2 TCG MOR (Memory Overwrite Request) Lock Control support (DXE version).
4 This module clears MemoryOverwriteRequestControlLock variable to indicate
5 MOR lock control unsupported.
7 Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
13 #include <Guid/MemoryOverwriteControl.h>
14 #include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
15 #include <Library/DebugLib.h>
16 #include <Library/BaseLib.h>
17 #include <Library/BaseMemoryLib.h>
20 extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock
;
23 This service is an MOR/MorLock checker handler for the SetVariable().
25 @param[in] VariableName the name of the vendor's variable, as a
26 Null-Terminated Unicode String
27 @param[in] VendorGuid Unify identifier for vendor.
28 @param[in] Attributes Attributes bitmask to set for the variable.
29 @param[in] DataSize The size in bytes of Data-Buffer.
30 @param[in] Data Point to the content of the variable.
32 @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable
33 driver can store the variable data.
34 @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or
35 attributes is not allowed for MOR variable.
36 @retval EFI_ACCESS_DENIED The MOR/MorLock is locked.
37 @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this
38 function. Variable driver can just return
42 SetVariableCheckHandlerMor (
43 IN CHAR16
*VariableName
,
44 IN EFI_GUID
*VendorGuid
,
51 // Just let it pass. No need provide protection for DXE version.
57 Initialization for MOR Control Lock.
59 @retval EFI_SUCCESS MorLock initialization success.
60 @return Others Some error occurs.
68 // Always clear variable to report unsupported to OS.
69 // The reason is that the DXE version is not proper to provide *protection*.
70 // BIOS should use SMM version variable driver to provide such capability.
72 VariableServiceSetVariable (
73 MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
,
74 &gEfiMemoryOverwriteRequestControlLockGuid
,
81 // Need set this variable to be read-only to prevent other module set it.
83 VariableLockRequestToLock (&mVariableLock
, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME
, &gEfiMemoryOverwriteRequestControlLockGuid
);
86 // The MOR variable can effectively improve platform security only when the
87 // MorLock variable protects the MOR variable. In turn MorLock cannot be made
88 // secure without SMM support in the platform firmware (see above).
90 // Thus, delete the MOR variable, should it exist for any reason (some OSes
91 // are known to create MOR unintentionally, in an attempt to set it), then
92 // also lock the MOR variable, in order to prevent other modules from
95 VariableServiceSetVariable (
96 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
97 &gEfiMemoryOverwriteControlDataGuid
,
102 VariableLockRequestToLock (
104 MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME
,
105 &gEfiMemoryOverwriteControlDataGuid
112 Delayed initialization for MOR Control Lock at EndOfDxe.
114 This function performs any operations queued by MorLockInit().
117 MorLockInitAtEndOfDxe (