From 46df0216b0edad0c4858ba01fd913ec34e9540c3 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 30 Nov 2015 18:49:03 +0000 Subject: [PATCH] OvmfPkg: pull in SMM-based variable driver stack When -D SMM_REQUIRE is given, replace both - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf and - OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf with - OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf. The outermost (= runtime DXE driver) VariableSmmRuntimeDxe enters SMM, and the rest: - the privileged half of the variable driver, VariableSmm, - the fault tolerant write driver, FaultTolerantWriteSmm, - and the FVB driver, FvbServicesSmm, work in SMM purely. We also resolve the BaseCryptLib class for DXE_SMM_DRIVER modules, for the authenticated VariableSmm driver's sake. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Jordan Justen git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19065 6f19259b-4bc3-4df7-8a09-765794883524 --- OvmfPkg/OvmfPkgIa32.dsc | 18 ++++++++++++++++-- OvmfPkg/OvmfPkgIa32.fdf | 16 ++++++++++++++-- OvmfPkg/OvmfPkgIa32X64.dsc | 18 ++++++++++++++++-- OvmfPkg/OvmfPkgIa32X64.fdf | 16 ++++++++++++++-- OvmfPkg/OvmfPkgX64.dsc | 18 ++++++++++++++++-- OvmfPkg/OvmfPkgX64.fdf | 16 ++++++++++++++-- 6 files changed, 90 insertions(+), 12 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index fe5d591e57..6f2e7f3c65 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -311,6 +311,7 @@ !ifdef $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -701,10 +702,22 @@ SmmCpuPlatformHookLib|UefiCpuPkg/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf } -!endif # - # Variable driver stack + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + + # + # Variable driver stack (non-SMM) # OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { @@ -716,3 +729,4 @@ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } +!endif diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index a1dd5bad78..1c1936c701 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -199,7 +199,9 @@ READ_LOCK_STATUS = TRUE APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +!if $(SMM_REQUIRE) == FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +!endif } # @@ -360,15 +362,25 @@ INF MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf -!endif # -# Variable driver stack +# Variable driver stack (SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + +# +# Variable driver stack (non-SMM) # INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif ################################################################################ diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 7e3280a30e..63fbb25efd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -316,6 +316,7 @@ !ifdef $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -708,10 +709,22 @@ SmmCpuPlatformHookLib|UefiCpuPkg/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf } -!endif # - # Variable driver stack + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + + # + # Variable driver stack (non-SMM) # OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { @@ -723,3 +736,4 @@ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } +!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index d736a4ffcd..ffed58a267 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -199,7 +199,9 @@ READ_LOCK_STATUS = TRUE APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +!if $(SMM_REQUIRE) == FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +!endif } # @@ -360,15 +362,25 @@ INF MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf -!endif # -# Variable driver stack +# Variable driver stack (SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + +# +# Variable driver stack (non-SMM) # INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif ################################################################################ diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index dd5c065cba..76ef00a80a 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -316,6 +316,7 @@ !ifdef $(SOURCE_DEBUG_ENABLE) DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/SmmDebugAgentLib.inf !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf [LibraryClasses.common.SMM_CORE] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -706,10 +707,22 @@ SmmCpuPlatformHookLib|UefiCpuPkg/Library/SmmCpuPlatformHookLibNull/SmmCpuPlatformHookLibNull.inf SmmCpuFeaturesLib|OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf } -!endif # - # Variable driver stack + # Variable driver stack (SMM) + # + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf + MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + + # + # Variable driver stack (non-SMM) # OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf { @@ -721,3 +734,4 @@ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf } +!endif diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 9b635f2646..ae9f348126 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -199,7 +199,9 @@ READ_LOCK_STATUS = TRUE APRIORI DXE { INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +!if $(SMM_REQUIRE) == FALSE INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +!endif } # @@ -360,15 +362,25 @@ INF MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf INF UefiCpuPkg/CpuIo2Smm/CpuIo2Smm.inf INF MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf INF UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf -!endif # -# Variable driver stack +# Variable driver stack (SMM) +# +INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + +!else + +# +# Variable driver stack (non-SMM) # INF OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +!endif ################################################################################ -- 2.39.2