3 The sample implementation for SMM variable protocol. And this driver
4 implements an SMI handler to communicate with the DXE runtime driver
5 to provide variable services.
7 Caution: This module requires additional review when modified.
8 This driver will have external input - variable data and communicate buffer in SMM mode.
9 This external input must be validated carefully to avoid security issue like
10 buffer overflow, integer overflow.
12 SmmVariableHandler() will receive untrusted input and do basic validation.
14 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
15 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
16 SmmVariableGetStatistics() should also do validation based on its own knowledge.
18 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
19 This program and the accompanying materials
20 are licensed and made available under the terms and conditions of the BSD License
21 which accompanies this distribution. The full text of the license may be found at
22 http://opensource.org/licenses/bsd-license.php
24 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
25 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
28 #include <Protocol/SmmVariable.h>
29 #include <Protocol/SmmFirmwareVolumeBlock.h>
30 #include <Protocol/SmmFaultTolerantWrite.h>
31 #include <Protocol/SmmAccess2.h>
32 #include <Protocol/SmmEndOfDxe.h>
33 #include <Protocol/SmmVarCheck.h>
35 #include <Library/SmmServicesTableLib.h>
37 #include <Guid/VariableFormat.h>
38 #include <Guid/SmmVariableCommon.h>
41 EFI_SMRAM_DESCRIPTOR
*mSmramRanges
;
42 UINTN mSmramRangeCount
;
44 extern VARIABLE_INFO_ENTRY
*gVariableInfo
;
45 EFI_HANDLE mSmmVariableHandle
= NULL
;
46 EFI_HANDLE mVariableHandle
= NULL
;
47 BOOLEAN mAtRuntime
= FALSE
;
48 EFI_GUID mZeroGuid
= {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};
49 UINT8
*mVariableBufferPayload
= NULL
;
50 UINTN mVariableBufferPayloadSize
;
51 extern BOOLEAN mEndOfDxe
;
52 extern BOOLEAN mEnableLocking
;
56 This code sets variable in storage blocks (Volatile or Non-Volatile).
58 @param VariableName Name of Variable to be found.
59 @param VendorGuid Variable vendor GUID.
60 @param Attributes Attribute value of the variable found
61 @param DataSize Size of Data found. If size is less than the
62 data, this value contains the required size.
63 @param Data Data pointer.
65 @return EFI_INVALID_PARAMETER Invalid parameter.
66 @return EFI_SUCCESS Set successfully.
67 @return EFI_OUT_OF_RESOURCES Resource not enough to set variable.
68 @return EFI_NOT_FOUND Not found.
69 @return EFI_WRITE_PROTECTED Variable is read-only.
74 SmmVariableSetVariable (
75 IN CHAR16
*VariableName
,
76 IN EFI_GUID
*VendorGuid
,
85 // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
87 mEnableLocking
= FALSE
;
88 Status
= VariableServiceSetVariable (
95 mEnableLocking
= TRUE
;
99 EFI_SMM_VARIABLE_PROTOCOL gSmmVariable
= {
100 VariableServiceGetVariable
,
101 VariableServiceGetNextVariableName
,
102 SmmVariableSetVariable
,
103 VariableServiceQueryVariableInfo
106 EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck
= { VarCheckRegisterSetVariableCheckHandler
,
107 VarCheckVariablePropertySet
,
108 VarCheckVariablePropertyGet
};
111 Return TRUE if ExitBootServices () has been called.
113 @retval TRUE If ExitBootServices () has been called.
124 This function check if the address is in SMRAM.
126 @param Buffer the buffer address to be checked.
127 @param Length the buffer length to be checked.
129 @retval TRUE this address is in SMRAM.
130 @retval FALSE this address is NOT in SMRAM.
133 InternalIsAddressInSmram (
134 IN EFI_PHYSICAL_ADDRESS Buffer
,
140 for (Index
= 0; Index
< mSmramRangeCount
; Index
++) {
141 if (((Buffer
>= mSmramRanges
[Index
].CpuStart
) && (Buffer
< mSmramRanges
[Index
].CpuStart
+ mSmramRanges
[Index
].PhysicalSize
)) ||
142 ((mSmramRanges
[Index
].CpuStart
>= Buffer
) && (mSmramRanges
[Index
].CpuStart
< Buffer
+ Length
))) {
151 This function check if the address refered by Buffer and Length is valid.
153 @param Buffer the buffer address to be checked.
154 @param Length the buffer length to be checked.
156 @retval TRUE this address is valid.
157 @retval FALSE this address is NOT valid.
160 InternalIsAddressValid (
165 if (Buffer
> (MAX_ADDRESS
- Length
)) {
171 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS
)Buffer
, (UINT64
)Length
)) {
178 Initializes a basic mutual exclusion lock.
180 This function initializes a basic mutual exclusion lock to the released state
181 and returns the lock. Each lock provides mutual exclusion access at its task
182 priority level. Since there is no preemption or multiprocessor support in EFI,
183 acquiring the lock only consists of raising to the locks TPL.
184 If Lock is NULL, then ASSERT().
185 If Priority is not a valid TPL value, then ASSERT().
187 @param Lock A pointer to the lock data structure to initialize.
188 @param Priority EFI TPL is associated with the lock.
195 IN OUT EFI_LOCK
*Lock
,
203 Acquires lock only at boot time. Simply returns at runtime.
205 This is a temperary function that will be removed when
206 EfiAcquireLock() in UefiLib can handle the call in UEFI
207 Runtimer driver in RT phase.
208 It calls EfiAcquireLock() at boot time, and simply returns
211 @param Lock A pointer to the lock to acquire.
215 AcquireLockOnlyAtBootTime (
224 Releases lock only at boot time. Simply returns at runtime.
226 This is a temperary function which will be removed when
227 EfiReleaseLock() in UefiLib can handle the call in UEFI
228 Runtimer driver in RT phase.
229 It calls EfiReleaseLock() at boot time and simply returns
232 @param Lock A pointer to the lock to release.
236 ReleaseLockOnlyAtBootTime (
244 Retrive the SMM Fault Tolerent Write protocol interface.
246 @param[out] FtwProtocol The interface of SMM Ftw protocol
248 @retval EFI_SUCCESS The SMM FTW protocol instance was found and returned in FtwProtocol.
249 @retval EFI_NOT_FOUND The SMM FTW protocol instance was not found.
250 @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
255 OUT VOID
**FtwProtocol
261 // Locate Smm Fault Tolerent Write protocol
263 Status
= gSmst
->SmmLocateProtocol (
264 &gEfiSmmFaultTolerantWriteProtocolGuid
,
273 Retrive the SMM FVB protocol interface by HANDLE.
275 @param[in] FvBlockHandle The handle of SMM FVB protocol that provides services for
276 reading, writing, and erasing the target block.
277 @param[out] FvBlock The interface of SMM FVB protocol
279 @retval EFI_SUCCESS The interface information for the specified protocol was returned.
280 @retval EFI_UNSUPPORTED The device does not support the SMM FVB protocol.
281 @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
286 IN EFI_HANDLE FvBlockHandle
,
287 OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL
**FvBlock
291 // To get the SMM FVB protocol interface on the handle
293 return gSmst
->SmmHandleProtocol (
295 &gEfiSmmFirmwareVolumeBlockProtocolGuid
,
302 Function returns an array of handles that support the SMM FVB protocol
303 in a buffer allocated from pool.
305 @param[out] NumberHandles The number of handles returned in Buffer.
306 @param[out] Buffer A pointer to the buffer to return the requested
307 array of handles that support SMM FVB protocol.
309 @retval EFI_SUCCESS The array of handles was returned in Buffer, and the number of
310 handles in Buffer was returned in NumberHandles.
311 @retval EFI_NOT_FOUND No SMM FVB handle was found.
312 @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
313 @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
317 GetFvbCountAndBuffer (
318 OUT UINTN
*NumberHandles
,
319 OUT EFI_HANDLE
**Buffer
325 if ((NumberHandles
== NULL
) || (Buffer
== NULL
)) {
326 return EFI_INVALID_PARAMETER
;
332 Status
= gSmst
->SmmLocateHandle (
334 &gEfiSmmFirmwareVolumeBlockProtocolGuid
,
339 if (EFI_ERROR(Status
) && Status
!= EFI_BUFFER_TOO_SMALL
) {
340 return EFI_NOT_FOUND
;
343 *Buffer
= AllocatePool (BufferSize
);
344 if (*Buffer
== NULL
) {
345 return EFI_OUT_OF_RESOURCES
;
348 Status
= gSmst
->SmmLocateHandle (
350 &gEfiSmmFirmwareVolumeBlockProtocolGuid
,
356 *NumberHandles
= BufferSize
/ sizeof(EFI_HANDLE
);
357 if (EFI_ERROR(Status
)) {
368 Get the variable statistics information from the information buffer pointed by gVariableInfo.
370 Caution: This function may be invoked at SMM runtime.
371 InfoEntry and InfoSize are external input. Care must be taken to make sure not security issue at runtime.
373 @param[in, out] InfoEntry A pointer to the buffer of variable information entry.
374 On input, point to the variable information returned last time. if
375 InfoEntry->VendorGuid is zero, return the first information.
376 On output, point to the next variable information.
377 @param[in, out] InfoSize On input, the size of the variable information buffer.
378 On output, the returned variable information size.
380 @retval EFI_SUCCESS The variable information is found and returned successfully.
381 @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
382 PcdVariableCollectStatistics should be set TRUE to support it.
383 @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
387 SmmVariableGetStatistics (
388 IN OUT VARIABLE_INFO_ENTRY
*InfoEntry
,
389 IN OUT UINTN
*InfoSize
392 VARIABLE_INFO_ENTRY
*VariableInfo
;
394 UINTN StatisticsInfoSize
;
398 ASSERT (InfoEntry
!= NULL
);
399 VariableInfo
= gVariableInfo
;
400 if (VariableInfo
== NULL
) {
401 return EFI_UNSUPPORTED
;
404 StatisticsInfoSize
= sizeof (VARIABLE_INFO_ENTRY
) + StrSize (VariableInfo
->Name
);
405 if (*InfoSize
< StatisticsInfoSize
) {
406 *InfoSize
= StatisticsInfoSize
;
407 return EFI_BUFFER_TOO_SMALL
;
409 InfoName
= (CHAR16
*)(InfoEntry
+ 1);
411 CopyGuid (&VendorGuid
, &InfoEntry
->VendorGuid
);
413 if (CompareGuid (&VendorGuid
, &mZeroGuid
)) {
415 // Return the first variable info
417 CopyMem (InfoEntry
, VariableInfo
, sizeof (VARIABLE_INFO_ENTRY
));
418 CopyMem (InfoName
, VariableInfo
->Name
, StrSize (VariableInfo
->Name
));
419 *InfoSize
= StatisticsInfoSize
;
424 // Get the next variable info
426 while (VariableInfo
!= NULL
) {
427 if (CompareGuid (&VariableInfo
->VendorGuid
, &VendorGuid
)) {
428 NameLength
= StrSize (VariableInfo
->Name
);
429 if (NameLength
== StrSize (InfoName
)) {
430 if (CompareMem (VariableInfo
->Name
, InfoName
, NameLength
) == 0) {
432 // Find the match one
434 VariableInfo
= VariableInfo
->Next
;
439 VariableInfo
= VariableInfo
->Next
;
442 if (VariableInfo
== NULL
) {
448 // Output the new variable info
450 StatisticsInfoSize
= sizeof (VARIABLE_INFO_ENTRY
) + StrSize (VariableInfo
->Name
);
451 if (*InfoSize
< StatisticsInfoSize
) {
452 *InfoSize
= StatisticsInfoSize
;
453 return EFI_BUFFER_TOO_SMALL
;
456 CopyMem (InfoEntry
, VariableInfo
, sizeof (VARIABLE_INFO_ENTRY
));
457 CopyMem (InfoName
, VariableInfo
->Name
, StrSize (VariableInfo
->Name
));
458 *InfoSize
= StatisticsInfoSize
;
465 Communication service SMI Handler entry.
467 This SMI handler provides services for the variable wrapper driver.
469 Caution: This function may receive untrusted input.
470 This variable data and communicate buffer are external input, so this function will do basic validation.
471 Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
472 VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
473 SmmVariableGetStatistics() should also do validation based on its own knowledge.
475 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
476 @param[in] RegisterContext Points to an optional handler context which was specified when the
477 handler was registered.
478 @param[in, out] CommBuffer A pointer to a collection of data in memory that will
479 be conveyed from a non-SMM environment into an SMM environment.
480 @param[in, out] CommBufferSize The size of the CommBuffer.
482 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers
483 should still be called.
484 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should
486 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still
488 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.
493 IN EFI_HANDLE DispatchHandle
,
494 IN CONST VOID
*RegisterContext
,
495 IN OUT VOID
*CommBuffer
,
496 IN OUT UINTN
*CommBufferSize
500 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
501 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
502 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*GetNextVariableName
;
503 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*QueryVariableInfo
;
504 VARIABLE_INFO_ENTRY
*VariableInfo
;
505 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
*VariableToLock
;
506 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*CommVariableProperty
;
508 UINTN NameBufferSize
;
509 UINTN CommBufferPayloadSize
;
510 UINTN TempCommBufferSize
;
513 // If input is invalid, stop processing this SMI
515 if (CommBuffer
== NULL
|| CommBufferSize
== NULL
) {
519 TempCommBufferSize
= *CommBufferSize
;
521 if (TempCommBufferSize
< SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
) {
522 DEBUG ((EFI_D_ERROR
, "SmmVariableHandler: SMM communication buffer size invalid!\n"));
525 CommBufferPayloadSize
= TempCommBufferSize
- SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
526 if (CommBufferPayloadSize
> mVariableBufferPayloadSize
) {
527 DEBUG ((EFI_D_ERROR
, "SmmVariableHandler: SMM communication buffer payload size invalid!\n"));
531 if (!InternalIsAddressValid ((UINTN
)CommBuffer
, TempCommBufferSize
)) {
532 DEBUG ((EFI_D_ERROR
, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
536 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*)CommBuffer
;
537 switch (SmmVariableFunctionHeader
->Function
) {
538 case SMM_VARIABLE_FUNCTION_GET_VARIABLE
:
539 if (CommBufferPayloadSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) {
540 DEBUG ((EFI_D_ERROR
, "GetVariable: SMM communication buffer size invalid!\n"));
544 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
546 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
547 SmmVariableHeader
= (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*) mVariableBufferPayload
;
548 if (((UINTN
)(~0) - SmmVariableHeader
->DataSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) ||
549 ((UINTN
)(~0) - SmmVariableHeader
->NameSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + SmmVariableHeader
->DataSize
)) {
551 // Prevent InfoSize overflow happen
553 Status
= EFI_ACCESS_DENIED
;
556 InfoSize
= OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)
557 + SmmVariableHeader
->DataSize
+ SmmVariableHeader
->NameSize
;
560 // SMRAM range check already covered before
562 if (InfoSize
> CommBufferPayloadSize
) {
563 DEBUG ((EFI_D_ERROR
, "GetVariable: Data size exceed communication buffer size limit!\n"));
564 Status
= EFI_ACCESS_DENIED
;
568 if (SmmVariableHeader
->NameSize
< sizeof (CHAR16
) || SmmVariableHeader
->Name
[SmmVariableHeader
->NameSize
/sizeof (CHAR16
) - 1] != L
'\0') {
570 // Make sure VariableName is A Null-terminated string.
572 Status
= EFI_ACCESS_DENIED
;
576 Status
= VariableServiceGetVariable (
577 SmmVariableHeader
->Name
,
578 &SmmVariableHeader
->Guid
,
579 &SmmVariableHeader
->Attributes
,
580 &SmmVariableHeader
->DataSize
,
581 (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
583 CopyMem (SmmVariableFunctionHeader
->Data
, mVariableBufferPayload
, CommBufferPayloadSize
);
586 case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME
:
587 if (CommBufferPayloadSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
)) {
588 DEBUG ((EFI_D_ERROR
, "GetNextVariableName: SMM communication buffer size invalid!\n"));
592 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
594 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
595 GetNextVariableName
= (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*) mVariableBufferPayload
;
596 if ((UINTN
)(~0) - GetNextVariableName
->NameSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
)) {
598 // Prevent InfoSize overflow happen
600 Status
= EFI_ACCESS_DENIED
;
603 InfoSize
= OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
) + GetNextVariableName
->NameSize
;
606 // SMRAM range check already covered before
608 if (InfoSize
> CommBufferPayloadSize
) {
609 DEBUG ((EFI_D_ERROR
, "GetNextVariableName: Data size exceed communication buffer size limit!\n"));
610 Status
= EFI_ACCESS_DENIED
;
614 NameBufferSize
= CommBufferPayloadSize
- OFFSET_OF(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
);
615 if (NameBufferSize
< sizeof (CHAR16
) || GetNextVariableName
->Name
[NameBufferSize
/sizeof (CHAR16
) - 1] != L
'\0') {
617 // Make sure input VariableName is A Null-terminated string.
619 Status
= EFI_ACCESS_DENIED
;
623 Status
= VariableServiceGetNextVariableName (
624 &GetNextVariableName
->NameSize
,
625 GetNextVariableName
->Name
,
626 &GetNextVariableName
->Guid
628 CopyMem (SmmVariableFunctionHeader
->Data
, mVariableBufferPayload
, CommBufferPayloadSize
);
631 case SMM_VARIABLE_FUNCTION_SET_VARIABLE
:
632 if (CommBufferPayloadSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) {
633 DEBUG ((EFI_D_ERROR
, "SetVariable: SMM communication buffer size invalid!\n"));
637 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
639 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
640 SmmVariableHeader
= (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*) mVariableBufferPayload
;
641 if (((UINTN
)(~0) - SmmVariableHeader
->DataSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) ||
642 ((UINTN
)(~0) - SmmVariableHeader
->NameSize
< OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + SmmVariableHeader
->DataSize
)) {
644 // Prevent InfoSize overflow happen
646 Status
= EFI_ACCESS_DENIED
;
649 InfoSize
= OFFSET_OF(SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)
650 + SmmVariableHeader
->DataSize
+ SmmVariableHeader
->NameSize
;
653 // SMRAM range check already covered before
654 // Data buffer should not contain SMM range
656 if (InfoSize
> CommBufferPayloadSize
) {
657 DEBUG ((EFI_D_ERROR
, "SetVariable: Data size exceed communication buffer size limit!\n"));
658 Status
= EFI_ACCESS_DENIED
;
662 if (SmmVariableHeader
->NameSize
< sizeof (CHAR16
) || SmmVariableHeader
->Name
[SmmVariableHeader
->NameSize
/sizeof (CHAR16
) - 1] != L
'\0') {
664 // Make sure VariableName is A Null-terminated string.
666 Status
= EFI_ACCESS_DENIED
;
670 Status
= VariableServiceSetVariable (
671 SmmVariableHeader
->Name
,
672 &SmmVariableHeader
->Guid
,
673 SmmVariableHeader
->Attributes
,
674 SmmVariableHeader
->DataSize
,
675 (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
679 case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO
:
680 if (CommBufferPayloadSize
< sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
)) {
681 DEBUG ((EFI_D_ERROR
, "QueryVariableInfo: SMM communication buffer size invalid!\n"));
684 QueryVariableInfo
= (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*) SmmVariableFunctionHeader
->Data
;
686 Status
= VariableServiceQueryVariableInfo (
687 QueryVariableInfo
->Attributes
,
688 &QueryVariableInfo
->MaximumVariableStorageSize
,
689 &QueryVariableInfo
->RemainingVariableStorageSize
,
690 &QueryVariableInfo
->MaximumVariableSize
694 case SMM_VARIABLE_FUNCTION_READY_TO_BOOT
:
697 Status
= EFI_UNSUPPORTED
;
701 Status
= EFI_SUCCESS
;
704 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE
:
706 Status
= EFI_SUCCESS
;
709 case SMM_VARIABLE_FUNCTION_GET_STATISTICS
:
710 VariableInfo
= (VARIABLE_INFO_ENTRY
*) SmmVariableFunctionHeader
->Data
;
711 InfoSize
= TempCommBufferSize
- SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
714 // Do not need to check SmmVariableFunctionHeader->Data in SMRAM here.
715 // It is covered by previous CommBuffer check
718 if (InternalIsAddressInSmram ((EFI_PHYSICAL_ADDRESS
)(UINTN
)CommBufferSize
, sizeof(UINTN
))) {
719 DEBUG ((EFI_D_ERROR
, "GetStatistics: SMM communication buffer in SMRAM!\n"));
720 Status
= EFI_ACCESS_DENIED
;
724 Status
= SmmVariableGetStatistics (VariableInfo
, &InfoSize
);
725 *CommBufferSize
= InfoSize
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
728 case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE
:
730 Status
= EFI_ACCESS_DENIED
;
732 VariableToLock
= (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
*) SmmVariableFunctionHeader
->Data
;
733 Status
= VariableLockRequestToLock (
735 VariableToLock
->Name
,
736 &VariableToLock
->Guid
740 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET
:
742 Status
= EFI_ACCESS_DENIED
;
744 CommVariableProperty
= (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*) SmmVariableFunctionHeader
->Data
;
745 Status
= VarCheckVariablePropertySet (
746 CommVariableProperty
->Name
,
747 &CommVariableProperty
->Guid
,
748 &CommVariableProperty
->VariableProperty
752 case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET
:
753 if (CommBufferPayloadSize
< OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
)) {
754 DEBUG ((EFI_D_ERROR
, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
758 // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
760 CopyMem (mVariableBufferPayload
, SmmVariableFunctionHeader
->Data
, CommBufferPayloadSize
);
761 CommVariableProperty
= (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*) mVariableBufferPayload
;
762 if ((UINTN
) (~0) - CommVariableProperty
->NameSize
< OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
)) {
764 // Prevent InfoSize overflow happen
766 Status
= EFI_ACCESS_DENIED
;
769 InfoSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
) + CommVariableProperty
->NameSize
;
772 // SMRAM range check already covered before
774 if (InfoSize
> CommBufferPayloadSize
) {
775 DEBUG ((EFI_D_ERROR
, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
776 Status
= EFI_ACCESS_DENIED
;
780 if (CommVariableProperty
->NameSize
< sizeof (CHAR16
) || CommVariableProperty
->Name
[CommVariableProperty
->NameSize
/sizeof (CHAR16
) - 1] != L
'\0') {
782 // Make sure VariableName is A Null-terminated string.
784 Status
= EFI_ACCESS_DENIED
;
788 Status
= VarCheckVariablePropertyGet (
789 CommVariableProperty
->Name
,
790 &CommVariableProperty
->Guid
,
791 &CommVariableProperty
->VariableProperty
793 CopyMem (SmmVariableFunctionHeader
->Data
, mVariableBufferPayload
, CommBufferPayloadSize
);
797 Status
= EFI_UNSUPPORTED
;
802 SmmVariableFunctionHeader
->ReturnStatus
= Status
;
808 SMM END_OF_DXE protocol notification event handler.
810 @param Protocol Points to the protocol's unique identifier
811 @param Interface Points to the interface instance
812 @param Handle The handle on which the interface was installed
814 @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully
819 SmmEndOfDxeCallback (
820 IN CONST EFI_GUID
*Protocol
,
825 DEBUG ((EFI_D_INFO
, "[Variable]END_OF_DXE is signaled\n"));
831 SMM Fault Tolerant Write protocol notification event handler.
833 Non-Volatile variable write may needs FTW protocol to reclaim when
836 @param Protocol Points to the protocol's unique identifier
837 @param Interface Points to the interface instance
838 @param Handle The handle on which the interface was installed
840 @retval EFI_SUCCESS SmmEventCallback runs successfully
841 @retval EFI_NOT_FOUND The Fvb protocol for variable is not found.
846 SmmFtwNotificationEvent (
847 IN CONST EFI_GUID
*Protocol
,
853 EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL
*FvbProtocol
;
854 EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL
*FtwProtocol
;
855 EFI_PHYSICAL_ADDRESS NvStorageVariableBase
;
856 UINTN FtwMaxBlockSize
;
858 if (mVariableModuleGlobal
->FvbInstance
!= NULL
) {
863 // Ensure SMM FTW protocol is installed.
865 Status
= GetFtwProtocol ((VOID
**)&FtwProtocol
);
866 if (EFI_ERROR (Status
)) {
870 Status
= FtwProtocol
->GetMaxBlockSize (FtwProtocol
, &FtwMaxBlockSize
);
871 if (!EFI_ERROR (Status
)) {
872 ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize
) <= FtwMaxBlockSize
);
876 // Find the proper FVB protocol for variable.
878 NvStorageVariableBase
= (EFI_PHYSICAL_ADDRESS
) PcdGet64 (PcdFlashNvStorageVariableBase64
);
879 if (NvStorageVariableBase
== 0) {
880 NvStorageVariableBase
= (EFI_PHYSICAL_ADDRESS
) PcdGet32 (PcdFlashNvStorageVariableBase
);
882 Status
= GetFvbInfoByAddress (NvStorageVariableBase
, NULL
, &FvbProtocol
);
883 if (EFI_ERROR (Status
)) {
884 return EFI_NOT_FOUND
;
887 mVariableModuleGlobal
->FvbInstance
= FvbProtocol
;
889 Status
= VariableWriteServiceInitialize ();
890 ASSERT_EFI_ERROR (Status
);
893 // Notify the variable wrapper driver the variable write service is ready
895 Status
= gBS
->InstallProtocolInterface (
897 &gSmmVariableWriteGuid
,
898 EFI_NATIVE_INTERFACE
,
901 ASSERT_EFI_ERROR (Status
);
908 Variable Driver main entry point. The Variable driver places the 4 EFI
909 runtime services in the EFI System Table and installs arch protocols
910 for variable read and write services being available. It also registers
911 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
913 @param[in] ImageHandle The firmware allocated handle for the EFI image.
914 @param[in] SystemTable A pointer to the EFI System Table.
916 @retval EFI_SUCCESS Variable service successfully initialized.
921 VariableServiceInitialize (
922 IN EFI_HANDLE ImageHandle
,
923 IN EFI_SYSTEM_TABLE
*SystemTable
927 EFI_HANDLE VariableHandle
;
928 VOID
*SmmFtwRegistration
;
929 EFI_SMM_ACCESS2_PROTOCOL
*SmmAccess
;
931 VOID
*SmmEndOfDxeRegistration
;
934 // Variable initialize.
936 Status
= VariableCommonInitialize ();
937 ASSERT_EFI_ERROR (Status
);
940 // Install the Smm Variable Protocol on a new handle.
942 VariableHandle
= NULL
;
943 Status
= gSmst
->SmmInstallProtocolInterface (
945 &gEfiSmmVariableProtocolGuid
,
946 EFI_NATIVE_INTERFACE
,
949 ASSERT_EFI_ERROR (Status
);
951 Status
= gSmst
->SmmInstallProtocolInterface (
953 &gEdkiiSmmVarCheckProtocolGuid
,
954 EFI_NATIVE_INTERFACE
,
957 ASSERT_EFI_ERROR (Status
);
960 // Get SMRAM information
962 Status
= gBS
->LocateProtocol (&gEfiSmmAccess2ProtocolGuid
, NULL
, (VOID
**)&SmmAccess
);
963 ASSERT_EFI_ERROR (Status
);
966 Status
= SmmAccess
->GetCapabilities (SmmAccess
, &Size
, NULL
);
967 ASSERT (Status
== EFI_BUFFER_TOO_SMALL
);
969 Status
= gSmst
->SmmAllocatePool (
970 EfiRuntimeServicesData
,
972 (VOID
**)&mSmramRanges
974 ASSERT_EFI_ERROR (Status
);
976 Status
= SmmAccess
->GetCapabilities (SmmAccess
, &Size
, mSmramRanges
);
977 ASSERT_EFI_ERROR (Status
);
979 mSmramRangeCount
= Size
/ sizeof (EFI_SMRAM_DESCRIPTOR
);
981 mVariableBufferPayloadSize
= MAX (PcdGet32 (PcdMaxVariableSize
), PcdGet32 (PcdMaxHardwareErrorVariableSize
)) +
982 OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
) - sizeof (VARIABLE_HEADER
);
984 Status
= gSmst
->SmmAllocatePool (
985 EfiRuntimeServicesData
,
986 mVariableBufferPayloadSize
,
987 (VOID
**)&mVariableBufferPayload
989 ASSERT_EFI_ERROR (Status
);
992 /// Register SMM variable SMI handler
994 VariableHandle
= NULL
;
995 Status
= gSmst
->SmiHandlerRegister (SmmVariableHandler
, &gEfiSmmVariableProtocolGuid
, &VariableHandle
);
996 ASSERT_EFI_ERROR (Status
);
999 // Notify the variable wrapper driver the variable service is ready
1001 Status
= SystemTable
->BootServices
->InstallProtocolInterface (
1003 &gEfiSmmVariableProtocolGuid
,
1004 EFI_NATIVE_INTERFACE
,
1007 ASSERT_EFI_ERROR (Status
);
1010 // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
1012 Status
= gSmst
->SmmRegisterProtocolNotify (
1013 &gEfiSmmEndOfDxeProtocolGuid
,
1014 SmmEndOfDxeCallback
,
1015 &SmmEndOfDxeRegistration
1017 ASSERT_EFI_ERROR (Status
);
1020 // Register FtwNotificationEvent () notify function.
1022 Status
= gSmst
->SmmRegisterProtocolNotify (
1023 &gEfiSmmFaultTolerantWriteProtocolGuid
,
1024 SmmFtwNotificationEvent
,
1027 ASSERT_EFI_ERROR (Status
);
1029 SmmFtwNotificationEvent (NULL
, NULL
, NULL
);