[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / VariableSmm.inf

## @file\r
#  Provides SMM authenticated variable service\r
#\r
#  This module installs SMM variable protocol into SMM protocol database,\r
#  which can be used by SMM driver, and installs SMM variable protocol\r
#  into BS protocol database, which can be used to notify the SMM Runtime\r
#  Dxe driver that the SMM variable service is ready.\r
#  This module should be used with SMM Runtime DXE module together. The\r
#  SMM Runtime DXE module installs variable arch protocol and variable\r
#  write arch protocol based on SMM variable module.\r
#\r
#  Caution: This module requires additional review when modified.\r
#  This driver will have external input - variable data and communicate buffer in SMM mode.\r
#  This external input must be validated carefully to avoid security issues such as \r
#  buffer overflow or integer overflow.\r
#    The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
#  which is assumed to be protected by platform.  All variable code and metadata in flash/SMM Memory\r
#  may not be modified without authorization. If platform fails to protect these resources, \r
#  the authentication service provided in this driver will be broken, and the behavior is undefined.\r
#\r
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
# This program and the accompanying materials\r
# are licensed and made available under the terms and conditions of the BSD License\r
# which accompanies this distribution. The full text of the license may be found at\r
# http://opensource.org/licenses/bsd-license.php\r
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
#\r
##\r
\r
[Defines]\r
  INF_VERSION                    = 0x00010005\r
  BASE_NAME                      = VariableAuthSmm\r
  MODULE_UNI_FILE                = VariableAuthSmm.uni\r
  FILE_GUID                      = D34BDC5E-968A-40f5-A48C-E594F45AE211\r
  MODULE_TYPE                    = DXE_SMM_DRIVER\r
  VERSION_STRING                 = 1.0\r
  PI_SPECIFICATION_VERSION       = 0x0001000A\r
  ENTRY_POINT                    = VariableServiceInitialize\r
\r
#\r
# The following information is for reference only and not required by the build tools.\r
#\r
#  VALID_ARCHITECTURES           = IA32 X64\r
#\r
\r
\r
[Sources]\r
  Reclaim.c\r
  Variable.c\r
  VariableSmm.c\r
  AuthService.c\r
  VarCheck.c\r
  Variable.h\r
  AuthService.h\r
\r
[Packages]\r
  MdePkg/MdePkg.dec\r
  MdeModulePkg/MdeModulePkg.dec\r
  CryptoPkg/CryptoPkg.dec\r
  SecurityPkg/SecurityPkg.dec\r
\r
[LibraryClasses]\r
  UefiDriverEntryPoint\r
  MemoryAllocationLib\r
  BaseLib\r
  SynchronizationLib\r
  UefiLib\r
  SmmServicesTableLib\r
  BaseMemoryLib\r
  DebugLib\r
  DxeServicesTableLib\r
  BaseCryptLib\r
  PlatformSecureLib\r
  HobLib\r
  PcdLib\r
  DevicePathLib\r
  SmmMemLib\r
\r
[Protocols]\r
  gEfiSmmFirmwareVolumeBlockProtocolGuid        ## CONSUMES\r
  gEfiSmmAccess2ProtocolGuid                    ## CONSUMES\r
  \r
  ## PRODUCES\r
  ## UNDEFINED     # SmiHandlerRegister\r
  gEfiSmmVariableProtocolGuid\r
  \r
  ## CONSUMES\r
  ## NOTIFY  \r
  gEfiSmmFaultTolerantWriteProtocolGuid\r
  gEfiSmmEndOfDxeProtocolGuid                   ## NOTIFY\r
  gEdkiiSmmVarCheckProtocolGuid                 ## PRODUCES\r
\r
[Guids]\r
  ## PRODUCES             ## GUID # Variable store header\r
  ## CONSUMES             ## GUID # Variable store header\r
  ## SOMETIMES_CONSUMES   ## HOB\r
  gEfiAuthenticatedVariableGuid\r
  \r
  ## SOMETIMES_CONSUMES   ## Variable:L"PlatformLang"\r
  ## SOMETIMES_PRODUCES   ## Variable:L"PlatformLang"\r
  ## SOMETIMES_CONSUMES   ## Variable:L"Lang"\r
  ## SOMETIMES_PRODUCES   ## Variable:L"Lang"\r
  ## SOMETIMES_CONSUMES   ## Variable:L"HwErrRecSupport"\r
  ## CONSUMES             ## Variable:L"SetupMode"\r
  ## PRODUCES             ## Variable:L"SetupMode"\r
  ## SOMETIMES_CONSUMES   ## Variable:L"PK"\r
  ## SOMETIMES_CONSUMES   ## Variable:L"KEK"\r
  ## CONSUMES             ## Variable:L"SecureBoot"\r
  ## PRODUCES             ## Variable:L"SecureBoot"\r
  ## CONSUMES             ## Variable:L"SignatureSupport"\r
  ## PRODUCES             ## Variable:L"SignatureSupport"\r
  ## PRODUCES             ## Variable:L"VendorKeys"\r
  gEfiGlobalVariableGuid\r
  \r
  ## SOMETIMES_CONSUMES   ## Variable:L"DB"\r
  ## SOMETIMES_CONSUMES   ## Variable:L"DBX"\r
  gEfiImageSecurityDatabaseGuid\r
 \r
  ## CONSUMES             ## Variable:L"SecureBootEnable"\r
  ## PRODUCES             ## Variable:L"SecureBootEnable"\r
  gEfiSecureBootEnableDisableGuid\r
  \r
  ## CONSUMES             ## Variable:L"CustomMode"\r
  ## PRODUCES             ## Variable:L"CustomMode"\r
  gEfiCustomModeEnableGuid\r
  \r
  ## CONSUMES             ## Variable:L"certdb"\r
  ## PRODUCES             ## Variable:L"certdb"\r
  gEfiCertDbGuid\r
\r
  ## CONSUMES             ## Variable:L"VendorKeysNv"\r
  ## PRODUCES             ## Variable:L"VendorKeysNv"\r
  gEfiVendorKeysNvGuid\r
    \r
  gSmmVariableWriteGuid                    ## PRODUCES               ## GUID        # Install protocol\r
  gEfiCertTypeRsa2048Sha256Guid            ## SOMETIMES_CONSUMES     ## GUID        # Unique ID for the format of the CertData.\r
  gEfiCertPkcs7Guid                        ## SOMETIMES_CONSUMES     ## GUID        # Unique ID for the format of the CertData.\r
  gEfiCertX509Guid                         ## SOMETIMES_CONSUMES     ## GUID        # Unique ID for the type of the signature.\r
  gEfiSystemNvDataFvGuid                   ## CONSUMES               ## GUID\r
  gEfiHardwareErrorVariableGuid            ## SOMETIMES_CONSUMES     ## Variable:L"HwErrRec####"\r
  gEdkiiFaultTolerantWriteGuid             ## SOMETIMES_CONSUMES     ## HOB\r
  gEdkiiVarErrorFlagGuid                   ## CONSUMES               ## GUID\r
\r
[Pcd]\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize       ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase       ## SOMETIMES_CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64     ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize                  ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize     ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize                ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize                 ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize           ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize  ## CONSUMES\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe   ## CONSUMES\r
\r
[FeaturePcd]\r
  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics        ## CONSUMES  # statistic the information of variable.\r
  gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate       ## CONSUMES  # Auto update PlatformLang/Lang\r
\r
[Depex]\r
  TRUE\r
  \r
[UserExtensions.TianoCore."ExtraFiles"]\r
  VariableSmmExtra.uni
Commit	Line	Data
0c18794e	1	## @file\r
60c944c7	2	# Provides SMM authenticated variable service\r
0c18794e	3	#\r
0c18794e	4	# This module installs SMM variable protocol into SMM protocol database,\r
2d3fb919	5	# which can be used by SMM driver, and installs SMM variable protocol\r
0c18794e	6	# into BS protocol database, which can be used to notify the SMM Runtime\r
0c18794e	7	# Dxe driver that the SMM variable service is ready.\r
2d3fb919	8	# This module should be used with SMM Runtime DXE module together. The\r
60c944c7	9	# SMM Runtime DXE module installs variable arch protocol and variable\r
0c18794e	10	# write arch protocol based on SMM variable module.\r
0c18794e	11	#\r
dc204d5a JY	12	# Caution: This module requires additional review when modified.\r
dc204d5a JY	13	# This driver will have external input - variable data and communicate buffer in SMM mode.\r
60c944c7 DG	14	# This external input must be validated carefully to avoid security issues such as \r
60c944c7 DG	15	# buffer overflow or integer overflow.\r
36bdec3c CZ	16	# The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
	17	# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
	18	# may not be modified without authorization. If platform fails to protect these resources, \r
	19	# the authentication service provided in this driver will be broken, and the behavior is undefined.\r
dc204d5a	20	#\r
17409b7a	21	# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
0c18794e	22	# This program and the accompanying materials\r
	23	# are licensed and made available under the terms and conditions of the BSD License\r
	24	# which accompanies this distribution. The full text of the license may be found at\r
	25	# http://opensource.org/licenses/bsd-license.php\r
	26	# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	27	# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	28	#\r
	29	##\r
	30	\r
	31	[Defines]\r
	32	INF_VERSION = 0x00010005\r
201edad3	33	BASE_NAME = VariableAuthSmm\r
60c944c7	34	MODULE_UNI_FILE = VariableAuthSmm.uni\r
0c18794e	35	FILE_GUID = D34BDC5E-968A-40f5-A48C-E594F45AE211\r
	36	MODULE_TYPE = DXE_SMM_DRIVER\r
	37	VERSION_STRING = 1.0\r
	38	PI_SPECIFICATION_VERSION = 0x0001000A\r
	39	ENTRY_POINT = VariableServiceInitialize\r
	40	\r
	41	#\r
	42	# The following information is for reference only and not required by the build tools.\r
	43	#\r
	44	# VALID_ARCHITECTURES = IA32 X64\r
	45	#\r
	46	\r
	47	\r
	48	[Sources]\r
	49	Reclaim.c\r
	50	Variable.c\r
	51	VariableSmm.c\r
	52	AuthService.c\r
17409b7a	53	VarCheck.c\r
0c18794e	54	Variable.h\r
	55	AuthService.h\r
	56	\r
	57	[Packages]\r
	58	MdePkg/MdePkg.dec\r
	59	MdeModulePkg/MdeModulePkg.dec\r
	60	CryptoPkg/CryptoPkg.dec\r
	61	SecurityPkg/SecurityPkg.dec\r
	62	\r
	63	[LibraryClasses]\r
	64	UefiDriverEntryPoint\r
	65	MemoryAllocationLib\r
	66	BaseLib\r
	67	SynchronizationLib\r
	68	UefiLib\r
	69	SmmServicesTableLib\r
	70	BaseMemoryLib\r
	71	DebugLib\r
	72	DxeServicesTableLib\r
	73	BaseCryptLib\r
2d3fb919	74	PlatformSecureLib\r
9a000b46	75	HobLib\r
17409b7a SZ	76	PcdLib\r
17409b7a SZ	77	DevicePathLib\r
9054e55a	78	SmmMemLib\r
0c18794e	79	\r
0c18794e	80	[Protocols]\r
60c944c7 DG	81	gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES\r
	82	gEfiSmmAccess2ProtocolGuid ## CONSUMES\r
	83	\r
	84	## PRODUCES\r
	85	## UNDEFINED # SmiHandlerRegister\r
	86	gEfiSmmVariableProtocolGuid\r
	87	\r
	88	## CONSUMES\r
	89	## NOTIFY \r
	90	gEfiSmmFaultTolerantWriteProtocolGuid\r
17409b7a SZ	91	gEfiSmmEndOfDxeProtocolGuid ## NOTIFY\r
17409b7a SZ	92	gEdkiiSmmVarCheckProtocolGuid ## PRODUCES\r
0c18794e	93	\r
0c18794e	94	[Guids]\r
60c944c7 DG	95	## PRODUCES ## GUID # Variable store header\r
	96	## CONSUMES ## GUID # Variable store header\r
	97	## SOMETIMES_CONSUMES ## HOB\r
	98	gEfiAuthenticatedVariableGuid\r
	99	\r
	100	## SOMETIMES_CONSUMES ## Variable:L"PlatformLang"\r
	101	## SOMETIMES_PRODUCES ## Variable:L"PlatformLang"\r
	102	## SOMETIMES_CONSUMES ## Variable:L"Lang"\r
	103	## SOMETIMES_PRODUCES ## Variable:L"Lang"\r
	104	## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport"\r
	105	## CONSUMES ## Variable:L"SetupMode"\r
	106	## PRODUCES ## Variable:L"SetupMode"\r
	107	## SOMETIMES_CONSUMES ## Variable:L"PK"\r
	108	## SOMETIMES_CONSUMES ## Variable:L"KEK"\r
	109	## CONSUMES ## Variable:L"SecureBoot"\r
	110	## PRODUCES ## Variable:L"SecureBoot"\r
	111	## CONSUMES ## Variable:L"SignatureSupport"\r
	112	## PRODUCES ## Variable:L"SignatureSupport"\r
	113	## PRODUCES ## Variable:L"VendorKeys"\r
	114	gEfiGlobalVariableGuid\r
	115	\r
	116	## SOMETIMES_CONSUMES ## Variable:L"DB"\r
	117	## SOMETIMES_CONSUMES ## Variable:L"DBX"\r
0c18794e	118	gEfiImageSecurityDatabaseGuid\r
60c944c7 DG	119	\r
	120	## CONSUMES ## Variable:L"SecureBootEnable"\r
	121	## PRODUCES ## Variable:L"SecureBootEnable"\r
beda2356	122	gEfiSecureBootEnableDisableGuid\r
60c944c7 DG	123	\r
	124	## CONSUMES ## Variable:L"CustomMode"\r
	125	## PRODUCES ## Variable:L"CustomMode"\r
ecc722ad	126	gEfiCustomModeEnableGuid\r
60c944c7 DG	127	\r
	128	## CONSUMES ## Variable:L"certdb"\r
	129	## PRODUCES ## Variable:L"certdb"\r
ed47ae02	130	gEfiCertDbGuid\r
0c18794e	131	\r
60c944c7 DG	132	## CONSUMES ## Variable:L"VendorKeysNv"\r
	133	## PRODUCES ## Variable:L"VendorKeysNv"\r
	134	gEfiVendorKeysNvGuid\r
	135	\r
	136	gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol\r
	137	gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData.\r
	138	gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData.\r
	139	gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.\r
	140	gEfiSystemNvDataFvGuid ## CONSUMES ## GUID\r
	141	gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####"\r
	142	gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB\r
952ba83c SZ	143	gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID\r
952ba83c SZ	144	\r
0c18794e	145	[Pcd]\r
60c944c7 DG	146	gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES\r
	147	gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES\r
	148	gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES\r
	149	gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES\r
	150	gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES\r
	151	gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES\r
	152	gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES\r
952ba83c SZ	153	gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES\r
952ba83c SZ	154	gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES\r
93626a53	155	gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES\r
952ba83c	156	\r
0c18794e	157	[FeaturePcd]\r
60c944c7 DG	158	gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable.\r
60c944c7 DG	159	gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang\r
0c18794e	160	\r
0c18794e	161	[Depex]\r
2d3fb919	162	TRUE\r
60c944c7 DG	163	\r
	164	[UserExtensions.TianoCore."ExtraFiles"]\r
	165	VariableSmmExtra.uni