]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg: Add SMM LockBox
[mirror_edk2.git] / MdeModulePkg / Library / SmmLockBoxLib / SmmLockBoxSmmLib.c
1 /** @file
2
3 Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
4
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions
7 of the BSD License which accompanies this distribution. The
8 full text of the license may be found at
9 http://opensource.org/licenses/bsd-license.php
10
11 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13
14 **/
15
16 #include <PiSmm.h>
17 #include <Library/SmmServicesTableLib.h>
18 #include <Library/BaseLib.h>
19 #include <Library/BaseMemoryLib.h>
20 #include <Library/LockBoxLib.h>
21 #include <Library/DebugLib.h>
22 #include <Guid/SmmLockBox.h>
23
24 #include "SmmLockBoxLibPrivate.h"
25
26 /**
27 We need handle this library carefully. Only one library instance will construct the environment.
28 Below 2 global variable can only be used in constructor. They should NOT be used in any other library functions.
29 **/
30 SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext;
31 LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue);
32
33 /**
34 This function return SmmLockBox context from SMST.
35
36 @return SmmLockBox context from SMST.
37 **/
38 SMM_LOCK_BOX_CONTEXT *
39 InternalGetSmmLockBoxContext (
40 VOID
41 )
42 {
43 UINTN Index;
44
45 //
46 // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone
47 //
48 for (Index = 0; Index < gSmst->NumberOfTableEntries; Index++) {
49 if (CompareGuid (&gSmst->SmmConfigurationTable[Index].VendorGuid, &gEfiSmmLockBoxCommunicationGuid)) {
50 //
51 // Found. That means some other library instance is already run.
52 // No need to install again, just return.
53 //
54 return (SMM_LOCK_BOX_CONTEXT *)gSmst->SmmConfigurationTable[Index].VendorTable;
55 }
56 }
57
58 //
59 // Not found.
60 //
61 return NULL;
62 }
63
64 /**
65 Constructor for SmmLockBox library.
66 This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later.
67
68 @param[in] ImageHandle Image handle of this driver.
69 @param[in] SystemTable A Pointer to the EFI System Table.
70
71 @retval EFI_SUCEESS
72 @return Others Some error occurs.
73 **/
74 EFI_STATUS
75 EFIAPI
76 SmmLockBoxSmmConstructuor (
77 IN EFI_HANDLE ImageHandle,
78 IN EFI_SYSTEM_TABLE *SystemTable
79 )
80 {
81 EFI_STATUS Status;
82 SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;
83
84 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Enter\n"));
85
86 //
87 // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone
88 //
89 SmmLockBoxContext = InternalGetSmmLockBoxContext ();
90 if (SmmLockBoxContext != NULL) {
91 //
92 // Find it. That means some other library instance is already run.
93 // No need to install again, just return.
94 //
95 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - already installed\n"));
96 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n"));
97 return EFI_SUCCESS;
98 }
99
100 //
101 // If no one install this, it means this is first instance. Install it.
102 //
103 if (sizeof(UINTN) == sizeof(UINT64)) {
104 mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_64;
105 } else {
106 mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_32;
107 }
108 mSmmLockBoxContext.LockBoxDataAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)&mLockBoxQueue;
109
110 Status = gSmst->SmmInstallConfigurationTable (
111 gSmst,
112 &gEfiSmmLockBoxCommunicationGuid,
113 &mSmmLockBoxContext,
114 sizeof(mSmmLockBoxContext)
115 );
116 ASSERT_EFI_ERROR (Status);
117
118 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - %x\n", (UINTN)&mSmmLockBoxContext));
119 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib LockBoxDataAddress - %x\n", (UINTN)&mLockBoxQueue));
120 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n"));
121
122 return Status;
123 }
124
125 /**
126 This function return SmmLockBox queue address.
127
128 @return SmmLockBox queue address.
129 **/
130 LIST_ENTRY *
131 InternalGetLockBoxQueue (
132 VOID
133 )
134 {
135 SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;
136
137 SmmLockBoxContext = InternalGetSmmLockBoxContext ();
138 ASSERT (SmmLockBoxContext != NULL);
139 if (SmmLockBoxContext == NULL) {
140 return NULL;
141 }
142 return (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress;
143 }
144
145 /**
146 This function find LockBox by GUID.
147
148 @param Guid The guid to indentify the LockBox
149
150 @return LockBoxData
151 **/
152 SMM_LOCK_BOX_DATA *
153 InternalFindLockBoxByGuid (
154 IN EFI_GUID *Guid
155 )
156 {
157 LIST_ENTRY *Link;
158 SMM_LOCK_BOX_DATA *LockBox;
159 LIST_ENTRY *LockBoxQueue;
160
161 LockBoxQueue = InternalGetLockBoxQueue ();
162 ASSERT (LockBoxQueue != NULL);
163
164 for (Link = LockBoxQueue->ForwardLink;
165 Link != LockBoxQueue;
166 Link = Link->ForwardLink) {
167 LockBox = BASE_CR (
168 Link,
169 SMM_LOCK_BOX_DATA,
170 Link
171 );
172 if (CompareGuid (&LockBox->Guid, Guid)) {
173 return LockBox;
174 }
175 }
176 return NULL;
177 }
178
179 /**
180 This function will save confidential information to lockbox.
181
182 @param Guid the guid to identify the confidential information
183 @param Buffer the address of the confidential information
184 @param Length the length of the confidential information
185
186 @retval RETURN_SUCCESS the information is saved successfully.
187 @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0
188 @retval RETURN_ALREADY_STARTED the requested GUID already exist.
189 @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.
190 @retval RETURN_ACCESS_DENIED it is too late to invoke this interface
191 @retval RETURN_NOT_STARTED it is too early to invoke this interface
192 @retval RETURN_UNSUPPORTED the service is not supported by implementaion.
193 **/
194 RETURN_STATUS
195 EFIAPI
196 SaveLockBox (
197 IN GUID *Guid,
198 IN VOID *Buffer,
199 IN UINTN Length
200 )
201 {
202 SMM_LOCK_BOX_DATA *LockBox;
203 EFI_PHYSICAL_ADDRESS SmramBuffer;
204 EFI_STATUS Status;
205 LIST_ENTRY *LockBoxQueue;
206
207 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Enter\n"));
208
209 //
210 // Basic check
211 //
212 if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {
213 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));
214 return EFI_INVALID_PARAMETER;
215 }
216
217 //
218 // Find LockBox
219 //
220 LockBox = InternalFindLockBoxByGuid (Guid);
221 if (LockBox != NULL) {
222 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_ALREADY_STARTED));
223 return EFI_ALREADY_STARTED;
224 }
225
226 //
227 // Allocate SMRAM buffer
228 //
229 Status = gSmst->SmmAllocatePages (
230 AllocateAnyPages,
231 EfiRuntimeServicesData,
232 EFI_SIZE_TO_PAGES (Length),
233 &SmramBuffer
234 );
235 ASSERT_EFI_ERROR (Status);
236 if (EFI_ERROR (Status)) {
237 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));
238 return EFI_OUT_OF_RESOURCES;
239 }
240
241 //
242 // Allocate LockBox
243 //
244 Status = gSmst->SmmAllocatePool (
245 EfiRuntimeServicesData,
246 sizeof(*LockBox),
247 (VOID **)&LockBox
248 );
249 ASSERT_EFI_ERROR (Status);
250 if (EFI_ERROR (Status)) {
251 gSmst->SmmFreePages (SmramBuffer, EFI_SIZE_TO_PAGES (Length));
252 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));
253 return EFI_OUT_OF_RESOURCES;
254 }
255
256 //
257 // Save data
258 //
259 CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)Buffer, Length);
260
261 //
262 // Insert LockBox to queue
263 //
264 LockBox->Signature = SMM_LOCK_BOX_DATA_SIGNATURE;
265 CopyMem (&LockBox->Guid, Guid, sizeof(EFI_GUID));
266 LockBox->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;
267 LockBox->Length = (UINT64)Length;
268 LockBox->SmramBuffer = SmramBuffer;
269
270 LockBoxQueue = InternalGetLockBoxQueue ();
271 ASSERT (LockBoxQueue != NULL);
272 InsertTailList (LockBoxQueue, &LockBox->Link);
273
274 //
275 // Done
276 //
277 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_SUCCESS));
278 return EFI_SUCCESS;
279 }
280
281 /**
282 This function will set lockbox attributes.
283
284 @param Guid the guid to identify the confidential information
285 @param Attributes the attributes of the lockbox
286
287 @retval RETURN_SUCCESS the information is saved successfully.
288 @retval RETURN_INVALID_PARAMETER attributes is invalid.
289 @retval RETURN_NOT_FOUND the requested GUID not found.
290 @retval RETURN_ACCESS_DENIED it is too late to invoke this interface
291 @retval RETURN_NOT_STARTED it is too early to invoke this interface
292 @retval RETURN_UNSUPPORTED the service is not supported by implementaion.
293 **/
294 RETURN_STATUS
295 EFIAPI
296 SetLockBoxAttributes (
297 IN GUID *Guid,
298 IN UINT64 Attributes
299 )
300 {
301 SMM_LOCK_BOX_DATA *LockBox;
302
303 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Enter\n"));
304
305 //
306 // Basic check
307 //
308 if ((Guid == NULL) ||
309 ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {
310 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER));
311 return EFI_INVALID_PARAMETER;
312 }
313
314 //
315 // Find LockBox
316 //
317 LockBox = InternalFindLockBoxByGuid (Guid);
318 if (LockBox == NULL) {
319 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_NOT_FOUND));
320 return EFI_NOT_FOUND;
321 }
322
323 //
324 // Update data
325 //
326 LockBox->Attributes = Attributes;
327
328 //
329 // Done
330 //
331 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_SUCCESS));
332 return EFI_SUCCESS;
333 }
334
335 /**
336 This function will update confidential information to lockbox.
337
338 @param Guid the guid to identify the original confidential information
339 @param Offset the offset of the original confidential information
340 @param Buffer the address of the updated confidential information
341 @param Length the length of the updated confidential information
342
343 @retval RETURN_SUCCESS the information is saved successfully.
344 @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.
345 @retval RETURN_NOT_FOUND the requested GUID not found.
346 @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.
347 @retval RETURN_ACCESS_DENIED it is too late to invoke this interface
348 @retval RETURN_NOT_STARTED it is too early to invoke this interface
349 @retval RETURN_UNSUPPORTED the service is not supported by implementaion.
350 **/
351 RETURN_STATUS
352 EFIAPI
353 UpdateLockBox (
354 IN GUID *Guid,
355 IN UINTN Offset,
356 IN VOID *Buffer,
357 IN UINTN Length
358 )
359 {
360 SMM_LOCK_BOX_DATA *LockBox;
361
362 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Enter\n"));
363
364 //
365 // Basic check
366 //
367 if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {
368 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));
369 return EFI_INVALID_PARAMETER;
370 }
371
372 //
373 // Find LockBox
374 //
375 LockBox = InternalFindLockBoxByGuid (Guid);
376 if (LockBox == NULL) {
377 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_NOT_FOUND));
378 return EFI_NOT_FOUND;
379 }
380
381 //
382 // Update data
383 //
384 if (LockBox->Length < Offset + Length) {
385 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));
386 return EFI_BUFFER_TOO_SMALL;
387 }
388 CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length);
389
390 //
391 // Done
392 //
393 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_SUCCESS));
394 return EFI_SUCCESS;
395 }
396
397 /**
398 This function will restore confidential information from lockbox.
399
400 @param Guid the guid to identify the confidential information
401 @param Buffer the address of the restored confidential information
402 NULL means restored to original address, Length MUST be NULL at same time.
403 @param Length the length of the restored confidential information
404
405 @retval RETURN_SUCCESS the information is restored successfully.
406 @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.
407 @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no
408 LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.
409 @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.
410 @retval RETURN_NOT_FOUND the requested GUID not found.
411 @retval RETURN_NOT_STARTED it is too early to invoke this interface
412 @retval RETURN_ACCESS_DENIED not allow to restore to the address
413 @retval RETURN_UNSUPPORTED the service is not supported by implementaion.
414 **/
415 RETURN_STATUS
416 EFIAPI
417 RestoreLockBox (
418 IN GUID *Guid,
419 IN VOID *Buffer, OPTIONAL
420 IN OUT UINTN *Length OPTIONAL
421 )
422 {
423 SMM_LOCK_BOX_DATA *LockBox;
424 VOID *RestoreBuffer;
425
426 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Enter\n"));
427
428 //
429 // Restore this, Buffer and Length MUST be both NULL or both non-NULL
430 //
431 if ((Guid == NULL) ||
432 ((Buffer == NULL) && (Length != NULL)) ||
433 ((Buffer != NULL) && (Length == NULL))) {
434 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));
435 return EFI_INVALID_PARAMETER;
436 }
437
438 //
439 // Find LockBox
440 //
441 LockBox = InternalFindLockBoxByGuid (Guid);
442 if (LockBox == NULL) {
443 //
444 // Not found
445 //
446 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_NOT_FOUND));
447 return EFI_NOT_FOUND;
448 }
449
450 //
451 // Set RestoreBuffer
452 //
453 if (Buffer != NULL) {
454 //
455 // restore to new buffer
456 //
457 RestoreBuffer = Buffer;
458 } else {
459 //
460 // restore to original buffer
461 //
462 if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) {
463 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_WRITE_PROTECTED));
464 return EFI_WRITE_PROTECTED;
465 }
466 RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer;
467 }
468
469 //
470 // Set RestoreLength
471 //
472 if (Length != NULL) {
473 if (*Length < (UINTN)LockBox->Length) {
474 //
475 // Input buffer is too small to hold all data.
476 //
477 *Length = (UINTN)LockBox->Length;
478 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));
479 return EFI_BUFFER_TOO_SMALL;
480 }
481 *Length = (UINTN)LockBox->Length;
482 }
483
484 //
485 // Restore data
486 //
487 CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);
488
489 //
490 // Done
491 //
492 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_SUCCESS));
493 return EFI_SUCCESS;
494 }
495
496 /**
497 This function will restore confidential information from all lockbox which have RestoreInPlace attribute.
498
499 @retval RETURN_SUCCESS the information is restored successfully.
500 @retval RETURN_NOT_STARTED it is too early to invoke this interface
501 @retval RETURN_UNSUPPORTED the service is not supported by implementaion.
502 **/
503 RETURN_STATUS
504 EFIAPI
505 RestoreAllLockBoxInPlace (
506 VOID
507 )
508 {
509 SMM_LOCK_BOX_DATA *LockBox;
510 LIST_ENTRY *Link;
511 LIST_ENTRY *LockBoxQueue;
512
513 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n"));
514
515 LockBoxQueue = InternalGetLockBoxQueue ();
516 ASSERT (LockBoxQueue != NULL);
517
518 //
519 // Restore all, Buffer and Length MUST be NULL
520 //
521 for (Link = LockBoxQueue->ForwardLink;
522 Link != LockBoxQueue;
523 Link = Link->ForwardLink) {
524 LockBox = BASE_CR (
525 Link,
526 SMM_LOCK_BOX_DATA,
527 Link
528 );
529 if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) {
530 //
531 // Restore data
532 //
533 CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);
534 }
535 }
536 //
537 // Done
538 //
539 DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Exit (%r)\n", EFI_SUCCESS));
540 return EFI_SUCCESS;
541 }
542
EFI Development Kit II mirror for PVE