OvmfPkg: PlatformBdsLib: lock down SMM regardless of S3

At the moment, the EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is only installed if
S3 is enabled -- at the end of SaveS3BootScript().

While a runtime OS is never booted with SMM unlocked (because the SMM IPL
locks down SMM as a last resort:

> SMM IPL!  DXE SMM Ready To Lock Protocol not installed before Ready To
> Boot signal
> SmmInstallProtocolInterface: [EfiSmmReadyToLockProtocol] 0
> Patch page table start ...
> Patch page table done!
> SMM IPL locked SMRAM window

), we shouldn't allow UEFI drivers and applications either to mess with
SMM just because S3 is disabled. So install
EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL in PlatformBdsInit() unconditionally.

Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

diff --git a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
index b22f2a74a9d8a3ff9c6a0a2da266cf748e7d8f3b..8354f31ac2fe806a212dd0132e3d18f6d56213df 100644 (file)
--- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
@@ -125,6 +125,9 @@ Returns:
 \r
 --*/\r
 {\r
+  EFI_HANDLE Handle;\r
+  EFI_STATUS Status;\r
+\r
   DEBUG ((EFI_D_INFO, "PlatformBdsInit\n"));\r
   InstallDevicePathCallback ();\r
 \r
@@ -147,11 +150,20 @@ Returns:
 \r
   if (QemuFwCfgS3Enabled ()) {\r
     //\r
-    // Save the boot script too. Note that this requires/includes emitting the\r
-    // DxeSmmReadyToLock event, which in turn locks down SMM.\r
+    // Save the boot script too. Note that this will require us to emit the\r
+    // DxeSmmReadyToLock event just below, which in turn locks down SMM.\r
     //\r
     SaveS3BootScript ();\r
   }\r
+\r
+  //\r
+  // Prevent further changes to LockBoxes or SMRAM.\r
+  //\r
+  Handle = NULL;\r
+  Status = gBS->InstallProtocolInterface (&Handle,\r
+                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,\r
+                  NULL);\r
+  ASSERT_EFI_ERROR (Status);\r
 }\r
 \r
 \r
@@ -1206,10 +1218,8 @@ Returns:
 /**\r
   Save the S3 boot script.\r
 \r
-  Note that we trigger DxeSmmReadyToLock here -- otherwise the script wouldn't\r
-  be saved actually. Triggering this protocol installation event in turn locks\r
-  down SMM, so no further changes to LockBoxes or SMRAM are possible\r
-  afterwards.\r
+  Note that DxeSmmReadyToLock must be signaled after this function returns;\r
+  otherwise the script wouldn't be saved actually.\r
 **/\r
 STATIC\r
 VOID\r
@@ -1219,7 +1229,6 @@ SaveS3BootScript (
 {\r
   EFI_STATUS                 Status;\r
   EFI_S3_SAVE_STATE_PROTOCOL *BootScript;\r
-  EFI_HANDLE                 Handle;\r
   STATIC CONST UINT8         Info[] = { 0xDE, 0xAD, 0xBE, 0xEF };\r
 \r
   Status = gBS->LocateProtocol (&gEfiS3SaveStateProtocolGuid, NULL,\r
@@ -1235,12 +1244,6 @@ SaveS3BootScript (
                          (UINT32) sizeof Info,\r
                          (EFI_PHYSICAL_ADDRESS)(UINTN) &Info);\r
   ASSERT_EFI_ERROR (Status);\r
-\r
-  Handle = NULL;\r
-  Status = gBS->InstallProtocolInterface (&Handle,\r
-                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,\r
-                  NULL);\r
-  ASSERT_EFI_ERROR (Status);\r
 }\r
 \r
 \r