]>
Commit | Line | Data |
---|---|---|
a0994dbe JY |
1 | /** @file\r |
2 | TCG MOR (Memory Overwrite Request) Lock Control support (DXE version).\r | |
3 | \r | |
4 | This module clears MemoryOverwriteRequestControlLock variable to indicate\r | |
5 | MOR lock control unsupported.\r | |
6 | \r | |
7 | Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>\r | |
8 | This program and the accompanying materials\r | |
9 | are licensed and made available under the terms and conditions of the BSD License\r | |
10 | which accompanies this distribution. The full text of the license may be found at\r | |
11 | http://opensource.org/licenses/bsd-license.php\r | |
12 | \r | |
13 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
14 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
15 | \r | |
16 | **/\r | |
17 | \r | |
18 | #include <PiDxe.h>\r | |
19 | #include <Guid/MemoryOverwriteControl.h>\r | |
20 | #include <IndustryStandard/MemoryOverwriteRequestControlLock.h>\r | |
21 | #include <Library/DebugLib.h>\r | |
22 | #include <Library/BaseLib.h>\r | |
23 | #include <Library/BaseMemoryLib.h>\r | |
24 | #include "Variable.h"\r | |
25 | \r | |
26 | extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;\r | |
27 | \r | |
28 | /**\r | |
29 | This service is an MOR/MorLock checker handler for the SetVariable().\r | |
30 | \r | |
03877377 LE |
31 | @param[in] VariableName the name of the vendor's variable, as a\r |
32 | Null-Terminated Unicode String\r | |
33 | @param[in] VendorGuid Unify identifier for vendor.\r | |
34 | @param[in] Attributes Attributes bitmask to set for the variable.\r | |
35 | @param[in] DataSize The size in bytes of Data-Buffer.\r | |
36 | @param[in] Data Point to the content of the variable.\r | |
a0994dbe | 37 | \r |
03877377 LE |
38 | @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable\r |
39 | driver can store the variable data.\r | |
40 | @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or\r | |
41 | attributes is not allowed for MOR variable.\r | |
a0994dbe | 42 | @retval EFI_ACCESS_DENIED The MOR/MorLock is locked.\r |
03877377 LE |
43 | @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this\r |
44 | function. Variable driver can just return\r | |
45 | EFI_SUCCESS.\r | |
a0994dbe JY |
46 | **/\r |
47 | EFI_STATUS\r | |
48 | SetVariableCheckHandlerMor (\r | |
49 | IN CHAR16 *VariableName,\r | |
50 | IN EFI_GUID *VendorGuid,\r | |
51 | IN UINT32 Attributes,\r | |
52 | IN UINTN DataSize,\r | |
53 | IN VOID *Data\r | |
54 | )\r | |
55 | {\r | |
56 | //\r | |
57 | // Just let it pass. No need provide protection for DXE version.\r | |
58 | //\r | |
59 | return EFI_SUCCESS;\r | |
60 | }\r | |
61 | \r | |
62 | /**\r | |
03877377 | 63 | Initialization for MOR Control Lock.\r |
a0994dbe | 64 | \r |
03877377 | 65 | @retval EFI_SUCCESS MorLock initialization success.\r |
a0994dbe JY |
66 | @return Others Some error occurs.\r |
67 | **/\r | |
68 | EFI_STATUS\r | |
69 | MorLockInit (\r | |
70 | VOID\r | |
71 | )\r | |
72 | {\r | |
73 | //\r | |
74 | // Always clear variable to report unsupported to OS.\r | |
75 | // The reason is that the DXE version is not proper to provide *protection*.\r | |
76 | // BIOS should use SMM version variable driver to provide such capability.\r | |
77 | //\r | |
78 | VariableServiceSetVariable (\r | |
79 | MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r | |
80 | &gEfiMemoryOverwriteRequestControlLockGuid,\r | |
704b71d7 LE |
81 | 0, // Attributes\r |
82 | 0, // DataSize\r | |
83 | NULL // Data\r | |
a0994dbe JY |
84 | );\r |
85 | \r | |
86 | //\r | |
87 | // Need set this variable to be read-only to prevent other module set it.\r | |
88 | //\r | |
89 | VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid);\r | |
704b71d7 LE |
90 | \r |
91 | //\r | |
92 | // The MOR variable can effectively improve platform security only when the\r | |
93 | // MorLock variable protects the MOR variable. In turn MorLock cannot be made\r | |
94 | // secure without SMM support in the platform firmware (see above).\r | |
95 | //\r | |
96 | // Thus, delete the MOR variable, should it exist for any reason (some OSes\r | |
97 | // are known to create MOR unintentionally, in an attempt to set it), then\r | |
98 | // also lock the MOR variable, in order to prevent other modules from\r | |
99 | // creating it.\r | |
100 | //\r | |
101 | VariableServiceSetVariable (\r | |
102 | MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,\r | |
103 | &gEfiMemoryOverwriteControlDataGuid,\r | |
104 | 0, // Attributes\r | |
105 | 0, // DataSize\r | |
106 | NULL // Data\r | |
107 | );\r | |
108 | VariableLockRequestToLock (\r | |
109 | &mVariableLock,\r | |
110 | MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,\r | |
111 | &gEfiMemoryOverwriteControlDataGuid\r | |
112 | );\r | |
113 | \r | |
a0994dbe JY |
114 | return EFI_SUCCESS;\r |
115 | }\r | |
f1304280 LE |
116 | \r |
117 | /**\r | |
118 | Delayed initialization for MOR Control Lock at EndOfDxe.\r | |
119 | \r | |
120 | This function performs any operations queued by MorLockInit().\r | |
121 | **/\r | |
122 | VOID\r | |
123 | MorLockInitAtEndOfDxe (\r | |
124 | VOID\r | |
125 | )\r | |
126 | {\r | |
127 | //\r | |
128 | // Do nothing.\r | |
129 | //\r | |
130 | }\r |