\r
AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut;\r
\r
-/**\r
-\r
- SecureBoot Hook for auth variable update.\r
-\r
- @param[in] VariableName Name of Variable to be found.\r
- @param[in] VendorGuid Variable vendor GUID.\r
-**/\r
-VOID\r
-EFIAPI\r
-SecureBootHook (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
- );\r
-\r
-/**\r
- Initialization for MOR Lock Control.\r
-\r
- @retval EFI_SUCEESS MorLock initialization success.\r
- @return Others Some error occurs.\r
-**/\r
-EFI_STATUS\r
-MorLockInit (\r
- VOID\r
- );\r
-\r
-/**\r
- This service is an MOR/MorLock checker handler for the SetVariable().\r
-\r
- @param VariableName the name of the vendor's variable, as a\r
- Null-Terminated Unicode String\r
- @param VendorGuid Unify identifier for vendor.\r
- @param Attributes Point to memory location to return the attributes of variable. If the point\r
- is NULL, the parameter would be ignored.\r
- @param DataSize The size in bytes of Data-Buffer.\r
- @param Data Point to the content of the variable.\r
-\r
- @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable driver can store the variable data.\r
- @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or attributes is not allowed for MOR variable.\r
- @retval EFI_ACCESS_DENIED The MOR/MorLock is locked.\r
- @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this function.\r
- Variable driver can just return EFI_SUCCESS.\r
-**/\r
-EFI_STATUS\r
-SetVariableCheckHandlerMor (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid,\r
- IN UINT32 Attributes,\r
- IN UINTN DataSize,\r
- IN VOID *Data\r
- );\r
-\r
/**\r
Routine used to track statistical information about variable usage.\r
The data is stored in the EFI system table so it can be accessed later.\r
//\r
// No enough space for Variable[Index].\r
//\r
+ VA_END (Args);\r
return FALSE;\r
}\r
//\r
CopyMem (BufferForMerge, (UINT8 *) ((UINTN) CacheVariable->CurrPtr + DataOffset), DataSizeOfVariable (CacheVariable->CurrPtr));\r
\r
//\r
- // Set Max Common/Auth Variable Data Size as default MaxDataSize.\r
+ // Set Max Auth/Non-Volatile/Volatile Variable Data Size as default MaxDataSize.\r
//\r
if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
MaxDataSize = mVariableModuleGlobal->MaxAuthVariableSize - DataOffset;\r
- } else {\r
+ } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
MaxDataSize = mVariableModuleGlobal->MaxVariableSize - DataOffset;\r
+ } else {\r
+ MaxDataSize = mVariableModuleGlobal->MaxVolatileVariableSize - DataOffset;\r
}\r
\r
//\r
\r
//\r
// Check for reserverd bit in variable attribute.\r
+ // EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated but we still allow\r
+ // the delete operation of common authenticated variable at user physical presence.\r
+ // So leave EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute check to AuthVariableLib\r
//\r
- if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {\r
+ if ((Attributes & (~(EFI_VARIABLE_ATTRIBUTES_MASK | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS))) != 0) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
// Make sure if runtime bit is set, boot service bit is set also.\r
//\r
if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {\r
- return EFI_INVALID_PARAMETER;\r
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+ return EFI_UNSUPPORTED;\r
+ } else {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
} else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {\r
//\r
//\r
if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)\r
&& ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {\r
- return EFI_INVALID_PARAMETER;\r
+ return EFI_UNSUPPORTED;\r
}\r
\r
if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {\r
- if (DataSize < AUTHINFO_SIZE) {\r
- //\r
- // Try to write Authenticated Variable without AuthInfo.\r
- //\r
- return EFI_SECURITY_VIOLATION;\r
+ //\r
+ // If DataSize == AUTHINFO_SIZE and then PayloadSize is 0.\r
+ // Maybe it's the delete operation of common authenticated variable at user physical presence.\r
+ //\r
+ if (DataSize != AUTHINFO_SIZE) {\r
+ return EFI_UNSUPPORTED;\r
}\r
PayloadSize = DataSize - AUTHINFO_SIZE;\r
} else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {\r
} else {\r
//\r
// The size of the VariableName, including the Unicode Null in bytes plus\r
- // the DataSize is limited to maximum size of Max(Auth)VariableSize bytes.\r
+ // the DataSize is limited to maximum size of Max(Auth|Volatile)VariableSize bytes.\r
//\r
if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ()) {\r
return EFI_INVALID_PARAMETER;\r
}\r
- } else {\r
+ } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ()) {\r
return EFI_INVALID_PARAMETER;\r
}\r
+ } else {\r
+ if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxVolatileVariableSize - GetVariableHeaderSize ()) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
}\r
}\r
\r
}\r
\r
//\r
- // Let *MaximumVariableSize be Max(Auth)VariableSize with the exception of the variable header size.\r
+ // Let *MaximumVariableSize be Max(Auth|Volatile)VariableSize with the exception of the variable header size.\r
//\r
if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {\r
*MaximumVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ();\r
- } else {\r
+ } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {\r
*MaximumVariableSize = mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ();\r
+ } else {\r
+ *MaximumVariableSize = mVariableModuleGlobal->MaxVolatileVariableSize - GetVariableHeaderSize ();\r
}\r
}\r
\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+ //\r
+ // Deprecated attribute, make this check as highest priority.\r
+ //\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {\r
//\r
// Make sure the Attributes combination is supported by the platform.\r
}\r
}\r
\r
+/**\r
+ Get maximum variable size, covering both non-volatile and volatile variables.\r
+\r
+ @return Maximum variable size.\r
+\r
+**/\r
+UINTN\r
+GetMaxVariableSize (\r
+ VOID\r
+ )\r
+{\r
+ UINTN MaxVariableSize;\r
+\r
+ MaxVariableSize = GetNonVolatileMaxVariableSize();\r
+ //\r
+ // The condition below fails implicitly if PcdMaxVolatileVariableSize equals\r
+ // the default zero value.\r
+ //\r
+ if (MaxVariableSize < PcdGet32 (PcdMaxVolatileVariableSize)) {\r
+ MaxVariableSize = PcdGet32 (PcdMaxVolatileVariableSize);\r
+ }\r
+ return MaxVariableSize;\r
+}\r
+\r
/**\r
Init non-volatile variable store.\r
\r
return Status;\r
}\r
\r
+/**\r
+ Convert normal variable storage to the allocated auth variable storage.\r
+\r
+ @param[in] NormalVarStorage Pointer to the normal variable storage header\r
+\r
+ @retval the allocated auth variable storage\r
+**/\r
+VOID *\r
+ConvertNormalVarStorageToAuthVarStorage (\r
+ VARIABLE_STORE_HEADER *NormalVarStorage\r
+ )\r
+{\r
+ VARIABLE_HEADER *StartPtr;\r
+ UINT8 *NextPtr;\r
+ VARIABLE_HEADER *EndPtr;\r
+ UINTN AuthVarStroageSize;\r
+ AUTHENTICATED_VARIABLE_HEADER *AuthStartPtr;\r
+ VARIABLE_STORE_HEADER *AuthVarStorage;\r
+\r
+ AuthVarStroageSize = sizeof (VARIABLE_STORE_HEADER);\r
+ //\r
+ // Set AuthFormat as FALSE for normal variable storage\r
+ //\r
+ mVariableModuleGlobal->VariableGlobal.AuthFormat = FALSE;\r
\r
+ //\r
+ // Calculate Auth Variable Storage Size\r
+ //\r
+ StartPtr = GetStartPointer (NormalVarStorage);\r
+ EndPtr = GetEndPointer (NormalVarStorage);\r
+ while (StartPtr < EndPtr) {\r
+ if (StartPtr->State == VAR_ADDED) {\r
+ AuthVarStroageSize = HEADER_ALIGN (AuthVarStroageSize);\r
+ AuthVarStroageSize += sizeof (AUTHENTICATED_VARIABLE_HEADER);\r
+ AuthVarStroageSize += StartPtr->NameSize + GET_PAD_SIZE (StartPtr->NameSize);\r
+ AuthVarStroageSize += StartPtr->DataSize + GET_PAD_SIZE (StartPtr->DataSize);\r
+ }\r
+ StartPtr = GetNextVariablePtr (StartPtr);\r
+ }\r
+\r
+ //\r
+ // Allocate Runtime memory for Auth Variable Storage\r
+ //\r
+ AuthVarStorage = AllocateRuntimeZeroPool (AuthVarStroageSize);\r
+ ASSERT (AuthVarStorage != NULL);\r
+ if (AuthVarStorage == NULL) {\r
+ return NULL;\r
+ }\r
+\r
+ //\r
+ // Copy Variable from Normal storage to Auth storage\r
+ //\r
+ StartPtr = GetStartPointer (NormalVarStorage);\r
+ EndPtr = GetEndPointer (NormalVarStorage);\r
+ AuthStartPtr = (AUTHENTICATED_VARIABLE_HEADER *) GetStartPointer (AuthVarStorage);\r
+ while (StartPtr < EndPtr) {\r
+ if (StartPtr->State == VAR_ADDED) {\r
+ AuthStartPtr = (AUTHENTICATED_VARIABLE_HEADER *) HEADER_ALIGN (AuthStartPtr);\r
+ //\r
+ // Copy Variable Header\r
+ //\r
+ AuthStartPtr->StartId = StartPtr->StartId;\r
+ AuthStartPtr->State = StartPtr->State;\r
+ AuthStartPtr->Attributes = StartPtr->Attributes;\r
+ AuthStartPtr->NameSize = StartPtr->NameSize;\r
+ AuthStartPtr->DataSize = StartPtr->DataSize;\r
+ CopyGuid (&AuthStartPtr->VendorGuid, &StartPtr->VendorGuid);\r
+ //\r
+ // Copy Variable Name\r
+ //\r
+ NextPtr = (UINT8 *) (AuthStartPtr + 1);\r
+ CopyMem (NextPtr, GetVariableNamePtr (StartPtr), AuthStartPtr->NameSize);\r
+ //\r
+ // Copy Variable Data\r
+ //\r
+ NextPtr = NextPtr + AuthStartPtr->NameSize + GET_PAD_SIZE (AuthStartPtr->NameSize);\r
+ CopyMem (NextPtr, GetVariableDataPtr (StartPtr), AuthStartPtr->DataSize);\r
+ //\r
+ // Go to next variable\r
+ //\r
+ AuthStartPtr = (AUTHENTICATED_VARIABLE_HEADER *) (NextPtr + AuthStartPtr->DataSize + GET_PAD_SIZE (AuthStartPtr->DataSize));\r
+ }\r
+ StartPtr = GetNextVariablePtr (StartPtr);\r
+ }\r
+ //\r
+ // Update Auth Storage Header\r
+ //\r
+ AuthVarStorage->Format = NormalVarStorage->Format;\r
+ AuthVarStorage->State = NormalVarStorage->State;\r
+ AuthVarStorage->Size = (UINT32)((UINTN)AuthStartPtr - (UINTN)AuthVarStorage);\r
+ CopyGuid (&AuthVarStorage->Signature, &gEfiAuthenticatedVariableGuid);\r
+ ASSERT (AuthVarStorage->Size <= AuthVarStroageSize);\r
+\r
+ //\r
+ // Restore AuthFormat\r
+ //\r
+ mVariableModuleGlobal->VariableGlobal.AuthFormat = TRUE;\r
+ return AuthVarStorage;\r
+}\r
/**\r
Initializes variable store area for non-volatile and volatile variable.\r
\r
EFI_HOB_GUID_TYPE *GuidHob;\r
EFI_GUID *VariableGuid;\r
EFI_FIRMWARE_VOLUME_HEADER *NvFvHeader;\r
+ BOOLEAN IsNormalVariableHob;\r
\r
//\r
// Allocate runtime memory for variable driver global structure.\r
//\r
// Get HOB variable store.\r
//\r
+ IsNormalVariableHob = FALSE;\r
GuidHob = GetFirstGuidHob (VariableGuid);\r
+ if (GuidHob == NULL && VariableGuid == &gEfiAuthenticatedVariableGuid) {\r
+ //\r
+ // Try getting it from normal variable HOB\r
+ //\r
+ GuidHob = GetFirstGuidHob (&gEfiVariableGuid);\r
+ IsNormalVariableHob = TRUE;\r
+ }\r
if (GuidHob != NULL) {\r
VariableStoreHeader = GET_GUID_HOB_DATA (GuidHob);\r
VariableStoreLength = GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE);\r
if (GetVariableStoreStatus (VariableStoreHeader) == EfiValid) {\r
- mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);\r
+ if (!IsNormalVariableHob) {\r
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);\r
+ } else {\r
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) ConvertNormalVarStorageToAuthVarStorage ((VOID *) VariableStoreHeader);\r
+ }\r
if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0) {\r
FreePool (NvFvHeader);\r
FreePool (mVariableModuleGlobal);\r
}\r
}\r
\r
+ mVariableModuleGlobal->MaxVolatileVariableSize = ((PcdGet32 (PcdMaxVolatileVariableSize) != 0) ?\r
+ PcdGet32 (PcdMaxVolatileVariableSize) :\r
+ mVariableModuleGlobal->MaxVariableSize\r
+ );\r
//\r
// Allocate memory for volatile variable store, note that there is a scratch space to store scratch data.\r
//\r
- ScratchSize = GetNonVolatileMaxVariableSize ();\r
+ ScratchSize = GetMaxVariableSize ();\r
mVariableModuleGlobal->ScratchBufferSize = ScratchSize;\r
VolatileVariableStore = AllocateRuntimePool (PcdGet32 (PcdVariableStoreSize) + ScratchSize);\r
if (VolatileVariableStore == NULL) {\r
projects / mirror_edk2.git / blobdiff