2 Implement all four UEFI Runtime Variable services for the nonvolatile
3 and volatile storage space and install variable architecture protocol
4 based on SMM variable module.
6 Caution: This module requires additional review when modified.
7 This driver will have external input - variable data.
8 This external input must be validated carefully to avoid security issue like
9 buffer overflow, integer overflow.
11 RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external API
12 to receive data buffer. The size should be checked carefully.
14 InitCommunicateBuffer() is really function to check the variable data size.
16 Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
17 This program and the accompanying materials
18 are licensed and made available under the terms and conditions of the BSD License
19 which accompanies this distribution. The full text of the license may be found at
20 http://opensource.org/licenses/bsd-license.php
22 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
23 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
28 #include <Protocol/VariableWrite.h>
29 #include <Protocol/Variable.h>
30 #include <Protocol/SmmCommunication.h>
31 #include <Protocol/SmmVariable.h>
33 #include <Library/UefiBootServicesTableLib.h>
34 #include <Library/UefiRuntimeServicesTableLib.h>
35 #include <Library/MemoryAllocationLib.h>
36 #include <Library/UefiDriverEntryPoint.h>
37 #include <Library/UefiRuntimeLib.h>
38 #include <Library/BaseMemoryLib.h>
39 #include <Library/DebugLib.h>
40 #include <Library/PcdLib.h>
41 #include <Library/UefiLib.h>
42 #include <Library/BaseLib.h>
44 #include <Guid/EventGroup.h>
45 #include <Guid/AuthenticatedVariableFormat.h>
46 #include <Guid/SmmVariableCommon.h>
48 EFI_HANDLE mHandle
= NULL
;
49 EFI_SMM_VARIABLE_PROTOCOL
*mSmmVariable
= NULL
;
50 EFI_EVENT mVirtualAddressChangeEvent
= NULL
;
51 EFI_SMM_COMMUNICATION_PROTOCOL
*mSmmCommunication
= NULL
;
52 UINT8
*mVariableBuffer
= NULL
;
53 UINT8
*mVariableBufferPhysical
= NULL
;
54 UINTN mVariableBufferSize
;
55 EFI_LOCK mVariableServicesLock
;
58 Acquires lock only at boot time. Simply returns at runtime.
60 This is a temperary function that will be removed when
61 EfiAcquireLock() in UefiLib can handle the call in UEFI
62 Runtimer driver in RT phase.
63 It calls EfiAcquireLock() at boot time, and simply returns
66 @param Lock A pointer to the lock to acquire.
70 AcquireLockOnlyAtBootTime (
74 if (!EfiAtRuntime ()) {
75 EfiAcquireLock (Lock
);
80 Releases lock only at boot time. Simply returns at runtime.
82 This is a temperary function which will be removed when
83 EfiReleaseLock() in UefiLib can handle the call in UEFI
84 Runtimer driver in RT phase.
85 It calls EfiReleaseLock() at boot time and simply returns
88 @param Lock A pointer to the lock to release.
92 ReleaseLockOnlyAtBootTime (
96 if (!EfiAtRuntime ()) {
97 EfiReleaseLock (Lock
);
102 Initialize the communicate buffer using DataSize and Function.
104 The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE +
107 Caution: This function may receive untrusted input.
108 The data size external input, so this function will validate it carefully to avoid buffer overflow.
110 @param[out] DataPtr Points to the data in the communicate buffer.
111 @param[in] DataSize The data size to send to SMM.
112 @param[in] Function The function number to initialize the communicate header.
114 @retval EFI_INVALID_PARAMETER The data size is too big.
115 @retval EFI_SUCCESS Find the specified variable.
119 InitCommunicateBuffer (
120 OUT VOID
**DataPtr OPTIONAL
,
125 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
126 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
129 if (DataSize
+ SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
> mVariableBufferSize
) {
130 return EFI_INVALID_PARAMETER
;
133 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) mVariableBuffer
;
134 CopyGuid (&SmmCommunicateHeader
->HeaderGuid
, &gEfiSmmVariableProtocolGuid
);
135 SmmCommunicateHeader
->MessageLength
= DataSize
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
137 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*) SmmCommunicateHeader
->Data
;
138 SmmVariableFunctionHeader
->Function
= Function
;
139 if (DataPtr
!= NULL
) {
140 *DataPtr
= SmmVariableFunctionHeader
->Data
;
148 Send the data in communicate buffer to SMM.
150 @param[in] DataSize This size of the function header and the data.
152 @retval EFI_SUCCESS Success is returned from the functin in SMM.
153 @retval Others Failure is returned from the function in SMM.
157 SendCommunicateBuffer (
163 EFI_SMM_COMMUNICATE_HEADER
*SmmCommunicateHeader
;
164 SMM_VARIABLE_COMMUNICATE_HEADER
*SmmVariableFunctionHeader
;
166 CommSize
= DataSize
+ SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
167 Status
= mSmmCommunication
->Communicate (mSmmCommunication
, mVariableBufferPhysical
, &CommSize
);
168 ASSERT_EFI_ERROR (Status
);
170 SmmCommunicateHeader
= (EFI_SMM_COMMUNICATE_HEADER
*) mVariableBuffer
;
171 SmmVariableFunctionHeader
= (SMM_VARIABLE_COMMUNICATE_HEADER
*)SmmCommunicateHeader
->Data
;
172 return SmmVariableFunctionHeader
->ReturnStatus
;
177 This code finds variable in storage blocks (Volatile or Non-Volatile).
179 Caution: This function may receive untrusted input.
180 The data size is external input, so this function will validate it carefully to avoid buffer overflow.
182 @param[in] VariableName Name of Variable to be found.
183 @param[in] VendorGuid Variable vendor GUID.
184 @param[out] Attributes Attribute value of the variable found.
185 @param[in, out] DataSize Size of Data found. If size is less than the
186 data, this value contains the required size.
187 @param[out] Data Data pointer.
189 @retval EFI_INVALID_PARAMETER Invalid parameter.
190 @retval EFI_SUCCESS Find the specified variable.
191 @retval EFI_NOT_FOUND Not found.
192 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
197 RuntimeServiceGetVariable (
198 IN CHAR16
*VariableName
,
199 IN EFI_GUID
*VendorGuid
,
200 OUT UINT32
*Attributes OPTIONAL
,
201 IN OUT UINTN
*DataSize
,
207 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
209 if (VariableName
== NULL
|| VendorGuid
== NULL
|| DataSize
== NULL
) {
210 return EFI_INVALID_PARAMETER
;
213 if ((*DataSize
!= 0) && (Data
== NULL
)) {
214 return EFI_INVALID_PARAMETER
;
217 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
220 // Init the communicate buffer. The buffer data size is:
221 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
223 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + StrSize (VariableName
) + *DataSize
;
224 Status
= InitCommunicateBuffer ((VOID
**)&SmmVariableHeader
, PayloadSize
, SMM_VARIABLE_FUNCTION_GET_VARIABLE
);
225 if (EFI_ERROR (Status
)) {
228 ASSERT (SmmVariableHeader
!= NULL
);
230 CopyGuid (&SmmVariableHeader
->Guid
, VendorGuid
);
231 SmmVariableHeader
->DataSize
= *DataSize
;
232 SmmVariableHeader
->NameSize
= StrSize (VariableName
);
233 if (Attributes
== NULL
) {
234 SmmVariableHeader
->Attributes
= 0;
236 SmmVariableHeader
->Attributes
= *Attributes
;
238 CopyMem (SmmVariableHeader
->Name
, VariableName
, SmmVariableHeader
->NameSize
);
243 Status
= SendCommunicateBuffer (PayloadSize
);
246 // Get data from SMM.
248 *DataSize
= SmmVariableHeader
->DataSize
;
249 if (Attributes
!= NULL
) {
250 *Attributes
= SmmVariableHeader
->Attributes
;
253 if (EFI_ERROR (Status
)) {
257 CopyMem (Data
, (UINT8
*)SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
, SmmVariableHeader
->DataSize
);
260 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
266 This code Finds the Next available variable.
268 @param[in, out] VariableNameSize Size of the variable name.
269 @param[in, out] VariableName Pointer to variable name.
270 @param[in, out] VendorGuid Variable Vendor Guid.
272 @retval EFI_INVALID_PARAMETER Invalid parameter.
273 @retval EFI_SUCCESS Find the specified variable.
274 @retval EFI_NOT_FOUND Not found.
275 @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
280 RuntimeServiceGetNextVariableName (
281 IN OUT UINTN
*VariableNameSize
,
282 IN OUT CHAR16
*VariableName
,
283 IN OUT EFI_GUID
*VendorGuid
288 SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
*SmmGetNextVariableName
;
290 if (VariableNameSize
== NULL
|| VariableName
== NULL
|| VendorGuid
== NULL
) {
291 return EFI_INVALID_PARAMETER
;
294 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
297 // Init the communicate buffer. The buffer data size is:
298 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
300 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME
, Name
) + *VariableNameSize
;
301 Status
= InitCommunicateBuffer ((VOID
**)&SmmGetNextVariableName
, PayloadSize
, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME
);
302 if (EFI_ERROR (Status
)) {
305 ASSERT (SmmGetNextVariableName
!= NULL
);
307 SmmGetNextVariableName
->NameSize
= *VariableNameSize
;
308 CopyGuid (&SmmGetNextVariableName
->Guid
, VendorGuid
);
309 CopyMem (SmmGetNextVariableName
->Name
, VariableName
, *VariableNameSize
);
314 Status
= SendCommunicateBuffer (PayloadSize
);
317 // Get data from SMM.
319 *VariableNameSize
= SmmGetNextVariableName
->NameSize
;
320 if (EFI_ERROR (Status
)) {
324 CopyGuid (VendorGuid
, &SmmGetNextVariableName
->Guid
);
325 CopyMem (VariableName
, SmmGetNextVariableName
->Name
, SmmGetNextVariableName
->NameSize
);
328 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
333 This code sets variable in storage blocks (Volatile or Non-Volatile).
335 Caution: This function may receive untrusted input.
336 The data size and data are external input, so this function will validate it carefully to avoid buffer overflow.
338 @param[in] VariableName Name of Variable to be found.
339 @param[in] VendorGuid Variable vendor GUID.
340 @param[in] Attributes Attribute value of the variable found
341 @param[in] DataSize Size of Data found. If size is less than the
342 data, this value contains the required size.
343 @param[in] Data Data pointer.
345 @retval EFI_INVALID_PARAMETER Invalid parameter.
346 @retval EFI_SUCCESS Set successfully.
347 @retval EFI_OUT_OF_RESOURCES Resource not enough to set variable.
348 @retval EFI_NOT_FOUND Not found.
349 @retval EFI_WRITE_PROTECTED Variable is read-only.
354 RuntimeServiceSetVariable (
355 IN CHAR16
*VariableName
,
356 IN EFI_GUID
*VendorGuid
,
357 IN UINT32 Attributes
,
364 SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
*SmmVariableHeader
;
367 // Check input parameters.
369 if (VariableName
== NULL
|| VariableName
[0] == 0 || VendorGuid
== NULL
) {
370 return EFI_INVALID_PARAMETER
;
373 if (DataSize
!= 0 && Data
== NULL
) {
374 return EFI_INVALID_PARAMETER
;
377 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
380 // Init the communicate buffer. The buffer data size is:
381 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
383 PayloadSize
= OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE
, Name
) + StrSize (VariableName
) + DataSize
;
384 Status
= InitCommunicateBuffer ((VOID
**)&SmmVariableHeader
, PayloadSize
, SMM_VARIABLE_FUNCTION_SET_VARIABLE
);
385 if (EFI_ERROR (Status
)) {
388 ASSERT (SmmVariableHeader
!= NULL
);
390 CopyGuid ((EFI_GUID
*) &SmmVariableHeader
->Guid
, VendorGuid
);
391 SmmVariableHeader
->DataSize
= DataSize
;
392 SmmVariableHeader
->NameSize
= StrSize (VariableName
);
393 SmmVariableHeader
->Attributes
= Attributes
;
394 CopyMem (SmmVariableHeader
->Name
, VariableName
, SmmVariableHeader
->NameSize
);
395 CopyMem ((UINT8
*) SmmVariableHeader
->Name
+ SmmVariableHeader
->NameSize
, Data
, DataSize
);
400 Status
= SendCommunicateBuffer (PayloadSize
);
403 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
409 This code returns information about the EFI variables.
411 @param[in] Attributes Attributes bitmask to specify the type of variables
412 on which to return information.
413 @param[out] MaximumVariableStorageSize Pointer to the maximum size of the storage space available
414 for the EFI variables associated with the attributes specified.
415 @param[out] RemainingVariableStorageSize Pointer to the remaining size of the storage space available
416 for EFI variables associated with the attributes specified.
417 @param[out] MaximumVariableSize Pointer to the maximum size of an individual EFI variables
418 associated with the attributes specified.
420 @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied.
421 @retval EFI_SUCCESS Query successfully.
422 @retval EFI_UNSUPPORTED The attribute is not supported on this platform.
427 RuntimeServiceQueryVariableInfo (
428 IN UINT32 Attributes
,
429 OUT UINT64
*MaximumVariableStorageSize
,
430 OUT UINT64
*RemainingVariableStorageSize
,
431 OUT UINT64
*MaximumVariableSize
436 SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
*SmmQueryVariableInfo
;
438 if(MaximumVariableStorageSize
== NULL
|| RemainingVariableStorageSize
== NULL
|| MaximumVariableSize
== NULL
|| Attributes
== 0) {
439 return EFI_INVALID_PARAMETER
;
442 AcquireLockOnlyAtBootTime(&mVariableServicesLock
);
445 // Init the communicate buffer. The buffer data size is:
446 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize;
448 PayloadSize
= sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO
);
449 Status
= InitCommunicateBuffer ((VOID
**)&SmmQueryVariableInfo
, PayloadSize
, SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO
);
450 if (EFI_ERROR (Status
)) {
453 ASSERT (SmmQueryVariableInfo
!= NULL
);
455 SmmQueryVariableInfo
->Attributes
= Attributes
;
460 Status
= SendCommunicateBuffer (PayloadSize
);
461 if (EFI_ERROR (Status
)) {
466 // Get data from SMM.
468 *MaximumVariableSize
= SmmQueryVariableInfo
->MaximumVariableSize
;
469 *MaximumVariableStorageSize
= SmmQueryVariableInfo
->MaximumVariableStorageSize
;
470 *RemainingVariableStorageSize
= SmmQueryVariableInfo
->RemainingVariableStorageSize
;
473 ReleaseLockOnlyAtBootTime (&mVariableServicesLock
);
479 Exit Boot Services Event notification handler.
481 Notify SMM variable driver about the event.
483 @param[in] Event Event whose notification function is being invoked.
484 @param[in] Context Pointer to the notification function's context.
495 // Init the communicate buffer. The buffer data size is:
496 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
498 InitCommunicateBuffer (NULL
, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE
);
503 SendCommunicateBuffer (0);
508 On Ready To Boot Services Event notification handler.
510 Notify SMM variable driver about the event.
512 @param[in] Event Event whose notification function is being invoked
513 @param[in] Context Pointer to the notification function's context
524 // Init the communicate buffer. The buffer data size is:
525 // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE.
527 InitCommunicateBuffer (NULL
, 0, SMM_VARIABLE_FUNCTION_READY_TO_BOOT
);
532 SendCommunicateBuffer (0);
537 Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE.
539 This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
540 It convers pointer to new virtual address.
542 @param[in] Event Event whose notification function is being invoked.
543 @param[in] Context Pointer to the notification function's context.
548 VariableAddressChangeEvent (
553 EfiConvertPointer (0x0, (VOID
**) &mVariableBuffer
);
554 EfiConvertPointer (0x0, (VOID
**) &mSmmCommunication
);
559 Initialize variable service and install Variable Architectural protocol.
561 @param[in] Event Event whose notification function is being invoked.
562 @param[in] Context Pointer to the notification function's context.
574 Status
= gBS
->LocateProtocol (&gEfiSmmVariableProtocolGuid
, NULL
, (VOID
**)&mSmmVariable
);
575 if (EFI_ERROR (Status
)) {
579 Status
= gBS
->LocateProtocol (&gEfiSmmCommunicationProtocolGuid
, NULL
, (VOID
**) &mSmmCommunication
);
580 ASSERT_EFI_ERROR (Status
);
583 // Allocate memory for variable store.
585 mVariableBufferSize
= SMM_COMMUNICATE_HEADER_SIZE
+ SMM_VARIABLE_COMMUNICATE_HEADER_SIZE
;
586 mVariableBufferSize
+= MAX (PcdGet32 (PcdMaxVariableSize
), PcdGet32 (PcdMaxHardwareErrorVariableSize
));
587 mVariableBuffer
= AllocateRuntimePool (mVariableBufferSize
);
588 ASSERT (mVariableBuffer
!= NULL
);
591 // Save the buffer physical address used for SMM conmunication.
593 mVariableBufferPhysical
= mVariableBuffer
;
595 gRT
->GetVariable
= RuntimeServiceGetVariable
;
596 gRT
->GetNextVariableName
= RuntimeServiceGetNextVariableName
;
597 gRT
->SetVariable
= RuntimeServiceSetVariable
;
598 gRT
->QueryVariableInfo
= RuntimeServiceQueryVariableInfo
;
601 // Install the Variable Architectural Protocol on a new handle.
603 Status
= gBS
->InstallProtocolInterface (
605 &gEfiVariableArchProtocolGuid
,
606 EFI_NATIVE_INTERFACE
,
609 ASSERT_EFI_ERROR (Status
);
614 SMM Non-Volatile variable write service is ready notify event handler.
616 @param[in] Event Event whose notification function is being invoked.
617 @param[in] Context Pointer to the notification function's context.
622 SmmVariableWriteReady (
631 // Check whether the protocol is installed or not.
633 Status
= gBS
->LocateProtocol (&gSmmVariableWriteGuid
, NULL
, (VOID
**) &ProtocolOps
);
634 if (EFI_ERROR (Status
)) {
638 Status
= gBS
->InstallProtocolInterface (
640 &gEfiVariableWriteArchProtocolGuid
,
641 EFI_NATIVE_INTERFACE
,
644 ASSERT_EFI_ERROR (Status
);
649 Variable Driver main entry point. The Variable driver places the 4 EFI
650 runtime services in the EFI System Table and installs arch protocols
651 for variable read and write services being available. It also registers
652 a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
654 @param[in] ImageHandle The firmware allocated handle for the EFI image.
655 @param[in] SystemTable A pointer to the EFI System Table.
657 @retval EFI_SUCCESS Variable service successfully initialized.
662 VariableSmmRuntimeInitialize (
663 IN EFI_HANDLE ImageHandle
,
664 IN EFI_SYSTEM_TABLE
*SystemTable
667 VOID
*SmmVariableRegistration
;
668 VOID
*SmmVariableWriteRegistration
;
669 EFI_EVENT OnReadyToBootEvent
;
670 EFI_EVENT ExitBootServiceEvent
;
672 EfiInitializeLock (&mVariableServicesLock
, TPL_NOTIFY
);
675 // Smm variable service is ready
677 EfiCreateProtocolNotifyEvent (
678 &gEfiSmmVariableProtocolGuid
,
682 &SmmVariableRegistration
686 // Smm Non-Volatile variable write service is ready
688 EfiCreateProtocolNotifyEvent (
689 &gSmmVariableWriteGuid
,
691 SmmVariableWriteReady
,
693 &SmmVariableWriteRegistration
697 // Register the event to reclaim variable for OS usage.
699 EfiCreateEventReadyToBootEx (
707 // Register the event to inform SMM variable that it is at runtime.
714 &gEfiEventExitBootServicesGuid
,
715 &ExitBootServiceEvent
719 // Register the event to convert the pointer for runtime.
724 VariableAddressChangeEvent
,
726 &gEfiEventVirtualAddressChangeGuid
,
727 &mVirtualAddressChangeEvent