From 2f6aa774fe38cf1dad5376e59cb2812989ef14c7 Mon Sep 17 00:00:00 2001 From: "Yao, Jiewen" Date: Tue, 19 Jan 2016 13:22:05 +0000 Subject: [PATCH] MdeModulePkg: Add MorLock to variable driver. This patch adds MorLock function to Variable main function. It also updates corresponding INF file to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Zhang, Chao B" Reviewed-by: "Zeng, Star" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19690 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Universal/Variable/RuntimeDxe/Variable.c | 60 ++++++++++++++++++- .../RuntimeDxe/VariableRuntimeDxe.inf | 6 +- .../Variable/RuntimeDxe/VariableSmm.inf | 6 +- 3 files changed, 69 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 2dc303834b..5e39d44d4c 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -16,7 +16,7 @@ VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow, integer overflow. It should also check attribute to avoid authentication bypass. -Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License @@ -111,6 +111,43 @@ SecureBootHook ( IN EFI_GUID *VendorGuid ); +/** + Initialization for MOR Lock Control. + + @retval EFI_SUCEESS MorLock initialization success. + @return Others Some error occurs. +**/ +EFI_STATUS +MorLockInit ( + VOID + ); + +/** + This service is an MOR/MorLock checker handler for the SetVariable(). + + @param VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize The size in bytes of Data-Buffer. + @param Data Point to the content of the variable. + + @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable driver can store the variable data. + @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or attributes is not allowed for MOR variable. + @retval EFI_ACCESS_DENIED The MOR/MorLock is locked. + @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this function. + Variable driver can just return EFI_SUCCESS. +**/ +EFI_STATUS +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ); + /** Routine used to track statistical information about variable usage. The data is stored in the EFI system table so it can be accessed later. @@ -3192,6 +3229,21 @@ VariableServiceSetVariable ( } } + // + // Special Handling for MOR Lock variable. + // + Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); + if (Status == EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; + } + if (EFI_ERROR (Status)) { + return Status; + } + Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); if (EFI_ERROR (Status)) { return Status; @@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize ( } ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); + + // + // Initialize MOR Lock variable. + // + MorLockInit (); + return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 62c1568a50..5e7b5c5341 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -9,7 +9,7 @@ # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -42,6 +42,7 @@ VariableDxe.c Variable.h Measurement.c + TcgMorLockDxe.c VarCheck.c VariableExLib.c @@ -95,6 +96,9 @@ ## SOMETIMES_PRODUCES ## Variable:L"Lang" gEfiGlobalVariableGuid + gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event gEfiSystemNvDataFvGuid ## CONSUMES ## GUID gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index efcd3179d7..02f01064f3 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -18,7 +18,7 @@ # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # -# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -52,6 +52,7 @@ VarCheck.c Variable.h VariableExLib.c + TcgMorLockSmm.c [Packages] MdePkg/MdePkg.dec @@ -103,6 +104,9 @@ ## SOMETIMES_PRODUCES ## Variable:L"Lang" gEfiGlobalVariableGuid + gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" + gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol gEfiSystemNvDataFvGuid ## CONSUMES ## GUID gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB -- 2.39.2