2 Implement all four UEFI Runtime Variable services for the nonvolatile
3 and volatile storage space and install variable architecture protocol
4 based on SMM variable module.
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
11 RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
12 to receive data buffer. The size should be checked carefully.
14 InitCommunicateBuffer() is really function to check the variable data size.
16 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
17 This program and the accompanying materials
18 are licensed and made available under the terms and conditions of the BSD License
19 which accompanies this distribution. The full text of the license may be found at
20 http://opensource.org/licenses/bsd-license.php
22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
23 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
27 #include <Protocol/VariableWrite.h>
28 #include <Protocol/Variable.h>
29 #include <Protocol/SmmCommunication.h>
30 #include <Protocol/SmmVariable.h>
31 #include <Protocol/VariableLock.h>
32 #include <Protocol/VarCheck.h>
34 #include <Library/UefiBootServicesTableLib.h>
35 #include <Library/UefiRuntimeServicesTableLib.h>
36 #include <Library/MemoryAllocationLib.h>
37 #include <Library/UefiDriverEntryPoint.h>
38 #include <Library/UefiRuntimeLib.h>
39 #include <Library/BaseMemoryLib.h>
40 #include <Library/DebugLib.h>
41 #include <Library/UefiLib.h>
42 #include <Library/BaseLib.h>
44 #include <Guid/EventGroup.h>
45 #include <Guid/SmmVariableCommon.h>
47 EFI_HANDLE mHandle
= NULL
;
48 EFI_SMM_VARIABLE_PROTOCOL
*mSmmVariable
= NULL
;
49 EFI_EVENT mVirtualAddressChangeEvent
= NULL
;
50 EFI_SMM_COMMUNICATION_PROTOCOL
*mSmmCommunication
= NULL
;
51 UINT8
*mVariableBuffer
= NULL
;
52 UINT8
*mVariableBufferPhysical
= NULL
;
53 UINTN mVariableBufferSize
;
54 UINTN mVariableBufferPayloadSize
;
55 EFI_LOCK mVariableServicesLock
;
56 EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock
;
57 EDKII_VAR_CHECK_PROTOCOL mVarCheck
;
60 SecureBoot Hook for SetVariable.
62 @param[in] VariableName Name of Variable to be found.
63 @param[in] VendorGuid Variable vendor GUID.
69 IN CHAR16
*VariableName
,
70 IN EFI_GUID
*VendorGuid
74 Acquires lock only at boot time. Simply returns at runtime.
76 This is a temperary function that will be removed when
77 EfiAcquireLock() in UefiLib can handle the call in UEFI
78 Runtimer driver in RT phase.
79 It calls EfiAcquireLock() at boot time, and simply returns
82 @param Lock A pointer to the lock to acquire.
86 AcquireLockOnlyAtBootTime (
90 if (!EfiAtRuntime ()) {
91 EfiAcquireLock (Lock
);
96 Releases lock only at boot time. Simply returns at runtime.
98 This is a temperary function which will be removed when
99 EfiReleaseLock() in UefiLib can handle the call in UEFI
100 Runtimer driver in RT phase.
101 It calls EfiReleaseLock() at boot time and simply returns
104 @param Lock A pointer to the lock to release.
108 ReleaseLockOnlyAtBootTime (
112 if (!EfiAtRuntime ()) {
113 EfiReleaseLock (Lock
);
118 Initialize the communicate buffer using DataSize and Function.
120 The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
123 Caution: This function may receive untrusted input.
124 The data size external input, so this function will validate it carefully to avoid buffer overflow.
126 @param[out] DataPtr Points to the data in the communicate buffer.
127 @param[in] DataSize The data size to send to SMM.
128 @param[in] Function The function number to initialize the communicate header.
130 @retval EFI_INVALID_PARAMETER The data size is too big.
131 @retval EFI_SUCCESS Find the specified variable.
135 InitCommunicateBuffer (
136 OUT VOID
**DataPtr OPTIONAL
,
141 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
142 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
145 if (DataSize
+ SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
> mVariableBufferSize
) {
146 return EFI_INVALID_PARAMETER
;
149 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) mVariableBuffer
;
150 CopyGuid (&SmmCommunicateHeader
->HeaderGuid
, &gEfiSmmVariableProtocolGuid
);
151 SmmCommunicateHeader
->MessageLength
= DataSize
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
153 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*) SmmCommunicateHeader
->Data
;
154 SmmVariableFunctionHeader
->Function
= Function
;
155 if (DataPtr
!= NULL
) {
156 *DataPtr
= SmmVariableFunctionHeader
->Data
;
164 Send the data in communicate buffer to SMM.
166 @param[in] DataSize This size of the function header and the data.
168 @retval EFI_SUCCESS Success is returned from the functin in SMM.
169 @retval Others Failure is returned from the function in SMM.
173 SendCommunicateBuffer (
179 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
180 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
182 CommSize
= DataSize
+ SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
183 Status
= mSmmCommunication
->Communicate (mSmmCommunication
, mVariableBufferPhysical
, &CommSize
);
184 ASSERT_EFI_ERROR (Status
);
186 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) mVariableBuffer
;
187 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*)SmmCommunicateHeader
->Data
;
188 return SmmVariableFunctionHeader
->ReturnStatus
;
192 Mark a variable that will become read-only after leaving the DXE phase of execution.
194 @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
195 @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
196 @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
198 @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
199 as pending to be read-only.
200 @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
201 Or VariableName is an empty string.
202 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
203 already been signaled.
204 @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
208 VariableLockRequestToLock (
209 IN CONST EDKII_VARIABLE_LOCK_PROTOCOL
*This
,
210 IN CHAR16
*VariableName
,
211 IN EFI_GUID
*VendorGuid
215 UINTN VariableNameSize
;
217 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
*VariableToLock
;
219 if (VariableName
== NULL
|| VariableName
[0] == 0 || VendorGuid
== NULL
) {
220 return EFI_INVALID_PARAMETER
;
223 VariableNameSize
= StrSize (VariableName
);
224 VariableToLock
= NULL
;
227 // If VariableName exceeds SMM payload limit. Return failure
229 if (VariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
, Name
)) {
230 return EFI_INVALID_PARAMETER
;
233 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
236 // Init the communicate buffer. The buffer data size is:
237 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
239 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE
, Name
) + VariableNameSize
;
240 Status
= InitCommunicateBuffer ((VOID
**) &VariableToLock
, PayloadSize
, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE
);
241 if (EFI_ERROR (Status
)) {
244 ASSERT (VariableToLock
!= NULL
);
246 CopyGuid (&VariableToLock
->Guid
, VendorGuid
);
247 VariableToLock
->NameSize
= VariableNameSize
;
248 CopyMem (VariableToLock
->Name
, VariableName
, VariableToLock
->NameSize
);
253 Status
= SendCommunicateBuffer (PayloadSize
);
256 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
261 Register SetVariable check handler.
263 @param[in] Handler Pointer to check handler.
265 @retval EFI_SUCCESS The SetVariable check handler was registered successfully.
266 @retval EFI_INVALID_PARAMETER Handler is NULL.
267 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
268 already been signaled.
269 @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
270 @retval EFI_UNSUPPORTED This interface is not implemented.
271 For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
276 VarCheckRegisterSetVariableCheckHandler (
277 IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
280 return EFI_UNSUPPORTED
;
284 Variable property set.
286 @param[in] Name Pointer to the variable name.
287 @param[in] Guid Pointer to the vendor GUID.
288 @param[in] VariableProperty Pointer to the input variable property.
290 @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
291 @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
292 or the fields of VariableProperty are not valid.
293 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
294 already been signaled.
295 @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
300 VarCheckVariablePropertySet (
303 IN VAR_CHECK_VARIABLE_PROPERTY
*VariableProperty
307 UINTN VariableNameSize
;
309 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*CommVariableProperty
;
311 if (Name
== NULL
|| Name
[0] == 0 || Guid
== NULL
) {
312 return EFI_INVALID_PARAMETER
;
315 if (VariableProperty
== NULL
) {
316 return EFI_INVALID_PARAMETER
;
319 if (VariableProperty
->Revision
!= VAR_CHECK_VARIABLE_PROPERTY_REVISION
) {
320 return EFI_INVALID_PARAMETER
;
323 VariableNameSize
= StrSize (Name
);
324 CommVariableProperty
= NULL
;
327 // If VariableName exceeds SMM payload limit. Return failure
329 if (VariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
)) {
330 return EFI_INVALID_PARAMETER
;
333 AcquireLockOnlyAtBootTime (&mVariableServicesLock
);
336 // Init the communicate buffer. The buffer data size is:
337 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
339 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
) + VariableNameSize
;
340 Status
= InitCommunicateBuffer ((VOID
**) &CommVariableProperty
, PayloadSize
, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET
);
341 if (EFI_ERROR (Status
)) {
344 ASSERT (CommVariableProperty
!= NULL
);
346 CopyGuid (&CommVariableProperty
->Guid
, Guid
);
347 CopyMem (&CommVariableProperty
->VariableProperty
, VariableProperty
, sizeof (*VariableProperty
));
348 CommVariableProperty
->NameSize
= VariableNameSize
;
349 CopyMem (CommVariableProperty
->Name
, Name
, CommVariableProperty
->NameSize
);
354 Status
= SendCommunicateBuffer (PayloadSize
);
357 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
362 Variable property get.
364 @param[in] Name Pointer to the variable name.
365 @param[in] Guid Pointer to the vendor GUID.
366 @param[out] VariableProperty Pointer to the output variable property.
368 @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
369 @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
370 @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
375 VarCheckVariablePropertyGet (
378 OUT VAR_CHECK_VARIABLE_PROPERTY
*VariableProperty
382 UINTN VariableNameSize
;
384 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
*CommVariableProperty
;
386 if (Name
== NULL
|| Name
[0] == 0 || Guid
== NULL
) {
387 return EFI_INVALID_PARAMETER
;
390 if (VariableProperty
== NULL
) {
391 return EFI_INVALID_PARAMETER
;
394 VariableNameSize
= StrSize (Name
);
395 CommVariableProperty
= NULL
;
398 // If VariableName exceeds SMM payload limit. Return failure
400 if (VariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
)) {
401 return EFI_INVALID_PARAMETER
;
404 AcquireLockOnlyAtBootTime (&mVariableServicesLock
);
407 // Init the communicate buffer. The buffer data size is:
408 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
410 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY
, Name
) + VariableNameSize
;
411 Status
= InitCommunicateBuffer ((VOID
**) &CommVariableProperty
, PayloadSize
, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET
);
412 if (EFI_ERROR (Status
)) {
415 ASSERT (CommVariableProperty
!= NULL
);
417 CopyGuid (&CommVariableProperty
->Guid
, Guid
);
418 CommVariableProperty
->NameSize
= VariableNameSize
;
419 CopyMem (CommVariableProperty
->Name
, Name
, CommVariableProperty
->NameSize
);
424 Status
= SendCommunicateBuffer (PayloadSize
);
425 if (Status
== EFI_SUCCESS
) {
426 CopyMem (VariableProperty
, &CommVariableProperty
->VariableProperty
, sizeof (*VariableProperty
));
430 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
435 This code finds variable in storage blocks (Volatile or Non-Volatile).
437 Caution: This function may receive untrusted input.
438 The data size is external input, so this function will validate it carefully to avoid buffer overflow.
440 @param[in] VariableName Name of Variable to be found.
441 @param[in] VendorGuid Variable vendor GUID.
442 @param[out] Attributes Attribute value of the variable found.
443 @param[in, out] DataSize Size of Data found. If size is less than the
444 data, this value contains the required size.
445 @param[out] Data Data pointer.
447 @retval EFI_INVALID_PARAMETER Invalid parameter.
448 @retval EFI_SUCCESS Find the specified variable.
449 @retval EFI_NOT_FOUND Not found.
450 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
455 RuntimeServiceGetVariable (
456 IN CHAR16
*VariableName
,
457 IN EFI_GUID
*VendorGuid
,
458 OUT UINT32
*Attributes OPTIONAL
,
459 IN OUT UINTN
*DataSize
,
465 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
467 UINTN VariableNameSize
;
469 if (VariableName
== NULL
|| VendorGuid
== NULL
|| DataSize
== NULL
) {
470 return EFI_INVALID_PARAMETER
;
473 TempDataSize
= *DataSize
;
474 VariableNameSize
= StrSize (VariableName
);
475 SmmVariableHeader
= NULL
;
478 // If VariableName exceeds SMM payload limit. Return failure
480 if (VariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) {
481 return EFI_INVALID_PARAMETER
;
484 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
487 // Init the communicate buffer. The buffer data size is:
488 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
490 if (TempDataSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) - VariableNameSize
) {
492 // If output data buffer exceed SMM payload limit. Trim output buffer to SMM payload size
494 TempDataSize
= mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) - VariableNameSize
;
496 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + VariableNameSize
+ TempDataSize
;
498 Status
= InitCommunicateBuffer ((VOID
**)&SmmVariableHeader
, PayloadSize
, SMM_VARIABLE_FUNCTION_GET_VARIABLE
);
499 if (EFI_ERROR (Status
)) {
502 ASSERT (SmmVariableHeader
!= NULL
);
504 CopyGuid (&SmmVariableHeader
->Guid
, VendorGuid
);
505 SmmVariableHeader
->DataSize
= TempDataSize
;
506 SmmVariableHeader
->NameSize
= VariableNameSize
;
507 if (Attributes
== NULL
) {
508 SmmVariableHeader
->Attributes
= 0;
510 SmmVariableHeader
->Attributes
= *Attributes
;
512 CopyMem (SmmVariableHeader
->Name
, VariableName
, SmmVariableHeader
->NameSize
);
517 Status
= SendCommunicateBuffer (PayloadSize
);
520 // Get data from SMM.
522 if (Status
== EFI_SUCCESS
|| Status
== EFI_BUFFER_TOO_SMALL
) {
524 // SMM CommBuffer DataSize can be a trimed value
525 // Only update DataSize when needed
527 *DataSize
= SmmVariableHeader
->DataSize
;
529 if (Attributes
!= NULL
) {
530 *Attributes
= SmmVariableHeader
->Attributes
;
533 if (EFI_ERROR (Status
)) {
538 CopyMem (Data
, (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
, SmmVariableHeader
->DataSize
);
540 Status
= EFI_INVALID_PARAMETER
;
544 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
550 This code Finds the Next available variable.
552 @param[in, out] VariableNameSize Size of the variable name.
553 @param[in, out] VariableName Pointer to variable name.
554 @param[in, out] VendorGuid Variable Vendor Guid.
556 @retval EFI_INVALID_PARAMETER Invalid parameter.
557 @retval EFI_SUCCESS Find the specified variable.
558 @retval EFI_NOT_FOUND Not found.
559 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
564 RuntimeServiceGetNextVariableName (
565 IN OUT UINTN
*VariableNameSize
,
566 IN OUT CHAR16
*VariableName
,
567 IN OUT EFI_GUID
*VendorGuid
572 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*SmmGetNextVariableName
;
573 UINTN OutVariableNameSize
;
574 UINTN InVariableNameSize
;
576 if (VariableNameSize
== NULL
|| VariableName
== NULL
|| VendorGuid
== NULL
) {
577 return EFI_INVALID_PARAMETER
;
580 OutVariableNameSize
= *VariableNameSize
;
581 InVariableNameSize
= StrSize (VariableName
);
582 SmmGetNextVariableName
= NULL
;
585 // If input string exceeds SMM payload limit. Return failure
587 if (InVariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
)) {
588 return EFI_INVALID_PARAMETER
;
591 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
594 // Init the communicate buffer. The buffer data size is:
595 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
597 if (OutVariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
)) {
599 // If output buffer exceed SMM payload limit. Trim output buffer to SMM payload size
601 OutVariableNameSize
= mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
);
604 // Payload should be Guid + NameSize + MAX of Input & Output buffer
606 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
) + MAX (OutVariableNameSize
, InVariableNameSize
);
608 Status
= InitCommunicateBuffer ((VOID
**)&SmmGetNextVariableName
, PayloadSize
, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME
);
609 if (EFI_ERROR (Status
)) {
612 ASSERT (SmmGetNextVariableName
!= NULL
);
615 // SMM comm buffer->NameSize is buffer size for return string
617 SmmGetNextVariableName
->NameSize
= OutVariableNameSize
;
619 CopyGuid (&SmmGetNextVariableName
->Guid
, VendorGuid
);
623 CopyMem (SmmGetNextVariableName
->Name
, VariableName
, InVariableNameSize
);
624 if (OutVariableNameSize
> InVariableNameSize
) {
625 ZeroMem ((UINT8
*) SmmGetNextVariableName
->Name
+ InVariableNameSize
, OutVariableNameSize
- InVariableNameSize
);
631 Status
= SendCommunicateBuffer (PayloadSize
);
634 // Get data from SMM.
636 if (Status
== EFI_SUCCESS
|| Status
== EFI_BUFFER_TOO_SMALL
) {
638 // SMM CommBuffer NameSize can be a trimed value
639 // Only update VariableNameSize when needed
641 *VariableNameSize
= SmmGetNextVariableName
->NameSize
;
643 if (EFI_ERROR (Status
)) {
647 CopyGuid (VendorGuid
, &SmmGetNextVariableName
->Guid
);
648 CopyMem (VariableName
, SmmGetNextVariableName
->Name
, SmmGetNextVariableName
->NameSize
);
651 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
656 This code sets variable in storage blocks (Volatile or Non-Volatile).
658 Caution: This function may receive untrusted input.
659 The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
661 @param[in] VariableName Name of Variable to be found.
662 @param[in] VendorGuid Variable vendor GUID.
663 @param[in] Attributes Attribute value of the variable found
664 @param[in] DataSize Size of Data found. If size is less than the
665 data, this value contains the required size.
666 @param[in] Data Data pointer.
668 @retval EFI_INVALID_PARAMETER Invalid parameter.
669 @retval EFI_SUCCESS Set successfully.
670 @retval EFI_OUT_OF_RESOURCES Resource not enough to set variable.
671 @retval EFI_NOT_FOUND Not found.
672 @retval EFI_WRITE_PROTECTED Variable is read-only.
677 RuntimeServiceSetVariable (
678 IN CHAR16
*VariableName
,
679 IN EFI_GUID
*VendorGuid
,
680 IN UINT32 Attributes
,
687 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
688 UINTN VariableNameSize
;
691 // Check input parameters.
693 if (VariableName
== NULL
|| VariableName
[0] == 0 || VendorGuid
== NULL
) {
694 return EFI_INVALID_PARAMETER
;
697 if (DataSize
!= 0 && Data
== NULL
) {
698 return EFI_INVALID_PARAMETER
;
701 VariableNameSize
= StrSize (VariableName
);
702 SmmVariableHeader
= NULL
;
705 // If VariableName or DataSize exceeds SMM payload limit. Return failure
707 if ((VariableNameSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
)) ||
708 (DataSize
> mVariableBufferPayloadSize
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) - VariableNameSize
)){
709 return EFI_INVALID_PARAMETER
;
712 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
715 // Init the communicate buffer. The buffer data size is:
716 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
718 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + VariableNameSize
+ DataSize
;
719 Status
= InitCommunicateBuffer ((VOID
**)&SmmVariableHeader
, PayloadSize
, SMM_VARIABLE_FUNCTION_SET_VARIABLE
);
720 if (EFI_ERROR (Status
)) {
723 ASSERT (SmmVariableHeader
!= NULL
);
725 CopyGuid ((EFI_GUID
*) &SmmVariableHeader
->Guid
, VendorGuid
);
726 SmmVariableHeader
->DataSize
= DataSize
;
727 SmmVariableHeader
->NameSize
= VariableNameSize
;
728 SmmVariableHeader
->Attributes
= Attributes
;
729 CopyMem (SmmVariableHeader
->Name
, VariableName
, SmmVariableHeader
->NameSize
);
730 CopyMem ((UINT8
*) SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
, Data
, DataSize
);
735 Status
= SendCommunicateBuffer (PayloadSize
);
738 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
740 if (!EfiAtRuntime ()) {
741 if (!EFI_ERROR (Status
)) {
753 This code returns information about the EFI variables.
755 @param[in] Attributes Attributes bitmask to specify the type of variables
756 on which to return information.
757 @param[out] MaximumVariableStorageSize Pointer to the maximum size of the storage space available
758 for the EFI variables associated with the attributes specified.
759 @param[out] RemainingVariableStorageSize Pointer to the remaining size of the storage space available
760 for EFI variables associated with the attributes specified.
761 @param[out] MaximumVariableSize Pointer to the maximum size of an individual EFI variables
762 associated with the attributes specified.
764 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied.
765 @retval EFI_SUCCESS Query successfully.
766 @retval EFI_UNSUPPORTED The attribute is not supported on this platform.
771 RuntimeServiceQueryVariableInfo (
772 IN UINT32 Attributes
,
773 OUT UINT64
*MaximumVariableStorageSize
,
774 OUT UINT64
*RemainingVariableStorageSize
,
775 OUT UINT64
*MaximumVariableSize
780 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*SmmQueryVariableInfo
;
782 SmmQueryVariableInfo
= NULL
;
784 if(MaximumVariableStorageSize
== NULL
|| RemainingVariableStorageSize
== NULL
|| MaximumVariableSize
== NULL
|| Attributes
== 0) {
785 return EFI_INVALID_PARAMETER
;
788 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
791 // Init the communicate buffer. The buffer data size is:
792 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize;
794 PayloadSize
= sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
);
795 Status
= InitCommunicateBuffer ((VOID
**)&SmmQueryVariableInfo
, PayloadSize
, SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO
);
796 if (EFI_ERROR (Status
)) {
799 ASSERT (SmmQueryVariableInfo
!= NULL
);
801 SmmQueryVariableInfo
->Attributes
= Attributes
;
806 Status
= SendCommunicateBuffer (PayloadSize
);
807 if (EFI_ERROR (Status
)) {
812 // Get data from SMM.
814 *MaximumVariableSize
= SmmQueryVariableInfo
->MaximumVariableSize
;
815 *MaximumVariableStorageSize
= SmmQueryVariableInfo
->MaximumVariableStorageSize
;
816 *RemainingVariableStorageSize
= SmmQueryVariableInfo
->RemainingVariableStorageSize
;
819 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
825 Exit Boot Services Event notification handler.
827 Notify SMM variable driver about the event.
829 @param[in] Event Event whose notification function is being invoked.
830 @param[in] Context Pointer to the notification function's context.
841 // Init the communicate buffer. The buffer data size is:
842 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
844 InitCommunicateBuffer (NULL
, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE
);
849 SendCommunicateBuffer (0);
854 On Ready To Boot Services Event notification handler.
856 Notify SMM variable driver about the event.
858 @param[in] Event Event whose notification function is being invoked
859 @param[in] Context Pointer to the notification function's context
870 // Init the communicate buffer. The buffer data size is:
871 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
873 InitCommunicateBuffer (NULL
, 0, SMM_VARIABLE_FUNCTION_READY_TO_BOOT
);
878 SendCommunicateBuffer (0);
880 gBS
->CloseEvent (Event
);
885 Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
887 This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
888 It convers pointer to new virtual address.
890 @param[in] Event Event whose notification function is being invoked.
891 @param[in] Context Pointer to the notification function's context.
896 VariableAddressChangeEvent (
901 EfiConvertPointer (0x0, (VOID
**) &mVariableBuffer
);
902 EfiConvertPointer (0x0, (VOID
**) &mSmmCommunication
);
906 This code gets variable payload size.
908 @param[out] VariablePayloadSize Output pointer to variable payload size.
910 @retval EFI_SUCCESS Get successfully.
911 @retval Others Get unsuccessfully.
916 GetVariablePayloadSize (
917 OUT UINTN
*VariablePayloadSize
921 SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
*SmmGetPayloadSize
;
922 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
923 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
927 SmmGetPayloadSize
= NULL
;
930 if(VariablePayloadSize
== NULL
) {
931 return EFI_INVALID_PARAMETER
;
934 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
937 // Init the communicate buffer. The buffer data size is:
938 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
940 CommSize
= SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
+ sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
);
941 CommBuffer
= AllocateZeroPool (CommSize
);
942 if (CommBuffer
== NULL
) {
943 Status
= EFI_OUT_OF_RESOURCES
;
947 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) CommBuffer
;
948 CopyGuid (&SmmCommunicateHeader
->HeaderGuid
, &gEfiSmmVariableProtocolGuid
);
949 SmmCommunicateHeader
->MessageLength
= SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
+ sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
);
951 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*) SmmCommunicateHeader
->Data
;
952 SmmVariableFunctionHeader
->Function
= SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE
;
953 SmmGetPayloadSize
= (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE
*) SmmVariableFunctionHeader
->Data
;
958 Status
= mSmmCommunication
->Communicate (mSmmCommunication
, CommBuffer
, &CommSize
);
959 ASSERT_EFI_ERROR (Status
);
961 Status
= SmmVariableFunctionHeader
->ReturnStatus
;
962 if (EFI_ERROR (Status
)) {
967 // Get data from SMM.
969 *VariablePayloadSize
= SmmGetPayloadSize
->VariablePayloadSize
;
972 if (CommBuffer
!= NULL
) {
973 FreePool (CommBuffer
);
975 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
980 Initialize variable service and install Variable Architectural protocol.
982 @param[in] Event Event whose notification function is being invoked.
983 @param[in] Context Pointer to the notification function's context.
995 Status
= gBS
->LocateProtocol (&gEfiSmmVariableProtocolGuid
, NULL
, (VOID
**)&mSmmVariable
);
996 if (EFI_ERROR (Status
)) {
1000 Status
= gBS
->LocateProtocol (&gEfiSmmCommunicationProtocolGuid
, NULL
, (VOID
**) &mSmmCommunication
);
1001 ASSERT_EFI_ERROR (Status
);
1004 // Allocate memory for variable communicate buffer.
1006 Status
= GetVariablePayloadSize (&mVariableBufferPayloadSize
);
1007 ASSERT_EFI_ERROR (Status
);
1008 mVariableBufferSize
= SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
+ mVariableBufferPayloadSize
;
1009 mVariableBuffer
= AllocateRuntimePool (mVariableBufferSize
);
1010 ASSERT (mVariableBuffer
!= NULL
);
1013 // Save the buffer physical address used for SMM conmunication.
1015 mVariableBufferPhysical
= mVariableBuffer
;
1017 gRT
->GetVariable
= RuntimeServiceGetVariable
;
1018 gRT
->GetNextVariableName
= RuntimeServiceGetNextVariableName
;
1019 gRT
->SetVariable
= RuntimeServiceSetVariable
;
1020 gRT
->QueryVariableInfo
= RuntimeServiceQueryVariableInfo
;
1023 // Install the Variable Architectural Protocol on a new handle.
1025 Status
= gBS
->InstallProtocolInterface (
1027 &gEfiVariableArchProtocolGuid
,
1028 EFI_NATIVE_INTERFACE
,
1031 ASSERT_EFI_ERROR (Status
);
1033 mVariableLock
.RequestToLock
= VariableLockRequestToLock
;
1034 Status
= gBS
->InstallMultipleProtocolInterfaces (
1036 &gEdkiiVariableLockProtocolGuid
,
1040 ASSERT_EFI_ERROR (Status
);
1042 mVarCheck
.RegisterSetVariableCheckHandler
= VarCheckRegisterSetVariableCheckHandler
;
1043 mVarCheck
.VariablePropertySet
= VarCheckVariablePropertySet
;
1044 mVarCheck
.VariablePropertyGet
= VarCheckVariablePropertyGet
;
1045 Status
= gBS
->InstallMultipleProtocolInterfaces (
1047 &gEdkiiVarCheckProtocolGuid
,
1051 ASSERT_EFI_ERROR (Status
);
1053 gBS
->CloseEvent (Event
);
1058 SMM Non-Volatile variable write service is ready notify event handler.
1060 @param[in] Event Event whose notification function is being invoked.
1061 @param[in] Context Pointer to the notification function's context.
1066 SmmVariableWriteReady (
1075 // Check whether the protocol is installed or not.
1077 Status
= gBS
->LocateProtocol (&gSmmVariableWriteGuid
, NULL
, (VOID
**) &ProtocolOps
);
1078 if (EFI_ERROR (Status
)) {
1082 Status
= gBS
->InstallProtocolInterface (
1084 &gEfiVariableWriteArchProtocolGuid
,
1085 EFI_NATIVE_INTERFACE
,
1088 ASSERT_EFI_ERROR (Status
);
1090 gBS
->CloseEvent (Event
);
1095 Variable Driver main entry point. The Variable driver places the 4 EFI
1096 runtime services in the EFI System Table and installs arch protocols
1097 for variable read and write services being available. It also registers
1098 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
1100 @param[in] ImageHandle The firmware allocated handle for the EFI image.
1101 @param[in] SystemTable A pointer to the EFI System Table.
1103 @retval EFI_SUCCESS Variable service successfully initialized.
1108 VariableSmmRuntimeInitialize (
1109 IN EFI_HANDLE ImageHandle
,
1110 IN EFI_SYSTEM_TABLE
*SystemTable
1113 VOID
*SmmVariableRegistration
;
1114 VOID
*SmmVariableWriteRegistration
;
1115 EFI_EVENT OnReadyToBootEvent
;
1116 EFI_EVENT ExitBootServiceEvent
;
1117 EFI_EVENT LegacyBootEvent
;
1119 EfiInitializeLock (&mVariableServicesLock
, TPL_NOTIFY
);
1122 // Smm variable service is ready
1124 EfiCreateProtocolNotifyEvent (
1125 &gEfiSmmVariableProtocolGuid
,
1129 &SmmVariableRegistration
1133 // Smm Non-Volatile variable write service is ready
1135 EfiCreateProtocolNotifyEvent (
1136 &gSmmVariableWriteGuid
,
1138 SmmVariableWriteReady
,
1140 &SmmVariableWriteRegistration
1144 // Register the event to reclaim variable for OS usage.
1146 EfiCreateEventReadyToBootEx (
1154 // Register the event to inform SMM variable that it is at runtime.
1156 gBS
->CreateEventEx (
1161 &gEfiEventExitBootServicesGuid
,
1162 &ExitBootServiceEvent
1166 // Register the event to inform SMM variable that it is at runtime for legacy boot.
1167 // Reuse OnExitBootServices() here.
1169 EfiCreateEventLegacyBootEx(
1177 // Register the event to convert the pointer for runtime.
1179 gBS
->CreateEventEx (
1182 VariableAddressChangeEvent
,
1184 &gEfiEventVirtualAddressChangeGuid
,
1185 &mVirtualAddressChangeEvent