MdeModulePkg: Add MorLock to variable driver.

This patch adds MorLock function to Variable main function.
It also updates corresponding INF file to pass build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
Reviewed-by: "Zeng, Star" <star.zeng@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19690 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 2dc303834bef79fe95e3243df46af5eb17814725..5e39d44d4c7a5fc611f8a90193ccfac741f0a157 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -16,7 +16,7 @@
   VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,\r
   integer overflow. It should also check attribute to avoid authentication bypass.\r
 \r
   VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,\r
   integer overflow. It should also check attribute to avoid authentication bypass.\r
 \r

-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>\r

 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
 This program and the accompanying materials\r
 are licensed and made available under the terms and conditions of the BSD License\r


@@ -111,6 +111,43 @@ SecureBootHook (
   IN EFI_GUID                               *VendorGuid\r
   );\r
 \r
   IN EFI_GUID                               *VendorGuid\r
   );\r
 \r

+/**\r
+  Initialization for MOR Lock Control.\r
+\r
+  @retval EFI_SUCEESS     MorLock initialization success.\r
+  @return Others          Some error occurs.\r
+**/\r
+EFI_STATUS\r
+MorLockInit (\r
+  VOID\r
+  );\r
+\r
+/**\r
+  This service is an MOR/MorLock checker handler for the SetVariable().\r
+\r
+  @param  VariableName the name of the vendor's variable, as a\r
+                       Null-Terminated Unicode String\r
+  @param  VendorGuid   Unify identifier for vendor.\r
+  @param  Attributes   Point to memory location to return the attributes of variable. If the point\r
+                       is NULL, the parameter would be ignored.\r
+  @param  DataSize     The size in bytes of Data-Buffer.\r
+  @param  Data         Point to the content of the variable.\r
+\r
+  @retval  EFI_SUCCESS            The MOR/MorLock check pass, and Variable driver can store the variable data.\r
+  @retval  EFI_INVALID_PARAMETER  The MOR/MorLock data or data size or attributes is not allowed for MOR variable.\r
+  @retval  EFI_ACCESS_DENIED      The MOR/MorLock is locked.\r
+  @retval  EFI_ALREADY_STARTED    The MorLock variable is handled inside this function.\r
+                                  Variable driver can just return EFI_SUCCESS.\r
+**/\r
+EFI_STATUS\r
+SetVariableCheckHandlerMor (\r
+  IN CHAR16     *VariableName,\r
+  IN EFI_GUID   *VendorGuid,\r
+  IN UINT32     Attributes,\r
+  IN UINTN      DataSize,\r
+  IN VOID       *Data\r
+  );\r
+\r

 /**\r
   Routine used to track statistical information about variable usage.\r
   The data is stored in the EFI system table so it can be accessed later.\r
 /**\r
   Routine used to track statistical information about variable usage.\r
   The data is stored in the EFI system table so it can be accessed later.\r


@@ -3192,6 +3229,21 @@ VariableServiceSetVariable (
     }\r
   }\r
 \r
     }\r
   }\r
 \r

+  //\r
+  // Special Handling for MOR Lock variable.\r
+  //\r
+  Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));\r
+  if (Status == EFI_ALREADY_STARTED) {\r
+    //\r
+    // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor().\r
+    // Variable driver can just return SUCCESS.\r
+    //\r
+    return EFI_SUCCESS;\r
+  }\r
+  if (EFI_ERROR (Status)) {\r
+    return Status;\r
+  }\r
+\r

   Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);\r
   if (EFI_ERROR (Status)) {\r
     return Status;\r
   Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);\r
   if (EFI_ERROR (Status)) {\r
     return Status;\r


@@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize (
   }\r
 \r
   ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);\r
   }\r
 \r
   ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);\r

+\r
+  //\r
+  // Initialize MOR Lock variable.\r
+  //\r
+  MorLockInit ();\r
+\r

   return Status;\r
 }\r
 \r
   return Status;\r
 }\r
 \r

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 62c1568a50e007a087124fb0fd71ba2bd0f01344..5e7b5c534160b4172f2c8d8f7cd0bcb835692db2 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -9,7 +9,7 @@
 #  This external input must be validated carefully to avoid security issues such as\r
 #  buffer overflow or integer overflow.\r
 #\r
 #  This external input must be validated carefully to avoid security issues such as\r
 #  buffer overflow or integer overflow.\r
 #\r

-# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>\r

 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r


@@ -42,6 +42,7 @@
   VariableDxe.c\r
   Variable.h\r
   Measurement.c\r
   VariableDxe.c\r
   Variable.h\r
   Measurement.c\r

+  TcgMorLockDxe.c\r

   VarCheck.c\r
   VariableExLib.c\r
 \r
   VarCheck.c\r
   VariableExLib.c\r
 \r


@@ -95,6 +96,9 @@
   ## SOMETIMES_PRODUCES   ## Variable:L"Lang"\r
   gEfiGlobalVariableGuid\r
 \r
   ## SOMETIMES_PRODUCES   ## Variable:L"Lang"\r
   gEfiGlobalVariableGuid\r
 \r

+  gEfiMemoryOverwriteControlDataGuid            ## CONSUMES   ## Variable:L"MemoryOverwriteRequestControl"\r
+  gEfiMemoryOverwriteRequestControlLockGuid     ## PRODUCES   ## Variable:L"MemoryOverwriteRequestControlLock"\r
+\r

   gEfiEventVirtualAddressChangeGuid             ## CONSUMES             ## Event\r
   gEfiSystemNvDataFvGuid                        ## CONSUMES             ## GUID\r
   gEfiEndOfDxeEventGroupGuid                    ## CONSUMES             ## Event\r
   gEfiEventVirtualAddressChangeGuid             ## CONSUMES             ## Event\r
   gEfiSystemNvDataFvGuid                        ## CONSUMES             ## GUID\r
   gEfiEndOfDxeEventGroupGuid                    ## CONSUMES             ## Event\r

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index efcd3179d79cb31a3206808c74405b18b3e1433b..02f01064f39cf79e943f33d17462be4cd08d6a73 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -18,7 +18,7 @@
 #  may not be modified without authorization. If platform fails to protect these resources,\r
 #  the authentication service provided in this driver will be broken, and the behavior is undefined.\r
 #\r
 #  may not be modified without authorization. If platform fails to protect these resources,\r
 #  the authentication service provided in this driver will be broken, and the behavior is undefined.\r
 #\r

-# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r

 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r
 # This program and the accompanying materials\r
 # are licensed and made available under the terms and conditions of the BSD License\r
 # which accompanies this distribution. The full text of the license may be found at\r


@@ -52,6 +52,7 @@
   VarCheck.c\r
   Variable.h\r
   VariableExLib.c\r
   VarCheck.c\r
   Variable.h\r
   VariableExLib.c\r

+  TcgMorLockSmm.c\r

 \r
 [Packages]\r
   MdePkg/MdePkg.dec\r
 \r
 [Packages]\r
   MdePkg/MdePkg.dec\r


@@ -103,6 +104,9 @@
   ## SOMETIMES_PRODUCES   ## Variable:L"Lang"\r
   gEfiGlobalVariableGuid\r
 \r
   ## SOMETIMES_PRODUCES   ## Variable:L"Lang"\r
   gEfiGlobalVariableGuid\r
 \r

+  gEfiMemoryOverwriteControlDataGuid            ## CONSUMES   ## Variable:L"MemoryOverwriteRequestControl"\r
+  gEfiMemoryOverwriteRequestControlLockGuid     ## PRODUCES   ## Variable:L"MemoryOverwriteRequestControlLock"\r
+\r

   gSmmVariableWriteGuid                         ## PRODUCES             ## GUID # Install protocol\r
   gEfiSystemNvDataFvGuid                        ## CONSUMES             ## GUID\r
   gEdkiiFaultTolerantWriteGuid                  ## SOMETIMES_CONSUMES   ## HOB\r
   gSmmVariableWriteGuid                         ## PRODUCES             ## GUID # Install protocol\r
   gEfiSystemNvDataFvGuid                        ## CONSUMES             ## GUID\r
   gEdkiiFaultTolerantWriteGuid                  ## SOMETIMES_CONSUMES   ## HOB\r