X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=MdeModulePkg%2FUniversal%2FVariable%2FRuntimeDxe%2FTcgMorLockSmm.c;fp=MdeModulePkg%2FUniversal%2FVariable%2FRuntimeDxe%2FTcgMorLockSmm.c;h=296afd2ec4141318b67fefd68c08e71d5b78c6db;hp=ee37942a6b0c6795da61eb9feed9974cef7db26d;hb=1436aea4d5707e672672a11bda72be2c63c936c3;hpb=7c7184e201a90a1d2376e615e55e3f4074731468 diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c index ee37942a6b..296afd2ec4 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c @@ -23,34 +23,34 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; + CHAR16 *VariableName; + EFI_GUID *VendorGuid; } VARIABLE_TYPE; VARIABLE_TYPE mMorVariableType[] = { - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid}, - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid}, + { MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid }, + { MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid }, }; -BOOLEAN mMorPassThru = FALSE; +BOOLEAN mMorPassThru = FALSE; -#define MOR_LOCK_DATA_UNLOCKED 0x0 -#define MOR_LOCK_DATA_LOCKED_WITHOUT_KEY 0x1 -#define MOR_LOCK_DATA_LOCKED_WITH_KEY 0x2 +#define MOR_LOCK_DATA_UNLOCKED 0x0 +#define MOR_LOCK_DATA_LOCKED_WITHOUT_KEY 0x1 +#define MOR_LOCK_DATA_LOCKED_WITH_KEY 0x2 #define MOR_LOCK_V1_SIZE 1 #define MOR_LOCK_V2_KEY_SIZE 8 typedef enum { MorLockStateUnlocked = 0, - MorLockStateLocked = 1, + MorLockStateLocked = 1, } MOR_LOCK_STATE; BOOLEAN mMorLockInitializationRequired = FALSE; UINT8 mMorLockKey[MOR_LOCK_V2_KEY_SIZE]; BOOLEAN mMorLockKeyEmpty = TRUE; BOOLEAN mMorLockPassThru = FALSE; -MOR_LOCK_STATE mMorLockState = MorLockStateUnlocked; +MOR_LOCK_STATE mMorLockState = MorLockStateUnlocked; /** Returns if this is MOR related variable. @@ -63,18 +63,20 @@ MOR_LOCK_STATE mMorLockState = MorLockStateUnlocked; **/ BOOLEAN IsAnyMorVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { - UINTN Index; + UINTN Index; - for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { + for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) { if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) { + (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) + { return TRUE; } } + return FALSE; } @@ -89,14 +91,16 @@ IsAnyMorVariable ( **/ BOOLEAN IsMorLockVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && - (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) { + (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) + { return TRUE; } + return FALSE; } @@ -127,13 +131,13 @@ SetMorLockVariable ( EFI_STATUS Status; mMorLockPassThru = TRUE; - Status = VariableServiceSetVariable ( - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, - &gEfiMemoryOverwriteRequestControlLockGuid, - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, - sizeof(Data), - &Data - ); + Status = VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (Data), + &Data + ); mMorLockPassThru = FALSE; return Status; } @@ -158,11 +162,11 @@ SetMorLockVariable ( **/ EFI_STATUS SetVariableCheckHandlerMorLock ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data ) { EFI_STATUS Status; @@ -170,7 +174,7 @@ SetVariableCheckHandlerMorLock ( // // Basic Check // - if (Attributes == 0 || DataSize == 0 || Data == NULL) { + if ((Attributes == 0) || (DataSize == 0) || (Data == NULL)) { // // Permit deletion for passthru request, deny it otherwise. // @@ -178,7 +182,8 @@ SetVariableCheckHandlerMorLock ( } if ((Attributes != (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)) || - ((DataSize != MOR_LOCK_V1_SIZE) && (DataSize != MOR_LOCK_V2_KEY_SIZE))) { + ((DataSize != MOR_LOCK_V1_SIZE) && (DataSize != MOR_LOCK_V2_KEY_SIZE))) + { return EFI_INVALID_PARAMETER; } @@ -245,7 +250,7 @@ SetVariableCheckHandlerMorLock ( // Need set here because the data value on flash is different // Status = SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITH_KEY); - if (EFI_ERROR(Status)) { + if (EFI_ERROR (Status)) { // // SetVar fail, do not provision the key // @@ -273,6 +278,7 @@ SetVariableCheckHandlerMorLock ( if (mMorLockKeyEmpty || (DataSize != MOR_LOCK_V2_KEY_SIZE)) { return EFI_ACCESS_DENIED; } + if ((CompareMem (Data, mMorLockKey, MOR_LOCK_V2_KEY_SIZE) == 0)) { // // Key match - unlock @@ -291,9 +297,9 @@ SetVariableCheckHandlerMorLock ( // // Unlock Success // - mMorLockState = MorLockStateUnlocked; + mMorLockState = MorLockStateUnlocked; mMorLockKeyEmpty = TRUE; - ZeroMem (mMorLockKey, sizeof(mMorLockKey)); + ZeroMem (mMorLockKey, sizeof (mMorLockKey)); // // return EFI_ALREADY_STARTED to skip variable set. // @@ -303,9 +309,9 @@ SetVariableCheckHandlerMorLock ( // // Key mismatch - Prevent Dictionary Attack // - mMorLockState = MorLockStateLocked; + mMorLockState = MorLockStateLocked; mMorLockKeyEmpty = TRUE; - ZeroMem (mMorLockKey, sizeof(mMorLockKey)); + ZeroMem (mMorLockKey, sizeof (mMorLockKey)); return EFI_ACCESS_DENIED; } } @@ -332,11 +338,11 @@ SetVariableCheckHandlerMorLock ( **/ EFI_STATUS SetVariableCheckHandlerMor ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data ) { // @@ -347,7 +353,7 @@ SetVariableCheckHandlerMor ( } // Permit deletion when policy is disabled. - if (!IsVariablePolicyEnabled() && ((Attributes == 0) || (DataSize == 0))) { + if (!IsVariablePolicyEnabled () && ((Attributes == 0) || (DataSize == 0))) { return EFI_SUCCESS; } @@ -379,16 +385,19 @@ SetVariableCheckHandlerMor ( // Basic Check // if ((Attributes != (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)) || - (DataSize != sizeof(UINT8)) || - (Data == NULL)) { + (DataSize != sizeof (UINT8)) || + (Data == NULL)) + { return EFI_INVALID_PARAMETER; } + if (mMorLockState == MorLockStateLocked) { // // If lock, deny access // return EFI_ACCESS_DENIED; } + // // grant access // @@ -420,10 +429,10 @@ MorLockInitAtEndOfDxe ( VOID ) { - UINTN MorSize; - EFI_STATUS MorStatus; - EFI_STATUS Status; - VARIABLE_POLICY_ENTRY *NewPolicy; + UINTN MorSize; + EFI_STATUS MorStatus; + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewPolicy; if (!mMorLockInitializationRequired) { // @@ -437,7 +446,7 @@ MorLockInitAtEndOfDxe ( // // Check if the MOR variable exists. // - MorSize = 0; + MorSize = 0; MorStatus = VariableServiceGetVariable ( MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid, @@ -497,23 +506,27 @@ MorLockInitAtEndOfDxe ( // Lock the variable so that no other module may create it. // NewPolicy = NULL; - Status = CreateBasicVariablePolicy( &gEfiMemoryOverwriteControlDataGuid, - MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, - VARIABLE_POLICY_NO_MIN_SIZE, - VARIABLE_POLICY_NO_MAX_SIZE, - VARIABLE_POLICY_NO_MUST_ATTR, - VARIABLE_POLICY_NO_CANT_ATTR, - VARIABLE_POLICY_TYPE_LOCK_NOW, - &NewPolicy ); - if (!EFI_ERROR( Status )) { - Status = RegisterVariablePolicy( NewPolicy ); + Status = CreateBasicVariablePolicy ( + &gEfiMemoryOverwriteControlDataGuid, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy + ); + if (!EFI_ERROR (Status)) { + Status = RegisterVariablePolicy (NewPolicy); } - if (EFI_ERROR( Status )) { - DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status )); - ASSERT_EFI_ERROR( Status ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status)); + ASSERT_EFI_ERROR (Status); } + if (NewPolicy != NULL) { - FreePool( NewPolicy ); + FreePool (NewPolicy); } // @@ -531,22 +544,26 @@ MorLockInitAtEndOfDxe ( mMorLockPassThru = FALSE; NewPolicy = NULL; - Status = CreateBasicVariablePolicy( &gEfiMemoryOverwriteRequestControlLockGuid, - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, - VARIABLE_POLICY_NO_MIN_SIZE, - VARIABLE_POLICY_NO_MAX_SIZE, - VARIABLE_POLICY_NO_MUST_ATTR, - VARIABLE_POLICY_NO_CANT_ATTR, - VARIABLE_POLICY_TYPE_LOCK_NOW, - &NewPolicy ); - if (!EFI_ERROR( Status )) { - Status = RegisterVariablePolicy( NewPolicy ); + Status = CreateBasicVariablePolicy ( + &gEfiMemoryOverwriteRequestControlLockGuid, + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy + ); + if (!EFI_ERROR (Status)) { + Status = RegisterVariablePolicy (NewPolicy); } - if (EFI_ERROR( Status )) { - DEBUG(( DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status )); - ASSERT_EFI_ERROR( Status ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTION__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status)); + ASSERT_EFI_ERROR (Status); } + if (NewPolicy != NULL) { - FreePool( NewPolicy ); + FreePool (NewPolicy); } }