]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SecurityPkg Variable: Implement VarCheck PROTOCOL
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / VarCheck.c
1 /** @file
2 Implementation functions and structures for var check protocol.
3
4 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "Variable.h"
16 #include <Library/DevicePathLib.h>
17
18 extern LIST_ENTRY mLockedVariableList;
19 extern BOOLEAN mEndOfDxe;
20 extern BOOLEAN mEnableLocking;
21
22 #define VAR_CHECK_HANDLER_TABLE_SIZE 0x8
23
24 UINT32 mNumberOfHandler = 0;
25 UINT32 mMaxNumberOfHandler = 0;
26 VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable = NULL;
27
28 typedef struct {
29 LIST_ENTRY Link;
30 EFI_GUID Guid;
31 VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
32 //CHAR16 *Name;
33 } VAR_CHECK_VARIABLE_ENTRY;
34
35 LIST_ENTRY mVarCheckVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mVarCheckVariableList);
36
37 typedef
38 EFI_STATUS
39 (EFIAPI *INTERNAL_VAR_CHECK_FUNCTION) (
40 IN VAR_CHECK_VARIABLE_PROPERTY *Propery,
41 IN UINTN DataSize,
42 IN VOID *Data
43 );
44
45 typedef struct {
46 CHAR16 *Name;
47 VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
48 INTERNAL_VAR_CHECK_FUNCTION CheckFunction;
49 } UEFI_DEFINED_VARIABLE_ENTRY;
50
51 typedef struct _EFI_LOAD_OPTION {
52 UINT32 Attributes;
53 UINT16 FilePathListLength;
54 //CHAR16 Description[];
55 //EFI_DEVICE_PATH_PROTOCOL FilePathList[];
56 //UINT8 OptionalData[];
57 } EFI_LOAD_OPTION;
58
59 /**
60 Internal check for load option.
61
62 @param[in] VariablePropery Pointer to variable property.
63 @param[in] DataSize Data size.
64 @param[in] Data Pointer to data buffer.
65
66 @retval EFI_SUCCESS The SetVariable check result was success.
67 @retval EFI_INVALID_PARAMETER The data buffer is not a valid load option.
68
69 **/
70 EFI_STATUS
71 EFIAPI
72 InternalVarCheckLoadOption (
73 IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
74 IN UINTN DataSize,
75 IN VOID *Data
76 )
77 {
78 EFI_LOAD_OPTION *LoadOption;
79 CHAR16 *Description;
80 EFI_DEVICE_PATH_PROTOCOL *FilePathList;
81
82 LoadOption = (EFI_LOAD_OPTION *) Data;
83
84 //
85 // Check Description
86 //
87 Description = (CHAR16 *) ((UINTN) Data + sizeof (EFI_LOAD_OPTION));
88 while (Description < (CHAR16 *) ((UINTN) Data + DataSize)) {
89 if (*Description == L'\0') {
90 break;
91 }
92 Description++;
93 }
94 if ((UINTN) Description >= ((UINTN) Data + DataSize)) {
95 return EFI_INVALID_PARAMETER;
96 }
97 Description++;
98
99 //
100 // Check FilePathList
101 //
102 FilePathList = (EFI_DEVICE_PATH_PROTOCOL *) Description;
103 if ((UINTN) FilePathList > (MAX_ADDRESS - LoadOption->FilePathListLength)) {
104 return EFI_INVALID_PARAMETER;
105 }
106 if (((UINTN) FilePathList + LoadOption->FilePathListLength) > ((UINTN) Data + DataSize)) {
107 return EFI_INVALID_PARAMETER;
108 }
109 if (LoadOption->FilePathListLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
110 return EFI_INVALID_PARAMETER;
111 }
112 if (!IsDevicePathValid (FilePathList, LoadOption->FilePathListLength)) {
113 return EFI_INVALID_PARAMETER;
114 }
115
116 return EFI_SUCCESS;
117 }
118
119 /**
120 Internal check for key option.
121
122 @param[in] VariablePropery Pointer to variable property.
123 @param[in] DataSize Data size.
124 @param[in] Data Pointer to data buffer.
125
126 @retval EFI_SUCCESS The SetVariable check result was success.
127 @retval EFI_INVALID_PARAMETER The data buffer is not a valid key option.
128
129 **/
130 EFI_STATUS
131 EFIAPI
132 InternalVarCheckKeyOption (
133 IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
134 IN UINTN DataSize,
135 IN VOID *Data
136 )
137 {
138 if (((DataSize - sizeof (EFI_KEY_OPTION)) % sizeof (EFI_INPUT_KEY)) != 0) {
139 return EFI_INVALID_PARAMETER;
140 }
141
142 return EFI_SUCCESS;
143 }
144
145 /**
146 Internal check for device path.
147
148 @param[in] VariablePropery Pointer to variable property.
149 @param[in] DataSize Data size.
150 @param[in] Data Pointer to data buffer.
151
152 @retval EFI_SUCCESS The SetVariable check result was success.
153 @retval EFI_INVALID_PARAMETER The data buffer is not a valid device path.
154
155 **/
156 EFI_STATUS
157 EFIAPI
158 InternalVarCheckDevicePath (
159 IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
160 IN UINTN DataSize,
161 IN VOID *Data
162 )
163 {
164 if (!IsDevicePathValid ((EFI_DEVICE_PATH_PROTOCOL *) Data, DataSize)) {
165 return EFI_INVALID_PARAMETER;
166 }
167 return EFI_SUCCESS;
168 }
169
170 /**
171 Internal check for ASCII string.
172
173 @param[in] VariablePropery Pointer to variable property.
174 @param[in] DataSize Data size.
175 @param[in] Data Pointer to data buffer.
176
177 @retval EFI_SUCCESS The SetVariable check result was success.
178 @retval EFI_INVALID_PARAMETER The data buffer is not a Null-terminated ASCII string.
179
180 **/
181 EFI_STATUS
182 EFIAPI
183 InternalVarCheckAsciiString (
184 IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
185 IN UINTN DataSize,
186 IN VOID *Data
187 )
188 {
189 CHAR8 *String;
190 UINTN Index;
191
192 String = (CHAR8 *) Data;
193 if (String[DataSize - 1] == '\0') {
194 return EFI_SUCCESS;
195 } else {
196 for (Index = 1; Index < DataSize && (String[DataSize - 1 - Index] != '\0'); Index++);
197 if (Index == DataSize) {
198 return EFI_INVALID_PARAMETER;
199 }
200 }
201 return EFI_SUCCESS;
202 }
203
204 /**
205 Internal check for size array.
206
207 @param[in] VariablePropery Pointer to variable property.
208 @param[in] DataSize Data size.
209 @param[in] Data Pointer to data buffer.
210
211 @retval EFI_SUCCESS The SetVariable check result was success.
212 @retval EFI_INVALID_PARAMETER The DataSize is not size array.
213
214 **/
215 EFI_STATUS
216 EFIAPI
217 InternalVarCheckSizeArray (
218 IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
219 IN UINTN DataSize,
220 IN VOID *Data
221 )
222 {
223 if ((DataSize % VariablePropery->MinSize) != 0) {
224 return EFI_INVALID_PARAMETER;
225 }
226 return EFI_SUCCESS;
227 }
228
229 //
230 // To prevent name collisions with possible future globally defined variables,
231 // other internal firmware data variables that are not defined here must be
232 // saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
233 // any other GUID defined by the UEFI Specification. Implementations must
234 // only permit the creation of variables with a UEFI Specification-defined
235 // VendorGuid when these variables are documented in the UEFI Specification.
236 //
237 UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList[] = {
238 {
239 EFI_LANG_CODES_VARIABLE_NAME,
240 {
241 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
242 0,
243 VARIABLE_ATTRIBUTE_BS_RT,
244 1,
245 MAX_UINTN
246 },
247 InternalVarCheckAsciiString
248 },
249 {
250 EFI_LANG_VARIABLE_NAME,
251 {
252 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
253 0,
254 VARIABLE_ATTRIBUTE_NV_BS_RT,
255 1,
256 MAX_UINTN
257 },
258 InternalVarCheckAsciiString
259 },
260 {
261 EFI_TIME_OUT_VARIABLE_NAME,
262 {
263 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
264 0,
265 VARIABLE_ATTRIBUTE_NV_BS_RT,
266 sizeof (UINT16),
267 sizeof (UINT16)
268 },
269 NULL
270 },
271 {
272 EFI_PLATFORM_LANG_CODES_VARIABLE_NAME,
273 {
274 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
275 0,
276 VARIABLE_ATTRIBUTE_BS_RT,
277 1,
278 MAX_UINTN
279 },
280 InternalVarCheckAsciiString
281 },
282 {
283 EFI_PLATFORM_LANG_VARIABLE_NAME,
284 {
285 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
286 0,
287 VARIABLE_ATTRIBUTE_NV_BS_RT,
288 1,
289 MAX_UINTN
290 },
291 InternalVarCheckAsciiString
292 },
293 {
294 EFI_CON_IN_VARIABLE_NAME,
295 {
296 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
297 0,
298 VARIABLE_ATTRIBUTE_NV_BS_RT,
299 sizeof (EFI_DEVICE_PATH_PROTOCOL),
300 MAX_UINTN
301 },
302 InternalVarCheckDevicePath
303 },
304 {
305 EFI_CON_OUT_VARIABLE_NAME,
306 {
307 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
308 0,
309 VARIABLE_ATTRIBUTE_NV_BS_RT,
310 sizeof (EFI_DEVICE_PATH_PROTOCOL),
311 MAX_UINTN
312 },
313 InternalVarCheckDevicePath
314 },
315 {
316 EFI_ERR_OUT_VARIABLE_NAME,
317 {
318 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
319 0,
320 VARIABLE_ATTRIBUTE_NV_BS_RT,
321 sizeof (EFI_DEVICE_PATH_PROTOCOL),
322 MAX_UINTN
323 },
324 InternalVarCheckDevicePath
325 },
326 {
327 EFI_CON_IN_DEV_VARIABLE_NAME,
328 {
329 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
330 0,
331 VARIABLE_ATTRIBUTE_BS_RT,
332 sizeof (EFI_DEVICE_PATH_PROTOCOL),
333 MAX_UINTN
334 },
335 InternalVarCheckDevicePath
336 },
337 {
338 EFI_CON_OUT_DEV_VARIABLE_NAME,
339 {
340 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
341 0,
342 VARIABLE_ATTRIBUTE_BS_RT,
343 sizeof (EFI_DEVICE_PATH_PROTOCOL),
344 MAX_UINTN
345 },
346 InternalVarCheckDevicePath
347 },
348 {
349 EFI_ERR_OUT_DEV_VARIABLE_NAME,
350 {
351 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
352 0,
353 VARIABLE_ATTRIBUTE_BS_RT,
354 sizeof (EFI_DEVICE_PATH_PROTOCOL),
355 MAX_UINTN
356 },
357 InternalVarCheckDevicePath
358 },
359 {
360 EFI_BOOT_ORDER_VARIABLE_NAME,
361 {
362 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
363 0,
364 VARIABLE_ATTRIBUTE_NV_BS_RT,
365 sizeof (UINT16),
366 MAX_UINTN
367 },
368 InternalVarCheckSizeArray
369 },
370 {
371 EFI_BOOT_NEXT_VARIABLE_NAME,
372 {
373 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
374 0,
375 VARIABLE_ATTRIBUTE_NV_BS_RT,
376 sizeof (UINT16),
377 sizeof (UINT16)
378 },
379 NULL
380 },
381 {
382 EFI_BOOT_CURRENT_VARIABLE_NAME,
383 {
384 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
385 0,
386 VARIABLE_ATTRIBUTE_BS_RT,
387 sizeof (UINT16),
388 sizeof (UINT16)
389 },
390 NULL
391 },
392 {
393 EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME,
394 {
395 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
396 0,
397 VARIABLE_ATTRIBUTE_BS_RT,
398 sizeof (UINT32),
399 sizeof (UINT32)
400 },
401 NULL
402 },
403 {
404 EFI_DRIVER_ORDER_VARIABLE_NAME,
405 {
406 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
407 0,
408 VARIABLE_ATTRIBUTE_NV_BS_RT,
409 sizeof (UINT16),
410 MAX_UINTN
411 },
412 InternalVarCheckSizeArray
413 },
414 {
415 EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
416 {
417 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
418 0,
419 VARIABLE_ATTRIBUTE_NV_BS_RT,
420 sizeof (UINT16),
421 sizeof (UINT16)
422 },
423 NULL
424 },
425 {
426 EFI_SETUP_MODE_NAME,
427 {
428 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
429 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
430 VARIABLE_ATTRIBUTE_BS_RT,
431 sizeof (UINT8),
432 sizeof (UINT8)
433 },
434 NULL
435 },
436 {
437 EFI_KEY_EXCHANGE_KEY_NAME,
438 {
439 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
440 0,
441 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
442 1,
443 MAX_UINTN
444 },
445 NULL
446 },
447 {
448 EFI_PLATFORM_KEY_NAME,
449 {
450 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
451 0,
452 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
453 1,
454 MAX_UINTN
455 },
456 NULL
457 },
458 {
459 EFI_SIGNATURE_SUPPORT_NAME,
460 {
461 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
462 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
463 VARIABLE_ATTRIBUTE_BS_RT,
464 sizeof (EFI_GUID),
465 MAX_UINTN
466 },
467 InternalVarCheckSizeArray
468 },
469 {
470 EFI_SECURE_BOOT_MODE_NAME,
471 {
472 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
473 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
474 VARIABLE_ATTRIBUTE_BS_RT,
475 sizeof (UINT8),
476 sizeof (UINT8)
477 },
478 NULL
479 },
480 {
481 EFI_KEK_DEFAULT_VARIABLE_NAME,
482 {
483 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
484 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
485 VARIABLE_ATTRIBUTE_BS_RT,
486 1,
487 MAX_UINTN
488 },
489 NULL
490 },
491 {
492 EFI_PK_DEFAULT_VARIABLE_NAME,
493 {
494 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
495 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
496 VARIABLE_ATTRIBUTE_BS_RT,
497 1,
498 MAX_UINTN
499 },
500 NULL
501 },
502 {
503 EFI_DB_DEFAULT_VARIABLE_NAME,
504 {
505 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
506 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
507 VARIABLE_ATTRIBUTE_BS_RT,
508 1,
509 MAX_UINTN
510 },
511 NULL
512 },
513 {
514 EFI_DBX_DEFAULT_VARIABLE_NAME,
515 {
516 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
517 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
518 VARIABLE_ATTRIBUTE_BS_RT,
519 1,
520 MAX_UINTN
521 },
522 NULL
523 },
524 {
525 EFI_DBT_DEFAULT_VARIABLE_NAME,
526 {
527 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
528 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
529 VARIABLE_ATTRIBUTE_BS_RT,
530 1,
531 MAX_UINTN
532 },
533 NULL
534 },
535 {
536 EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME,
537 {
538 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
539 0,
540 VARIABLE_ATTRIBUTE_BS_RT,
541 sizeof (UINT64),
542 sizeof (UINT64)
543 },
544 NULL
545 },
546 {
547 EFI_OS_INDICATIONS_VARIABLE_NAME,
548 {
549 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
550 0,
551 VARIABLE_ATTRIBUTE_NV_BS_RT,
552 sizeof (UINT64),
553 sizeof (UINT64)
554 },
555 NULL
556 },
557 {
558 EFI_VENDOR_KEYS_VARIABLE_NAME,
559 {
560 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
561 VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
562 VARIABLE_ATTRIBUTE_BS_RT,
563 sizeof (UINT8),
564 sizeof (UINT8)
565 },
566 NULL
567 },
568 };
569 UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList2[] = {
570 {
571 L"Boot####",
572 {
573 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
574 0,
575 VARIABLE_ATTRIBUTE_NV_BS_RT,
576 sizeof (EFI_LOAD_OPTION),
577 MAX_UINTN
578 },
579 InternalVarCheckLoadOption
580 },
581 {
582 L"Driver####",
583 {
584 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
585 0,
586 VARIABLE_ATTRIBUTE_NV_BS_RT,
587 sizeof (EFI_LOAD_OPTION),
588 MAX_UINTN
589 },
590 InternalVarCheckLoadOption
591 },
592 {
593 L"Key####",
594 {
595 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
596 0,
597 VARIABLE_ATTRIBUTE_NV_BS_RT,
598 sizeof (EFI_KEY_OPTION),
599 sizeof (EFI_KEY_OPTION) + 3 * sizeof (EFI_INPUT_KEY)
600 },
601 InternalVarCheckKeyOption
602 },
603 };
604
605 //
606 // EFI_IMAGE_SECURITY_DATABASE_GUID
607 //
608 UEFI_DEFINED_VARIABLE_ENTRY mImageSecurityVariableList[] = {
609 {
610 EFI_IMAGE_SECURITY_DATABASE,
611 {
612 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
613 0,
614 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
615 1,
616 MAX_UINTN
617 },
618 NULL
619 },
620 {
621 EFI_IMAGE_SECURITY_DATABASE1,
622 {
623 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
624 0,
625 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
626 1,
627 MAX_UINTN
628 },
629 NULL
630 },
631 {
632 EFI_IMAGE_SECURITY_DATABASE2,
633 {
634 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
635 0,
636 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
637 1,
638 MAX_UINTN
639 },
640 NULL
641 },
642 };
643
644 typedef struct {
645 EFI_GUID *Guid;
646 CHAR16 *Name;
647 VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
648 INTERNAL_VAR_CHECK_FUNCTION CheckFunction;
649 } VARIABLE_DRIVER_VARIABLE_ENTRY;
650
651 VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
652 {
653 &gEfiSecureBootEnableDisableGuid,
654 EFI_SECURE_BOOT_ENABLE_NAME,
655 {
656 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
657 0,
658 VARIABLE_ATTRIBUTE_NV_BS,
659 sizeof (UINT8),
660 sizeof (UINT8)
661 },
662 NULL
663 },
664 {
665 &gEfiCustomModeEnableGuid,
666 EFI_CUSTOM_MODE_NAME,
667 {
668 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
669 0,
670 VARIABLE_ATTRIBUTE_NV_BS,
671 sizeof (UINT8),
672 sizeof (UINT8)
673 },
674 NULL
675 },
676 {
677 &gEfiVendorKeysNvGuid,
678 EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
679 {
680 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
681 0,
682 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
683 sizeof (UINT8),
684 sizeof (UINT8)
685 },
686 NULL
687 },
688 {
689 &gEfiAuthenticatedVariableGuid,
690 L"AuthVarKeyDatabase",
691 {
692 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
693 0,
694 VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
695 sizeof (UINT8),
696 MAX_UINTN
697 },
698 NULL
699 },
700 {
701 &gEfiCertDbGuid,
702 L"certdb",
703 {
704 VAR_CHECK_VARIABLE_PROPERTY_REVISION,
705 0,
706 VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
707 sizeof (UINT32),
708 MAX_UINTN
709 },
710 NULL
711 },
712 };
713
714 /**
715 Get UEFI defined global variable or image security database variable property.
716 The code will check if variable guid is global variable or image security database guid first.
717 If yes, further check if variable name is in mGlobalVariableList, mGlobalVariableList2 or mImageSecurityVariableList.
718
719 @param[in] VariableName Pointer to variable name.
720 @param[in] VendorGuid Variable Vendor Guid.
721 @param[in] WildcardMatch Try wildcard match or not.
722 @param[out] VariableProperty Pointer to variable property.
723 @param[out] VarCheckFunction Pointer to check function.
724
725 @retval EFI_SUCCESS Variable is not global variable or image security database variable.
726 @retval EFI_INVALID_PARAMETER Variable is global variable or image security database variable, but variable name is not in the lists.
727
728 **/
729 EFI_STATUS
730 GetUefiDefinedVariableProperty (
731 IN CHAR16 *VariableName,
732 IN EFI_GUID *VendorGuid,
733 IN BOOLEAN WildcardMatch,
734 OUT VAR_CHECK_VARIABLE_PROPERTY **VariableProperty,
735 OUT INTERNAL_VAR_CHECK_FUNCTION *VarCheckFunction OPTIONAL
736 )
737 {
738 UINTN Index;
739 UINTN NameLength;
740
741 if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)){
742 //
743 // Try list 1, exactly match.
744 //
745 for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) {
746 if (StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) {
747 if (VarCheckFunction != NULL) {
748 *VarCheckFunction = mGlobalVariableList[Index].CheckFunction;
749 }
750 *VariableProperty = &mGlobalVariableList[Index].VariableProperty;
751 return EFI_SUCCESS;
752 }
753 }
754
755 //
756 // Try list 2.
757 //
758 NameLength = StrLen (VariableName) - 4;
759 for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) {
760 if (WildcardMatch) {
761 if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) &&
762 (StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) &&
763 IsHexaDecimalDigitCharacter (VariableName[NameLength]) &&
764 IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) &&
765 IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) &&
766 IsHexaDecimalDigitCharacter (VariableName[NameLength + 3])) {
767 if (VarCheckFunction != NULL) {
768 *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction;
769 }
770 *VariableProperty = &mGlobalVariableList2[Index].VariableProperty;
771 return EFI_SUCCESS;
772 }
773 } else {
774 if (StrCmp (mGlobalVariableList2[Index].Name, VariableName) == 0) {
775 if (VarCheckFunction != NULL) {
776 *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction;
777 }
778 *VariableProperty = &mGlobalVariableList2[Index].VariableProperty;
779 return EFI_SUCCESS;
780 }
781 }
782 }
783
784 //
785 // The variable name is not in the lists.
786 //
787 return EFI_INVALID_PARAMETER;
788 }
789
790 if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)){
791 for (Index = 0; Index < sizeof (mImageSecurityVariableList)/sizeof (mImageSecurityVariableList[0]); Index++) {
792 if (StrCmp (mImageSecurityVariableList[Index].Name, VariableName) == 0) {
793 if (VarCheckFunction != NULL) {
794 *VarCheckFunction = mImageSecurityVariableList[Index].CheckFunction;
795 }
796 *VariableProperty = &mImageSecurityVariableList[Index].VariableProperty;
797 return EFI_SUCCESS;
798 }
799 }
800
801 return EFI_INVALID_PARAMETER;
802 }
803
804 //
805 // It is not global variable or image security database variable.
806 //
807 return EFI_SUCCESS;
808 }
809
810 /**
811 Get variable property for variables managed by Varaible driver.
812
813 @param[in] VariableName Pointer to variable name.
814 @param[in] VendorGuid Variable Vendor Guid.
815 @param[out] VarCheckFunction Pointer to check function.
816
817 @return Pointer to variable property.
818
819 **/
820 VAR_CHECK_VARIABLE_PROPERTY *
821 GetVariableDriverVariableProperty (
822 IN CHAR16 *VariableName,
823 IN EFI_GUID *VendorGuid,
824 OUT INTERNAL_VAR_CHECK_FUNCTION *VarCheckFunction OPTIONAL
825 )
826 {
827 UINTN Index;
828
829 for (Index = 0; Index < sizeof (mVariableDriverVariableList)/sizeof (mVariableDriverVariableList[0]); Index++) {
830 if ((CompareGuid (mVariableDriverVariableList[Index].Guid, VendorGuid)) && (StrCmp (mVariableDriverVariableList[Index].Name, VariableName) == 0)) {
831 if (VarCheckFunction != NULL) {
832 *VarCheckFunction = mVariableDriverVariableList[Index].CheckFunction;
833 }
834 return &mVariableDriverVariableList[Index].VariableProperty;
835 }
836 }
837
838 return NULL;
839 }
840
841 /**
842 Internal SetVariable check.
843
844 @param[in] VariableName Name of Variable to set.
845 @param[in] VendorGuid Variable vendor GUID.
846 @param[in] Attributes Attribute value of the variable.
847 @param[in] DataSize Size of Data to set.
848 @param[in] Data Data pointer.
849
850 @retval EFI_SUCCESS The SetVariable check result was success.
851 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied,
852 or the DataSize exceeds the minimum or maximum allowed,
853 or the Data value is not following UEFI spec for UEFI defined variables.
854 @retval EFI_WRITE_PROTECTED The variable in question is read-only.
855 @retval Others The return status from check handler.
856
857 **/
858 EFI_STATUS
859 EFIAPI
860 InternalVarCheckSetVariableCheck (
861 IN CHAR16 *VariableName,
862 IN EFI_GUID *VendorGuid,
863 IN UINT32 Attributes,
864 IN UINTN DataSize,
865 IN VOID *Data
866 )
867 {
868 EFI_STATUS Status;
869 UINTN Index;
870 LIST_ENTRY *Link;
871 VAR_CHECK_VARIABLE_ENTRY *Entry;
872 CHAR16 *Name;
873 VAR_CHECK_VARIABLE_PROPERTY *Property;
874 INTERNAL_VAR_CHECK_FUNCTION VarCheckFunction;
875
876 if (!mEndOfDxe) {
877 //
878 // Only do check after End Of Dxe.
879 //
880 return EFI_SUCCESS;
881 }
882
883 Property = NULL;
884 Status = GetUefiDefinedVariableProperty (VariableName, VendorGuid, TRUE, &Property, &VarCheckFunction);
885 if (EFI_ERROR (Status)) {
886 DEBUG ((EFI_D_INFO, "[Variable]: Var Check UEFI defined variable fail %r - %g:%s\n", Status, VendorGuid, VariableName));
887 return Status;
888 }
889 if (Property == NULL) {
890 Property = GetVariableDriverVariableProperty (VariableName, VendorGuid, &VarCheckFunction);
891 }
892 if (Property == NULL) {
893 VarCheckFunction = NULL;
894 for ( Link = GetFirstNode (&mVarCheckVariableList)
895 ; !IsNull (&mVarCheckVariableList, Link)
896 ; Link = GetNextNode (&mVarCheckVariableList, Link)
897 ) {
898 Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link);
899 Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
900 if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
901 Property = &Entry->VariableProperty;
902 break;
903 }
904 }
905 }
906 if (Property != NULL) {
907 if (mEnableLocking && ((Property->Property & VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY) != 0)) {
908 DEBUG ((EFI_D_INFO, "[Variable]: Var Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName));
909 return EFI_WRITE_PROTECTED;
910 }
911 if ((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0)) {
912 //
913 // Do not check delete variable.
914 //
915 return EFI_SUCCESS;
916 }
917 if ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes) {
918 DEBUG ((EFI_D_INFO, "[Variable]: Var Check Attributes fail %r - %g:%s\n", EFI_INVALID_PARAMETER, VendorGuid, VariableName));
919 return EFI_INVALID_PARAMETER;
920 }
921 if (DataSize != 0) {
922 if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) {
923 DEBUG ((EFI_D_INFO, "[Variable]: Var Check DataSize fail %r - %g:%s\n", EFI_INVALID_PARAMETER, VendorGuid, VariableName));
924 return EFI_INVALID_PARAMETER;
925 }
926 if (VarCheckFunction != NULL) {
927 Status = VarCheckFunction (
928 Property,
929 DataSize,
930 Data
931 );
932 if (EFI_ERROR (Status)) {
933 DEBUG ((EFI_D_INFO, "[Variable]: Internal Var Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName));
934 return Status;
935 }
936 }
937 }
938 }
939
940 for (Index = 0; Index < mNumberOfHandler; Index ++) {
941 Status = mHandlerTable[Index] (
942 VariableName,
943 VendorGuid,
944 Attributes,
945 DataSize,
946 Data
947 );
948 if (EFI_ERROR (Status)) {
949 DEBUG ((EFI_D_INFO, "[Variable]: Var Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));
950 return Status;
951 }
952 }
953 return EFI_SUCCESS;
954 }
955
956 /**
957 Reallocates more global memory to store the registered handler list.
958
959 @retval RETURN_SUCCESS Reallocate memory successfully.
960 @retval RETURN_OUT_OF_RESOURCES No enough memory to allocate.
961
962 **/
963 RETURN_STATUS
964 EFIAPI
965 ReallocateHandlerTable (
966 VOID
967 )
968 {
969 VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *HandlerTable;
970
971 //
972 // Reallocate memory for check handler table.
973 //
974 HandlerTable = ReallocateRuntimePool (
975 mMaxNumberOfHandler * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER),
976 (mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE) * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER),
977 mHandlerTable
978 );
979
980 //
981 // No enough resource to allocate.
982 //
983 if (HandlerTable == NULL) {
984 return RETURN_OUT_OF_RESOURCES;
985 }
986
987 mHandlerTable = HandlerTable;
988 //
989 // Increase max handler number.
990 //
991 mMaxNumberOfHandler = mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE;
992 return RETURN_SUCCESS;
993 }
994
995 /**
996 Register SetVariable check handler.
997
998 @param[in] Handler Pointer to check handler.
999
1000 @retval EFI_SUCCESS The SetVariable check handler was registered successfully.
1001 @retval EFI_INVALID_PARAMETER Handler is NULL.
1002 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
1003 already been signaled.
1004 @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
1005 @retval EFI_UNSUPPORTED This interface is not implemented.
1006 For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
1007
1008 **/
1009 EFI_STATUS
1010 EFIAPI
1011 VarCheckRegisterSetVariableCheckHandler (
1012 IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
1013 )
1014 {
1015 EFI_STATUS Status;
1016
1017 if (Handler == NULL) {
1018 return EFI_INVALID_PARAMETER;
1019 }
1020
1021 if (mEndOfDxe) {
1022 return EFI_ACCESS_DENIED;
1023 }
1024
1025 DEBUG ((EFI_D_INFO, "RegisterSetVariableCheckHandler - 0x%x\n", Handler));
1026
1027 //
1028 // Check whether the handler list is enough to store new handler.
1029 //
1030 if (mNumberOfHandler == mMaxNumberOfHandler) {
1031 //
1032 // Allocate more resources for new handler.
1033 //
1034 Status = ReallocateHandlerTable();
1035 if (EFI_ERROR (Status)) {
1036 return Status;
1037 }
1038 }
1039
1040 //
1041 // Register new handler into the handler list.
1042 //
1043 mHandlerTable[mNumberOfHandler] = Handler;
1044 mNumberOfHandler ++;
1045
1046 return EFI_SUCCESS;
1047 }
1048
1049 /**
1050 Internal variable property get.
1051
1052 @param[in] Name Pointer to the variable name.
1053 @param[in] Guid Pointer to the vendor GUID.
1054
1055 @return Pointer to the property of variable specified by the Name and Guid.
1056
1057 **/
1058 VAR_CHECK_VARIABLE_PROPERTY *
1059 InternalVarCheckVariablePropertyGet (
1060 IN CHAR16 *Name,
1061 IN EFI_GUID *Guid
1062 )
1063 {
1064 LIST_ENTRY *Link;
1065 VAR_CHECK_VARIABLE_ENTRY *Entry;
1066 CHAR16 *VariableName;
1067 VAR_CHECK_VARIABLE_PROPERTY *Property;
1068
1069 Property = NULL;
1070 GetUefiDefinedVariableProperty (Name, Guid, FALSE, &Property, NULL);
1071 if (Property == NULL) {
1072 Property = GetVariableDriverVariableProperty (Name, Guid, NULL);
1073 }
1074 if (Property != NULL) {
1075 return Property;
1076 } else {
1077 for ( Link = GetFirstNode (&mVarCheckVariableList)
1078 ; !IsNull (&mVarCheckVariableList, Link)
1079 ; Link = GetNextNode (&mVarCheckVariableList, Link)
1080 ) {
1081 Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link);
1082 VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
1083 if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {
1084 return &Entry->VariableProperty;
1085 }
1086 }
1087 }
1088
1089 return NULL;
1090 }
1091
1092 /**
1093 Variable property set.
1094
1095 @param[in] Name Pointer to the variable name.
1096 @param[in] Guid Pointer to the vendor GUID.
1097 @param[in] VariableProperty Pointer to the input variable property.
1098
1099 @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
1100 @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
1101 or the fields of VariableProperty are not valid.
1102 @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
1103 already been signaled.
1104 @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
1105
1106 **/
1107 EFI_STATUS
1108 EFIAPI
1109 VarCheckVariablePropertySet (
1110 IN CHAR16 *Name,
1111 IN EFI_GUID *Guid,
1112 IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
1113 )
1114 {
1115 EFI_STATUS Status;
1116 VAR_CHECK_VARIABLE_ENTRY *Entry;
1117 CHAR16 *VariableName;
1118 VAR_CHECK_VARIABLE_PROPERTY *Property;
1119
1120 if (Name == NULL || Name[0] == 0 || Guid == NULL) {
1121 return EFI_INVALID_PARAMETER;
1122 }
1123
1124 if (VariableProperty == NULL) {
1125 return EFI_INVALID_PARAMETER;
1126 }
1127
1128 if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {
1129 return EFI_INVALID_PARAMETER;
1130 }
1131
1132 if (mEndOfDxe) {
1133 return EFI_ACCESS_DENIED;
1134 }
1135
1136 Status = EFI_SUCCESS;
1137
1138 AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
1139
1140 Property = InternalVarCheckVariablePropertyGet (Name, Guid);
1141 if (Property != NULL) {
1142 CopyMem (Property, VariableProperty, sizeof (*VariableProperty));
1143 } else {
1144 Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name));
1145 if (Entry == NULL) {
1146 Status = EFI_OUT_OF_RESOURCES;
1147 goto Done;
1148 }
1149 VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
1150 StrnCpy (VariableName, Name, StrLen (Name));
1151 CopyGuid (&Entry->Guid, Guid);
1152 CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty));
1153 InsertTailList (&mVarCheckVariableList, &Entry->Link);
1154 }
1155
1156 Done:
1157 ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
1158
1159 return Status;
1160 }
1161
1162 /**
1163 Variable property get.
1164
1165 @param[in] Name Pointer to the variable name.
1166 @param[in] Guid Pointer to the vendor GUID.
1167 @param[out] VariableProperty Pointer to the output variable property.
1168
1169 @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
1170 @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
1171 @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
1172
1173 **/
1174 EFI_STATUS
1175 EFIAPI
1176 VarCheckVariablePropertyGet (
1177 IN CHAR16 *Name,
1178 IN EFI_GUID *Guid,
1179 OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
1180 )
1181 {
1182 LIST_ENTRY *Link;
1183 VARIABLE_ENTRY *Entry;
1184 CHAR16 *VariableName;
1185 BOOLEAN Found;
1186 VAR_CHECK_VARIABLE_PROPERTY *Property;
1187
1188 if (Name == NULL || Name[0] == 0 || Guid == NULL) {
1189 return EFI_INVALID_PARAMETER;
1190 }
1191
1192 if (VariableProperty == NULL) {
1193 return EFI_INVALID_PARAMETER;
1194 }
1195
1196 Found = FALSE;
1197
1198 AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
1199
1200 Property = InternalVarCheckVariablePropertyGet (Name, Guid);
1201 if (Property != NULL) {
1202 CopyMem (VariableProperty, Property, sizeof (*VariableProperty));
1203 Found = TRUE;
1204 }
1205
1206 for ( Link = GetFirstNode (&mLockedVariableList)
1207 ; !IsNull (&mLockedVariableList, Link)
1208 ; Link = GetNextNode (&mLockedVariableList, Link)
1209 ) {
1210 Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
1211 VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
1212 if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {
1213 VariableProperty->Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
1214 if (!Found) {
1215 VariableProperty->Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
1216 Found = TRUE;
1217 }
1218 }
1219 }
1220
1221 ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
1222
1223 return (Found ? EFI_SUCCESS : EFI_NOT_FOUND);
1224 }
1225
EFI Development Kit II mirror for PVE