X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FVariableAuthenticated%2FRuntimeDxe%2FVariable.c;h=28d026a0a8eb1a8d9b64827bc47692b0e55623f6;hp=ef123d2d5c38d0fb6988f1672ef514c2c809de5d;hb=fddbbc661eeff8e9f94942fa2d47fb637404a040;hpb=039a40aa3b4eefbb4a149da4977ab3ef6c483a0f diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c index ef123d2d5c..28d026a0a8 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c @@ -58,6 +58,65 @@ BOOLEAN mEndOfDxe = FALSE; /// BOOLEAN mEnableLocking = TRUE; +// +// To prevent name collisions with possible future globally defined variables, +// other internal firmware data variables that are not defined here must be +// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or +// any other GUID defined by the UEFI Specification. Implementations must +// only permit the creation of variables with a UEFI Specification-defined +// VendorGuid when these variables are documented in the UEFI Specification. +// +GLOBAL_VARIABLE_ENTRY mGlobalVariableList[] = { + {EFI_LANG_CODES_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_LANG_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_TIME_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_PLATFORM_LANG_CODES_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_PLATFORM_LANG_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_CON_IN_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_CON_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_ERR_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_CON_IN_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_CON_OUT_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_ERR_OUT_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_BOOT_ORDER_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_BOOT_NEXT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_BOOT_CURRENT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_DRIVER_ORDER_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_SETUP_MODE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_KEY_EXCHANGE_KEY_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT_AT}, + {EFI_PLATFORM_KEY_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT_AT}, + {EFI_SIGNATURE_SUPPORT_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_SECURE_BOOT_MODE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_KEK_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_PK_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_DB_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_DBX_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_DBT_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, + {EFI_OS_INDICATIONS_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT}, + {EFI_VENDOR_KEYS_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT}, +}; +GLOBAL_VARIABLE_ENTRY mGlobalVariableList2[] = { + {L"Boot####", VARIABLE_ATTRIBUTE_NV_BS_RT}, + {L"Driver####", VARIABLE_ATTRIBUTE_NV_BS_RT}, + {L"Key####", VARIABLE_ATTRIBUTE_NV_BS_RT}, +}; + +/** + + SecureBoot Hook for auth variable update. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. +**/ +VOID +EFIAPI +SecureBootHook ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ); /** Routine used to track statistical information about variable usage. @@ -642,6 +701,7 @@ PubKeyStoreFilter ( *NewPubKeyIndex = AllocateZeroPool ((PubKeyNumber + 1) * sizeof (UINT32)); if (*NewPubKeyIndex == NULL) { FreePool (*NewPubKeyStore); + *NewPubKeyStore = NULL; return EFI_OUT_OF_RESOURCES; } @@ -672,11 +732,12 @@ PubKeyStoreFilter ( @param[in] IsVolatile The variable store is volatile or not; if it is non-volatile, need FTW. @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure. + @param[in] NewVariable Pointer to new variable. + @param[in] NewVariableSize New variable size. @param[in] ReclaimPubKeyStore Reclaim for public key database or not. - @param[in] ReclaimAnyway If TRUE, do reclaim anyway. @return EFI_SUCCESS Reclaim operation has finished successfully. - @return EFI_OUT_OF_RESOURCES No enough memory resources. + @return EFI_OUT_OF_RESOURCES No enough memory resources or variable space. @return EFI_DEVICE_ERROR The public key database doesn't exist. @return Others Unexpect error happened during reclaim operation. @@ -687,8 +748,9 @@ Reclaim ( OUT UINTN *LastVariableOffset, IN BOOLEAN IsVolatile, IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack, - IN BOOLEAN ReclaimPubKeyStore, - IN BOOLEAN ReclaimAnyway + IN VARIABLE_HEADER *NewVariable, + IN UINTN NewVariableSize, + IN BOOLEAN ReclaimPubKeyStore ) { VARIABLE_HEADER *Variable; @@ -699,31 +761,28 @@ Reclaim ( UINT8 *ValidBuffer; UINTN MaximumBufferSize; UINTN VariableSize; - UINTN VariableNameSize; - UINTN UpdatingVariableNameSize; UINTN NameSize; UINT8 *CurrPtr; VOID *Point0; VOID *Point1; BOOLEAN FoundAdded; EFI_STATUS Status; - CHAR16 *VariableNamePtr; - CHAR16 *UpdatingVariableNamePtr; UINTN CommonVariableTotalSize; UINTN HwErrVariableTotalSize; UINT32 *NewPubKeyIndex; UINT8 *NewPubKeyStore; UINT32 NewPubKeySize; VARIABLE_HEADER *PubKeyHeader; - BOOLEAN NeedDoReclaim; VARIABLE_HEADER *UpdatingVariable; + VARIABLE_HEADER *UpdatingInDeletedTransition; UpdatingVariable = NULL; + UpdatingInDeletedTransition = NULL; if (UpdatingPtrTrack != NULL) { UpdatingVariable = UpdatingPtrTrack->CurrPtr; + UpdatingInDeletedTransition = UpdatingPtrTrack->InDeletedTransitionPtr; } - NeedDoReclaim = FALSE; VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINTN) VariableBase); CommonVariableTotalSize = 0; @@ -732,40 +791,50 @@ Reclaim ( NewPubKeyStore = NULL; NewPubKeySize = 0; PubKeyHeader = NULL; - - // - // Start Pointers for the variable. - // - Variable = GetStartPointer (VariableStoreHeader); - MaximumBufferSize = sizeof (VARIABLE_STORE_HEADER); - while (IsValidVariableHeader (Variable)) { - NextVariable = GetNextVariablePtr (Variable); - if (Variable->State == VAR_ADDED || - Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED) - ) { - VariableSize = (UINTN) NextVariable - (UINTN) Variable; - MaximumBufferSize += VariableSize; - } else { - NeedDoReclaim = TRUE; - } + if (IsVolatile) { + // + // Start Pointers for the variable. + // + Variable = GetStartPointer (VariableStoreHeader); + MaximumBufferSize = sizeof (VARIABLE_STORE_HEADER); - Variable = NextVariable; - } + while (IsValidVariableHeader (Variable)) { + NextVariable = GetNextVariablePtr (Variable); + if ((Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) && + Variable != UpdatingVariable && + Variable != UpdatingInDeletedTransition + ) { + VariableSize = (UINTN) NextVariable - (UINTN) Variable; + MaximumBufferSize += VariableSize; + } - if (!ReclaimAnyway && !NeedDoReclaim) { - DEBUG ((EFI_D_INFO, "Variable driver: no DELETED variable found, so no variable space could be reclaimed.\n")); - return EFI_SUCCESS; - } + Variable = NextVariable; + } - // - // Reserve the 1 Bytes with Oxff to identify the - // end of the variable buffer. - // - MaximumBufferSize += 1; - ValidBuffer = AllocatePool (MaximumBufferSize); - if (ValidBuffer == NULL) { - return EFI_OUT_OF_RESOURCES; + if (NewVariable != NULL) { + // + // Add the new variable size. + // + MaximumBufferSize += NewVariableSize; + } + + // + // Reserve the 1 Bytes with Oxff to identify the + // end of the variable buffer. + // + MaximumBufferSize += 1; + ValidBuffer = AllocatePool (MaximumBufferSize); + if (ValidBuffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // For NV variable reclaim, don't allocate pool here and just use mNvVariableCache + // as the buffer to reduce SMRAM consumption for SMM variable driver. + // + MaximumBufferSize = mNvVariableCache->Size; + ValidBuffer = (UINT8 *) mNvVariableCache; } SetMem (ValidBuffer, MaximumBufferSize, 0xff); @@ -777,6 +846,7 @@ Reclaim ( CurrPtr = (UINT8 *) GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer); if (ReclaimPubKeyStore) { + ASSERT (IsVolatile == FALSE); // // Trim the PubKeyStore and get new PubKeyIndex. // @@ -788,14 +858,13 @@ Reclaim ( &NewPubKeySize ); if (EFI_ERROR (Status)) { - FreePool (ValidBuffer); - return Status; + goto Done; } // // Refresh the PubKeyIndex for all valid variables (ADDED and IN_DELETED_TRANSITION). // - Variable = GetStartPointer (mNvVariableCache); + Variable = GetStartPointer (VariableStoreHeader); while (IsValidVariableHeader (Variable)) { NextVariable = GetNextVariablePtr (Variable); if (Variable->State == VAR_ADDED || Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { @@ -813,9 +882,9 @@ Reclaim ( CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize); ((VARIABLE_HEADER*) CurrPtr)->PubKeyIndex = NewPubKeyIndex[Variable->PubKeyIndex]; CurrPtr += VariableSize; - if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { HwErrVariableTotalSize += VariableSize; - } else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { + } else if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) { CommonVariableTotalSize += VariableSize; } } @@ -827,10 +896,8 @@ Reclaim ( // ASSERT (PubKeyHeader != NULL); if (PubKeyHeader == NULL) { - FreePool (ValidBuffer); - FreePool (NewPubKeyIndex); - FreePool (NewPubKeyStore); - return EFI_DEVICE_ERROR; + Status = EFI_DEVICE_ERROR; + goto Done; } CopyMem (CurrPtr, (UINT8*) PubKeyHeader, sizeof (VARIABLE_HEADER)); Variable = (VARIABLE_HEADER*) CurrPtr; @@ -846,25 +913,7 @@ Reclaim ( Variable = GetStartPointer (VariableStoreHeader); while (IsValidVariableHeader (Variable)) { NextVariable = GetNextVariablePtr (Variable); - if (Variable->State == VAR_ADDED) { - if (UpdatingVariable != NULL) { - if (UpdatingVariable == Variable) { - Variable = NextVariable; - continue; - } - - VariableNameSize = NameSizeOfVariable(Variable); - UpdatingVariableNameSize = NameSizeOfVariable(UpdatingVariable); - - VariableNamePtr = GetVariableNamePtr (Variable); - UpdatingVariableNamePtr = GetVariableNamePtr (UpdatingVariable); - if (CompareGuid (&Variable->VendorGuid, &UpdatingVariable->VendorGuid) && - VariableNameSize == UpdatingVariableNameSize && - CompareMem (VariableNamePtr, UpdatingVariableNamePtr, VariableNameSize) == 0 ) { - Variable = NextVariable; - continue; - } - } + if (Variable != UpdatingVariable && Variable->State == VAR_ADDED) { VariableSize = (UINTN) NextVariable - (UINTN) Variable; CopyMem (CurrPtr, (UINT8 *) Variable, VariableSize); CurrPtr += VariableSize; @@ -877,29 +926,13 @@ Reclaim ( Variable = NextVariable; } - // - // Reinstall the variable being updated if it is not NULL. - // - if (UpdatingVariable != NULL) { - VariableSize = (UINTN)(GetNextVariablePtr (UpdatingVariable)) - (UINTN)UpdatingVariable; - CopyMem (CurrPtr, (UINT8 *) UpdatingVariable, VariableSize); - UpdatingPtrTrack->CurrPtr = (VARIABLE_HEADER *)((UINTN)UpdatingPtrTrack->StartPtr + ((UINTN)CurrPtr - (UINTN)GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer))); - UpdatingPtrTrack->InDeletedTransitionPtr = NULL; - CurrPtr += VariableSize; - if ((!IsVolatile) && ((UpdatingVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { - HwErrVariableTotalSize += VariableSize; - } else if ((!IsVolatile) && ((UpdatingVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { - CommonVariableTotalSize += VariableSize; - } - } - // // Reinstall all in delete transition variables. // - Variable = GetStartPointer (VariableStoreHeader); + Variable = GetStartPointer (VariableStoreHeader); while (IsValidVariableHeader (Variable)) { NextVariable = GetNextVariablePtr (Variable); - if (Variable != UpdatingVariable && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { + if (Variable != UpdatingVariable && Variable != UpdatingInDeletedTransition && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) { // // Buffer has cached all ADDED variable. @@ -942,6 +975,42 @@ Reclaim ( Variable = NextVariable; } + + // + // Install the new variable if it is not NULL. + // + if (NewVariable != NULL) { + if ((UINTN) (CurrPtr - ValidBuffer) + NewVariableSize > VariableStoreHeader->Size) { + // + // No enough space to store the new variable. + // + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + if (!IsVolatile) { + if ((NewVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + HwErrVariableTotalSize += NewVariableSize; + } else if ((NewVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + CommonVariableTotalSize += NewVariableSize; + } + if ((HwErrVariableTotalSize > PcdGet32 (PcdHwErrStorageSize)) || + (CommonVariableTotalSize > VariableStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER) - PcdGet32 (PcdHwErrStorageSize))) { + // + // No enough space to store the new variable by NV or NV+HR attribute. + // + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + } + + CopyMem (CurrPtr, (UINT8 *) NewVariable, NewVariableSize); + ((VARIABLE_HEADER *) CurrPtr)->State = VAR_ADDED; + if (UpdatingVariable != NULL) { + UpdatingPtrTrack->CurrPtr = (VARIABLE_HEADER *)((UINTN)UpdatingPtrTrack->StartPtr + ((UINTN)CurrPtr - (UINTN)GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer))); + UpdatingPtrTrack->InDeletedTransitionPtr = NULL; + } + CurrPtr += NewVariableSize; + } } if (IsVolatile) { @@ -949,7 +1018,8 @@ Reclaim ( // If volatile variable store, just copy valid buffer. // SetMem ((UINT8 *) (UINTN) VariableBase, VariableStoreHeader->Size, 0xff); - CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) (CurrPtr - (UINT8 *) ValidBuffer)); + CopyMem ((UINT8 *) (UINTN) VariableBase, ValidBuffer, (UINTN) (CurrPtr - ValidBuffer)); + *LastVariableOffset = (UINTN) (CurrPtr - ValidBuffer); Status = EFI_SUCCESS; } else { // @@ -957,41 +1027,45 @@ Reclaim ( // Status = FtwVariableSpace ( VariableBase, - ValidBuffer, - (UINTN) (CurrPtr - (UINT8 *) ValidBuffer) + (VARIABLE_STORE_HEADER *) ValidBuffer ); - CopyMem (mNvVariableCache, (CHAR8 *)(UINTN)VariableBase, VariableStoreHeader->Size); - } - if (!EFI_ERROR (Status)) { - *LastVariableOffset = (UINTN) (CurrPtr - (UINT8 *) ValidBuffer); - if (!IsVolatile) { + if (!EFI_ERROR (Status)) { + *LastVariableOffset = (UINTN) (CurrPtr - ValidBuffer); mVariableModuleGlobal->HwErrVariableTotalSize = HwErrVariableTotalSize; mVariableModuleGlobal->CommonVariableTotalSize = CommonVariableTotalSize; - } - } else { - NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase); - while (IsValidVariableHeader (NextVariable)) { - VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER); - if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { - mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize); - } else if ((!IsVolatile) && ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD)) { - mVariableModuleGlobal->CommonVariableTotalSize += HEADER_ALIGN (VariableSize); - } + } else { + NextVariable = GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase); + while (IsValidVariableHeader (NextVariable)) { + VariableSize = NextVariable->NameSize + NextVariable->DataSize + sizeof (VARIABLE_HEADER); + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + mVariableModuleGlobal->HwErrVariableTotalSize += HEADER_ALIGN (VariableSize); + } else if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + mVariableModuleGlobal->CommonVariableTotalSize += HEADER_ALIGN (VariableSize); + } - NextVariable = GetNextVariablePtr (NextVariable); + NextVariable = GetNextVariablePtr (NextVariable); + } + *LastVariableOffset = (UINTN) NextVariable - (UINTN) VariableBase; } - *LastVariableOffset = (UINTN) NextVariable - (UINTN) VariableBase; } - if (NewPubKeyStore != NULL) { - FreePool (NewPubKeyStore); - } +Done: + if (IsVolatile) { + FreePool (ValidBuffer); + } else { + // + // For NV variable reclaim, we use mNvVariableCache as the buffer, so copy the data back. + // + CopyMem (mNvVariableCache, (UINT8 *)(UINTN)VariableBase, VariableStoreHeader->Size); + + if (NewPubKeyStore != NULL) { + FreePool (NewPubKeyStore); + } - if (NewPubKeyIndex != NULL) { - FreePool (NewPubKeyIndex); + if (NewPubKeyIndex != NULL) { + FreePool (NewPubKeyIndex); + } } - - FreePool (ValidBuffer); return Status; } @@ -1473,7 +1547,7 @@ AutoUpdateLangVariable ( SetLanguageCodes = FALSE; - if (StrCmp (VariableName, L"PlatformLangCodes") == 0) { + if (StrCmp (VariableName, EFI_PLATFORM_LANG_CODES_VARIABLE_NAME) == 0) { // // PlatformLangCodes is a volatile variable, so it can not be updated at runtime. // @@ -1503,7 +1577,7 @@ AutoUpdateLangVariable ( mVariableModuleGlobal->PlatformLang = AllocateRuntimePool (DataSize); ASSERT (mVariableModuleGlobal->PlatformLang != NULL); - } else if (StrCmp (VariableName, L"LangCodes") == 0) { + } else if (StrCmp (VariableName, EFI_LANG_CODES_VARIABLE_NAME) == 0) { // // LangCodes is a volatile variable, so it can not be updated at runtime. // @@ -1531,21 +1605,21 @@ AutoUpdateLangVariable ( // Update Lang if PlatformLang is already set // Update PlatformLang if Lang is already set // - Status = FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + Status = FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); if (!EFI_ERROR (Status)) { // // Update Lang // - VariableName = L"PlatformLang"; + VariableName = EFI_PLATFORM_LANG_VARIABLE_NAME; Data = GetVariableDataPtr (Variable.CurrPtr); DataSize = Variable.CurrPtr->DataSize; } else { - Status = FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + Status = FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); if (!EFI_ERROR (Status)) { // // Update PlatformLang // - VariableName = L"Lang"; + VariableName = EFI_LANG_VARIABLE_NAME; Data = GetVariableDataPtr (Variable.CurrPtr); DataSize = Variable.CurrPtr->DataSize; } else { @@ -1562,7 +1636,7 @@ AutoUpdateLangVariable ( // Attributes = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS; - if (StrCmp (VariableName, L"PlatformLang") == 0) { + if (StrCmp (VariableName, EFI_PLATFORM_LANG_VARIABLE_NAME) == 0) { // // Update Lang when PlatformLangCodes/LangCodes were set. // @@ -1585,9 +1659,9 @@ AutoUpdateLangVariable ( // // Successfully convert PlatformLang to Lang, and set the BestLang value into Lang variable simultaneously. // - FindVariable (L"Lang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); - Status = UpdateVariable (L"Lang", &gEfiGlobalVariableGuid, BestLang, + Status = UpdateVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, BestLang, ISO_639_2_ENTRY_SIZE + 1, Attributes, 0, 0, &Variable, NULL); DEBUG ((EFI_D_INFO, "Variable Driver Auto Update PlatformLang, PlatformLang:%a, Lang:%a\n", BestPlatformLang, BestLang)); @@ -1596,7 +1670,7 @@ AutoUpdateLangVariable ( } } - } else if (StrCmp (VariableName, L"Lang") == 0) { + } else if (StrCmp (VariableName, EFI_LANG_VARIABLE_NAME) == 0) { // // Update PlatformLang when PlatformLangCodes/LangCodes were set. // @@ -1619,9 +1693,9 @@ AutoUpdateLangVariable ( // // Successfully convert Lang to PlatformLang, and set the BestPlatformLang value into PlatformLang variable simultaneously. // - FindVariable (L"PlatformLang", &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); - Status = UpdateVariable (L"PlatformLang", &gEfiGlobalVariableGuid, BestPlatformLang, + Status = UpdateVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, BestPlatformLang, AsciiStrSize (BestPlatformLang), Attributes, 0, 0, &Variable, NULL); DEBUG ((EFI_D_INFO, "Variable Driver Auto Update Lang, Lang:%a, PlatformLang:%a\n", BestLang, BestPlatformLang)); @@ -1678,7 +1752,9 @@ UpdateVariable ( VARIABLE_POINTER_TRACK NvVariable; VARIABLE_STORE_HEADER *VariableStoreHeader; UINTN CacheOffset; - UINTN BufSize; + UINT8 *BufferForMerge; + UINTN MergedBufSize; + BOOLEAN DataReady; UINTN DataOffset; if (mVariableModuleGlobal->FvbInstance == NULL) { @@ -1728,7 +1804,8 @@ UpdateVariable ( // NextVariable = GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase)); ScratchSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)); - + SetMem (NextVariable, ScratchSize, 0xff); + DataReady = FALSE; if (Variable->CurrPtr != NULL) { // @@ -1820,7 +1897,7 @@ UpdateVariable ( // then return to the caller immediately. // if (DataSizeOfVariable (Variable->CurrPtr) == DataSize && - (CompareMem (Data, GetVariableDataPtr (Variable->CurrPtr), DataSize) == 0) && + (CompareMem (Data, GetVariableDataPtr (Variable->CurrPtr), DataSize) == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (TimeStamp == NULL)) { // @@ -1837,42 +1914,42 @@ UpdateVariable ( // if ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0) { // - // Cache the previous variable data into StorageArea. + // NOTE: From 0 to DataOffset of NextVariable is reserved for Variable Header and Name. + // From DataOffset of NextVariable is to save the existing variable data. // DataOffset = sizeof (VARIABLE_HEADER) + Variable->CurrPtr->NameSize + GET_PAD_SIZE (Variable->CurrPtr->NameSize); - CopyMem (mStorageArea, (UINT8*)((UINTN) Variable->CurrPtr + DataOffset), Variable->CurrPtr->DataSize); + BufferForMerge = (UINT8 *) ((UINTN) NextVariable + DataOffset); + CopyMem (BufferForMerge, (UINT8 *) ((UINTN) Variable->CurrPtr + DataOffset), Variable->CurrPtr->DataSize); // // Set Max Common Variable Data Size as default MaxDataSize // - MaxDataSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - StrSize (VariableName) - GET_PAD_SIZE (StrSize (VariableName)); - + MaxDataSize = PcdGet32 (PcdMaxVariableSize) - DataOffset; if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) || (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) { - // // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of // EFI_SIGNATURE_DATA values that are already part of the existing variable value. // Status = AppendSignatureList ( - mStorageArea, + BufferForMerge, Variable->CurrPtr->DataSize, MaxDataSize - Variable->CurrPtr->DataSize, - Data, - DataSize, - &BufSize + Data, + DataSize, + &MergedBufSize ); if (Status == EFI_BUFFER_TOO_SMALL) { // - // Signture List is too long, Failed to Append + // Signature List is too long, Failed to Append. // Status = EFI_INVALID_PARAMETER; goto Done; } - if (BufSize == Variable->CurrPtr->DataSize) { + if (MergedBufSize == Variable->CurrPtr->DataSize) { if ((TimeStamp == NULL) || CompareTimeStamp (TimeStamp, &Variable->CurrPtr->TimeStamp)) { // // New EFI_SIGNATURE_DATA is not found and timestamp is not later @@ -1885,29 +1962,30 @@ UpdateVariable ( } } else { // - // For other Variables, append the new data to the end of previous data. + // For other Variables, append the new data to the end of existing data. // Max Harware error record variable data size is different from common variable // if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { - MaxDataSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER) - StrSize (VariableName) - GET_PAD_SIZE (StrSize (VariableName)); + MaxDataSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - DataOffset; } if (Variable->CurrPtr->DataSize + DataSize > MaxDataSize) { // - // Exsiting data + Appended data exceed maximum variable size limitation + // Existing data size + new data size exceed maximum variable size limitation. // Status = EFI_INVALID_PARAMETER; goto Done; } - CopyMem ((UINT8*)((UINTN) mStorageArea + Variable->CurrPtr->DataSize), Data, DataSize); - BufSize = Variable->CurrPtr->DataSize + DataSize; + CopyMem ((UINT8*) ((UINTN) BufferForMerge + Variable->CurrPtr->DataSize), Data, DataSize); + MergedBufSize = Variable->CurrPtr->DataSize + DataSize; } // - // Override Data and DataSize which are used for combined data area including previous and new data. + // BufferForMerge(from DataOffset of NextVariable) has included the merged existing and new data. // - Data = mStorageArea; - DataSize = BufSize; + Data = BufferForMerge; + DataSize = MergedBufSize; + DataReady = TRUE; } // @@ -1964,9 +2042,7 @@ UpdateVariable ( // // Function part - create a new variable and copy the data. // Both update a variable and create a variable will come here. - - SetMem (NextVariable, ScratchSize, 0xff); - + // NextVariable->StartId = VARIABLE_DATA; // // NextVariable->State = VAR_ADDED; @@ -2008,11 +2084,19 @@ UpdateVariable ( VarNameSize ); VarDataOffset = VarNameOffset + VarNameSize + GET_PAD_SIZE (VarNameSize); - CopyMem ( - (UINT8 *) ((UINTN) NextVariable + VarDataOffset), - Data, - DataSize - ); + + // + // If DataReady is TRUE, it means the variable data has been saved into + // NextVariable during EFI_VARIABLE_APPEND_WRITE operation preparation. + // + if (!DataReady) { + CopyMem ( + (UINT8 *) ((UINTN) NextVariable + VarDataOffset), + Data, + DataSize + ); + } + CopyMem (&NextVariable->VendorGuid, VendorGuid, sizeof (EFI_GUID)); // // There will be pad bytes after Data, the NextVariable->NameSize and @@ -2042,33 +2126,29 @@ UpdateVariable ( goto Done; } // - // Perform garbage collection & reclaim operation. + // Perform garbage collection & reclaim operation, and integrate the new variable at the same time. // Status = Reclaim ( mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase, &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, Variable, - FALSE, + NextVariable, + HEADER_ALIGN (VarSize), FALSE ); - if (EFI_ERROR (Status)) { - goto Done; - } - // - // If still no enough space, return out of resources. - // - if ((((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) - && ((VarSize + mVariableModuleGlobal->HwErrVariableTotalSize) > PcdGet32 (PcdHwErrStorageSize))) - || (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == 0) - && ((VarSize + mVariableModuleGlobal->CommonVariableTotalSize) > NonVolatileVarableStoreSize - sizeof (VARIABLE_STORE_HEADER) - PcdGet32 (PcdHwErrStorageSize)))) { - Status = EFI_OUT_OF_RESOURCES; - goto Done; - } - if (Variable->CurrPtr != NULL) { - CacheVariable->CurrPtr = (VARIABLE_HEADER *)((UINTN) CacheVariable->StartPtr + ((UINTN) Variable->CurrPtr - (UINTN) Variable->StartPtr)); - CacheVariable->InDeletedTransitionPtr = NULL; + if (!EFI_ERROR (Status)) { + // + // The new variable has been integrated successfully during reclaiming. + // + if (Variable->CurrPtr != NULL) { + CacheVariable->CurrPtr = (VARIABLE_HEADER *)((UINTN) CacheVariable->StartPtr + ((UINTN) Variable->CurrPtr - (UINTN) Variable->StartPtr)); + CacheVariable->InDeletedTransitionPtr = NULL; + } + UpdateVariableInfo (VariableName, VendorGuid, FALSE, FALSE, TRUE, FALSE, FALSE); + FlushHobVariableToFlash (VariableName, VendorGuid); } + goto Done; } // // Four steps @@ -2166,32 +2246,28 @@ UpdateVariable ( if ((UINT32) (VarSize + mVariableModuleGlobal->VolatileLastVariableOffset) > ((VARIABLE_STORE_HEADER *) ((UINTN) (mVariableModuleGlobal->VariableGlobal.VolatileVariableBase)))->Size) { // - // Perform garbage collection & reclaim operation. + // Perform garbage collection & reclaim operation, and integrate the new variable at the same time. // Status = Reclaim ( mVariableModuleGlobal->VariableGlobal.VolatileVariableBase, &mVariableModuleGlobal->VolatileLastVariableOffset, TRUE, Variable, - FALSE, + NextVariable, + HEADER_ALIGN (VarSize), FALSE ); - if (EFI_ERROR (Status)) { - goto Done; - } - // - // If still no enough space, return out of resources. - // - if ((UINT32) (VarSize + mVariableModuleGlobal->VolatileLastVariableOffset) > - ((VARIABLE_STORE_HEADER *) ((UINTN) (mVariableModuleGlobal->VariableGlobal.VolatileVariableBase)))->Size - ) { - Status = EFI_OUT_OF_RESOURCES; - goto Done; - } - if (Variable->CurrPtr != NULL) { - CacheVariable->CurrPtr = (VARIABLE_HEADER *)((UINTN) CacheVariable->StartPtr + ((UINTN) Variable->CurrPtr - (UINTN) Variable->StartPtr)); - CacheVariable->InDeletedTransitionPtr = NULL; + if (!EFI_ERROR (Status)) { + // + // The new variable has been integrated successfully during reclaiming. + // + if (Variable->CurrPtr != NULL) { + CacheVariable->CurrPtr = (VARIABLE_HEADER *)((UINTN) CacheVariable->StartPtr + ((UINTN) Variable->CurrPtr - (UINTN) Variable->StartPtr)); + CacheVariable->InDeletedTransitionPtr = NULL; + } + UpdateVariableInfo (VariableName, VendorGuid, TRUE, FALSE, TRUE, FALSE, FALSE); } + goto Done; } NextVariable->State = VAR_ADDED; @@ -2327,6 +2403,63 @@ IsHwErrRecVariable ( return TRUE; } +/** + This code checks if variable guid is global variable guid first. + If yes, further check if variable name is in mGlobalVariableList or mGlobalVariableList2 and attributes matched. + + @param[in] VariableName Pointer to variable name. + @param[in] VendorGuid Variable Vendor Guid. + @param[in] Attributes Attributes of the variable. + + @retval EFI_SUCCESS Variable is not global variable, or Variable is global variable, variable name is in the lists and attributes matched. + @retval EFI_INVALID_PARAMETER Variable is global variable, but variable name is not in the lists or attributes unmatched. + +**/ +EFI_STATUS +EFIAPI +CheckEfiGlobalVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes + ) +{ + UINTN Index; + UINTN NameLength; + + if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)){ + // + // Try list 1, exactly match. + // + for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) { + if ((StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) && + (Attributes == 0 || (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) == mGlobalVariableList[Index].Attributes)) { + return EFI_SUCCESS; + } + } + + // + // Try list 2. + // + NameLength = StrLen (VariableName) - 4; + for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) { + if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) && + (StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) && + IsHexaDecimalDigitCharacter (VariableName[NameLength]) && + IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) && + IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) && + IsHexaDecimalDigitCharacter (VariableName[NameLength + 3]) && + (Attributes == 0 || (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) == mGlobalVariableList2[Index].Attributes)) { + return EFI_SUCCESS; + } + } + + DEBUG ((EFI_D_INFO, "[Variable]: set global variable with invalid variable name or attributes - %g:%s:%x\n", VendorGuid, VariableName, Attributes)); + return EFI_INVALID_PARAMETER; + } + + return EFI_SUCCESS; +} + /** Mark a variable that will become read-only after leaving the DXE phase of execution. @@ -2398,7 +2531,13 @@ IsReadOnlyVariable ( if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) { if ((StrCmp (VariableName, EFI_SETUP_MODE_NAME) == 0) || (StrCmp (VariableName, EFI_SIGNATURE_SUPPORT_NAME) == 0) || - (StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0)) { + (StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0) || + (StrCmp (VariableName, EFI_VENDOR_KEYS_VARIABLE_NAME) == 0) || + (StrCmp (VariableName, EFI_KEK_DEFAULT_VARIABLE_NAME) == 0) || + (StrCmp (VariableName, EFI_PK_DEFAULT_VARIABLE_NAME) == 0) || + (StrCmp (VariableName, EFI_DB_DEFAULT_VARIABLE_NAME) == 0) || + (StrCmp (VariableName, EFI_DBX_DEFAULT_VARIABLE_NAME) == 0) || + (StrCmp (VariableName, EFI_DBT_DEFAULT_VARIABLE_NAME) == 0)) { return TRUE; } } @@ -2787,6 +2926,11 @@ VariableServiceSetVariable ( } } + Status = CheckEfiGlobalVariable (VariableName, VendorGuid, Attributes); + if (EFI_ERROR (Status)) { + return Status; + } + AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); // @@ -2831,6 +2975,16 @@ VariableServiceSetVariable ( Status = EFI_WRITE_PROTECTED; goto Done; } + if (Attributes != 0 && (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Variable.CurrPtr->Attributes) { + // + // If a preexisting variable is rewritten with different attributes, SetVariable() shall not + // modify the variable and shall return EFI_INVALID_PARAMETER. Two exceptions to this rule: + // 1. No access attributes specified + // 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE + // + Status = EFI_INVALID_PARAMETER; + goto Done; + } } // @@ -2858,6 +3012,15 @@ Done: InterlockedDecrement (&mVariableModuleGlobal->VariableGlobal.ReentrantState); ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); + if (!AtRuntime ()) { + if (!EFI_ERROR (Status)) { + SecureBootHook ( + VariableName, + VendorGuid + ); + } + } + return Status; } @@ -3061,7 +3224,8 @@ ReclaimForOS( &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, NULL, - FALSE, + NULL, + 0, FALSE ); ASSERT_EFI_ERROR (Status); @@ -3332,8 +3496,9 @@ VariableWriteServiceInitialize ( &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, NULL, - FALSE, - TRUE + NULL, + 0, + FALSE ); if (EFI_ERROR (Status)) { return Status;