From 8021f4c716cfd9fae0ac6d4a0a9bee2dbcf13d29 Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Tue, 25 Aug 2015 03:01:56 +0000 Subject: [PATCH] MdeModulePkg Variable: Consume the separated VarCheckLib Since the variable check service has be separated to VarCheckLib from Variable driver, so update Variable driver to consume the separated VarCheckLib. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Jiewen Yao git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18286 6f19259b-4bc3-4df7-8a09-765794883524 --- MdeModulePkg/MdeModulePkg.dsc | 13 +- .../Universal/Variable/RuntimeDxe/VarCheck.c | 1117 +---------------- .../Universal/Variable/RuntimeDxe/Variable.c | 193 +-- .../Universal/Variable/RuntimeDxe/Variable.h | 97 +- .../Variable/RuntimeDxe/VariableDxe.c | 48 +- .../RuntimeDxe/VariableRuntimeDxe.inf | 15 +- .../Variable/RuntimeDxe/VariableSmm.c | 23 +- .../Variable/RuntimeDxe/VariableSmm.inf | 15 +- 8 files changed, 107 insertions(+), 1414 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index c99167b3da..ee928989ca 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -97,6 +97,7 @@ PlatformBootManagerLib|MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf [LibraryClasses.EBC.PEIM] IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf @@ -277,6 +278,8 @@ MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf + MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf @@ -369,13 +372,19 @@ MdeModulePkg/Universal/EbcDxe/EbcDxe.inf [Components.IA32, Components.X64, Components.Ebc] - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } MdeModulePkg/Universal/Variable/EmuRuntimeDxe/EmuVariableRuntimeDxe.inf [Components.IA32, Components.X64] MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf - MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + } MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c index 27b48012ca..ad56a9f5be 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c @@ -1,5 +1,6 @@ /** @file - Implementation functions and structures for var check protocol. + Implementation functions and structures for var check protocol + and variable lock protocol based on VarCheckLib. Copyright (c) 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials @@ -13,900 +14,53 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ #include "Variable.h" -#include - -extern LIST_ENTRY mLockedVariableList; -extern BOOLEAN mEndOfDxe; -extern BOOLEAN mEnableLocking; - -#define VAR_CHECK_HANDLER_TABLE_SIZE 0x8 - -UINT32 mNumberOfHandler = 0; -UINT32 mMaxNumberOfHandler = 0; -VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable = NULL; - -typedef struct { - LIST_ENTRY Link; - EFI_GUID Guid; - VAR_CHECK_VARIABLE_PROPERTY VariableProperty; - //CHAR16 *Name; -} VAR_CHECK_VARIABLE_ENTRY; - -LIST_ENTRY mVarCheckVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mVarCheckVariableList); - -typedef -EFI_STATUS -(EFIAPI *INTERNAL_VAR_CHECK_FUNCTION) ( - IN VAR_CHECK_VARIABLE_PROPERTY *Propery, - IN UINTN DataSize, - IN VOID *Data - ); - -typedef struct { - CHAR16 *Name; - VAR_CHECK_VARIABLE_PROPERTY VariableProperty; - INTERNAL_VAR_CHECK_FUNCTION CheckFunction; -} UEFI_DEFINED_VARIABLE_ENTRY; - -/** - Internal check for load option. - - @param[in] VariablePropery Pointer to variable property. - @param[in] DataSize Data size. - @param[in] Data Pointer to data buffer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER The data buffer is not a valid load option. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckLoadOption ( - IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery, - IN UINTN DataSize, - IN VOID *Data - ) -{ - UINT16 FilePathListLength; - CHAR16 *Description; - EFI_DEVICE_PATH_PROTOCOL *FilePathList; - - FilePathListLength = *((UINT16 *) ((UINTN) Data + sizeof (UINT32))); - - // - // Check Description - // - Description = (CHAR16 *) ((UINTN) Data + sizeof (UINT32) + sizeof (UINT16)); - while (Description < (CHAR16 *) ((UINTN) Data + DataSize)) { - if (*Description == L'\0') { - break; - } - Description++; - } - if ((UINTN) Description >= ((UINTN) Data + DataSize)) { - return EFI_INVALID_PARAMETER; - } - Description++; - - // - // Check FilePathList - // - FilePathList = (EFI_DEVICE_PATH_PROTOCOL *) Description; - if ((UINTN) FilePathList > (MAX_ADDRESS - FilePathListLength)) { - return EFI_INVALID_PARAMETER; - } - if (((UINTN) FilePathList + FilePathListLength) > ((UINTN) Data + DataSize)) { - return EFI_INVALID_PARAMETER; - } - if (FilePathListLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) { - return EFI_INVALID_PARAMETER; - } - if (!IsDevicePathValid (FilePathList, FilePathListLength)) { - return EFI_INVALID_PARAMETER; - } - - return EFI_SUCCESS; -} - -/** - Internal check for key option. - - @param[in] VariablePropery Pointer to variable property. - @param[in] DataSize Data size. - @param[in] Data Pointer to data buffer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER The data buffer is not a valid key option. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckKeyOption ( - IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery, - IN UINTN DataSize, - IN VOID *Data - ) -{ - if (((DataSize - sizeof (EFI_KEY_OPTION)) % sizeof (EFI_INPUT_KEY)) != 0) { - return EFI_INVALID_PARAMETER; - } - - return EFI_SUCCESS; -} - -/** - Internal check for device path. - - @param[in] VariablePropery Pointer to variable property. - @param[in] DataSize Data size. - @param[in] Data Pointer to data buffer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER The data buffer is not a valid device path. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckDevicePath ( - IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery, - IN UINTN DataSize, - IN VOID *Data - ) -{ - if (!IsDevicePathValid ((EFI_DEVICE_PATH_PROTOCOL *) Data, DataSize)) { - return EFI_INVALID_PARAMETER; - } - return EFI_SUCCESS; -} /** - Internal check for ASCII string. + Mark a variable that will become read-only after leaving the DXE phase of execution. + Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed. - @param[in] VariablePropery Pointer to variable property. - @param[in] DataSize Data size. - @param[in] Data Pointer to data buffer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER The data buffer is not a Null-terminated ASCII string. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckAsciiString ( - IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery, - IN UINTN DataSize, - IN VOID *Data - ) -{ - CHAR8 *String; - UINTN Index; - - String = (CHAR8 *) Data; - if (String[DataSize - 1] == '\0') { - return EFI_SUCCESS; - } else { - for (Index = 1; Index < DataSize && (String[DataSize - 1 - Index] != '\0'); Index++); - if (Index == DataSize) { - return EFI_INVALID_PARAMETER; - } - } - return EFI_SUCCESS; -} - -/** - Internal check for size array. - - @param[in] VariablePropery Pointer to variable property. - @param[in] DataSize Data size. - @param[in] Data Pointer to data buffer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER The DataSize is not size array. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckSizeArray ( - IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery, - IN UINTN DataSize, - IN VOID *Data - ) -{ - if ((DataSize % VariablePropery->MinSize) != 0) { - return EFI_INVALID_PARAMETER; - } - return EFI_SUCCESS; -} - -// -// To prevent name collisions with possible future globally defined variables, -// other internal firmware data variables that are not defined here must be -// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or -// any other GUID defined by the UEFI Specification. Implementations must -// only permit the creation of variables with a UEFI Specification-defined -// VendorGuid when these variables are documented in the UEFI Specification. -// -UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList[] = { - { - EFI_LANG_CODES_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - InternalVarCheckAsciiString - }, - { - EFI_LANG_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - 1, - MAX_UINTN - }, - InternalVarCheckAsciiString - }, - { - EFI_TIME_OUT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT16), - sizeof (UINT16) - }, - NULL - }, - { - EFI_PLATFORM_LANG_CODES_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - InternalVarCheckAsciiString - }, - { - EFI_PLATFORM_LANG_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - 1, - MAX_UINTN - }, - InternalVarCheckAsciiString - }, - { - EFI_CON_IN_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (EFI_DEVICE_PATH_PROTOCOL), - MAX_UINTN - }, - InternalVarCheckDevicePath - }, - { - EFI_CON_OUT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (EFI_DEVICE_PATH_PROTOCOL), - MAX_UINTN - }, - InternalVarCheckDevicePath - }, - { - EFI_ERR_OUT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (EFI_DEVICE_PATH_PROTOCOL), - MAX_UINTN - }, - InternalVarCheckDevicePath - }, - { - EFI_CON_IN_DEV_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (EFI_DEVICE_PATH_PROTOCOL), - MAX_UINTN - }, - InternalVarCheckDevicePath - }, - { - EFI_CON_OUT_DEV_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (EFI_DEVICE_PATH_PROTOCOL), - MAX_UINTN - }, - InternalVarCheckDevicePath - }, - { - EFI_ERR_OUT_DEV_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (EFI_DEVICE_PATH_PROTOCOL), - MAX_UINTN - }, - InternalVarCheckDevicePath - }, - { - EFI_BOOT_ORDER_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT16), - MAX_UINTN - }, - InternalVarCheckSizeArray - }, - { - EFI_BOOT_NEXT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT16), - sizeof (UINT16) - }, - NULL - }, - { - EFI_BOOT_CURRENT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (UINT16), - sizeof (UINT16) - }, - NULL - }, - { - EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (UINT32), - sizeof (UINT32) - }, - NULL - }, - { - EFI_DRIVER_ORDER_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT16), - MAX_UINTN - }, - InternalVarCheckSizeArray - }, - { - EFI_SYS_PREP_ORDER_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT16), - MAX_UINTN - }, - InternalVarCheckSizeArray - }, - { - EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT16), - sizeof (UINT16) - }, - NULL - }, - { - EFI_SETUP_MODE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (UINT8), - sizeof (UINT8) - }, - NULL - }, - { - EFI_KEY_EXCHANGE_KEY_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT_AT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_PLATFORM_KEY_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT_AT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_SIGNATURE_SUPPORT_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (EFI_GUID), - MAX_UINTN - }, - InternalVarCheckSizeArray - }, - { - EFI_SECURE_BOOT_MODE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (UINT8), - sizeof (UINT8) - }, - NULL - }, - { - EFI_KEK_DEFAULT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_PK_DEFAULT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_DB_DEFAULT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_DBX_DEFAULT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_DBT_DEFAULT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (UINT64), - sizeof (UINT64) - }, - NULL - }, - { - EFI_OS_INDICATIONS_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT64), - sizeof (UINT64) - }, - NULL - }, - { - EFI_VENDOR_KEYS_VARIABLE_NAME, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, - VARIABLE_ATTRIBUTE_BS_RT, - sizeof (UINT8), - sizeof (UINT8) - }, - NULL - }, -}; -UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList2[] = { - { - L"Boot####", - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT32) + sizeof (UINT16), - MAX_UINTN - }, - InternalVarCheckLoadOption - }, - { - L"Driver####", - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT32) + sizeof (UINT16), - MAX_UINTN - }, - InternalVarCheckLoadOption - }, - { - L"SysPrep####", - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (UINT32) + sizeof (UINT16), - MAX_UINTN - }, - InternalVarCheckLoadOption - }, - { - L"Key####", - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT, - sizeof (EFI_KEY_OPTION), - sizeof (EFI_KEY_OPTION) + 3 * sizeof (EFI_INPUT_KEY) - }, - InternalVarCheckKeyOption - }, -}; - -// -// EFI_IMAGE_SECURITY_DATABASE_GUID -// -UEFI_DEFINED_VARIABLE_ENTRY mImageSecurityVariableList[] = { - { - EFI_IMAGE_SECURITY_DATABASE, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT_AT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_IMAGE_SECURITY_DATABASE1, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT_AT, - 1, - MAX_UINTN - }, - NULL - }, - { - EFI_IMAGE_SECURITY_DATABASE2, - { - VAR_CHECK_VARIABLE_PROPERTY_REVISION, - 0, - VARIABLE_ATTRIBUTE_NV_BS_RT_AT, - 1, - MAX_UINTN - }, - NULL - }, -}; - -/** - Get UEFI defined global variable or image security database variable property. - The code will check if variable guid is global variable or image security database guid first. - If yes, further check if variable name is in mGlobalVariableList, mGlobalVariableList2 or mImageSecurityVariableList. - - @param[in] VariableName Pointer to variable name. - @param[in] VendorGuid Variable Vendor Guid. - @param[in] WildcardMatch Try wildcard match or not. - @param[out] VariableProperty Pointer to variable property. - @param[out] VarCheckFunction Pointer to check function. - - @retval EFI_SUCCESS Variable is not global variable or image security database variable. - @retval EFI_INVALID_PARAMETER Variable is global variable or image security database variable, but variable name is not in the lists. - -**/ -EFI_STATUS -GetUefiDefinedVariableProperty ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN BOOLEAN WildcardMatch, - OUT VAR_CHECK_VARIABLE_PROPERTY **VariableProperty, - OUT INTERNAL_VAR_CHECK_FUNCTION *VarCheckFunction OPTIONAL - ) -{ - UINTN Index; - UINTN NameLength; - - if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) { - // - // Try list 1, exactly match. - // - for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) { - if (StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) { - if (VarCheckFunction != NULL) { - *VarCheckFunction = mGlobalVariableList[Index].CheckFunction; - } - *VariableProperty = &mGlobalVariableList[Index].VariableProperty; - return EFI_SUCCESS; - } - } - - // - // Try list 2. - // - NameLength = StrLen (VariableName) - 4; - for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) { - if (WildcardMatch) { - if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) && - (StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) && - IsHexaDecimalDigitCharacter (VariableName[NameLength]) && - IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) && - IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) && - IsHexaDecimalDigitCharacter (VariableName[NameLength + 3])) { - if (VarCheckFunction != NULL) { - *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction; - } - *VariableProperty = &mGlobalVariableList2[Index].VariableProperty; - return EFI_SUCCESS; - } - } - if (StrCmp (mGlobalVariableList2[Index].Name, VariableName) == 0) { - if (VarCheckFunction != NULL) { - *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction; - } - *VariableProperty = &mGlobalVariableList2[Index].VariableProperty; - return EFI_SUCCESS; - } - } - - // - // The variable name is not in the lists. - // - return EFI_INVALID_PARAMETER; - } - - if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) { - for (Index = 0; Index < sizeof (mImageSecurityVariableList)/sizeof (mImageSecurityVariableList[0]); Index++) { - if (StrCmp (mImageSecurityVariableList[Index].Name, VariableName) == 0) { - if (VarCheckFunction != NULL) { - *VarCheckFunction = mImageSecurityVariableList[Index].CheckFunction; - } - *VariableProperty = &mImageSecurityVariableList[Index].VariableProperty; - return EFI_SUCCESS; - } - } - - return EFI_INVALID_PARAMETER; - } - - // - // It is not global variable, image security database variable. - // - return EFI_SUCCESS; -} - -/** - Internal SetVariable check. - - @param[in] VariableName Name of Variable to set. - @param[in] VendorGuid Variable vendor GUID. - @param[in] Attributes Attribute value of the variable. - @param[in] DataSize Size of Data to set. - @param[in] Data Data pointer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied, - or the DataSize exceeds the minimum or maximum allowed, - or the Data value is not following UEFI spec for UEFI defined variables. - @retval EFI_WRITE_PROTECTED The variable in question is read-only. - @retval Others The return status from check handler. + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be made read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently. + @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked + as pending to be read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request. **/ EFI_STATUS EFIAPI -InternalVarCheckSetVariableCheck ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid ) { EFI_STATUS Status; - UINTN Index; - LIST_ENTRY *Link; - VAR_CHECK_VARIABLE_ENTRY *Entry; - CHAR16 *Name; - VAR_CHECK_VARIABLE_PROPERTY *Property; - INTERNAL_VAR_CHECK_FUNCTION VarCheckFunction; - - if (!mEndOfDxe) { - // - // Only do check after End Of Dxe. - // - return EFI_SUCCESS; - } + VAR_CHECK_VARIABLE_PROPERTY Property; - Property = NULL; - VarCheckFunction = NULL; - - for ( Link = GetFirstNode (&mVarCheckVariableList) - ; !IsNull (&mVarCheckVariableList, Link) - ; Link = GetNextNode (&mVarCheckVariableList, Link) - ) { - Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link); - Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) { - Property = &Entry->VariableProperty; - break; - } - } - if (Property == NULL) { - Status = GetUefiDefinedVariableProperty (VariableName, VendorGuid, TRUE, &Property, &VarCheckFunction); - if (EFI_ERROR (Status)) { - // - // To prevent name collisions with possible future globally defined variables, - // other internal firmware data variables that are not defined here must be - // saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or - // any other GUID defined by the UEFI Specification. Implementations must - // only permit the creation of variables with a UEFI Specification-defined - // VendorGuid when these variables are documented in the UEFI Specification. - // - DEBUG ((EFI_D_INFO, "Variable Check UEFI defined variable fail %r - %s not in %g namespace\n", Status, VariableName, VendorGuid)); - return Status; - } - } - if (Property != NULL) { - if (mEnableLocking && ((Property->Property & VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY) != 0)) { - DEBUG ((EFI_D_INFO, "Variable Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName)); - return EFI_WRITE_PROTECTED; - } - if (!((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0))) { - // - // Not to delete variable. - // - if ((Property->Attributes != 0) && ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes)) { - DEBUG ((EFI_D_INFO, "Variable Check Attributes(0x%08x to 0x%08x) fail %r - %g:%s\n", Property->Attributes, Attributes, EFI_INVALID_PARAMETER, VendorGuid, VariableName)); - return EFI_INVALID_PARAMETER; - } - if (DataSize != 0) { - if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) { - DEBUG ((EFI_D_INFO, "Variable Check DataSize fail(0x%x not in 0x%x - 0x%x) %r - %g:%s\n", DataSize, Property->MinSize, Property->MaxSize, EFI_INVALID_PARAMETER, VendorGuid, VariableName)); - return EFI_INVALID_PARAMETER; - } - if (VarCheckFunction != NULL) { - Status = VarCheckFunction ( - Property, - DataSize, - Data - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_INFO, "Internal Variable Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName)); - return Status; - } - } - } - } - } + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - for (Index = 0; Index < mNumberOfHandler; Index++) { - Status = mHandlerTable[Index] ( - VariableName, - VendorGuid, - Attributes, - DataSize, - Data - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName)); - return Status; - } + Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property); + if (!EFI_ERROR (Status)) { + Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; + } else { + Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION; + Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; + Property.Attributes = 0; + Property.MinSize = 1; + Property.MaxSize = MAX_UINTN; } - return EFI_SUCCESS; -} - -/** - Reallocates more global memory to store the registered handler list. - - @retval RETURN_SUCCESS Reallocate memory successfully. - @retval RETURN_OUT_OF_RESOURCES No enough memory to allocate. + Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property); -**/ -RETURN_STATUS -EFIAPI -ReallocateHandlerTable ( - VOID - ) -{ - VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *HandlerTable; + DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status)); - // - // Reallocate memory for check handler table. - // - HandlerTable = ReallocateRuntimePool ( - mMaxNumberOfHandler * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER), - (mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE) * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER), - mHandlerTable - ); - - // - // No enough resource to allocate. - // - if (HandlerTable == NULL) { - return RETURN_OUT_OF_RESOURCES; - } + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - mHandlerTable = HandlerTable; - // - // Increase max handler number. - // - mMaxNumberOfHandler = mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE; - return RETURN_SUCCESS; + return Status; } /** @@ -931,131 +85,13 @@ VarCheckRegisterSetVariableCheckHandler ( { EFI_STATUS Status; - if (Handler == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (mEndOfDxe) { - return EFI_ACCESS_DENIED; - } - - DEBUG ((EFI_D_INFO, "RegisterSetVariableCheckHandler - 0x%x\n", Handler)); - - Status = EFI_SUCCESS; - AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - // - // Check whether the handler list is enough to store new handler. - // - if (mNumberOfHandler == mMaxNumberOfHandler) { - // - // Allocate more resources for new handler. - // - Status = ReallocateHandlerTable(); - if (EFI_ERROR (Status)) { - goto Done; - } - } - - // - // Register new handler into the handler list. - // - mHandlerTable[mNumberOfHandler] = Handler; - mNumberOfHandler++; - -Done: + Status = VarCheckLibRegisterSetVariableCheckHandler (Handler); ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); return Status; } -/** - Variable property get function. - - @param[in] Name Pointer to the variable name. - @param[in] Guid Pointer to the vendor GUID. - @param[in] WildcardMatch Try wildcard match or not. - - @return Pointer to the property of variable specified by the Name and Guid. - -**/ -VAR_CHECK_VARIABLE_PROPERTY * -VariablePropertyGetFunction ( - IN CHAR16 *Name, - IN EFI_GUID *Guid, - IN BOOLEAN WildcardMatch - ) -{ - LIST_ENTRY *Link; - VAR_CHECK_VARIABLE_ENTRY *Entry; - CHAR16 *VariableName; - VAR_CHECK_VARIABLE_PROPERTY *Property; - - Property = NULL; - - for ( Link = GetFirstNode (&mVarCheckVariableList) - ; !IsNull (&mVarCheckVariableList, Link) - ; Link = GetNextNode (&mVarCheckVariableList, Link) - ) { - Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link); - VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) { - return &Entry->VariableProperty; - } - } - - GetUefiDefinedVariableProperty (Name, Guid, WildcardMatch, &Property, NULL); - - return Property; -} - -/** - Internal variable property set. - - @param[in] Name Pointer to the variable name. - @param[in] Guid Pointer to the vendor GUID. - @param[in] VariableProperty Pointer to the input variable property. - - @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully. - @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckVariablePropertySet ( - IN CHAR16 *Name, - IN EFI_GUID *Guid, - IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty - ) -{ - EFI_STATUS Status; - VAR_CHECK_VARIABLE_ENTRY *Entry; - CHAR16 *VariableName; - VAR_CHECK_VARIABLE_PROPERTY *Property; - - Status = EFI_SUCCESS; - - Property = VariablePropertyGetFunction (Name, Guid, FALSE); - if (Property != NULL) { - CopyMem (Property, VariableProperty, sizeof (*VariableProperty)); - } else { - Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name)); - if (Entry == NULL) { - Status = EFI_OUT_OF_RESOURCES; - goto Done; - } - VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - StrCpyS (VariableName, StrSize(Name)/sizeof(CHAR16), Name); - CopyGuid (&Entry->Guid, Guid); - CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty)); - InsertTailList (&mVarCheckVariableList, &Entry->Link); - } - -Done: - return Status; -} - /** Variable property set. @@ -1079,84 +115,15 @@ VarCheckVariablePropertySet ( IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty ) { - EFI_STATUS Status; - - if (Name == NULL || Name[0] == 0 || Guid == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (VariableProperty == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) { - return EFI_INVALID_PARAMETER; - } - - if (mEndOfDxe) { - return EFI_ACCESS_DENIED; - } + EFI_STATUS Status; AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - Status = InternalVarCheckVariablePropertySet (Name, Guid, VariableProperty); - + Status = VarCheckLibVariablePropertySet (Name, Guid, VariableProperty); ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); return Status; } -/** - Internal variable property get. - - @param[in] Name Pointer to the variable name. - @param[in] Guid Pointer to the vendor GUID. - @param[out] VariableProperty Pointer to the output variable property. - - @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully. - @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckVariablePropertyGet ( - IN CHAR16 *Name, - IN EFI_GUID *Guid, - OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty - ) -{ - LIST_ENTRY *Link; - VARIABLE_ENTRY *Entry; - CHAR16 *VariableName; - BOOLEAN Found; - VAR_CHECK_VARIABLE_PROPERTY *Property; - - Found = FALSE; - - Property = VariablePropertyGetFunction (Name, Guid, TRUE); - if (Property != NULL) { - CopyMem (VariableProperty, Property, sizeof (*VariableProperty)); - Found = TRUE; - } - - for ( Link = GetFirstNode (&mLockedVariableList) - ; !IsNull (&mLockedVariableList, Link) - ; Link = GetNextNode (&mLockedVariableList, Link) - ) { - Entry = BASE_CR (Link, VARIABLE_ENTRY, Link); - VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) { - VariableProperty->Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY; - if (!Found) { - VariableProperty->Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION; - Found = TRUE; - } - } - } - - return (Found ? EFI_SUCCESS : EFI_NOT_FOUND); -} - /** Variable property get. @@ -1179,18 +146,8 @@ VarCheckVariablePropertyGet ( { EFI_STATUS Status; - if (Name == NULL || Name[0] == 0 || Guid == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (VariableProperty == NULL) { - return EFI_INVALID_PARAMETER; - } - AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - Status = InternalVarCheckVariablePropertyGet (Name, Guid, VariableProperty); - + Status = VarCheckLibVariablePropertyGet (Name, Guid, VariableProperty); ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); return Status; diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 8aee8ff6a0..31e1937c2f 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -41,21 +41,16 @@ VARIABLE_STORE_HEADER *mNvVariableCache = NULL; /// VARIABLE_INFO_ENTRY *gVariableInfo = NULL; -/// -/// The list to store the variables which cannot be set after the EFI_END_OF_DXE_EVENT_GROUP_GUID -/// or EVT_GROUP_READY_TO_BOOT event. -/// -LIST_ENTRY mLockedVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mLockedVariableList); - /// /// The flag to indicate whether the platform has left the DXE phase of execution. /// BOOLEAN mEndOfDxe = FALSE; /// -/// The flag to indicate whether the variable storage locking is enabled. +/// It indicates the var check request source. +/// In the implementation, DXE is regarded as untrusted, and SMM is trusted. /// -BOOLEAN mEnableLocking = TRUE; +VAR_CHECK_REQUEST_SOURCE mRequestSource = VarCheckFromUntrusted; // // It will record the current boot error flag before EndOfDxe. @@ -76,7 +71,7 @@ VARIABLE_ENTRY_PROPERTY mVariableEntryProperty[] = { }, }; -AUTH_VAR_LIB_CONTEXT_IN mContextIn = { +AUTH_VAR_LIB_CONTEXT_IN mAuthContextIn = { AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION, // // StructSize, TO BE FILLED @@ -94,7 +89,7 @@ AUTH_VAR_LIB_CONTEXT_IN mContextIn = { VariableExLibAtRuntime, }; -AUTH_VAR_LIB_CONTEXT_OUT mContextOut; +AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut; /** @@ -878,7 +873,7 @@ IsUserVariable ( // then no need to check if the variable is user variable or not specially. // if (mEndOfDxe && (mVariableModuleGlobal->CommonMaxUserVariableSpace != mVariableModuleGlobal->CommonVariableSpace)) { - if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) { + if (VarCheckLibVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) { return TRUE; } } @@ -910,7 +905,7 @@ CalculateCommonUserVariableTotalSize ( NextVariable = GetNextVariablePtr (Variable); VariableSize = (UINTN) NextVariable - (UINTN) Variable; if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) { - if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) { + if (VarCheckLibVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) { // // No property, it is user variable. // @@ -932,12 +927,9 @@ InitializeVariableQuota ( VOID ) { - STATIC BOOLEAN Initialized; - - if (!mEndOfDxe || Initialized) { + if (!mEndOfDxe) { return; } - Initialized = TRUE; InitializeVarErrorFlag (); CalculateCommonUserVariableTotalSize (); @@ -2769,131 +2761,6 @@ Done: return Status; } -/** - Check if a Unicode character is a hexadecimal character. - - This function checks if a Unicode character is a - hexadecimal character. The valid hexadecimal character is - L'0' to L'9', L'a' to L'f', or L'A' to L'F'. - - - @param Char The character to check against. - - @retval TRUE If the Char is a hexadecmial character. - @retval FALSE If the Char is not a hexadecmial character. - -**/ -BOOLEAN -EFIAPI -IsHexaDecimalDigitCharacter ( - IN CHAR16 Char - ) -{ - return (BOOLEAN) ((Char >= L'0' && Char <= L'9') || (Char >= L'A' && Char <= L'F') || (Char >= L'a' && Char <= L'f')); -} - -/** - - This code checks if variable is hardware error record variable or not. - - According to UEFI spec, hardware error record variable should use the EFI_HARDWARE_ERROR_VARIABLE VendorGuid - and have the L"HwErrRec####" name convention, #### is a printed hex value and no 0x or h is included in the hex value. - - @param VariableName Pointer to variable name. - @param VendorGuid Variable Vendor Guid. - - @retval TRUE Variable is hardware error record variable. - @retval FALSE Variable is not hardware error record variable. - -**/ -BOOLEAN -EFIAPI -IsHwErrRecVariable ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - if (!CompareGuid (VendorGuid, &gEfiHardwareErrorVariableGuid) || - (StrLen (VariableName) != StrLen (L"HwErrRec####")) || - (StrnCmp(VariableName, L"HwErrRec", StrLen (L"HwErrRec")) != 0) || - !IsHexaDecimalDigitCharacter (VariableName[0x8]) || - !IsHexaDecimalDigitCharacter (VariableName[0x9]) || - !IsHexaDecimalDigitCharacter (VariableName[0xA]) || - !IsHexaDecimalDigitCharacter (VariableName[0xB])) { - return FALSE; - } - - return TRUE; -} - -/** - Mark a variable that will become read-only after leaving the DXE phase of execution. - - - @param[in] This The VARIABLE_LOCK_PROTOCOL instance. - @param[in] VariableName A pointer to the variable name that will be made read-only subsequently. - @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently. - - @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked - as pending to be read-only. - @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. - Or VariableName is an empty string. - @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has - already been signaled. - @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request. -**/ -EFI_STATUS -EFIAPI -VariableLockRequestToLock ( - IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid - ) -{ - VARIABLE_ENTRY *Entry; - CHAR16 *Name; - LIST_ENTRY *Link; - VARIABLE_ENTRY *LockedEntry; - - if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) { - return EFI_INVALID_PARAMETER; - } - - if (mEndOfDxe) { - return EFI_ACCESS_DENIED; - } - - Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (VariableName)); - if (Entry == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s\n", VendorGuid, VariableName)); - - AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - for ( Link = GetFirstNode (&mLockedVariableList) - ; !IsNull (&mLockedVariableList, Link) - ; Link = GetNextNode (&mLockedVariableList, Link) - ) { - LockedEntry = BASE_CR (Link, VARIABLE_ENTRY, Link); - Name = (CHAR16 *) ((UINTN) LockedEntry + sizeof (*LockedEntry)); - if (CompareGuid (&LockedEntry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) { - goto Done; - } - } - - Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - StrCpyS (Name, StrSize (VariableName)/sizeof(CHAR16), VariableName); - CopyGuid (&Entry->Guid, VendorGuid); - InsertTailList (&mLockedVariableList, &Entry->Link); - -Done: - ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - - return EFI_SUCCESS; -} - /** This code finds variable in storage blocks (Volatile or Non-Volatile). @@ -3211,9 +3078,6 @@ VariableServiceSetVariable ( VARIABLE_HEADER *NextVariable; EFI_PHYSICAL_ADDRESS Point; UINTN PayloadSize; - LIST_ENTRY *Link; - VARIABLE_ENTRY *Entry; - CHAR16 *Name; // // Check input parameters. @@ -3301,9 +3165,6 @@ VariableServiceSetVariable ( if (StrSize (VariableName) + PayloadSize > PcdGet32 (PcdMaxHardwareErrorVariableSize) - GetVariableHeaderSize ()) { return EFI_INVALID_PARAMETER; } - if (!IsHwErrRecVariable(VariableName, VendorGuid)) { - return EFI_INVALID_PARAMETER; - } } else { // // The size of the VariableName, including the Unicode Null in bytes plus @@ -3320,7 +3181,7 @@ VariableServiceSetVariable ( } } - Status = InternalVarCheckSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); + Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); if (EFI_ERROR (Status)) { return Status; } @@ -3342,24 +3203,6 @@ VariableServiceSetVariable ( mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point; } - if (mEndOfDxe && mEnableLocking) { - // - // Treat the variables listed in the forbidden variable list as read-only after leaving DXE phase. - // - for ( Link = GetFirstNode (&mLockedVariableList) - ; !IsNull (&mLockedVariableList, Link) - ; Link = GetNextNode (&mLockedVariableList, Link) - ) { - Entry = BASE_CR (Link, VARIABLE_ENTRY, Link); - Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry)); - if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) { - Status = EFI_WRITE_PROTECTED; - DEBUG ((EFI_D_INFO, "[Variable]: Changing readonly variable after leaving DXE phase - %g:%s\n", VendorGuid, VariableName)); - goto Done; - } - } - } - // // Check whether the input variable is already existed. // @@ -4064,21 +3907,21 @@ VariableWriteServiceInitialize ( FlushHobVariableToFlash (NULL, NULL); Status = EFI_SUCCESS; - ZeroMem (&mContextOut, sizeof (mContextOut)); + ZeroMem (&mAuthContextOut, sizeof (mAuthContextOut)); if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { // // Authenticated variable initialize. // - mContextIn.StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_IN); - mContextIn.MaxAuthVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize (); - Status = AuthVariableLibInitialize (&mContextIn, &mContextOut); + mAuthContextIn.StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_IN); + mAuthContextIn.MaxAuthVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize (); + Status = AuthVariableLibInitialize (&mAuthContextIn, &mAuthContextOut); if (!EFI_ERROR (Status)) { DEBUG ((EFI_D_INFO, "Variable driver will work with auth variable support!\n")); mVariableModuleGlobal->VariableGlobal.AuthSupport = TRUE; - if (mContextOut.AuthVarEntry != NULL) { - for (Index = 0; Index < mContextOut.AuthVarEntryCount; Index++) { - VariableEntry = &mContextOut.AuthVarEntry[Index]; - Status = InternalVarCheckVariablePropertySet ( + if (mAuthContextOut.AuthVarEntry != NULL) { + for (Index = 0; Index < mAuthContextOut.AuthVarEntryCount; Index++) { + VariableEntry = &mAuthContextOut.AuthVarEntry[Index]; + Status = VarCheckLibVariablePropertySet ( VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty @@ -4097,7 +3940,7 @@ VariableWriteServiceInitialize ( if (!EFI_ERROR (Status)) { for (Index = 0; Index < sizeof (mVariableEntryProperty) / sizeof (mVariableEntryProperty[0]); Index++) { VariableEntry = &mVariableEntryProperty[Index]; - Status = InternalVarCheckVariablePropertySet (VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty); + Status = VarCheckLibVariablePropertySet (VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty); ASSERT_EFI_ERROR (Status); } } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h index 9928837fd8..5c224b9737 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h @@ -36,13 +36,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include #include -#include #include #include -#include #include #define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \ @@ -109,12 +108,6 @@ typedef struct { EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbInstance; } VARIABLE_MODULE_GLOBAL; -typedef struct { - LIST_ENTRY Link; - EFI_GUID Guid; - //CHAR16 *Name; -} VARIABLE_ENTRY; - /** Flush the HOB variable to flash. @@ -702,53 +695,6 @@ VariableLockRequestToLock ( IN EFI_GUID *VendorGuid ); -/** - Check if a Unicode character is a hexadecimal character. - - This function checks if a Unicode character is a - hexadecimal character. The valid hexadecimal character is - L'0' to L'9', L'a' to L'f', or L'A' to L'F'. - - - @param Char The character to check against. - - @retval TRUE If the Char is a hexadecmial character. - @retval FALSE If the Char is not a hexadecmial character. - -**/ -BOOLEAN -EFIAPI -IsHexaDecimalDigitCharacter ( - IN CHAR16 Char - ); - -/** - Internal SetVariable check. - - @param[in] VariableName Name of Variable to set. - @param[in] VendorGuid Variable vendor GUID. - @param[in] Attributes Attribute value of the variable. - @param[in] DataSize Size of Data to set. - @param[in] Data Data pointer. - - @retval EFI_SUCCESS The SetVariable check result was success. - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID were supplied, - or the DataSize exceeds the minimum or maximum allowed, - or the Data value is not following UEFI spec for UEFI defined variables. - @retval EFI_WRITE_PROTECTED The variable in question is read-only. - @retval Others The return status from check handler. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckSetVariableCheck ( - IN CHAR16 *VariableName, - IN EFI_GUID *VendorGuid, - IN UINT32 Attributes, - IN UINTN DataSize, - IN VOID *Data - ); - /** Register SetVariable check handler. @@ -769,45 +715,6 @@ VarCheckRegisterSetVariableCheckHandler ( IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler ); -/** - Internal variable property get. - - @param[in] Name Pointer to the variable name. - @param[in] Guid Pointer to the vendor GUID. - @param[out] VariableProperty Pointer to the output variable property. - - @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully. - @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckVariablePropertyGet ( - IN CHAR16 *Name, - IN EFI_GUID *Guid, - OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty - ); - -/** - Internal variable property set. - - @param[in] Name Pointer to the variable name. - @param[in] Guid Pointer to the vendor GUID. - @param[in] VariableProperty Pointer to the input variable property. - - @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully. - @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request. - -**/ -EFI_STATUS -EFIAPI -InternalVarCheckVariablePropertySet ( - IN CHAR16 *Name, - IN EFI_GUID *Guid, - IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty - ); - - /** Variable property set. @@ -862,7 +769,7 @@ InitializeVariableQuota ( extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal; -extern AUTH_VAR_LIB_CONTEXT_OUT mContextOut; +extern AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut; /** Finds variable in storage blocks of volatile and non-volatile storage areas. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c index 314ffddef1..caf51dfba6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c @@ -21,11 +21,9 @@ extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mHandle = NULL; EFI_EVENT mVirtualAddressChangeEvent = NULL; EFI_EVENT mFtwRegistration = NULL; -extern LIST_ENTRY mLockedVariableList; -extern LIST_ENTRY mVarCheckVariableList; -extern UINT32 mNumberOfHandler; -extern VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable; extern BOOLEAN mEndOfDxe; +VOID ***mVarCheckAddressPointer = NULL; +UINTN mVarCheckAddressPointerCount = 0; EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock }; EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler, VarCheckVariablePropertySet, @@ -227,7 +225,6 @@ VariableClassAddressChangeEvent ( IN VOID *Context ) { - EFI_STATUS Status; UINTN Index; EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetBlockSize); @@ -246,20 +243,16 @@ VariableClassAddressChangeEvent ( EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase); EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal); EfiConvertPointer (0x0, (VOID **) &mNvVariableCache); - EfiConvertPointer (0x0, (VOID **) &mHandlerTable); - for (Index = 0; Index < mNumberOfHandler; Index++) { - EfiConvertPointer (0x0, (VOID **) &mHandlerTable[Index]); - } - - Status = EfiConvertList (0x0, &mLockedVariableList); - ASSERT_EFI_ERROR (Status); - Status = EfiConvertList (0x0, &mVarCheckVariableList); - ASSERT_EFI_ERROR (Status); + if (mAuthContextOut.AddressPointer != NULL) { + for (Index = 0; Index < mAuthContextOut.AddressPointerCount; Index++) { + EfiConvertPointer (0x0, (VOID **) mAuthContextOut.AddressPointer[Index]); + } + } - if (mContextOut.AddressPointer != NULL) { - for (Index = 0; Index < mContextOut.AddressPointerCount; Index++) { - EfiConvertPointer (0x0, (VOID **) mContextOut.AddressPointer[Index]); + if (mVarCheckAddressPointer != NULL) { + for (Index = 0; Index < mVarCheckAddressPointerCount; Index++) { + EfiConvertPointer (0x0, (VOID **) mVarCheckAddressPointer[Index]); } } } @@ -283,14 +276,17 @@ OnReadyToBoot ( VOID *Context ) { - // - // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled. - // - mEndOfDxe = TRUE; - // - // The initialization for variable quota. - // - InitializeVariableQuota (); + if (!mEndOfDxe) { + // + // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled. + // + mEndOfDxe = TRUE; + mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + } ReclaimForOS (); if (FeaturePcdGet (PcdVariableCollectStatistics)) { if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { @@ -319,7 +315,9 @@ OnEndOfDxe ( VOID *Context ) { + DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n")); mEndOfDxe = TRUE; + mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount); // // The initialization for variable quota. // diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 6a523b8d76..74b35ece09 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -62,9 +62,9 @@ UefiDriverEntryPoint PcdLib HobLib - DevicePathLib TpmMeasurementLib AuthVariableLib + VarCheckLib [Protocols] gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES @@ -93,23 +93,10 @@ ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" ## SOMETIMES_CONSUMES ## Variable:L"Lang" ## SOMETIMES_PRODUCES ## Variable:L"Lang" - ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport" - ## SOMETIMES_CONSUMES ## Variable:L"SetupMode" - ## SOMETIMES_CONSUMES ## Variable:L"PK" - ## SOMETIMES_CONSUMES ## Variable:L"KEK" - ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" - ## SOMETIMES_CONSUMES ## Variable:L"SignatureSupport" - ## SOMETIMES_CONSUMES ## Variable:L"VendorKeys" gEfiGlobalVariableGuid - ## SOMETIMES_CONSUMES ## Variable:L"DB" - ## SOMETIMES_CONSUMES ## Variable:L"DBX" - ## SOMETIMES_CONSUMES ## Variable:L"DBT" - gEfiImageSecurityDatabaseGuid - gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event gEfiSystemNvDataFvGuid ## CONSUMES ## GUID - gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 95b532b1fb..fb16af31b1 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -45,7 +45,7 @@ BOOLEAN mAtRuntime = F UINT8 *mVariableBufferPayload = NULL; UINTN mVariableBufferPayloadSize; extern BOOLEAN mEndOfDxe; -extern BOOLEAN mEnableLocking; +extern VAR_CHECK_REQUEST_SOURCE mRequestSource; /** SecureBoot Hook for SetVariable. @@ -97,7 +97,7 @@ SmmVariableSetVariable ( // // Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL. // - mEnableLocking = FALSE; + mRequestSource = VarCheckFromTrusted; Status = VariableServiceSetVariable ( VariableName, VendorGuid, @@ -105,7 +105,7 @@ SmmVariableSetVariable ( DataSize, Data ); - mEnableLocking = TRUE; + mRequestSource = VarCheckFromUntrusted; return Status; } @@ -666,15 +666,18 @@ SmmVariableHandler ( break; case SMM_VARIABLE_FUNCTION_READY_TO_BOOT: - mEndOfDxe = TRUE; - // - // The initialization for variable quota. - // - InitializeVariableQuota (); if (AtRuntime()) { Status = EFI_UNSUPPORTED; break; } + if (!mEndOfDxe) { + mEndOfDxe = TRUE; + VarCheckLibInitializeAtEndOfDxe (NULL); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + } ReclaimForOS (); Status = EFI_SUCCESS; break; @@ -800,8 +803,9 @@ SmmEndOfDxeCallback ( IN EFI_HANDLE Handle ) { - DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n")); + DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n")); mEndOfDxe = TRUE; + VarCheckLibInitializeAtEndOfDxe (NULL); // // The initialization for variable quota. // @@ -809,6 +813,7 @@ SmmEndOfDxeCallback ( if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) { ReclaimForOS (); } + return EFI_SUCCESS; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 861d7474f6..efcd3179d7 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -69,9 +69,9 @@ DxeServicesTableLib HobLib PcdLib - DevicePathLib SmmMemLib AuthVariableLib + VarCheckLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES @@ -101,23 +101,10 @@ ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" ## SOMETIMES_CONSUMES ## Variable:L"Lang" ## SOMETIMES_PRODUCES ## Variable:L"Lang" - ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport" - ## SOMETIMES_CONSUMES ## Variable:L"SetupMode" - ## SOMETIMES_CONSUMES ## Variable:L"PK" - ## SOMETIMES_CONSUMES ## Variable:L"KEK" - ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" - ## SOMETIMES_CONSUMES ## Variable:L"SignatureSupport" - ## SOMETIMES_CONSUMES ## Variable:L"VendorKeys" gEfiGlobalVariableGuid - ## SOMETIMES_CONSUMES ## Variable:L"DB" - ## SOMETIMES_CONSUMES ## Variable:L"DBX" - ## SOMETIMES_CONSUMES ## Variable:L"DBT" - gEfiImageSecurityDatabaseGuid - gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol gEfiSystemNvDataFvGuid ## CONSUMES ## GUID - gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID gZeroGuid ## SOMETIMES_CONSUMES ## GUID -- 2.39.2