]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg Variable: Merge from Auth Variable driver in SecurityPkg
[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / VariableSmmRuntimeDxe.c
1 /** @file
2 Implement all four UEFI Runtime Variable services for the nonvolatile
3 and volatile storage space and install variable architecture protocol
4 based on SMM variable module.
5
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
10
11 RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
12 to receive data buffer. The size should be checked carefully.
13
14 InitCommunicateBuffer() is really function to check the variable data size.
15
16 Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
17 This program and the accompanying materials
18 are licensed and made available under the terms and conditions of the BSD License
19 which accompanies this distribution. The full text of the license may be found at
20 http://opensource.org/licenses/bsd-license.php
21
22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
23 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
24
25 **/
26 #include <PiDxe.h>
27 #include <Protocol/VariableWrite.h>
28 #include <Protocol/Variable.h>
29 #include <Protocol/SmmCommunication.h>
30 #include <Protocol/SmmVariable.h>
31 #include <Protocol/VariableLock.h>
32 #include <Protocol/VarCheck.h>
33
34 #include <Library/UefiBootServicesTableLib.h>
35 #include <Library/UefiRuntimeServicesTableLib.h>
36 #include <Library/MemoryAllocationLib.h>
37 #include <Library/UefiDriverEntryPoint.h>
38 #include <Library/UefiRuntimeLib.h>
39 #include <Library/BaseMemoryLib.h>
40 #include <Library/DebugLib.h>
41 #include <Library/UefiLib.h>
42 #include <Library/BaseLib.h>
43
44 #include <Guid/EventGroup.h>
45 #include <Guid/SmmVariableCommon.h>
46
47 EFI_HANDLE mHandle = NULL;
48 EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL;
49 EFI_EVENT mVirtualAddressChangeEvent = NULL;
50 EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL;
51 UINT8 *mVariableBuffer = NULL;
52 UINT8 *mVariableBufferPhysical = NULL;
53 UINTN mVariableBufferSize;
54 UINTN mVariableBufferPayloadSize;
55 EFI_LOCK mVariableServicesLock;
56 EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
57 EDKII_VAR_CHECK_PROTOCOL mVarCheck;
58
59 /**
60 SecureBoot Hook for SetVariable.
61
62 @param[in] VariableName Name of Variable to be found.
63 @param[in] VendorGuid Variable vendor GUID.
64
65 **/
66 VOID
67 EFIAPI
68 SecureBootHook (
69 IN CHAR16 *VariableName,
70 IN EFI_GUID *VendorGuid
71 );
72
73 /**
74 Acquires lock only at boot time. Simply returns at runtime.
75
76 This is a temperary function that will be removed when
77 EfiAcquireLock() in UefiLib can handle the call in UEFI
78 Runtimer driver in RT phase.
79 It calls EfiAcquireLock() at boot time, and simply returns
80 at runtime.
81
82 @param Lock A pointer to the lock to acquire.
83
84 **/
85 VOID
86 AcquireLockOnlyAtBootTime (
87 IN EFI_LOCK *Lock
88 )
89 {
90 if (!EfiAtRuntime ()) {
91 EfiAcquireLock (Lock);
92 }
93 }
94
95 /**
96 Releases lock only at boot time. Simply returns at runtime.
97
98 This is a temperary function which will be removed when
99 EfiReleaseLock() in UefiLib can handle the call in UEFI
100 Runtimer driver in RT phase.
101 It calls EfiReleaseLock() at boot time and simply returns
102 at runtime.
103
104 @param Lock A pointer to the lock to release.
105
106 **/
107 VOID
108 ReleaseLockOnlyAtBootTime (
109 IN EFI_LOCK *Lock
110 )
111 {
112 if (!EfiAtRuntime ()) {
113 EfiReleaseLock (Lock);
114 }
115 }
116
117 /**
118 Initialize the communicate buffer using DataSize and Function.
119
120 The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
121 DataSize.
122
123 Caution: This function may receive untrusted input.
124 The data size external input, so this function will validate it carefully to avoid buffer overflow.
125
126 @param[out] DataPtr Points to the data in the communicate buffer.
127 @param[in] DataSize The data size to send to SMM.
128 @param[in] Function The function number to initialize the communicate header.
129
130 @retval EFI_INVALID_PARAMETER The data size is too big.
131 @retval EFI_SUCCESS Find the specified variable.
132
133 **/
134 EFI_STATUS
135 InitCommunicateBuffer (
136 OUT VOID **DataPtr OPTIONAL,
137 IN UINTN DataSize,
138 IN UINTN Function
139 )
140 {
141 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;
142 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
143
144
145 if (DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE > mVariableBufferSize) {
146 return EFI_INVALID_PARAMETER;
147 }
148
149 SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer;
150 CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGuid);
151 SmmCommunicateHeader->MessageLength = DataSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
152
153 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data;
154 SmmVariableFunctionHeader->Function = Function;
155 if (DataPtr != NULL) {
156 *DataPtr = SmmVariableFunctionHeader->Data;
157 }
158
159 return EFI_SUCCESS;
160 }
161
162
163 /**
164 Send the data in communicate buffer to SMM.
165
166 @param[in] DataSize This size of the function header and the data.
167
168 @retval EFI_SUCCESS Success is returned from the functin in SMM.
169 @retval Others Failure is returned from the function in SMM.
170
171 **/
172 EFI_STATUS
173 SendCommunicateBuffer (
174 IN UINTN DataSize
175 )
176 {
177 EFI_STATUS Status;
178 UINTN CommSize;
179 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;
180 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
181
182 CommSize = DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
183 Status = mSmmCommunication->Communicate (mSmmCommunication, mVariableBufferPhysical, &CommSize);
184 ASSERT_EFI_ERROR (Status);
185
186 SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) mVariableBuffer;
187 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)SmmCommunicateHeader->Data;
188 return SmmVariableFunctionHeader->ReturnStatus;
189 }
190
191 /**
192 Mark a variable that will become read-only after leaving the DXE phase of execution.
193
194 @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
195 @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
196 @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
197
198 @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
199 as pending to be read-only.
200 @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
201 Or VariableName is an empty string.
202 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
203 already been signaled.
204 @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
205 **/
206 EFI_STATUS
207 EFIAPI
208 VariableLockRequestToLock (
209 IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
210 IN CHAR16 *VariableName,
211 IN EFI_GUID *VendorGuid
212 )
213 {
214 EFI_STATUS Status;
215 UINTN VariableNameSize;
216 UINTN PayloadSize;
217 SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
218
219 if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
220 return EFI_INVALID_PARAMETER;
221 }
222
223 VariableNameSize = StrSize (VariableName);
224 VariableToLock = NULL;
225
226 //
227 // If VariableName exceeds SMM payload limit. Return failure
228 //
229 if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)) {
230 return EFI_INVALID_PARAMETER;
231 }
232
233 AcquireLockOnlyAtBootTime(&mVariableServicesLock);
234
235 //
236 // Init the communicate buffer. The buffer data size is:
237 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
238 //
239 PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name) + VariableNameSize;
240 Status = InitCommunicateBuffer ((VOID **) &VariableToLock, PayloadSize, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE);
241 if (EFI_ERROR (Status)) {
242 goto Done;
243 }
244 ASSERT (VariableToLock != NULL);
245
246 CopyGuid (&VariableToLock->Guid, VendorGuid);
247 VariableToLock->NameSize = VariableNameSize;
248 CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize);
249
250 //
251 // Send data to SMM.
252 //
253 Status = SendCommunicateBuffer (PayloadSize);
254
255 Done:
256 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
257 return Status;
258 }
259
260 /**
261 Register SetVariable check handler.
262
263 @param[in] Handler Pointer to check handler.
264
265 @retval EFI_SUCCESS The SetVariable check handler was registered successfully.
266 @retval EFI_INVALID_PARAMETER Handler is NULL.
267 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
268 already been signaled.
269 @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
270 @retval EFI_UNSUPPORTED This interface is not implemented.
271 For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
272
273 **/
274 EFI_STATUS
275 EFIAPI
276 VarCheckRegisterSetVariableCheckHandler (
277 IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
278 )
279 {
280 return EFI_UNSUPPORTED;
281 }
282
283 /**
284 Variable property set.
285
286 @param[in] Name Pointer to the variable name.
287 @param[in] Guid Pointer to the vendor GUID.
288 @param[in] VariableProperty Pointer to the input variable property.
289
290 @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
291 @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
292 or the fields of VariableProperty are not valid.
293 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
294 already been signaled.
295 @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
296
297 **/
298 EFI_STATUS
299 EFIAPI
300 VarCheckVariablePropertySet (
301 IN CHAR16 *Name,
302 IN EFI_GUID *Guid,
303 IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
304 )
305 {
306 EFI_STATUS Status;
307 UINTN VariableNameSize;
308 UINTN PayloadSize;
309 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
310
311 if (Name == NULL || Name[0] == 0 || Guid == NULL) {
312 return EFI_INVALID_PARAMETER;
313 }
314
315 if (VariableProperty == NULL) {
316 return EFI_INVALID_PARAMETER;
317 }
318
319 if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {
320 return EFI_INVALID_PARAMETER;
321 }
322
323 VariableNameSize = StrSize (Name);
324 CommVariableProperty = NULL;
325
326 //
327 // If VariableName exceeds SMM payload limit. Return failure
328 //
329 if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
330 return EFI_INVALID_PARAMETER;
331 }
332
333 AcquireLockOnlyAtBootTime (&mVariableServicesLock);
334
335 //
336 // Init the communicate buffer. The buffer data size is:
337 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
338 //
339 PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + VariableNameSize;
340 Status = InitCommunicateBuffer ((VOID **) &CommVariableProperty, PayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET);
341 if (EFI_ERROR (Status)) {
342 goto Done;
343 }
344 ASSERT (CommVariableProperty != NULL);
345
346 CopyGuid (&CommVariableProperty->Guid, Guid);
347 CopyMem (&CommVariableProperty->VariableProperty, VariableProperty, sizeof (*VariableProperty));
348 CommVariableProperty->NameSize = VariableNameSize;
349 CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSize);
350
351 //
352 // Send data to SMM.
353 //
354 Status = SendCommunicateBuffer (PayloadSize);
355
356 Done:
357 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
358 return Status;
359 }
360
361 /**
362 Variable property get.
363
364 @param[in] Name Pointer to the variable name.
365 @param[in] Guid Pointer to the vendor GUID.
366 @param[out] VariableProperty Pointer to the output variable property.
367
368 @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
369 @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
370 @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
371
372 **/
373 EFI_STATUS
374 EFIAPI
375 VarCheckVariablePropertyGet (
376 IN CHAR16 *Name,
377 IN EFI_GUID *Guid,
378 OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
379 )
380 {
381 EFI_STATUS Status;
382 UINTN VariableNameSize;
383 UINTN PayloadSize;
384 SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
385
386 if (Name == NULL || Name[0] == 0 || Guid == NULL) {
387 return EFI_INVALID_PARAMETER;
388 }
389
390 if (VariableProperty == NULL) {
391 return EFI_INVALID_PARAMETER;
392 }
393
394 VariableNameSize = StrSize (Name);
395 CommVariableProperty = NULL;
396
397 //
398 // If VariableName exceeds SMM payload limit. Return failure
399 //
400 if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
401 return EFI_INVALID_PARAMETER;
402 }
403
404 AcquireLockOnlyAtBootTime (&mVariableServicesLock);
405
406 //
407 // Init the communicate buffer. The buffer data size is:
408 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
409 //
410 PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + VariableNameSize;
411 Status = InitCommunicateBuffer ((VOID **) &CommVariableProperty, PayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET);
412 if (EFI_ERROR (Status)) {
413 goto Done;
414 }
415 ASSERT (CommVariableProperty != NULL);
416
417 CopyGuid (&CommVariableProperty->Guid, Guid);
418 CommVariableProperty->NameSize = VariableNameSize;
419 CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSize);
420
421 //
422 // Send data to SMM.
423 //
424 Status = SendCommunicateBuffer (PayloadSize);
425 if (Status == EFI_SUCCESS) {
426 CopyMem (VariableProperty, &CommVariableProperty->VariableProperty, sizeof (*VariableProperty));
427 }
428
429 Done:
430 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
431 return Status;
432 }
433
434 /**
435 This code finds variable in storage blocks (Volatile or Non-Volatile).
436
437 Caution: This function may receive untrusted input.
438 The data size is external input, so this function will validate it carefully to avoid buffer overflow.
439
440 @param[in] VariableName Name of Variable to be found.
441 @param[in] VendorGuid Variable vendor GUID.
442 @param[out] Attributes Attribute value of the variable found.
443 @param[in, out] DataSize Size of Data found. If size is less than the
444 data, this value contains the required size.
445 @param[out] Data Data pointer.
446
447 @retval EFI_INVALID_PARAMETER Invalid parameter.
448 @retval EFI_SUCCESS Find the specified variable.
449 @retval EFI_NOT_FOUND Not found.
450 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
451
452 **/
453 EFI_STATUS
454 EFIAPI
455 RuntimeServiceGetVariable (
456 IN CHAR16 *VariableName,
457 IN EFI_GUID *VendorGuid,
458 OUT UINT32 *Attributes OPTIONAL,
459 IN OUT UINTN *DataSize,
460 OUT VOID *Data
461 )
462 {
463 EFI_STATUS Status;
464 UINTN PayloadSize;
465 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
466 UINTN TempDataSize;
467 UINTN VariableNameSize;
468
469 if (VariableName == NULL || VendorGuid == NULL || DataSize == NULL) {
470 return EFI_INVALID_PARAMETER;
471 }
472
473 TempDataSize = *DataSize;
474 VariableNameSize = StrSize (VariableName);
475 SmmVariableHeader = NULL;
476
477 //
478 // If VariableName exceeds SMM payload limit. Return failure
479 //
480 if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) {
481 return EFI_INVALID_PARAMETER;
482 }
483
484 AcquireLockOnlyAtBootTime(&mVariableServicesLock);
485
486 //
487 // Init the communicate buffer. The buffer data size is:
488 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
489 //
490 if (TempDataSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize) {
491 //
492 // If output data buffer exceed SMM payload limit. Trim output buffer to SMM payload size
493 //
494 TempDataSize = mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize;
495 }
496 PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + VariableNameSize + TempDataSize;
497
498 Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize, SMM_VARIABLE_FUNCTION_GET_VARIABLE);
499 if (EFI_ERROR (Status)) {
500 goto Done;
501 }
502 ASSERT (SmmVariableHeader != NULL);
503
504 CopyGuid (&SmmVariableHeader->Guid, VendorGuid);
505 SmmVariableHeader->DataSize = TempDataSize;
506 SmmVariableHeader->NameSize = VariableNameSize;
507 if (Attributes == NULL) {
508 SmmVariableHeader->Attributes = 0;
509 } else {
510 SmmVariableHeader->Attributes = *Attributes;
511 }
512 CopyMem (SmmVariableHeader->Name, VariableName, SmmVariableHeader->NameSize);
513
514 //
515 // Send data to SMM.
516 //
517 Status = SendCommunicateBuffer (PayloadSize);
518
519 //
520 // Get data from SMM.
521 //
522 if (Status == EFI_SUCCESS || Status == EFI_BUFFER_TOO_SMALL) {
523 //
524 // SMM CommBuffer DataSize can be a trimed value
525 // Only update DataSize when needed
526 //
527 *DataSize = SmmVariableHeader->DataSize;
528 }
529 if (Attributes != NULL) {
530 *Attributes = SmmVariableHeader->Attributes;
531 }
532
533 if (EFI_ERROR (Status)) {
534 goto Done;
535 }
536
537 if (Data != NULL) {
538 CopyMem (Data, (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize, SmmVariableHeader->DataSize);
539 } else {
540 Status = EFI_INVALID_PARAMETER;
541 }
542
543 Done:
544 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
545 return Status;
546 }
547
548
549 /**
550 This code Finds the Next available variable.
551
552 @param[in, out] VariableNameSize Size of the variable name.
553 @param[in, out] VariableName Pointer to variable name.
554 @param[in, out] VendorGuid Variable Vendor Guid.
555
556 @retval EFI_INVALID_PARAMETER Invalid parameter.
557 @retval EFI_SUCCESS Find the specified variable.
558 @retval EFI_NOT_FOUND Not found.
559 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
560
561 **/
562 EFI_STATUS
563 EFIAPI
564 RuntimeServiceGetNextVariableName (
565 IN OUT UINTN *VariableNameSize,
566 IN OUT CHAR16 *VariableName,
567 IN OUT EFI_GUID *VendorGuid
568 )
569 {
570 EFI_STATUS Status;
571 UINTN PayloadSize;
572 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *SmmGetNextVariableName;
573 UINTN OutVariableNameSize;
574 UINTN InVariableNameSize;
575
576 if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
577 return EFI_INVALID_PARAMETER;
578 }
579
580 OutVariableNameSize = *VariableNameSize;
581 InVariableNameSize = StrSize (VariableName);
582 SmmGetNextVariableName = NULL;
583
584 //
585 // If input string exceeds SMM payload limit. Return failure
586 //
587 if (InVariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
588 return EFI_INVALID_PARAMETER;
589 }
590
591 AcquireLockOnlyAtBootTime(&mVariableServicesLock);
592
593 //
594 // Init the communicate buffer. The buffer data size is:
595 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
596 //
597 if (OutVariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) {
598 //
599 // If output buffer exceed SMM payload limit. Trim output buffer to SMM payload size
600 //
601 OutVariableNameSize = mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name);
602 }
603 //
604 // Payload should be Guid + NameSize + MAX of Input & Output buffer
605 //
606 PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + MAX (OutVariableNameSize, InVariableNameSize);
607
608 Status = InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName, PayloadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME);
609 if (EFI_ERROR (Status)) {
610 goto Done;
611 }
612 ASSERT (SmmGetNextVariableName != NULL);
613
614 //
615 // SMM comm buffer->NameSize is buffer size for return string
616 //
617 SmmGetNextVariableName->NameSize = OutVariableNameSize;
618
619 CopyGuid (&SmmGetNextVariableName->Guid, VendorGuid);
620 //
621 // Copy whole string
622 //
623 CopyMem (SmmGetNextVariableName->Name, VariableName, InVariableNameSize);
624 if (OutVariableNameSize > InVariableNameSize) {
625 ZeroMem ((UINT8 *) SmmGetNextVariableName->Name + InVariableNameSize, OutVariableNameSize - InVariableNameSize);
626 }
627
628 //
629 // Send data to SMM
630 //
631 Status = SendCommunicateBuffer (PayloadSize);
632
633 //
634 // Get data from SMM.
635 //
636 if (Status == EFI_SUCCESS || Status == EFI_BUFFER_TOO_SMALL) {
637 //
638 // SMM CommBuffer NameSize can be a trimed value
639 // Only update VariableNameSize when needed
640 //
641 *VariableNameSize = SmmGetNextVariableName->NameSize;
642 }
643 if (EFI_ERROR (Status)) {
644 goto Done;
645 }
646
647 CopyGuid (VendorGuid, &SmmGetNextVariableName->Guid);
648 CopyMem (VariableName, SmmGetNextVariableName->Name, SmmGetNextVariableName->NameSize);
649
650 Done:
651 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
652 return Status;
653 }
654
655 /**
656 This code sets variable in storage blocks (Volatile or Non-Volatile).
657
658 Caution: This function may receive untrusted input.
659 The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
660
661 @param[in] VariableName Name of Variable to be found.
662 @param[in] VendorGuid Variable vendor GUID.
663 @param[in] Attributes Attribute value of the variable found
664 @param[in] DataSize Size of Data found. If size is less than the
665 data, this value contains the required size.
666 @param[in] Data Data pointer.
667
668 @retval EFI_INVALID_PARAMETER Invalid parameter.
669 @retval EFI_SUCCESS Set successfully.
670 @retval EFI_OUT_OF_RESOURCES Resource not enough to set variable.
671 @retval EFI_NOT_FOUND Not found.
672 @retval EFI_WRITE_PROTECTED Variable is read-only.
673
674 **/
675 EFI_STATUS
676 EFIAPI
677 RuntimeServiceSetVariable (
678 IN CHAR16 *VariableName,
679 IN EFI_GUID *VendorGuid,
680 IN UINT32 Attributes,
681 IN UINTN DataSize,
682 IN VOID *Data
683 )
684 {
685 EFI_STATUS Status;
686 UINTN PayloadSize;
687 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
688 UINTN VariableNameSize;
689
690 //
691 // Check input parameters.
692 //
693 if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
694 return EFI_INVALID_PARAMETER;
695 }
696
697 if (DataSize != 0 && Data == NULL) {
698 return EFI_INVALID_PARAMETER;
699 }
700
701 VariableNameSize = StrSize (VariableName);
702 SmmVariableHeader = NULL;
703
704 //
705 // If VariableName or DataSize exceeds SMM payload limit. Return failure
706 //
707 if ((VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) ||
708 (DataSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize)){
709 return EFI_INVALID_PARAMETER;
710 }
711
712 AcquireLockOnlyAtBootTime(&mVariableServicesLock);
713
714 //
715 // Init the communicate buffer. The buffer data size is:
716 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
717 //
718 PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + VariableNameSize + DataSize;
719 Status = InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSize, SMM_VARIABLE_FUNCTION_SET_VARIABLE);
720 if (EFI_ERROR (Status)) {
721 goto Done;
722 }
723 ASSERT (SmmVariableHeader != NULL);
724
725 CopyGuid ((EFI_GUID *) &SmmVariableHeader->Guid, VendorGuid);
726 SmmVariableHeader->DataSize = DataSize;
727 SmmVariableHeader->NameSize = VariableNameSize;
728 SmmVariableHeader->Attributes = Attributes;
729 CopyMem (SmmVariableHeader->Name, VariableName, SmmVariableHeader->NameSize);
730 CopyMem ((UINT8 *) SmmVariableHeader->Name + SmmVariableHeader->NameSize, Data, DataSize);
731
732 //
733 // Send data to SMM.
734 //
735 Status = SendCommunicateBuffer (PayloadSize);
736
737 Done:
738 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
739
740 if (!EfiAtRuntime ()) {
741 if (!EFI_ERROR (Status)) {
742 SecureBootHook (
743 VariableName,
744 VendorGuid
745 );
746 }
747 }
748 return Status;
749 }
750
751
752 /**
753 This code returns information about the EFI variables.
754
755 @param[in] Attributes Attributes bitmask to specify the type of variables
756 on which to return information.
757 @param[out] MaximumVariableStorageSize Pointer to the maximum size of the storage space available
758 for the EFI variables associated with the attributes specified.
759 @param[out] RemainingVariableStorageSize Pointer to the remaining size of the storage space available
760 for EFI variables associated with the attributes specified.
761 @param[out] MaximumVariableSize Pointer to the maximum size of an individual EFI variables
762 associated with the attributes specified.
763
764 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied.
765 @retval EFI_SUCCESS Query successfully.
766 @retval EFI_UNSUPPORTED The attribute is not supported on this platform.
767
768 **/
769 EFI_STATUS
770 EFIAPI
771 RuntimeServiceQueryVariableInfo (
772 IN UINT32 Attributes,
773 OUT UINT64 *MaximumVariableStorageSize,
774 OUT UINT64 *RemainingVariableStorageSize,
775 OUT UINT64 *MaximumVariableSize
776 )
777 {
778 EFI_STATUS Status;
779 UINTN PayloadSize;
780 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *SmmQueryVariableInfo;
781
782 SmmQueryVariableInfo = NULL;
783
784 if(MaximumVariableStorageSize == NULL || RemainingVariableStorageSize == NULL || MaximumVariableSize == NULL || Attributes == 0) {
785 return EFI_INVALID_PARAMETER;
786 }
787
788 AcquireLockOnlyAtBootTime(&mVariableServicesLock);
789
790 //
791 // Init the communicate buffer. The buffer data size is:
792 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize;
793 //
794 PayloadSize = sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
795 Status = InitCommunicateBuffer ((VOID **)&SmmQueryVariableInfo, PayloadSize, SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO);
796 if (EFI_ERROR (Status)) {
797 goto Done;
798 }
799 ASSERT (SmmQueryVariableInfo != NULL);
800
801 SmmQueryVariableInfo->Attributes = Attributes;
802
803 //
804 // Send data to SMM.
805 //
806 Status = SendCommunicateBuffer (PayloadSize);
807 if (EFI_ERROR (Status)) {
808 goto Done;
809 }
810
811 //
812 // Get data from SMM.
813 //
814 *MaximumVariableSize = SmmQueryVariableInfo->MaximumVariableSize;
815 *MaximumVariableStorageSize = SmmQueryVariableInfo->MaximumVariableStorageSize;
816 *RemainingVariableStorageSize = SmmQueryVariableInfo->RemainingVariableStorageSize;
817
818 Done:
819 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
820 return Status;
821 }
822
823
824 /**
825 Exit Boot Services Event notification handler.
826
827 Notify SMM variable driver about the event.
828
829 @param[in] Event Event whose notification function is being invoked.
830 @param[in] Context Pointer to the notification function's context.
831
832 **/
833 VOID
834 EFIAPI
835 OnExitBootServices (
836 IN EFI_EVENT Event,
837 IN VOID *Context
838 )
839 {
840 //
841 // Init the communicate buffer. The buffer data size is:
842 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
843 //
844 InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE);
845
846 //
847 // Send data to SMM.
848 //
849 SendCommunicateBuffer (0);
850 }
851
852
853 /**
854 On Ready To Boot Services Event notification handler.
855
856 Notify SMM variable driver about the event.
857
858 @param[in] Event Event whose notification function is being invoked
859 @param[in] Context Pointer to the notification function's context
860
861 **/
862 VOID
863 EFIAPI
864 OnReadyToBoot (
865 IN EFI_EVENT Event,
866 IN VOID *Context
867 )
868 {
869 //
870 // Init the communicate buffer. The buffer data size is:
871 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
872 //
873 InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_READY_TO_BOOT);
874
875 //
876 // Send data to SMM.
877 //
878 SendCommunicateBuffer (0);
879
880 gBS->CloseEvent (Event);
881 }
882
883
884 /**
885 Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
886
887 This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
888 It convers pointer to new virtual address.
889
890 @param[in] Event Event whose notification function is being invoked.
891 @param[in] Context Pointer to the notification function's context.
892
893 **/
894 VOID
895 EFIAPI
896 VariableAddressChangeEvent (
897 IN EFI_EVENT Event,
898 IN VOID *Context
899 )
900 {
901 EfiConvertPointer (0x0, (VOID **) &mVariableBuffer);
902 EfiConvertPointer (0x0, (VOID **) &mSmmCommunication);
903 }
904
905 /**
906 This code gets variable payload size.
907
908 @param[out] VariablePayloadSize Output pointer to variable payload size.
909
910 @retval EFI_SUCCESS Get successfully.
911 @retval Others Get unsuccessfully.
912
913 **/
914 EFI_STATUS
915 EFIAPI
916 GetVariablePayloadSize (
917 OUT UINTN *VariablePayloadSize
918 )
919 {
920 EFI_STATUS Status;
921 SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *SmmGetPayloadSize;
922 EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;
923 SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
924 UINTN CommSize;
925 UINT8 *CommBuffer;
926
927 SmmGetPayloadSize = NULL;
928 CommBuffer = NULL;
929
930 if(VariablePayloadSize == NULL) {
931 return EFI_INVALID_PARAMETER;
932 }
933
934 AcquireLockOnlyAtBootTime(&mVariableServicesLock);
935
936 //
937 // Init the communicate buffer. The buffer data size is:
938 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
939 //
940 CommSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
941 CommBuffer = AllocateZeroPool (CommSize);
942 if (CommBuffer == NULL) {
943 Status = EFI_OUT_OF_RESOURCES;
944 goto Done;
945 }
946
947 SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) CommBuffer;
948 CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGuid);
949 SmmCommunicateHeader->MessageLength = SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
950
951 SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data;
952 SmmVariableFunctionHeader->Function = SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE;
953 SmmGetPayloadSize = (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *) SmmVariableFunctionHeader->Data;
954
955 //
956 // Send data to SMM.
957 //
958 Status = mSmmCommunication->Communicate (mSmmCommunication, CommBuffer, &CommSize);
959 ASSERT_EFI_ERROR (Status);
960
961 Status = SmmVariableFunctionHeader->ReturnStatus;
962 if (EFI_ERROR (Status)) {
963 goto Done;
964 }
965
966 //
967 // Get data from SMM.
968 //
969 *VariablePayloadSize = SmmGetPayloadSize->VariablePayloadSize;
970
971 Done:
972 if (CommBuffer != NULL) {
973 FreePool (CommBuffer);
974 }
975 ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
976 return Status;
977 }
978
979 /**
980 Initialize variable service and install Variable Architectural protocol.
981
982 @param[in] Event Event whose notification function is being invoked.
983 @param[in] Context Pointer to the notification function's context.
984
985 **/
986 VOID
987 EFIAPI
988 SmmVariableReady (
989 IN EFI_EVENT Event,
990 IN VOID *Context
991 )
992 {
993 EFI_STATUS Status;
994
995 Status = gBS->LocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mSmmVariable);
996 if (EFI_ERROR (Status)) {
997 return;
998 }
999
1000 Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &mSmmCommunication);
1001 ASSERT_EFI_ERROR (Status);
1002
1003 //
1004 // Allocate memory for variable communicate buffer.
1005 //
1006 Status = GetVariablePayloadSize (&mVariableBufferPayloadSize);
1007 ASSERT_EFI_ERROR (Status);
1008 mVariableBufferSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + mVariableBufferPayloadSize;
1009 mVariableBuffer = AllocateRuntimePool (mVariableBufferSize);
1010 ASSERT (mVariableBuffer != NULL);
1011
1012 //
1013 // Save the buffer physical address used for SMM conmunication.
1014 //
1015 mVariableBufferPhysical = mVariableBuffer;
1016
1017 gRT->GetVariable = RuntimeServiceGetVariable;
1018 gRT->GetNextVariableName = RuntimeServiceGetNextVariableName;
1019 gRT->SetVariable = RuntimeServiceSetVariable;
1020 gRT->QueryVariableInfo = RuntimeServiceQueryVariableInfo;
1021
1022 //
1023 // Install the Variable Architectural Protocol on a new handle.
1024 //
1025 Status = gBS->InstallProtocolInterface (
1026 &mHandle,
1027 &gEfiVariableArchProtocolGuid,
1028 EFI_NATIVE_INTERFACE,
1029 NULL
1030 );
1031 ASSERT_EFI_ERROR (Status);
1032
1033 mVariableLock.RequestToLock = VariableLockRequestToLock;
1034 Status = gBS->InstallMultipleProtocolInterfaces (
1035 &mHandle,
1036 &gEdkiiVariableLockProtocolGuid,
1037 &mVariableLock,
1038 NULL
1039 );
1040 ASSERT_EFI_ERROR (Status);
1041
1042 mVarCheck.RegisterSetVariableCheckHandler = VarCheckRegisterSetVariableCheckHandler;
1043 mVarCheck.VariablePropertySet = VarCheckVariablePropertySet;
1044 mVarCheck.VariablePropertyGet = VarCheckVariablePropertyGet;
1045 Status = gBS->InstallMultipleProtocolInterfaces (
1046 &mHandle,
1047 &gEdkiiVarCheckProtocolGuid,
1048 &mVarCheck,
1049 NULL
1050 );
1051 ASSERT_EFI_ERROR (Status);
1052
1053 gBS->CloseEvent (Event);
1054 }
1055
1056
1057 /**
1058 SMM Non-Volatile variable write service is ready notify event handler.
1059
1060 @param[in] Event Event whose notification function is being invoked.
1061 @param[in] Context Pointer to the notification function's context.
1062
1063 **/
1064 VOID
1065 EFIAPI
1066 SmmVariableWriteReady (
1067 IN EFI_EVENT Event,
1068 IN VOID *Context
1069 )
1070 {
1071 EFI_STATUS Status;
1072 VOID *ProtocolOps;
1073
1074 //
1075 // Check whether the protocol is installed or not.
1076 //
1077 Status = gBS->LocateProtocol (&gSmmVariableWriteGuid, NULL, (VOID **) &ProtocolOps);
1078 if (EFI_ERROR (Status)) {
1079 return;
1080 }
1081
1082 Status = gBS->InstallProtocolInterface (
1083 &mHandle,
1084 &gEfiVariableWriteArchProtocolGuid,
1085 EFI_NATIVE_INTERFACE,
1086 NULL
1087 );
1088 ASSERT_EFI_ERROR (Status);
1089
1090 gBS->CloseEvent (Event);
1091 }
1092
1093
1094 /**
1095 Variable Driver main entry point. The Variable driver places the 4 EFI
1096 runtime services in the EFI System Table and installs arch protocols
1097 for variable read and write services being available. It also registers
1098 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
1099
1100 @param[in] ImageHandle The firmware allocated handle for the EFI image.
1101 @param[in] SystemTable A pointer to the EFI System Table.
1102
1103 @retval EFI_SUCCESS Variable service successfully initialized.
1104
1105 **/
1106 EFI_STATUS
1107 EFIAPI
1108 VariableSmmRuntimeInitialize (
1109 IN EFI_HANDLE ImageHandle,
1110 IN EFI_SYSTEM_TABLE *SystemTable
1111 )
1112 {
1113 VOID *SmmVariableRegistration;
1114 VOID *SmmVariableWriteRegistration;
1115 EFI_EVENT OnReadyToBootEvent;
1116 EFI_EVENT ExitBootServiceEvent;
1117 EFI_EVENT LegacyBootEvent;
1118
1119 EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY);
1120
1121 //
1122 // Smm variable service is ready
1123 //
1124 EfiCreateProtocolNotifyEvent (
1125 &gEfiSmmVariableProtocolGuid,
1126 TPL_CALLBACK,
1127 SmmVariableReady,
1128 NULL,
1129 &SmmVariableRegistration
1130 );
1131
1132 //
1133 // Smm Non-Volatile variable write service is ready
1134 //
1135 EfiCreateProtocolNotifyEvent (
1136 &gSmmVariableWriteGuid,
1137 TPL_CALLBACK,
1138 SmmVariableWriteReady,
1139 NULL,
1140 &SmmVariableWriteRegistration
1141 );
1142
1143 //
1144 // Register the event to reclaim variable for OS usage.
1145 //
1146 EfiCreateEventReadyToBootEx (
1147 TPL_NOTIFY,
1148 OnReadyToBoot,
1149 NULL,
1150 &OnReadyToBootEvent
1151 );
1152
1153 //
1154 // Register the event to inform SMM variable that it is at runtime.
1155 //
1156 gBS->CreateEventEx (
1157 EVT_NOTIFY_SIGNAL,
1158 TPL_NOTIFY,
1159 OnExitBootServices,
1160 NULL,
1161 &gEfiEventExitBootServicesGuid,
1162 &ExitBootServiceEvent
1163 );
1164
1165 //
1166 // Register the event to inform SMM variable that it is at runtime for legacy boot.
1167 // Reuse OnExitBootServices() here.
1168 //
1169 EfiCreateEventLegacyBootEx(
1170 TPL_NOTIFY,
1171 OnExitBootServices,
1172 NULL,
1173 &LegacyBootEvent
1174 );
1175
1176 //
1177 // Register the event to convert the pointer for runtime.
1178 //
1179 gBS->CreateEventEx (
1180 EVT_NOTIFY_SIGNAL,
1181 TPL_NOTIFY,
1182 VariableAddressChangeEvent,
1183 NULL,
1184 &gEfiEventVirtualAddressChangeGuid,
1185 &mVirtualAddressChangeEvent
1186 );
1187
1188 return EFI_SUCCESS;
1189 }
1190
EFI Development Kit II mirror for PVE