]>
Commit | Line | Data |
---|---|---|
70c7664c JY |
1 | /** @file\r |
2 | TCG MOR (Memory Overwrite Request) Lock Control Driver.\r | |
3 | \r | |
d6b926e7 | 4 | This driver initializes MemoryOverwriteRequestControlLock variable.\r |
70c7664c JY |
5 | This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.\r |
6 | \r | |
b3548d32 | 7 | Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r |
289b714b | 8 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
70c7664c JY |
9 | \r |
10 | **/\r | |
11 | \r | |
12 | #include <PiDxe.h>\r | |
13 | #include <Guid/MemoryOverwriteControl.h>\r | |
14 | #include <IndustryStandard/MemoryOverwriteRequestControlLock.h>\r | |
15 | #include <Library/DebugLib.h>\r | |
16 | #include <Library/BaseLib.h>\r | |
17 | #include <Library/BaseMemoryLib.h>\r | |
18 | #include "TcgMorLock.h"\r | |
19 | \r | |
20 | typedef struct {\r | |
21 | CHAR16 *VariableName;\r | |
22 | EFI_GUID *VendorGuid;\r | |
23 | } VARIABLE_TYPE;\r | |
24 | \r | |
25 | VARIABLE_TYPE mMorVariableType[] = {\r | |
26 | {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid},\r | |
27 | {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid},\r | |
28 | };\r | |
29 | \r | |
30 | /**\r | |
31 | Returns if this is MOR related variable.\r | |
32 | \r | |
33 | @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String\r | |
34 | @param VendorGuid Unify identifier for vendor.\r | |
35 | \r | |
36 | @retval TRUE The variable is MOR related.\r | |
37 | @retval FALSE The variable is NOT MOR related.\r | |
38 | **/\r | |
39 | BOOLEAN\r | |
40 | IsAnyMorVariable (\r | |
41 | IN CHAR16 *VariableName,\r | |
42 | IN EFI_GUID *VendorGuid\r | |
43 | )\r | |
44 | {\r | |
45 | UINTN Index;\r | |
46 | \r | |
47 | for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {\r | |
b3548d32 | 48 | if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&\r |
70c7664c JY |
49 | (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {\r |
50 | return TRUE;\r | |
51 | }\r | |
52 | }\r | |
53 | return FALSE;\r | |
54 | }\r | |
55 | \r | |
56 | /**\r | |
57 | Returns if this is MOR lock variable.\r | |
58 | \r | |
59 | @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String\r | |
60 | @param VendorGuid Unify identifier for vendor.\r | |
61 | \r | |
62 | @retval TRUE The variable is MOR lock variable.\r | |
63 | @retval FALSE The variable is NOT MOR lock variable.\r | |
64 | **/\r | |
65 | BOOLEAN\r | |
66 | IsMorLockVariable (\r | |
67 | IN CHAR16 *VariableName,\r | |
68 | IN EFI_GUID *VendorGuid\r | |
69 | )\r | |
70 | {\r | |
b3548d32 | 71 | if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&\r |
70c7664c JY |
72 | (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {\r |
73 | return TRUE;\r | |
74 | }\r | |
75 | return FALSE;\r | |
76 | }\r | |
77 | \r | |
78 | /**\r | |
79 | This service is a checker handler for the UEFI Runtime Service SetVariable()\r | |
80 | \r | |
81 | @param VariableName the name of the vendor's variable, as a\r | |
82 | Null-Terminated Unicode String\r | |
83 | @param VendorGuid Unify identifier for vendor.\r | |
84 | @param Attributes Point to memory location to return the attributes of variable. If the point\r | |
85 | is NULL, the parameter would be ignored.\r | |
86 | @param DataSize The size in bytes of Data-Buffer.\r | |
87 | @param Data Point to the content of the variable.\r | |
88 | \r | |
89 | @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as\r | |
90 | defined by the Attributes.\r | |
91 | @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the\r | |
92 | DataSize exceeds the maximum allowed.\r | |
93 | @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.\r | |
94 | @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.\r | |
95 | @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.\r | |
96 | @retval EFI_WRITE_PROTECTED The variable in question is read-only.\r | |
97 | @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.\r | |
0130fdde | 98 | @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS\r |
70c7664c JY |
99 | set but the AuthInfo does NOT pass the validation check carried\r |
100 | out by the firmware.\r | |
101 | @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.\r | |
102 | \r | |
103 | **/\r | |
104 | EFI_STATUS\r | |
105 | EFIAPI\r | |
106 | SetVariableCheckHandlerMor (\r | |
107 | IN CHAR16 *VariableName,\r | |
108 | IN EFI_GUID *VendorGuid,\r | |
109 | IN UINT32 Attributes,\r | |
110 | IN UINTN DataSize,\r | |
111 | IN VOID *Data\r | |
112 | )\r | |
113 | {\r | |
114 | UINTN MorLockDataSize;\r | |
115 | BOOLEAN MorLock;\r | |
116 | EFI_STATUS Status;\r | |
117 | \r | |
118 | //\r | |
119 | // do not handle non-MOR variable\r | |
120 | //\r | |
121 | if (!IsAnyMorVariable (VariableName, VendorGuid)) {\r | |
122 | return EFI_SUCCESS;\r | |
123 | }\r | |
124 | \r | |
125 | MorLockDataSize = sizeof(MorLock);\r | |
126 | Status = InternalGetVariable (\r | |
127 | MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r | |
128 | &gEfiMemoryOverwriteRequestControlLockGuid,\r | |
129 | NULL,\r | |
130 | &MorLockDataSize,\r | |
131 | &MorLock\r | |
132 | );\r | |
133 | if (!EFI_ERROR (Status) && MorLock) {\r | |
134 | //\r | |
135 | // If lock, deny access\r | |
136 | //\r | |
137 | return EFI_INVALID_PARAMETER;\r | |
138 | }\r | |
b3548d32 | 139 | \r |
77656653 JY |
140 | //\r |
141 | // Delete not OK\r | |
142 | //\r | |
143 | if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {\r | |
144 | return EFI_INVALID_PARAMETER;\r | |
145 | }\r | |
146 | \r | |
70c7664c JY |
147 | //\r |
148 | // check format\r | |
149 | //\r | |
150 | if (IsMorLockVariable(VariableName, VendorGuid)) {\r | |
70c7664c JY |
151 | //\r |
152 | // set to any other value not OK\r | |
153 | //\r | |
77656653 | 154 | if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {\r |
70c7664c JY |
155 | return EFI_INVALID_PARAMETER;\r |
156 | }\r | |
157 | }\r | |
158 | //\r | |
159 | // Or grant access\r | |
160 | //\r | |
161 | return EFI_SUCCESS;\r | |
162 | }\r | |
163 | \r | |
164 | /**\r | |
165 | Entry Point for MOR Lock Control driver.\r | |
166 | \r | |
167 | @param[in] ImageHandle Image handle of this driver.\r | |
168 | @param[in] SystemTable A Pointer to the EFI System Table.\r | |
169 | \r | |
d6b926e7 | 170 | @retval EFI_SUCCESS\r |
70c7664c JY |
171 | @return Others Some error occurs.\r |
172 | **/\r | |
173 | EFI_STATUS\r | |
174 | EFIAPI\r | |
175 | MorLockDriverInit (\r | |
176 | VOID\r | |
177 | )\r | |
178 | {\r | |
179 | EFI_STATUS Status;\r | |
180 | UINT8 Data;\r | |
181 | \r | |
182 | Data = 0;\r | |
183 | Status = InternalSetVariable (\r | |
184 | MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,\r | |
185 | &gEfiMemoryOverwriteRequestControlLockGuid,\r | |
186 | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,\r | |
187 | 1,\r | |
188 | &Data\r | |
189 | );\r | |
190 | return Status;\r | |
191 | }\r |