## @file\r
-# This module is the Runtime DXE part correspond to SMM variable module.\r
+# Runtime DXE part corresponding to SMM authenticated variable module.\r
#\r
-# It installs variable arch protocol and variable write arch protocol to provide\r
-# four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo\r
-# and works with SMM variable module together.\r
+# This module installs variable arch protocol and variable write arch protocol to provide\r
+# variable service. This module need work together with SMM authenticated variable module.\r
#\r
-# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>\r
-#\r
-# This program and the accompanying materials\r
-# are licensed and made available under the terms and conditions of the BSD License\r
-# which accompanies this distribution. The full text of the license may be found at\r
-# http://opensource.org/licenses/bsd-license.php\r
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+# Caution: This module requires additional review when modified.\r
+# This driver will have external input - variable data.\r
+# This external input must be validated carefully to avoid security issues such as\r
+# buffer overflow or integer overflow.\r
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.\r
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory\r
+# may not be modified without authorization. If platform fails to protect these resources,\r
+# the authentication service provided in this driver will be broken, and the behavior is undefined.\r
#\r
+# Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
+# SPDX-License-Identifier: BSD-2-Clause-Patent\r
#\r
##\r
\r
\r
[Sources]\r
VariableSmmRuntimeDxe.c\r
+ PrivilegePolymorphic.h\r
+ Measurement.c\r
\r
[Packages]\r
MdePkg/MdePkg.dec\r
\r
[LibraryClasses]\r
MemoryAllocationLib\r
- BaseLib \r
+ BaseLib\r
UefiBootServicesTableLib\r
DebugLib\r
UefiRuntimeLib\r
DxeServicesTableLib\r
UefiDriverEntryPoint\r
- PcdLib \r
+ TpmMeasurementLib\r
\r
[Protocols]\r
gEfiVariableWriteArchProtocolGuid ## PRODUCES\r
## UNDEFINED # Used to do smm communication\r
gEfiSmmVariableProtocolGuid\r
gEdkiiVariableLockProtocolGuid ## PRODUCES\r
+ gEdkiiVarCheckProtocolGuid ## PRODUCES\r
\r
[Guids]\r
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event\r
## CONSUMES ## GUID # Protocol notify\r
gSmmVariableWriteGuid\r
\r
-[Pcd]\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES\r
- gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES\r
- \r
+ ## SOMETIMES_CONSUMES ## Variable:L"PK"\r
+ ## SOMETIMES_CONSUMES ## Variable:L"KEK"\r
+ ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"\r
+ gEfiGlobalVariableGuid\r
+\r
+ ## SOMETIMES_CONSUMES ## Variable:L"db"\r
+ ## SOMETIMES_CONSUMES ## Variable:L"dbx"\r
+ ## SOMETIMES_CONSUMES ## Variable:L"dbt"\r
+ gEfiImageSecurityDatabaseGuid\r
+\r
[Depex]\r
gEfiSmmCommunicationProtocolGuid\r
\r