[mirror_edk2.git] / SecurityPkg / Tcg / MemoryOverwriteRequestControlLock / TcgMorLock.c

/** @file\r
  TCG MOR (Memory Overwrite Request) Lock Control Driver.\r
\r
  This driver initializes MemoryOverwriteRequestControlLock variable.\r
  This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.\r
\r
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiDxe.h>\r
#include <Guid/MemoryOverwriteControl.h>\r
#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include "TcgMorLock.h"\r
\r
typedef struct {\r
  CHAR16      *VariableName;\r
  EFI_GUID    *VendorGuid;\r
} VARIABLE_TYPE;\r
\r
VARIABLE_TYPE  mMorVariableType[] = {\r
  { MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,     &gEfiMemoryOverwriteControlDataGuid        },\r
  { MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid },\r
};\r
\r
/**\r
  Returns if this is MOR related variable.\r
\r
  @param  VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String\r
  @param  VendorGuid   Unify identifier for vendor.\r
\r
  @retval  TRUE            The variable is MOR related.\r
  @retval  FALSE           The variable is NOT MOR related.\r
**/\r
BOOLEAN\r
IsAnyMorVariable (\r
  IN CHAR16    *VariableName,\r
  IN EFI_GUID  *VendorGuid\r
  )\r
{\r
  UINTN  Index;\r
\r
  for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) {\r
    if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&\r
        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))\r
    {\r
      return TRUE;\r
    }\r
  }\r
\r
  return FALSE;\r
}\r
\r
/**\r
  Returns if this is MOR lock variable.\r
\r
  @param  VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String\r
  @param  VendorGuid   Unify identifier for vendor.\r
\r
  @retval  TRUE            The variable is MOR lock variable.\r
  @retval  FALSE           The variable is NOT MOR lock variable.\r
**/\r
BOOLEAN\r
IsMorLockVariable (\r
  IN CHAR16    *VariableName,\r
  IN EFI_GUID  *VendorGuid\r
  )\r
{\r
  if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&\r
      (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid)))\r
  {\r
    return TRUE;\r
  }\r
\r
  return FALSE;\r
}\r
\r
/**\r
  This service is a checker handler for the UEFI Runtime Service SetVariable()\r
\r
  @param  VariableName the name of the vendor's variable, as a\r
                       Null-Terminated Unicode String\r
  @param  VendorGuid   Unify identifier for vendor.\r
  @param  Attributes   Point to memory location to return the attributes of variable. If the point\r
                       is NULL, the parameter would be ignored.\r
  @param  DataSize     The size in bytes of Data-Buffer.\r
  @param  Data         Point to the content of the variable.\r
\r
  @retval  EFI_SUCCESS            The firmware has successfully stored the variable and its data as\r
                                  defined by the Attributes.\r
  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was supplied, or the\r
                                  DataSize exceeds the maximum allowed.\r
  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.\r
  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the variable and its data.\r
  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.\r
  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.\r
  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.\r
  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
                                  set but the AuthInfo does NOT pass the validation check carried\r
                                  out by the firmware.\r
  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
SetVariableCheckHandlerMor (\r
  IN CHAR16    *VariableName,\r
  IN EFI_GUID  *VendorGuid,\r
  IN UINT32    Attributes,\r
  IN UINTN     DataSize,\r
  IN VOID      *Data\r
  )\r
{\r
  UINTN       MorLockDataSize;\r
  BOOLEAN     MorLock;\r
  EFI_STATUS  Status;\r
\r
  //\r
  // do not handle non-MOR variable\r
  //\r
  if (!IsAnyMorVariable (VariableName, VendorGuid)) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  MorLockDataSize = sizeof (MorLock);\r
  Status          = InternalGetVariable (\r
                      MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r
                      &gEfiMemoryOverwriteRequestControlLockGuid,\r
                      NULL,\r
                      &MorLockDataSize,\r
                      &MorLock\r
                      );\r
  if (!EFI_ERROR (Status) && MorLock) {\r
    //\r
    // If lock, deny access\r
    //\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  //\r
  // Delete not OK\r
  //\r
  if ((DataSize != sizeof (UINT8)) || (Data == NULL) || (Attributes == 0)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  //\r
  // check format\r
  //\r
  if (IsMorLockVariable (VariableName, VendorGuid)) {\r
    //\r
    // set to any other value not OK\r
    //\r
    if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {\r
      return EFI_INVALID_PARAMETER;\r
    }\r
  }\r
\r
  //\r
  // Or grant access\r
  //\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Entry Point for MOR Lock Control driver.\r
\r
  @param[in] ImageHandle  Image handle of this driver.\r
  @param[in] SystemTable  A Pointer to the EFI System Table.\r
\r
  @retval EFI_SUCCESS\r
  @return Others          Some error occurs.\r
**/\r
EFI_STATUS\r
EFIAPI\r
MorLockDriverInit (\r
  VOID\r
  )\r
{\r
  EFI_STATUS  Status;\r
  UINT8       Data;\r
\r
  Data   = 0;\r
  Status = InternalSetVariable (\r
             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r
             &gEfiMemoryOverwriteRequestControlLockGuid,\r
             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r
             1,\r
             &Data\r
             );\r
  return Status;\r
}\r
Commit	Line	Data
70c7664c JY	1	/** @file\r
	2	TCG MOR (Memory Overwrite Request) Lock Control Driver.\r
	3	\r
d6b926e7	4	This driver initializes MemoryOverwriteRequestControlLock variable.\r
70c7664c JY	5	This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.\r
70c7664c JY	6	\r
b3548d32	7	Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b	8	SPDX-License-Identifier: BSD-2-Clause-Patent\r
70c7664c JY	9	\r
	10	**/\r
	11	\r
	12	#include <PiDxe.h>\r
	13	#include <Guid/MemoryOverwriteControl.h>\r
	14	#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>\r
	15	#include <Library/DebugLib.h>\r
	16	#include <Library/BaseLib.h>\r
	17	#include <Library/BaseMemoryLib.h>\r
	18	#include "TcgMorLock.h"\r
	19	\r
	20	typedef struct {\r
c411b485 MK	21	CHAR16 *VariableName;\r
c411b485 MK	22	EFI_GUID *VendorGuid;\r
70c7664c JY	23	} VARIABLE_TYPE;\r
	24	\r
	25	VARIABLE_TYPE mMorVariableType[] = {\r
c411b485 MK	26	{ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid },\r
c411b485 MK	27	{ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid },\r
70c7664c JY	28	};\r
	29	\r
	30	/**\r
	31	Returns if this is MOR related variable.\r
	32	\r
	33	@param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String\r
	34	@param VendorGuid Unify identifier for vendor.\r
	35	\r
	36	@retval TRUE The variable is MOR related.\r
	37	@retval FALSE The variable is NOT MOR related.\r
	38	**/\r
	39	BOOLEAN\r
	40	IsAnyMorVariable (\r
c411b485 MK	41	IN CHAR16 *VariableName,\r
c411b485 MK	42	IN EFI_GUID *VendorGuid\r
70c7664c JY	43	)\r
70c7664c JY	44	{\r
c411b485	45	UINTN Index;\r
70c7664c	46	\r
c411b485	47	for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) {\r
b3548d32	48	if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&\r
c411b485 MK	49	(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))\r
c411b485 MK	50	{\r
70c7664c JY	51	return TRUE;\r
	52	}\r
	53	}\r
c411b485	54	\r
70c7664c JY	55	return FALSE;\r
	56	}\r
	57	\r
	58	/**\r
	59	Returns if this is MOR lock variable.\r
	60	\r
	61	@param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String\r
	62	@param VendorGuid Unify identifier for vendor.\r
	63	\r
	64	@retval TRUE The variable is MOR lock variable.\r
	65	@retval FALSE The variable is NOT MOR lock variable.\r
	66	**/\r
	67	BOOLEAN\r
	68	IsMorLockVariable (\r
c411b485 MK	69	IN CHAR16 *VariableName,\r
c411b485 MK	70	IN EFI_GUID *VendorGuid\r
70c7664c JY	71	)\r
70c7664c JY	72	{\r
b3548d32	73	if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&\r
c411b485 MK	74	(CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid)))\r
c411b485 MK	75	{\r
70c7664c JY	76	return TRUE;\r
70c7664c JY	77	}\r
c411b485	78	\r
70c7664c JY	79	return FALSE;\r
	80	}\r
	81	\r
	82	/**\r
	83	This service is a checker handler for the UEFI Runtime Service SetVariable()\r
	84	\r
	85	@param VariableName the name of the vendor's variable, as a\r
	86	Null-Terminated Unicode String\r
	87	@param VendorGuid Unify identifier for vendor.\r
	88	@param Attributes Point to memory location to return the attributes of variable. If the point\r
	89	is NULL, the parameter would be ignored.\r
	90	@param DataSize The size in bytes of Data-Buffer.\r
	91	@param Data Point to the content of the variable.\r
	92	\r
	93	@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r
	94	defined by the Attributes.\r
	95	@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the\r
	96	DataSize exceeds the maximum allowed.\r
	97	@retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.\r
	98	@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.\r
	99	@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.\r
	100	@retval EFI_WRITE_PROTECTED The variable in question is read-only.\r
	101	@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.\r
0130fdde	102	@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r
70c7664c JY	103	set but the AuthInfo does NOT pass the validation check carried\r
	104	out by the firmware.\r
	105	@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.\r
	106	\r
	107	**/\r
	108	EFI_STATUS\r
	109	EFIAPI\r
	110	SetVariableCheckHandlerMor (\r
c411b485 MK	111	IN CHAR16 *VariableName,\r
	112	IN EFI_GUID *VendorGuid,\r
	113	IN UINT32 Attributes,\r
	114	IN UINTN DataSize,\r
	115	IN VOID *Data\r
70c7664c JY	116	)\r
	117	{\r
	118	UINTN MorLockDataSize;\r
	119	BOOLEAN MorLock;\r
	120	EFI_STATUS Status;\r
	121	\r
	122	//\r
	123	// do not handle non-MOR variable\r
	124	//\r
	125	if (!IsAnyMorVariable (VariableName, VendorGuid)) {\r
	126	return EFI_SUCCESS;\r
	127	}\r
	128	\r
c411b485 MK	129	MorLockDataSize = sizeof (MorLock);\r
	130	Status = InternalGetVariable (\r
	131	MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r
	132	&gEfiMemoryOverwriteRequestControlLockGuid,\r
	133	NULL,\r
	134	&MorLockDataSize,\r
	135	&MorLock\r
	136	);\r
70c7664c JY	137	if (!EFI_ERROR (Status) && MorLock) {\r
	138	//\r
	139	// If lock, deny access\r
	140	//\r
	141	return EFI_INVALID_PARAMETER;\r
	142	}\r
b3548d32	143	\r
77656653 JY	144	//\r
	145	// Delete not OK\r
	146	//\r
c411b485	147	if ((DataSize != sizeof (UINT8)) \|\| (Data == NULL) \|\| (Attributes == 0)) {\r
77656653 JY	148	return EFI_INVALID_PARAMETER;\r
	149	}\r
	150	\r
70c7664c JY	151	//\r
	152	// check format\r
	153	//\r
c411b485	154	if (IsMorLockVariable (VariableName, VendorGuid)) {\r
70c7664c JY	155	//\r
	156	// set to any other value not OK\r
	157	//\r
77656653	158	if (((UINT8 )Data != 1) && ((UINT8 )Data != 0)) {\r
70c7664c JY	159	return EFI_INVALID_PARAMETER;\r
	160	}\r
	161	}\r
c411b485	162	\r
70c7664c JY	163	//\r
	164	// Or grant access\r
	165	//\r
	166	return EFI_SUCCESS;\r
	167	}\r
	168	\r
	169	/**\r
	170	Entry Point for MOR Lock Control driver.\r
	171	\r
	172	@param[in] ImageHandle Image handle of this driver.\r
	173	@param[in] SystemTable A Pointer to the EFI System Table.\r
	174	\r
d6b926e7	175	@retval EFI_SUCCESS\r
70c7664c JY	176	@return Others Some error occurs.\r
	177	**/\r
	178	EFI_STATUS\r
	179	EFIAPI\r
	180	MorLockDriverInit (\r
	181	VOID\r
	182	)\r
	183	{\r
	184	EFI_STATUS Status;\r
	185	UINT8 Data;\r
	186	\r
c411b485	187	Data = 0;\r
70c7664c JY	188	Status = InternalSetVariable (\r
	189	MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r
	190	&gEfiMemoryOverwriteRequestControlLockGuid,\r
	191	EFI_VARIABLE_NON_VOLATILE \| EFI_VARIABLE_BOOTSERVICE_ACCESS \| EFI_VARIABLE_RUNTIME_ACCESS,\r
	192	1,\r
	193	&Data\r
	194	);\r
	195	return Status;\r
	196	}\r