From 31b183bcf93bb80e40753e5b4f17dff7e3195703 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Tue, 25 Aug 2015 02:58:09 +0000 Subject: [PATCH] MdeModulePkg: Add VarCheckLib library What to do: 1. Add VarCheckLib LibraryClass definitions. 2. Implement VarCheckLib library instance. The code logic are separated from Variable driver. Why to do: Share code. Separate variable check service from Variable driver in MdeModulePkg. We are going to separate generic software logic code from Variable Driver to benefit other variable driver implementation. Auth services has been done to be AuthVariableLib, now to cover variable check service. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Jiewen Yao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18278 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/Include/Library/VarCheckLib.h | 180 +++++ .../Library/VarCheckLib/VarCheckLib.c | 650 ++++++++++++++++++ .../Library/VarCheckLib/VarCheckLib.inf | 51 ++ .../Library/VarCheckLib/VarCheckLib.uni | Bin 0 -> 1798 bytes MdeModulePkg/MdeModulePkg.dec | 4 + 5 files changed, 885 insertions(+) create mode 100644 MdeModulePkg/Include/Library/VarCheckLib.h create mode 100644 MdeModulePkg/Library/VarCheckLib/VarCheckLib.c create mode 100644 MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf create mode 100644 MdeModulePkg/Library/VarCheckLib/VarCheckLib.uni diff --git a/MdeModulePkg/Include/Library/VarCheckLib.h b/MdeModulePkg/Include/Library/VarCheckLib.h new file mode 100644 index 0000000000..a423bc0e54 --- /dev/null +++ b/MdeModulePkg/Include/Library/VarCheckLib.h @@ -0,0 +1,180 @@ +/** @file + Provides variable check services and database management. + +Copyright (c) 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials are licensed and made available under +the terms and conditions of the BSD License that accompanies this distribution. +The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php. + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _VARIABLE_CHECK_LIB_H_ +#define _VARIABLE_CHECK_LIB_H_ + +#include + +typedef enum { + VarCheckRequestReserved0 = 0, + VarCheckRequestReserved1 = 1, + VarCheckFromTrusted = 2, + VarCheckFromUntrusted = 3, +} VAR_CHECK_REQUEST_SOURCE; + +typedef +VOID +(EFIAPI *VAR_CHECK_END_OF_DXE_CALLBACK) ( + VOID + ); + +/** + Register END_OF_DXE callback. + The callback will be invoked by VarCheckLibInitializeAtEndOfDxe(). + + @param[in] Callback END_OF_DXE callback. + + @retval EFI_SUCCESS The callback was registered successfully. + @retval EFI_INVALID_PARAMETER Callback is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the callback register request. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibRegisterEndOfDxeCallback ( + IN VAR_CHECK_END_OF_DXE_CALLBACK Callback + ); + +/** + Var check initialize at END_OF_DXE. + + This function needs to be called at END_OF_DXE. + Address pointers may be returned, + and caller needs to ConvertPointer() for the pointers. + + @param[in, out] AddressPointerCount Output pointer to address pointer count. + + @return Address pointer buffer, NULL if input AddressPointerCount is NULL. + +**/ +VOID *** +EFIAPI +VarCheckLibInitializeAtEndOfDxe ( + IN OUT UINTN *AddressPointerCount OPTIONAL + ); + +/** + Register address pointer. + The AddressPointer may be returned by VarCheckLibInitializeAtEndOfDxe(). + + @param[in] AddressPointer Address pointer. + + @retval EFI_SUCCESS The address pointer was registered successfully. + @retval EFI_INVALID_PARAMETER AddressPointer is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the address pointer register request. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibRegisterAddressPointer ( + IN VOID **AddressPointer + ); + +/** + Register SetVariable check handler. + + @param[in] Handler Pointer to check handler. + + @retval EFI_SUCCESS The SetVariable check handler was registered successfully. + @retval EFI_INVALID_PARAMETER Handler is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request. + @retval EFI_UNSUPPORTED This interface is not implemented. + For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibRegisterSetVariableCheckHandler ( + IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler + ); + +/** + Variable property set. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[in] VariableProperty Pointer to the input variable property. + + @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string, + or the fields of VariableProperty are not valid. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibVariablePropertySet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ); + +/** + Variable property get. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[out] VariableProperty Pointer to the output variable property. + + @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string. + @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibVariablePropertyGet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ); + +/** + SetVariable check. + + @param[in] VariableName Name of Variable to set. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Attributes Attribute value of the variable. + @param[in] DataSize Size of Data to set. + @param[in] Data Data pointer. + @param[in] RequestSource Request source. + + @retval EFI_SUCCESS The SetVariable check result was success. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, GUID, + DataSize and Data value was supplied. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval Others The other return status from check handler. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibSetVariableCheck ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data, + IN VAR_CHECK_REQUEST_SOURCE RequestSource + ); + +#endif diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c new file mode 100644 index 0000000000..cf001547a5 --- /dev/null +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.c @@ -0,0 +1,650 @@ +/** @file + Implementation functions and structures for var check services. + +Copyright (c) 2015, Intel Corporation. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include +#include + +#include +#include + +BOOLEAN mVarCheckLibEndOfDxe = FALSE; + +#define VAR_CHECK_TABLE_SIZE 0x8 + +UINTN mVarCheckLibEndOfDxeCallbackCount = 0; +UINTN mVarCheckLibEndOfDxeCallbackMaxCount = 0; +VAR_CHECK_END_OF_DXE_CALLBACK *mVarCheckLibEndOfDxeCallback = NULL; + +UINTN mVarCheckLibAddressPointerCount = 0; +UINTN mVarCheckLibAddressPointerMaxCount = 0; +VOID ***mVarCheckLibAddressPointer = NULL; + +UINTN mNumberOfVarCheckHandler = 0; +UINTN mMaxNumberOfVarCheckHandler = 0; +VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mVarCheckHandlerTable = NULL; + +typedef struct { + EFI_GUID Guid; + VAR_CHECK_VARIABLE_PROPERTY VariableProperty; + //CHAR16 *Name; +} VAR_CHECK_VARIABLE_ENTRY; + +UINTN mNumberOfVarCheckVariable = 0; +UINTN mMaxNumberOfVarCheckVariable = 0; +VARIABLE_ENTRY_PROPERTY **mVarCheckVariableTable = NULL; + +// +// Handle variables with wildcard name specially. +// +VARIABLE_ENTRY_PROPERTY mVarCheckVariableWithWildcardName[] = { + { + &gEfiGlobalVariableGuid, + L"Boot####", + { + 0 + }, + }, + { + &gEfiGlobalVariableGuid, + L"Driver####", + { + 0 + }, + }, + { + &gEfiGlobalVariableGuid, + L"SysPrep####", + { + 0 + }, + }, + { + &gEfiGlobalVariableGuid, + L"Key####", + { + 0 + }, + }, + { + &gEfiHardwareErrorVariableGuid, + L"HwErrRec####", + { + 0 + }, + }, +}; + +/** + Check if a Unicode character is a hexadecimal character. + + This function checks if a Unicode character is a + hexadecimal character. The valid hexadecimal character is + L'0' to L'9', L'a' to L'f', or L'A' to L'F'. + + + @param[in] Char The character to check against. + + @retval TRUE If the Char is a hexadecmial character. + @retval FALSE If the Char is not a hexadecmial character. + +**/ +BOOLEAN +EFIAPI +VarCheckInternalIsHexaDecimalDigitCharacter ( + IN CHAR16 Char + ) +{ + return (BOOLEAN) ((Char >= L'0' && Char <= L'9') || (Char >= L'A' && Char <= L'F') || (Char >= L'a' && Char <= L'f')); +} + +/** + Variable property get with wildcard name. + + @param[in] VariableName Pointer to variable name. + @param[in] VendorGuid Pointer to variable vendor GUID. + @param[in] WildcardMatch Try wildcard match or not. + + @return Pointer to variable property. + +**/ +VAR_CHECK_VARIABLE_PROPERTY * +VariablePropertyGetWithWildcardName ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN BOOLEAN WildcardMatch + ) +{ + UINTN Index; + UINTN NameLength; + + NameLength = StrLen (VariableName) - 4; + for (Index = 0; Index < sizeof (mVarCheckVariableWithWildcardName)/sizeof (mVarCheckVariableWithWildcardName[0]); Index++) { + if (CompareGuid (mVarCheckVariableWithWildcardName[Index].Guid, VendorGuid)){ + if (WildcardMatch) { + if ((StrLen (VariableName) == StrLen (mVarCheckVariableWithWildcardName[Index].Name)) && + (StrnCmp (VariableName, mVarCheckVariableWithWildcardName[Index].Name, NameLength) == 0) && + VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength]) && + VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) && + VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) && + VarCheckInternalIsHexaDecimalDigitCharacter (VariableName[NameLength + 3])) { + return &mVarCheckVariableWithWildcardName[Index].VariableProperty; + } + } + if (StrCmp (mVarCheckVariableWithWildcardName[Index].Name, VariableName) == 0) { + return &mVarCheckVariableWithWildcardName[Index].VariableProperty; + } + } + } + + return NULL; +} + +/** + Variable property get function. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[in] WildcardMatch Try wildcard match or not. + + @return Pointer to the property of variable specified by the Name and Guid. + +**/ +VAR_CHECK_VARIABLE_PROPERTY * +VariablePropertyGetFunction ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN BOOLEAN WildcardMatch + ) +{ + UINTN Index; + VAR_CHECK_VARIABLE_ENTRY *Entry; + CHAR16 *VariableName; + + for (Index = 0; Index < mNumberOfVarCheckVariable; Index++) { + Entry = (VAR_CHECK_VARIABLE_ENTRY *) mVarCheckVariableTable[Index]; + VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); + if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) { + return &Entry->VariableProperty; + } + } + + return VariablePropertyGetWithWildcardName (Name, Guid, WildcardMatch); +} + +/** + Var check add table entry. + + @param[in, out] Table Pointer to table buffer. + @param[in, out] MaxNumber Pointer to maximum number of entry in the table. + @param[in, out] CurrentNumber Pointer to current number of entry in the table. + @param[in] Entry Entry will be added to the table. + + @retval EFI_SUCCESS Reallocate memory successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to allocate. + +**/ +EFI_STATUS +VarCheckAddTableEntry ( + IN OUT UINTN **Table, + IN OUT UINTN *MaxNumber, + IN OUT UINTN *CurrentNumber, + IN UINTN Entry + ) +{ + UINTN *TempTable; + + // + // Check whether the table is enough to store new entry. + // + if (*CurrentNumber == *MaxNumber) { + // + // Reallocate memory for the table. + // + TempTable = ReallocateRuntimePool ( + *MaxNumber * sizeof (UINTN), + (*MaxNumber + VAR_CHECK_TABLE_SIZE) * sizeof (UINTN), + *Table + ); + + // + // No enough resource to allocate. + // + if (TempTable == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + *Table = TempTable; + // + // Increase max number. + // + *MaxNumber += VAR_CHECK_TABLE_SIZE; + } + + // + // Add entry to the table. + // + (*Table)[*CurrentNumber] = Entry; + (*CurrentNumber)++; + + return EFI_SUCCESS; +} + +/** + Register END_OF_DXE callback. + The callback will be invoked by VarCheckLibInitializeAtEndOfDxe(). + + @param[in] Callback END_OF_DXE callback. + + @retval EFI_SUCCESS The callback was registered successfully. + @retval EFI_INVALID_PARAMETER Callback is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the callback register request. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibRegisterEndOfDxeCallback ( + IN VAR_CHECK_END_OF_DXE_CALLBACK Callback + ) +{ + EFI_STATUS Status; + + if (Callback == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (mVarCheckLibEndOfDxe) { + return EFI_ACCESS_DENIED; + } + + Status = VarCheckAddTableEntry ( + (UINTN **) &mVarCheckLibEndOfDxeCallback, + &mVarCheckLibEndOfDxeCallbackMaxCount, + &mVarCheckLibEndOfDxeCallbackCount, + (UINTN) Callback + ); + + DEBUG ((EFI_D_INFO, "VarCheckLibRegisterEndOfDxeCallback - 0x%x %r\n", Callback, Status)); + + return Status; +} + +/** + Var check initialize at END_OF_DXE. + + This function needs to be called at END_OF_DXE. + Address pointers may be returned, + and caller needs to ConvertPointer() for the pointers. + + @param[in, out] AddressPointerCount Output pointer to address pointer count. + + @return Address pointer buffer, NULL if input AddressPointerCount is NULL. + +**/ +VOID *** +EFIAPI +VarCheckLibInitializeAtEndOfDxe ( + IN OUT UINTN *AddressPointerCount OPTIONAL + ) +{ + VOID *TempTable; + UINTN TotalCount; + UINTN Index; + + for (Index = 0; Index < mVarCheckLibEndOfDxeCallbackCount; Index++) { + // + // Invoke the callback registered by VarCheckLibRegisterEndOfDxeCallback(). + // + mVarCheckLibEndOfDxeCallback[Index] (); + } + if (mVarCheckLibEndOfDxeCallback != NULL) { + // + // Free the callback buffer. + // + mVarCheckLibEndOfDxeCallbackCount = 0; + mVarCheckLibEndOfDxeCallbackMaxCount = 0; + FreePool ((VOID *) mVarCheckLibEndOfDxeCallback); + mVarCheckLibEndOfDxeCallback = NULL; + } + + mVarCheckLibEndOfDxe = TRUE; + + if (AddressPointerCount == NULL) { + if (mVarCheckLibAddressPointer != NULL) { + // + // Free the address pointer buffer. + // + mVarCheckLibAddressPointerCount = 0; + mVarCheckLibAddressPointerMaxCount = 0; + FreePool ((VOID *) mVarCheckLibAddressPointer); + mVarCheckLibAddressPointer = NULL; + } + return NULL; + } + + // + // Get the total count needed. + // Also cover VarCheckHandler and the entries, and VarCheckVariable and the entries. + // + TotalCount = mVarCheckLibAddressPointerCount + (mNumberOfVarCheckHandler + 1) + (mNumberOfVarCheckVariable + 1); + TempTable = ReallocateRuntimePool ( + mVarCheckLibAddressPointerMaxCount * sizeof (VOID **), + TotalCount * sizeof (VOID **), + (VOID *) mVarCheckLibAddressPointer + ); + + if (TempTable != NULL) { + mVarCheckLibAddressPointer = (VOID ***) TempTable; + + // + // Cover VarCheckHandler and the entries. + // + mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckHandlerTable; + for (Index = 0; Index < mNumberOfVarCheckHandler; Index++) { + mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckHandlerTable[Index]; + } + + // + // Cover VarCheckVariable and the entries. + // + mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckVariableTable; + for (Index = 0; Index < mNumberOfVarCheckVariable; Index++) { + mVarCheckLibAddressPointer[mVarCheckLibAddressPointerCount++] = (VOID **) &mVarCheckVariableTable[Index]; + } + + ASSERT (mVarCheckLibAddressPointerCount == TotalCount); + mVarCheckLibAddressPointerMaxCount = mVarCheckLibAddressPointerCount; + } + + *AddressPointerCount = mVarCheckLibAddressPointerCount; + return mVarCheckLibAddressPointer; +} + +/** + Register address pointer. + The AddressPointer may be returned by VarCheckLibInitializeAtEndOfDxe(). + + @param[in] AddressPointer Address pointer. + + @retval EFI_SUCCESS The address pointer was registered successfully. + @retval EFI_INVALID_PARAMETER AddressPointer is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the address pointer register request. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibRegisterAddressPointer ( + IN VOID **AddressPointer + ) +{ + EFI_STATUS Status; + + if (AddressPointer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (mVarCheckLibEndOfDxe) { + return EFI_ACCESS_DENIED; + } + + Status = VarCheckAddTableEntry( + (UINTN **) &mVarCheckLibAddressPointer, + &mVarCheckLibAddressPointerMaxCount, + &mVarCheckLibAddressPointerCount, + (UINTN) AddressPointer + ); + + DEBUG ((EFI_D_INFO, "VarCheckLibRegisterAddressPointer - 0x%x %r\n", AddressPointer, Status)); + + return Status; +} + +/** + Register SetVariable check handler. + + @param[in] Handler Pointer to check handler. + + @retval EFI_SUCCESS The SetVariable check handler was registered successfully. + @retval EFI_INVALID_PARAMETER Handler is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request. + @retval EFI_UNSUPPORTED This interface is not implemented. + For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibRegisterSetVariableCheckHandler ( + IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler + ) +{ + EFI_STATUS Status; + + if (Handler == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (mVarCheckLibEndOfDxe) { + return EFI_ACCESS_DENIED; + } + + Status = VarCheckAddTableEntry( + (UINTN **) &mVarCheckHandlerTable, + &mMaxNumberOfVarCheckHandler, + &mNumberOfVarCheckHandler, + (UINTN) Handler + ); + + DEBUG ((EFI_D_INFO, "VarCheckLibRegisterSetVariableCheckHandler - 0x%x %r\n", Handler, Status)); + + return Status; +} + +/** + Variable property set. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[in] VariableProperty Pointer to the input variable property. + + @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string, + or the fields of VariableProperty are not valid. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibVariablePropertySet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ) +{ + EFI_STATUS Status; + VAR_CHECK_VARIABLE_ENTRY *Entry; + CHAR16 *VariableName; + VAR_CHECK_VARIABLE_PROPERTY *Property; + + if (Name == NULL || Name[0] == 0 || Guid == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (VariableProperty == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) { + return EFI_INVALID_PARAMETER; + } + + if (mVarCheckLibEndOfDxe) { + return EFI_ACCESS_DENIED; + } + + Status = EFI_SUCCESS; + + Property = VariablePropertyGetFunction (Name, Guid, FALSE); + if (Property != NULL) { + CopyMem (Property, VariableProperty, sizeof (*VariableProperty)); + } else { + Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name)); + if (Entry == NULL) { + return EFI_OUT_OF_RESOURCES; + } + VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); + StrCpyS (VariableName, StrSize (Name)/sizeof (CHAR16), Name); + CopyGuid (&Entry->Guid, Guid); + CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty)); + + Status = VarCheckAddTableEntry( + (UINTN **) &mVarCheckVariableTable, + &mMaxNumberOfVarCheckVariable, + &mNumberOfVarCheckVariable, + (UINTN) Entry + ); + + if (EFI_ERROR (Status)) { + FreePool (Entry); + } + } + + return Status; +} + +/** + Variable property get. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[out] VariableProperty Pointer to the output variable property. + + @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string. + @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibVariablePropertyGet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ) +{ + VAR_CHECK_VARIABLE_PROPERTY *Property; + + if (Name == NULL || Name[0] == 0 || Guid == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (VariableProperty == NULL) { + return EFI_INVALID_PARAMETER; + } + + Property = VariablePropertyGetFunction (Name, Guid, TRUE); + if (Property != NULL) { + CopyMem (VariableProperty, Property, sizeof (*VariableProperty)); + return EFI_SUCCESS; + } + + return EFI_NOT_FOUND; +} + +/** + SetVariable check. + + @param[in] VariableName Name of Variable to set. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Attributes Attribute value of the variable. + @param[in] DataSize Size of Data to set. + @param[in] Data Data pointer. + @param[in] RequestSource Request source. + + @retval EFI_SUCCESS The SetVariable check result was success. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, GUID, + DataSize and Data value was supplied. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval Others The other return status from check handler. + +**/ +EFI_STATUS +EFIAPI +VarCheckLibSetVariableCheck ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data, + IN VAR_CHECK_REQUEST_SOURCE RequestSource + ) +{ + EFI_STATUS Status; + UINTN Index; + VAR_CHECK_VARIABLE_PROPERTY *Property; + + if (!mVarCheckLibEndOfDxe) { + // + // Only do check after End Of Dxe. + // + return EFI_SUCCESS; + } + + Property = VariablePropertyGetFunction (VariableName, VendorGuid, TRUE); + if (Property != NULL) { + if ((RequestSource != VarCheckFromTrusted) && ((Property->Property & VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY) != 0)) { + DEBUG ((EFI_D_INFO, "Variable Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName)); + return EFI_WRITE_PROTECTED; + } + if (!((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0))) { + // + // Not to delete variable. + // + if ((Property->Attributes != 0) && ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes)) { + DEBUG ((EFI_D_INFO, "Variable Check Attributes(0x%08x to 0x%08x) fail %r - %g:%s\n", Property->Attributes, Attributes, EFI_INVALID_PARAMETER, VendorGuid, VariableName)); + return EFI_INVALID_PARAMETER; + } + if (DataSize != 0) { + if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) { + DEBUG ((EFI_D_INFO, "Variable Check DataSize fail(0x%x not in 0x%x - 0x%x) %r - %g:%s\n", DataSize, Property->MinSize, Property->MaxSize, EFI_INVALID_PARAMETER, VendorGuid, VariableName)); + return EFI_INVALID_PARAMETER; + } + } + } + } + + for (Index = 0; Index < mNumberOfVarCheckHandler; Index++) { + Status = mVarCheckHandlerTable[Index] ( + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName)); + return Status; + } + } + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf new file mode 100644 index 0000000000..099f83dd6a --- /dev/null +++ b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf @@ -0,0 +1,51 @@ +## @file +# Provides variable check services and database management. +# +# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = VarCheckLib + MODULE_UNI_FILE = VarCheckLib.uni + FILE_GUID = 63E12D08-0C5D-47F8-95E4-09F89D7506C5 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = VarCheckLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + VarCheckLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"Boot####" + ## SOMETIMES_CONSUMES ## Variable:L"Driver####" + ## SOMETIMES_CONSUMES ## Variable:L"SysPrep####" + ## SOMETIMES_CONSUMES ## Variable:L"Key####" + gEfiGlobalVariableGuid + gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" diff --git a/MdeModulePkg/Library/VarCheckLib/VarCheckLib.uni b/MdeModulePkg/Library/VarCheckLib/VarCheckLib.uni new file mode 100644 index 0000000000000000000000000000000000000000..d9761a1103cd2dcfa107e628b6bac7356e1a26a4 GIT binary patch literal 1798 zcmd6n&2H0B5QS%r#5-8&22h&-5*vgN2{m8=b(9|!R#lRwtwrKQPSTQ>Z~4yL#HJxg ztWafL+jnN}nKNg`zPoK$!y?u*uE^fmg=IFeu|2j&SmkS5VKckNevW;C<=O_=GVVi< zjcjCB_(t{v?}E3&<42qLf#sZySOZ)7sewmDHf5KyE{UA7a{To&_rv1w9u?-c_R24* zcS%K0sQD?+m-gIV*eg5aJ@G2WC=;2^6r9pswP(ELR2W$kzape#K$EhCD;D${qgUPD zSj#&0c8?}KIAq?BIp=1eD903(t=>!TiuNO}8NRvu)||_U5Be|38M-+EtK(g zE)~}s*FsbHXSEp|geVR{FXdXWSJgvXm3h?{sj7-Du!jzb^G{-SIo;PKXt^e8xH&%q zANwAjvIB)z0;6SaEq z`P+5iUyHC-d^P$5Mm`BgV2NoBhX41^TPy4Rw^}tRU8>X+waf18tM}p6T1Ve)XMX|M Cc^t0* literal 0 HcmV?d00001 diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 9a3f2cdcb4..4cd9c4dd89 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -123,6 +123,10 @@ # AuthVariableLib|Include/Library/AuthVariableLib.h + ## @libraryclass Provides variable check services and database management. + # + VarCheckLib|Include/Library/VarCheckLib.h + [Guids] ## MdeModule package token space guid # Include/Guid/MdeModulePkgTokenSpace.h -- 2.39.2