2 The sample implementation for SMM variable protocol. And this driver
3 implements an SMI handler to communicate with the DXE runtime driver
4 to provide variable services.
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data and communicate buffer in SMM mode.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
11 SmmVariableHandler() will receive untrusted input and do basic validation.
13 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
14 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
15 SmmVariableGetStatistics() should also do validation based on its own knowledge.
17 Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
18 This program and the accompanying materials
19 are licensed and made available under the terms and conditions of the BSD License
20 which accompanies this distribution. The full text of the license may be found at
21 http://opensource.org/licenses/bsd-license.php
23 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
24 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmEndOfDxe.h>
32 #include <Protocol/SmmVarCheck.h>
34 #include <Library/SmmServicesTableLib.h>
35 #include <Library/SmmMemLib.h>
37 #include <Guid/SmmVariableCommon.h>
40 extern VARIABLE_INFO_ENTRY
*gVariableInfo
;
41 EFI_HANDLE mSmmVariableHandle
= NULL
;
42 EFI_HANDLE mVariableHandle
= NULL
;
43 BOOLEAN mAtRuntime
= FALSE
;
44 UINT8
*mVariableBufferPayload
= NULL
;
45 UINTN mVariableBufferPayloadSize
;
46 extern BOOLEAN mEndOfDxe
;
47 extern VAR_CHECK_REQUEST_SOURCE mRequestSource
;
50 SecureBoot Hook for SetVariable.
52 @param[in] VariableName Name of Variable to be found.
53 @param[in] VendorGuid Variable vendor GUID.
59 IN CHAR16
*VariableName
,
60 IN EFI_GUID
*VendorGuid
68 This code sets variable in storage blocks (Volatile or Non-Volatile).
70 @param VariableName Name of Variable to be found.
71 @param VendorGuid Variable vendor GUID.
72 @param Attributes Attribute value of the variable found
73 @param DataSize Size of Data found. If size is less than the
74 data, this value contains the required size.
75 @param Data Data pointer.
77 @return EFI_INVALID_PARAMETER Invalid parameter.
78 @return EFI_SUCCESS Set successfully.
79 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
80 @return EFI_NOT_FOUND Not found.
81 @return EFI_WRITE_PROTECTED Variable is read-only.
86 SmmVariableSetVariable (
87 IN CHAR16
*VariableName
,
88 IN EFI_GUID
*VendorGuid
,
97 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
99 mRequestSource
= VarCheckFromTrusted
;
100 Status
= VariableServiceSetVariable (
107 mRequestSource
= VarCheckFromUntrusted
;
111 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable
= {
112 VariableServiceGetVariable
,
113 VariableServiceGetNextVariableName
,
114 SmmVariableSetVariable
,
115 VariableServiceQueryVariableInfo
118 EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck
= { VarCheckRegisterSetVariableCheckHandler
,
119 VarCheckVariablePropertySet
,
120 VarCheckVariablePropertyGet
};
123 Return TRUE if ExitBootServices () has been called.
125 @retval TRUE If ExitBootServices () has been called.
136 Initializes a basic mutual exclusion lock.
138 This function initializes a basic mutual exclusion lock to the released state
139 and returns the lock. Each lock provides mutual exclusion access at its task
140 priority level. Since there is no preemption or multiprocessor support in EFI,
141 acquiring the lock only consists of raising to the locks TPL.
142 If Lock is NULL, then ASSERT().
143 If Priority is not a valid TPL value, then ASSERT().
145 @param Lock A pointer to the lock data structure to initialize.
146 @param Priority EFI TPL is associated with the lock.
153 IN OUT EFI_LOCK
*Lock
,
161 Acquires lock only at boot time. Simply returns at runtime.
163 This is a temperary function that will be removed when
164 EfiAcquireLock() in UefiLib can handle the call in UEFI
165 Runtimer driver in RT phase.
166 It calls EfiAcquireLock() at boot time, and simply returns
169 @param Lock A pointer to the lock to acquire.
173 AcquireLockOnlyAtBootTime (
182 Releases lock only at boot time. Simply returns at runtime.
184 This is a temperary function which will be removed when
185 EfiReleaseLock() in UefiLib can handle the call in UEFI
186 Runtimer driver in RT phase.
187 It calls EfiReleaseLock() at boot time and simply returns
190 @param Lock A pointer to the lock to release.
194 ReleaseLockOnlyAtBootTime (
202 Retrive the SMM Fault Tolerent Write protocol interface.
204 @param[out] FtwProtocol The interface of SMM Ftw protocol
206 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
207 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
208 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
213 OUT VOID
**FtwProtocol
219 // Locate Smm Fault Tolerent Write protocol
221 Status
= gSmst
->SmmLocateProtocol (
222 &gEfiSmmFaultTolerantWriteProtocolGuid
,
231 Retrive the SMM FVB protocol interface by HANDLE.
233 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
234 reading, writing, and erasing the target block.
235 @param[out] FvBlock The interface of SMM FVB protocol
237 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
238 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
239 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
244 IN EFI_HANDLE FvBlockHandle
,
245 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL
**FvBlock
249 // To get the SMM FVB protocol interface on the handle
251 return gSmst
->SmmHandleProtocol (
253 &gEfiSmmFirmwareVolumeBlockProtocolGuid
,
260 Function returns an array of handles that support the SMM FVB protocol
261 in a buffer allocated from pool.
263 @param[out] NumberHandles The number of handles returned in Buffer.
264 @param[out] Buffer A pointer to the buffer to return the requested
265 array of handles that support SMM FVB protocol.
267 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
268 handles in Buffer was returned in NumberHandles.
269 @retval EFI_NOT_FOUND No SMM FVB handle was found.
270 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
271 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
275 GetFvbCountAndBuffer (
276 OUT UINTN
*NumberHandles
,
277 OUT EFI_HANDLE
**Buffer
283 if ((NumberHandles
== NULL
) || (Buffer
== NULL
)) {
284 return EFI_INVALID_PARAMETER
;
290 Status
= gSmst
->SmmLocateHandle (
292 &gEfiSmmFirmwareVolumeBlockProtocolGuid
,
297 if (EFI_ERROR(Status
) && Status
!= EFI_BUFFER_TOO_SMALL
) {
298 return EFI_NOT_FOUND
;
301 *Buffer
= AllocatePool (BufferSize
);
302 if (*Buffer
== NULL
) {
303 return EFI_OUT_OF_RESOURCES
;
306 Status
= gSmst
->SmmLocateHandle (
308 &gEfiSmmFirmwareVolumeBlockProtocolGuid
,
314 *NumberHandles
= BufferSize
/ sizeof(EFI_HANDLE
);
315 if (EFI_ERROR(Status
)) {
326 Get the variable statistics information from the information buffer pointed by gVariableInfo.
328 Caution: This function may be invoked at SMM runtime.
329 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
331 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
332 On input, point to the variable information returned last time. if
333 InfoEntry->VendorGuid is zero, return the first information.
334 On output, point to the next variable information.
335 @param[in, out] InfoSize On input, the size of the variable information buffer.
336 On output, the returned variable information size.
338 @retval EFI_SUCCESS The variable information is found and returned successfully.
339 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
340 PcdVariableCollectStatistics should be set TRUE to support it.
341 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
342 @retval EFI_INVALID_PARAMETER Input parameter is invalid.
346 SmmVariableGetStatistics (
347 IN OUT VARIABLE_INFO_ENTRY
*InfoEntry
,
348 IN OUT UINTN
*InfoSize
351 VARIABLE_INFO_ENTRY
*VariableInfo
;
353 UINTN StatisticsInfoSize
;
357 if (InfoEntry
== NULL
) {
358 return EFI_INVALID_PARAMETER
;
361 VariableInfo
= gVariableInfo
;
362 if (VariableInfo
== NULL
) {
363 return EFI_UNSUPPORTED
;
366 StatisticsInfoSize
= sizeof (VARIABLE_INFO_ENTRY
) + StrSize (VariableInfo
->Name
);
367 if (*InfoSize
< StatisticsInfoSize
) {
368 *InfoSize
= StatisticsInfoSize
;
369 return EFI_BUFFER_TOO_SMALL
;
371 InfoName
= (CHAR16
*)(InfoEntry
+ 1);
373 CopyGuid (&VendorGuid
, &InfoEntry
->VendorGuid
);
375 if (IsZeroGuid (&VendorGuid
)) {
377 // Return the first variable info
379 CopyMem (InfoEntry
, VariableInfo
, sizeof (VARIABLE_INFO_ENTRY
));
380 CopyMem (InfoName
, VariableInfo
->Name
, StrSize (VariableInfo
->Name
));
381 *InfoSize
= StatisticsInfoSize
;
386 // Get the next variable info
388 while (VariableInfo
!= NULL
) {
389 if (CompareGuid (&VariableInfo
->VendorGuid
, &VendorGuid
)) {
390 NameLength
= StrSize (VariableInfo
->Name
);
391 if (NameLength
== StrSize (InfoName
)) {
392 if (CompareMem (VariableInfo
->Name
, InfoName
, NameLength
) == 0) {
394 // Find the match one
396 VariableInfo
= VariableInfo
->Next
;
401 VariableInfo
= VariableInfo
->Next
;
404 if (VariableInfo
== NULL
) {
410 // Output the new variable info
412 StatisticsInfoSize
= sizeof (VARIABLE_INFO_ENTRY
) + StrSize (VariableInfo
->Name
);
413 if (*InfoSize
< StatisticsInfoSize
) {
414 *InfoSize
= StatisticsInfoSize
;
415 return EFI_BUFFER_TOO_SMALL
;
418 CopyMem (InfoEntry
, VariableInfo
, sizeof (VARIABLE_INFO_ENTRY
));
419 CopyMem (InfoName
, VariableInfo
->Name
, StrSize (VariableInfo
->Name
));
420 *InfoSize
= StatisticsInfoSize
;
427 Communication service SMI Handler entry.
429 This SMI handler provides services for the variable wrapper driver.
431 Caution: This function may receive untrusted input.
432 This variable data and communicate buffer are external input, so this function will do basic validation.
433 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
434 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
435 SmmVariableGetStatistics() should also do validation based on its own knowledge.
437 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
438 @param[in] RegisterContext Points to an optional handler context which was specified when the
439 handler was registered.
440 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
441 be conveyed from a non-SMM environment into an SMM environment.
442 @param[in, out] CommBufferSize The size of the CommBuffer.
444 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
445 should still be called.
446 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
448 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
450 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
455 IN EFI_HANDLE DispatchHandle
,
456 IN CONST VOID
*RegisterContext
,
457 IN OUT VOID
*CommBuffer
,
458 IN OUT UINTN
*CommBufferSize
462 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
463 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
464 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*GetNextVariableName
;
465 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*QueryVariableInfo
;
466 SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
*GetPayloadSize
;
467 VARIABLE_INFO_ENTRY
*VariableInfo
;
468 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
*VariableToLock
;
469 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*CommVariableProperty
;
471 UINTN NameBufferSize
;
472 UINTN CommBufferPayloadSize
;
473 UINTN TempCommBufferSize
;
476 // If input is invalid, stop processing this SMI
478 if (CommBuffer
== NULL
|| CommBufferSize
== NULL
) {
482 TempCommBufferSize
= *CommBufferSize
;
484 if (TempCommBufferSize
< SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
) {
485 DEBUG ((EFI_D_ERROR
, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
488 CommBufferPayloadSize
= TempCommBufferSize
- SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
489 if (CommBufferPayloadSize
> mVariableBufferPayloadSize
) {
490 DEBUG ((EFI_D_ERROR
, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
494 if (!SmmIsBufferOutsideSmmValid ((UINTN
)CommBuffer
, TempCommBufferSize
)) {
495 DEBUG ((EFI_D_ERROR
, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
499 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*)CommBuffer
;
500 switch (SmmVariableFunctionHeader
->Function
) {
501 case SMM_VARIABLE_FUNCTION_GET_VARIABLE
:
502 if (CommBufferPayloadSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) {
503 DEBUG ((EFI_D_ERROR
, "GetVariable: SMM communication buffer size invalid!\n"));
507 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
509 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
510 SmmVariableHeader
= (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*) mVariableBufferPayload
;
511 if (((UINTN
)(~0) - SmmVariableHeader
->DataSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) ||
512 ((UINTN
)(~0) - SmmVariableHeader
->NameSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + SmmVariableHeader
->DataSize
)) {
514 // Prevent InfoSize overflow happen
516 Status
= EFI_ACCESS_DENIED
;
519 InfoSize
= OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)
520 + SmmVariableHeader
->DataSize
+ SmmVariableHeader
->NameSize
;
523 // SMRAM range check already covered before
525 if (InfoSize
> CommBufferPayloadSize
) {
526 DEBUG ((EFI_D_ERROR
, "GetVariable: Data size exceed communication buffer size limit!\n"));
527 Status
= EFI_ACCESS_DENIED
;
531 if (SmmVariableHeader
->NameSize
< sizeof (CHAR16
) || SmmVariableHeader
->Name
[SmmVariableHeader
->NameSize
/sizeof (CHAR16
) - 1] != L
'\0') {
533 // Make sure VariableName is A Null-terminated string.
535 Status
= EFI_ACCESS_DENIED
;
539 Status
= VariableServiceGetVariable (
540 SmmVariableHeader
->Name
,
541 &SmmVariableHeader
->Guid
,
542 &SmmVariableHeader
->Attributes
,
543 &SmmVariableHeader
->DataSize
,
544 (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
546 CopyMem (SmmVariableFunctionHeader
->Data
, mVariableBufferPayload
, CommBufferPayloadSize
);
549 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME
:
550 if (CommBufferPayloadSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
)) {
551 DEBUG ((EFI_D_ERROR
, "GetNextVariableName: SMM communication buffer size invalid!\n"));
555 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
557 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
558 GetNextVariableName
= (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*) mVariableBufferPayload
;
559 if ((UINTN
)(~0) - GetNextVariableName
->NameSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
)) {
561 // Prevent InfoSize overflow happen
563 Status
= EFI_ACCESS_DENIED
;
566 InfoSize
= OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
) + GetNextVariableName
->NameSize
;
569 // SMRAM range check already covered before
571 if (InfoSize
> CommBufferPayloadSize
) {
572 DEBUG ((EFI_D_ERROR
, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
573 Status
= EFI_ACCESS_DENIED
;
577 NameBufferSize
= CommBufferPayloadSize
- OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
);
578 if (NameBufferSize
< sizeof (CHAR16
) || GetNextVariableName
->Name
[NameBufferSize
/sizeof (CHAR16
) - 1] != L
'\0') {
580 // Make sure input VariableName is A Null-terminated string.
582 Status
= EFI_ACCESS_DENIED
;
586 Status
= VariableServiceGetNextVariableName (
587 &GetNextVariableName
->NameSize
,
588 GetNextVariableName
->Name
,
589 &GetNextVariableName
->Guid
591 CopyMem (SmmVariableFunctionHeader
->Data
, mVariableBufferPayload
, CommBufferPayloadSize
);
594 case SMM_VARIABLE_FUNCTION_SET_VARIABLE
:
595 if (CommBufferPayloadSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) {
596 DEBUG ((EFI_D_ERROR
, "SetVariable: SMM communication buffer size invalid!\n"));
600 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
602 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
603 SmmVariableHeader
= (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*) mVariableBufferPayload
;
604 if (((UINTN
)(~0) - SmmVariableHeader
->DataSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) ||
605 ((UINTN
)(~0) - SmmVariableHeader
->NameSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + SmmVariableHeader
->DataSize
)) {
607 // Prevent InfoSize overflow happen
609 Status
= EFI_ACCESS_DENIED
;
612 InfoSize
= OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)
613 + SmmVariableHeader
->DataSize
+ SmmVariableHeader
->NameSize
;
616 // SMRAM range check already covered before
617 // Data buffer should not contain SMM range
619 if (InfoSize
> CommBufferPayloadSize
) {
620 DEBUG ((EFI_D_ERROR
, "SetVariable: Data size exceed communication buffer size limit!\n"));
621 Status
= EFI_ACCESS_DENIED
;
625 if (SmmVariableHeader
->NameSize
< sizeof (CHAR16
) || SmmVariableHeader
->Name
[SmmVariableHeader
->NameSize
/sizeof (CHAR16
) - 1] != L
'\0') {
627 // Make sure VariableName is A Null-terminated string.
629 Status
= EFI_ACCESS_DENIED
;
633 Status
= VariableServiceSetVariable (
634 SmmVariableHeader
->Name
,
635 &SmmVariableHeader
->Guid
,
636 SmmVariableHeader
->Attributes
,
637 SmmVariableHeader
->DataSize
,
638 (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
642 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO
:
643 if (CommBufferPayloadSize
< sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
)) {
644 DEBUG ((EFI_D_ERROR
, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
647 QueryVariableInfo
= (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*) SmmVariableFunctionHeader
->Data
;
649 Status
= VariableServiceQueryVariableInfo (
650 QueryVariableInfo
->Attributes
,
651 &QueryVariableInfo
->MaximumVariableStorageSize
,
652 &QueryVariableInfo
->RemainingVariableStorageSize
,
653 &QueryVariableInfo
->MaximumVariableSize
657 case SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE
:
658 if (CommBufferPayloadSize
< sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
)) {
659 DEBUG ((EFI_D_ERROR
, "GetPayloadSize: SMM communication buffer size invalid!\n"));
662 GetPayloadSize
= (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
*) SmmVariableFunctionHeader
->Data
;
663 GetPayloadSize
->VariablePayloadSize
= mVariableBufferPayloadSize
;
664 Status
= EFI_SUCCESS
;
667 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT
:
669 Status
= EFI_UNSUPPORTED
;
674 VarCheckLibInitializeAtEndOfDxe (NULL
);
676 // The initialization for variable quota.
678 InitializeVariableQuota ();
681 Status
= EFI_SUCCESS
;
684 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE
:
686 Status
= EFI_SUCCESS
;
689 case SMM_VARIABLE_FUNCTION_GET_STATISTICS
:
690 VariableInfo
= (VARIABLE_INFO_ENTRY
*) SmmVariableFunctionHeader
->Data
;
691 InfoSize
= TempCommBufferSize
- SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
694 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
695 // It is covered by previous CommBuffer check
698 if (!SmmIsBufferOutsideSmmValid ((EFI_PHYSICAL_ADDRESS
)(UINTN
)CommBufferSize
, sizeof(UINTN
))) {
699 DEBUG ((EFI_D_ERROR
, "GetStatistics: SMM communication buffer in SMRAM!\n"));
700 Status
= EFI_ACCESS_DENIED
;
704 Status
= SmmVariableGetStatistics (VariableInfo
, &InfoSize
);
705 *CommBufferSize
= InfoSize
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
708 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE
:
710 Status
= EFI_ACCESS_DENIED
;
712 VariableToLock
= (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
*) SmmVariableFunctionHeader
->Data
;
713 Status
= VariableLockRequestToLock (
715 VariableToLock
->Name
,
716 &VariableToLock
->Guid
720 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET
:
722 Status
= EFI_ACCESS_DENIED
;
724 CommVariableProperty
= (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*) SmmVariableFunctionHeader
->Data
;
725 Status
= VarCheckVariablePropertySet (
726 CommVariableProperty
->Name
,
727 &CommVariableProperty
->Guid
,
728 &CommVariableProperty
->VariableProperty
732 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET
:
733 if (CommBufferPayloadSize
< OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
)) {
734 DEBUG ((EFI_D_ERROR
, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
738 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
740 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
741 CommVariableProperty
= (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*) mVariableBufferPayload
;
742 if ((UINTN
) (~0) - CommVariableProperty
->NameSize
< OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
)) {
744 // Prevent InfoSize overflow happen
746 Status
= EFI_ACCESS_DENIED
;
749 InfoSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
) + CommVariableProperty
->NameSize
;
752 // SMRAM range check already covered before
754 if (InfoSize
> CommBufferPayloadSize
) {
755 DEBUG ((EFI_D_ERROR
, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
756 Status
= EFI_ACCESS_DENIED
;
760 if (CommVariableProperty
->NameSize
< sizeof (CHAR16
) || CommVariableProperty
->Name
[CommVariableProperty
->NameSize
/sizeof (CHAR16
) - 1] != L
'\0') {
762 // Make sure VariableName is A Null-terminated string.
764 Status
= EFI_ACCESS_DENIED
;
768 Status
= VarCheckVariablePropertyGet (
769 CommVariableProperty
->Name
,
770 &CommVariableProperty
->Guid
,
771 &CommVariableProperty
->VariableProperty
773 CopyMem (SmmVariableFunctionHeader
->Data
, mVariableBufferPayload
, CommBufferPayloadSize
);
777 Status
= EFI_UNSUPPORTED
;
782 SmmVariableFunctionHeader
->ReturnStatus
= Status
;
788 SMM END_OF_DXE protocol notification event handler.
790 @param Protocol Points to the protocol's unique identifier
791 @param Interface Points to the interface instance
792 @param Handle The handle on which the interface was installed
794 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
799 SmmEndOfDxeCallback (
800 IN CONST EFI_GUID
*Protocol
,
805 DEBUG ((EFI_D_INFO
, "[Variable]SMM_END_OF_DXE is signaled\n"));
807 VarCheckLibInitializeAtEndOfDxe (NULL
);
809 // The initialization for variable quota.
811 InitializeVariableQuota ();
812 if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe
)) {
820 SMM Fault Tolerant Write protocol notification event handler.
822 Non-Volatile variable write may needs FTW protocol to reclaim when
825 @param Protocol Points to the protocol's unique identifier
826 @param Interface Points to the interface instance
827 @param Handle The handle on which the interface was installed
829 @retval EFI_SUCCESS SmmEventCallback runs successfully
830 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
835 SmmFtwNotificationEvent (
836 IN CONST EFI_GUID
*Protocol
,
842 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL
*FvbProtocol
;
843 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL
*FtwProtocol
;
844 EFI_PHYSICAL_ADDRESS NvStorageVariableBase
;
845 UINTN FtwMaxBlockSize
;
847 if (mVariableModuleGlobal
->FvbInstance
!= NULL
) {
852 // Ensure SMM FTW protocol is installed.
854 Status
= GetFtwProtocol ((VOID
**)&FtwProtocol
);
855 if (EFI_ERROR (Status
)) {
859 Status
= FtwProtocol
->GetMaxBlockSize (FtwProtocol
, &FtwMaxBlockSize
);
860 if (!EFI_ERROR (Status
)) {
861 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize
) <= FtwMaxBlockSize
);
865 // Find the proper FVB protocol for variable.
867 NvStorageVariableBase
= (EFI_PHYSICAL_ADDRESS
) PcdGet64 (PcdFlashNvStorageVariableBase64
);
868 if (NvStorageVariableBase
== 0) {
869 NvStorageVariableBase
= (EFI_PHYSICAL_ADDRESS
) PcdGet32 (PcdFlashNvStorageVariableBase
);
871 Status
= GetFvbInfoByAddress (NvStorageVariableBase
, NULL
, &FvbProtocol
);
872 if (EFI_ERROR (Status
)) {
873 return EFI_NOT_FOUND
;
876 mVariableModuleGlobal
->FvbInstance
= FvbProtocol
;
878 Status
= VariableWriteServiceInitialize ();
879 if (EFI_ERROR (Status
)) {
880 DEBUG ((DEBUG_ERROR
, "Variable write service initialization failed. Status = %r\n", Status
));
884 // Notify the variable wrapper driver the variable write service is ready
886 Status
= gBS
->InstallProtocolInterface (
888 &gSmmVariableWriteGuid
,
889 EFI_NATIVE_INTERFACE
,
892 ASSERT_EFI_ERROR (Status
);
899 Variable Driver main entry point. The Variable driver places the 4 EFI
900 runtime services in the EFI System Table and installs arch protocols
901 for variable read and write services being available. It also registers
902 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
904 @param[in] ImageHandle The firmware allocated handle for the EFI image.
905 @param[in] SystemTable A pointer to the EFI System Table.
907 @retval EFI_SUCCESS Variable service successfully initialized.
912 VariableServiceInitialize (
913 IN EFI_HANDLE ImageHandle
,
914 IN EFI_SYSTEM_TABLE
*SystemTable
918 EFI_HANDLE VariableHandle
;
919 VOID
*SmmFtwRegistration
;
920 VOID
*SmmEndOfDxeRegistration
;
923 // Variable initialize.
925 Status
= VariableCommonInitialize ();
926 ASSERT_EFI_ERROR (Status
);
929 // Install the Smm Variable Protocol on a new handle.
931 VariableHandle
= NULL
;
932 Status
= gSmst
->SmmInstallProtocolInterface (
934 &gEfiSmmVariableProtocolGuid
,
935 EFI_NATIVE_INTERFACE
,
938 ASSERT_EFI_ERROR (Status
);
940 Status
= gSmst
->SmmInstallProtocolInterface (
942 &gEdkiiSmmVarCheckProtocolGuid
,
943 EFI_NATIVE_INTERFACE
,
946 ASSERT_EFI_ERROR (Status
);
948 mVariableBufferPayloadSize
= GetNonVolatileMaxVariableSize () +
949 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
) - GetVariableHeaderSize ();
951 Status
= gSmst
->SmmAllocatePool (
952 EfiRuntimeServicesData
,
953 mVariableBufferPayloadSize
,
954 (VOID
**)&mVariableBufferPayload
956 ASSERT_EFI_ERROR (Status
);
959 /// Register SMM variable SMI handler
961 VariableHandle
= NULL
;
962 Status
= gSmst
->SmiHandlerRegister (SmmVariableHandler
, &gEfiSmmVariableProtocolGuid
, &VariableHandle
);
963 ASSERT_EFI_ERROR (Status
);
966 // Notify the variable wrapper driver the variable service is ready
968 Status
= SystemTable
->BootServices
->InstallProtocolInterface (
970 &gEfiSmmVariableProtocolGuid
,
971 EFI_NATIVE_INTERFACE
,
974 ASSERT_EFI_ERROR (Status
);
977 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
979 Status
= gSmst
->SmmRegisterProtocolNotify (
980 &gEfiSmmEndOfDxeProtocolGuid
,
982 &SmmEndOfDxeRegistration
984 ASSERT_EFI_ERROR (Status
);
987 // Register FtwNotificationEvent () notify function.
989 Status
= gSmst
->SmmRegisterProtocolNotify (
990 &gEfiSmmFaultTolerantWriteProtocolGuid
,
991 SmmFtwNotificationEvent
,
994 ASSERT_EFI_ERROR (Status
);
996 SmmFtwNotificationEvent (NULL
, NULL
, NULL
);