]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg: Apply uncrustify changes
[mirror_edk2.git] / SecurityPkg / Tcg / MemoryOverwriteRequestControlLock / TcgMorLock.c
1 /** @file
2 TCG MOR (Memory Overwrite Request) Lock Control Driver.
3
4 This driver initializes MemoryOverwriteRequestControlLock variable.
5 This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
6
7 Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
9
10 **/
11
12 #include <PiDxe.h>
13 #include <Guid/MemoryOverwriteControl.h>
14 #include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
15 #include <Library/DebugLib.h>
16 #include <Library/BaseLib.h>
17 #include <Library/BaseMemoryLib.h>
18 #include "TcgMorLock.h"
19
20 typedef struct {
21 CHAR16 *VariableName;
22 EFI_GUID *VendorGuid;
23 } VARIABLE_TYPE;
24
25 VARIABLE_TYPE mMorVariableType[] = {
26 { MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid },
27 { MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid },
28 };
29
30 /**
31 Returns if this is MOR related variable.
32
33 @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
34 @param VendorGuid Unify identifier for vendor.
35
36 @retval TRUE The variable is MOR related.
37 @retval FALSE The variable is NOT MOR related.
38 **/
39 BOOLEAN
40 IsAnyMorVariable (
41 IN CHAR16 *VariableName,
42 IN EFI_GUID *VendorGuid
43 )
44 {
45 UINTN Index;
46
47 for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) {
48 if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
49 (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))
50 {
51 return TRUE;
52 }
53 }
54
55 return FALSE;
56 }
57
58 /**
59 Returns if this is MOR lock variable.
60
61 @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
62 @param VendorGuid Unify identifier for vendor.
63
64 @retval TRUE The variable is MOR lock variable.
65 @retval FALSE The variable is NOT MOR lock variable.
66 **/
67 BOOLEAN
68 IsMorLockVariable (
69 IN CHAR16 *VariableName,
70 IN EFI_GUID *VendorGuid
71 )
72 {
73 if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
74 (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid)))
75 {
76 return TRUE;
77 }
78
79 return FALSE;
80 }
81
82 /**
83 This service is a checker handler for the UEFI Runtime Service SetVariable()
84
85 @param VariableName the name of the vendor's variable, as a
86 Null-Terminated Unicode String
87 @param VendorGuid Unify identifier for vendor.
88 @param Attributes Point to memory location to return the attributes of variable. If the point
89 is NULL, the parameter would be ignored.
90 @param DataSize The size in bytes of Data-Buffer.
91 @param Data Point to the content of the variable.
92
93 @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
94 defined by the Attributes.
95 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
96 DataSize exceeds the maximum allowed.
97 @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
98 @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
99 @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
100 @retval EFI_WRITE_PROTECTED The variable in question is read-only.
101 @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
102 @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
103 set but the AuthInfo does NOT pass the validation check carried
104 out by the firmware.
105 @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
106
107 **/
108 EFI_STATUS
109 EFIAPI
110 SetVariableCheckHandlerMor (
111 IN CHAR16 *VariableName,
112 IN EFI_GUID *VendorGuid,
113 IN UINT32 Attributes,
114 IN UINTN DataSize,
115 IN VOID *Data
116 )
117 {
118 UINTN MorLockDataSize;
119 BOOLEAN MorLock;
120 EFI_STATUS Status;
121
122 //
123 // do not handle non-MOR variable
124 //
125 if (!IsAnyMorVariable (VariableName, VendorGuid)) {
126 return EFI_SUCCESS;
127 }
128
129 MorLockDataSize = sizeof (MorLock);
130 Status = InternalGetVariable (
131 MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
132 &gEfiMemoryOverwriteRequestControlLockGuid,
133 NULL,
134 &MorLockDataSize,
135 &MorLock
136 );
137 if (!EFI_ERROR (Status) && MorLock) {
138 //
139 // If lock, deny access
140 //
141 return EFI_INVALID_PARAMETER;
142 }
143
144 //
145 // Delete not OK
146 //
147 if ((DataSize != sizeof (UINT8)) || (Data == NULL) || (Attributes == 0)) {
148 return EFI_INVALID_PARAMETER;
149 }
150
151 //
152 // check format
153 //
154 if (IsMorLockVariable (VariableName, VendorGuid)) {
155 //
156 // set to any other value not OK
157 //
158 if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
159 return EFI_INVALID_PARAMETER;
160 }
161 }
162
163 //
164 // Or grant access
165 //
166 return EFI_SUCCESS;
167 }
168
169 /**
170 Entry Point for MOR Lock Control driver.
171
172 @param[in] ImageHandle Image handle of this driver.
173 @param[in] SystemTable A Pointer to the EFI System Table.
174
175 @retval EFI_SUCCESS
176 @return Others Some error occurs.
177 **/
178 EFI_STATUS
179 EFIAPI
180 MorLockDriverInit (
181 VOID
182 )
183 {
184 EFI_STATUS Status;
185 UINT8 Data;
186
187 Data = 0;
188 Status = InternalSetVariable (
189 MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
190 &gEfiMemoryOverwriteRequestControlLockGuid,
191 EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
192 1,
193 &Data
194 );
195 return Status;
196 }
EFI Development Kit II mirror for PVE