When the user requires "security" by passing -D SMM_REQUIRE, and
consequently by setting PcdSmmSmramRequire, enforce flash-based variables.
Furthermore, add two ASSERT()s to catch if the wrong module were pulled
into the build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19063
6f19259b-4bc3-4df7-8a09-
765794883524
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable\r
\r
+[FeaturePcd]\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire\r
\r
[Depex]\r
TRUE\r
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64\r
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable\r
\r
+[FeaturePcd]\r
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire\r
\r
[Depex]\r
TRUE\r
#include <Guid/EventGroup.h>\r
#include <Library/DebugLib.h>\r
#include <Library/DevicePathLib.h>\r
+#include <Library/PcdLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Library/UefiRuntimeLib.h>\r
#include <Protocol/DevicePath.h>\r
EFI_HANDLE FwbHandle;\r
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface;\r
\r
+ ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));\r
+\r
//\r
// Find a handle with a matching device path that has supports FW Block\r
// protocol\r
**/\r
\r
#include <Library/DebugLib.h>\r
+#include <Library/PcdLib.h>\r
#include <Library/SmmServicesTableLib.h>\r
#include <Protocol/DevicePath.h>\r
#include <Protocol/SmmFirmwareVolumeBlock.h>\r
EFI_HANDLE FvbHandle;\r
EFI_STATUS Status;\r
\r
+ ASSERT (FeaturePcdGet (PcdSmmSmramRequire));\r
+\r
//\r
// There is no SMM service that can install multiple protocols in the SMM\r
// protocol database in one go.\r
mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize;\r
\r
if (!QemuFlashDetected ()) {\r
+ ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));\r
return EFI_WRITE_PROTECTED;\r
}\r
\r