,\r
+ &gEfiSmmLockBoxCommunicationGuid,\r
+ &DispatchHandle\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ //\r
+ // Register SMM Ready To Lock Protocol notification\r
+ //\r
+ Status = gSmst->SmmRegisterProtocolNotify (\r
+ &gEfiSmmReadyToLockProtocolGuid,\r
+ SmmReadyToLockEventNotify,\r
+ &Registration\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ //\r
+ // Install NULL to DXE data base as notify\r
+ //\r
+ ImageHandle = NULL;\r
+ Status = gBS->InstallProtocolInterface (\r
+ &ImageHandle,\r
+ &gEfiLockBoxProtocolGuid,\r
+ EFI_NATIVE_INTERFACE,\r
+ NULL\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ return Status;\r
+}\r
--- /dev/null
+## @file\r
+# Component description file for LockBox SMM driver.\r
+#\r
+# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+#\r
+# This program and the accompanying materials\r
+# are licensed and made available under the terms and conditions\r
+# of the BSD License which accompanies this distribution. The\r
+# full text of the license may be found at\r
+# http://opensource.org/licenses/bsd-license.php\r
+#\r
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+#\r
+##\r
+\r
+[Defines]\r
+ INF_VERSION = 0x00010005\r
+ BASE_NAME = SmmLockBox\r
+ FILE_GUID = 33FB3535-F15E-4c17-B303-5EB94595ECB6\r
+ MODULE_TYPE = DXE_SMM_DRIVER\r
+ VERSION_STRING = 1.0\r
+ PI_SPECIFICATION_VERSION = 0x0001000A\r
+ ENTRY_POINT = SmmLockBoxEntryPoint\r
+\r
+#\r
+# The following information is for reference only and not required by the build tools.\r
+#\r
+# VALID_ARCHITECTURES = IA32 X64 \r
+#\r
+\r
+[Sources]\r
+ SmmLockBox.c\r
+\r
+[Packages]\r
+ MdePkg/MdePkg.dec\r
+ MdeModulePkg/MdeModulePkg.dec\r
+\r
+[LibraryClasses]\r
+ UefiDriverEntryPoint\r
+ UefiBootServicesTableLib\r
+ UefiRuntimeServicesTableLib\r
+ SmmServicesTableLib\r
+ BaseLib\r
+ BaseMemoryLib\r
+ DebugLib\r
+ LockBoxLib\r
+\r
+[Guids]\r
+ gEfiSmmLockBoxCommunicationGuid ## PRODUCED\r
+\r
+[Protocols]\r
+ gEfiSmmReadyToLockProtocolGuid ## CONSUMED\r
+ gEfiSmmAccess2ProtocolGuid ## CONSUMED\r
+ gEfiLockBoxProtocolGuid ## PRODUCED\r
+\r
+[Depex]\r
+ gEfiSmmSwDispatch2ProtocolGuid\r
+\r