VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(), \r
SmmVariableGetStatistics() should also do validation based on its own knowledge.\r
\r
-Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
#include <Protocol/SmmFaultTolerantWrite.h>\r
#include <Protocol/SmmAccess2.h>\r
#include <Protocol/SmmEndOfDxe.h>\r
+#include <Protocol/SmmVarCheck.h>\r
\r
#include <Library/SmmServicesTableLib.h>\r
\r
extern BOOLEAN mEndOfDxe;\r
extern BOOLEAN mEnableLocking;\r
\r
+/**\r
+ SecureBoot Hook for SetVariable.\r
+\r
+ @param[in] VariableName Name of Variable to be found.\r
+ @param[in] VendorGuid Variable vendor GUID.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+SecureBootHook (\r
+ IN CHAR16 *VariableName,\r
+ IN EFI_GUID *VendorGuid\r
+ )\r
+{\r
+ return ;\r
+}\r
+\r
/**\r
\r
This code sets variable in storage blocks (Volatile or Non-Volatile).\r
VariableServiceQueryVariableInfo\r
};\r
\r
+EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,\r
+ VarCheckVariablePropertySet,\r
+ VarCheckVariablePropertyGet };\r
+\r
/**\r
Return TRUE if ExitBootServices () has been called.\r
\r
SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;\r
VARIABLE_INFO_ENTRY *VariableInfo;\r
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;\r
+ SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;\r
UINTN InfoSize;\r
UINTN NameBufferSize;\r
UINTN CommBufferPayloadSize;\r
\r
case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:\r
mEndOfDxe = TRUE;\r
+ //\r
+ // The initialization for variable quota.\r
+ //\r
+ InitializeVariableQuota ();\r
if (AtRuntime()) {\r
Status = EFI_UNSUPPORTED;\r
break;\r
);\r
}\r
break;\r
+ case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:\r
+ if (mEndOfDxe) {\r
+ Status = EFI_ACCESS_DENIED;\r
+ } else {\r
+ CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;\r
+ Status = VarCheckVariablePropertySet (\r
+ CommVariableProperty->Name,\r
+ &CommVariableProperty->Guid,\r
+ &CommVariableProperty->VariableProperty\r
+ );\r
+ }\r
+ break;\r
+ case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:\r
+ if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
+ DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));\r
+ return EFI_SUCCESS;\r
+ }\r
+ //\r
+ // Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.\r
+ //\r
+ CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);\r
+ CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;\r
+ if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {\r
+ //\r
+ // Prevent InfoSize overflow happen\r
+ //\r
+ Status = EFI_ACCESS_DENIED;\r
+ goto EXIT;\r
+ }\r
+ InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;\r
+\r
+ //\r
+ // SMRAM range check already covered before\r
+ //\r
+ if (InfoSize > CommBufferPayloadSize) {\r
+ DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));\r
+ Status = EFI_ACCESS_DENIED;\r
+ goto EXIT;\r
+ }\r
+\r
+ if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {\r
+ //\r
+ // Make sure VariableName is A Null-terminated string.\r
+ //\r
+ Status = EFI_ACCESS_DENIED;\r
+ goto EXIT;\r
+ }\r
+\r
+ Status = VarCheckVariablePropertyGet (\r
+ CommVariableProperty->Name,\r
+ &CommVariableProperty->Guid,\r
+ &CommVariableProperty->VariableProperty\r
+ );\r
+ CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);\r
+ break;\r
\r
default:\r
Status = EFI_UNSUPPORTED;\r
{\r
DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));\r
mEndOfDxe = TRUE;\r
+ //\r
+ // The initialization for variable quota.\r
+ //\r
+ InitializeVariableQuota ();\r
return EFI_SUCCESS;\r
}\r
\r
EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol;\r
EFI_PHYSICAL_ADDRESS NvStorageVariableBase;\r
+ UINTN FtwMaxBlockSize;\r
\r
if (mVariableModuleGlobal->FvbInstance != NULL) {\r
return EFI_SUCCESS;\r
return Status;\r
}\r
\r
+ Status = FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize);\r
+ if (!EFI_ERROR (Status)) {\r
+ ASSERT (PcdGet32 (PcdFlashNvStorageVariableSize) <= FtwMaxBlockSize);\r
+ }\r
+\r
//\r
// Find the proper FVB protocol for variable.\r
//\r
mVariableModuleGlobal->FvbInstance = FvbProtocol;\r
\r
Status = VariableWriteServiceInitialize ();\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));\r
+ }\r
\r
//\r
// Notify the variable wrapper driver the variable write service is ready\r
);\r
ASSERT_EFI_ERROR (Status);\r
\r
+ Status = gSmst->SmmInstallProtocolInterface (\r
+ &VariableHandle,\r
+ &gEdkiiSmmVarCheckProtocolGuid,\r
+ EFI_NATIVE_INTERFACE,\r
+ &mSmmVarCheck\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
//\r
// Get SMRAM information\r
//\r
mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r
\r
mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +\r
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);\r
+ OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);\r
\r
Status = gSmst->SmmAllocatePool (\r
EfiRuntimeServicesData,\r