diff options
| author | Star Zeng <star.zeng@intel.com> | 2015-08-25 03:01:56 +0000 |
|---|---|---|
| committer | lzeng14 <lzeng14@Edk2> | 2015-08-25 03:01:56 +0000 |
| commit | 8021f4c716cfd9fae0ac6d4a0a9bee2dbcf13d29 (patch) | |
| tree | d291e21414ad9d68c19233313c74753f423f3063 | |
| parent | 3b0141375915a1c5f2b4101944c4b56abcccccd8 (diff) | |
| download | edk2-platforms-8021f4c716cfd9fae0ac6d4a0a9bee2dbcf13d29.tar.xz | |
MdeModulePkg Variable: Consume the separated VarCheckLib
Since the variable check service has be separated to VarCheckLib
from Variable driver, so update Variable driver to consume the
separated VarCheckLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18286 6f19259b-4bc3-4df7-8a09-765794883524
| -rw-r--r-- | MdeModulePkg/MdeModulePkg.dsc | 13 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c | 1117 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 193 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h | 97 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c | 48 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 15 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 23 | ||||
| -rw-r--r-- | MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 15 |
8 files changed, 107 insertions, 1414 deletions
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index c99167b3da..ee928989ca 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -97,6 +97,7 @@ PlatformBootManagerLib|MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
@@ -277,6 +278,8 @@ MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+ MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf
+ MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
@@ -369,13 +372,19 @@ MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
[Components.IA32, Components.X64, Components.Ebc]
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf {
+ <LibraryClasses>
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ }
MdeModulePkg/Universal/Variable/EmuRuntimeDxe/EmuVariableRuntimeDxe.inf
[Components.IA32, Components.X64]
MdeModulePkg/Core/PiSmmCore/PiSmmIpl.inf
MdeModulePkg/Core/PiSmmCore/PiSmmCore.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
+ <LibraryClasses>
+ NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf
+ }
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c index 27b48012ca..ad56a9f5be 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c @@ -1,5 +1,6 @@ /** @file
- Implementation functions and structures for var check protocol.
+ Implementation functions and structures for var check protocol
+ and variable lock protocol based on VarCheckLib.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
@@ -13,900 +14,53 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
#include "Variable.h"
-#include <Library/DevicePathLib.h>
-
-extern LIST_ENTRY mLockedVariableList;
-extern BOOLEAN mEndOfDxe;
-extern BOOLEAN mEnableLocking;
-
-#define VAR_CHECK_HANDLER_TABLE_SIZE 0x8
-
-UINT32 mNumberOfHandler = 0;
-UINT32 mMaxNumberOfHandler = 0;
-VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable = NULL;
-
-typedef struct {
- LIST_ENTRY Link;
- EFI_GUID Guid;
- VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
- //CHAR16 *Name;
-} VAR_CHECK_VARIABLE_ENTRY;
-
-LIST_ENTRY mVarCheckVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mVarCheckVariableList);
-
-typedef
-EFI_STATUS
-(EFIAPI *INTERNAL_VAR_CHECK_FUNCTION) (
- IN VAR_CHECK_VARIABLE_PROPERTY *Propery,
- IN UINTN DataSize,
- IN VOID *Data
- );
-
-typedef struct {
- CHAR16 *Name;
- VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
- INTERNAL_VAR_CHECK_FUNCTION CheckFunction;
-} UEFI_DEFINED_VARIABLE_ENTRY;
-
-/**
- Internal check for load option.
-
- @param[in] VariablePropery Pointer to variable property.
- @param[in] DataSize Data size.
- @param[in] Data Pointer to data buffer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER The data buffer is not a valid load option.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckLoadOption (
- IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- UINT16 FilePathListLength;
- CHAR16 *Description;
- EFI_DEVICE_PATH_PROTOCOL *FilePathList;
-
- FilePathListLength = *((UINT16 *) ((UINTN) Data + sizeof (UINT32)));
-
- //
- // Check Description
- //
- Description = (CHAR16 *) ((UINTN) Data + sizeof (UINT32) + sizeof (UINT16));
- while (Description < (CHAR16 *) ((UINTN) Data + DataSize)) {
- if (*Description == L'\0') {
- break;
- }
- Description++;
- }
- if ((UINTN) Description >= ((UINTN) Data + DataSize)) {
- return EFI_INVALID_PARAMETER;
- }
- Description++;
-
- //
- // Check FilePathList
- //
- FilePathList = (EFI_DEVICE_PATH_PROTOCOL *) Description;
- if ((UINTN) FilePathList > (MAX_ADDRESS - FilePathListLength)) {
- return EFI_INVALID_PARAMETER;
- }
- if (((UINTN) FilePathList + FilePathListLength) > ((UINTN) Data + DataSize)) {
- return EFI_INVALID_PARAMETER;
- }
- if (FilePathListLength < sizeof (EFI_DEVICE_PATH_PROTOCOL)) {
- return EFI_INVALID_PARAMETER;
- }
- if (!IsDevicePathValid (FilePathList, FilePathListLength)) {
- return EFI_INVALID_PARAMETER;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Internal check for key option.
-
- @param[in] VariablePropery Pointer to variable property.
- @param[in] DataSize Data size.
- @param[in] Data Pointer to data buffer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER The data buffer is not a valid key option.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckKeyOption (
- IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- if (((DataSize - sizeof (EFI_KEY_OPTION)) % sizeof (EFI_INPUT_KEY)) != 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Internal check for device path.
-
- @param[in] VariablePropery Pointer to variable property.
- @param[in] DataSize Data size.
- @param[in] Data Pointer to data buffer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER The data buffer is not a valid device path.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckDevicePath (
- IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- if (!IsDevicePathValid ((EFI_DEVICE_PATH_PROTOCOL *) Data, DataSize)) {
- return EFI_INVALID_PARAMETER;
- }
- return EFI_SUCCESS;
-}
/**
- Internal check for ASCII string.
+ Mark a variable that will become read-only after leaving the DXE phase of execution.
+ Write request coming from SMM environment through EFI_SMM_VARIABLE_PROTOCOL is allowed.
- @param[in] VariablePropery Pointer to variable property.
- @param[in] DataSize Data size.
- @param[in] Data Pointer to data buffer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER The data buffer is not a Null-terminated ASCII string.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckAsciiString (
- IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- CHAR8 *String;
- UINTN Index;
-
- String = (CHAR8 *) Data;
- if (String[DataSize - 1] == '\0') {
- return EFI_SUCCESS;
- } else {
- for (Index = 1; Index < DataSize && (String[DataSize - 1 - Index] != '\0'); Index++);
- if (Index == DataSize) {
- return EFI_INVALID_PARAMETER;
- }
- }
- return EFI_SUCCESS;
-}
-
-/**
- Internal check for size array.
-
- @param[in] VariablePropery Pointer to variable property.
- @param[in] DataSize Data size.
- @param[in] Data Pointer to data buffer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER The DataSize is not size array.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckSizeArray (
- IN VAR_CHECK_VARIABLE_PROPERTY *VariablePropery,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- if ((DataSize % VariablePropery->MinSize) != 0) {
- return EFI_INVALID_PARAMETER;
- }
- return EFI_SUCCESS;
-}
-
-//
-// To prevent name collisions with possible future globally defined variables,
-// other internal firmware data variables that are not defined here must be
-// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
-// any other GUID defined by the UEFI Specification. Implementations must
-// only permit the creation of variables with a UEFI Specification-defined
-// VendorGuid when these variables are documented in the UEFI Specification.
-//
-UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList[] = {
- {
- EFI_LANG_CODES_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- InternalVarCheckAsciiString
- },
- {
- EFI_LANG_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- 1,
- MAX_UINTN
- },
- InternalVarCheckAsciiString
- },
- {
- EFI_TIME_OUT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT16),
- sizeof (UINT16)
- },
- NULL
- },
- {
- EFI_PLATFORM_LANG_CODES_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- InternalVarCheckAsciiString
- },
- {
- EFI_PLATFORM_LANG_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- 1,
- MAX_UINTN
- },
- InternalVarCheckAsciiString
- },
- {
- EFI_CON_IN_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (EFI_DEVICE_PATH_PROTOCOL),
- MAX_UINTN
- },
- InternalVarCheckDevicePath
- },
- {
- EFI_CON_OUT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (EFI_DEVICE_PATH_PROTOCOL),
- MAX_UINTN
- },
- InternalVarCheckDevicePath
- },
- {
- EFI_ERR_OUT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (EFI_DEVICE_PATH_PROTOCOL),
- MAX_UINTN
- },
- InternalVarCheckDevicePath
- },
- {
- EFI_CON_IN_DEV_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (EFI_DEVICE_PATH_PROTOCOL),
- MAX_UINTN
- },
- InternalVarCheckDevicePath
- },
- {
- EFI_CON_OUT_DEV_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (EFI_DEVICE_PATH_PROTOCOL),
- MAX_UINTN
- },
- InternalVarCheckDevicePath
- },
- {
- EFI_ERR_OUT_DEV_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (EFI_DEVICE_PATH_PROTOCOL),
- MAX_UINTN
- },
- InternalVarCheckDevicePath
- },
- {
- EFI_BOOT_ORDER_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT16),
- MAX_UINTN
- },
- InternalVarCheckSizeArray
- },
- {
- EFI_BOOT_NEXT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT16),
- sizeof (UINT16)
- },
- NULL
- },
- {
- EFI_BOOT_CURRENT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (UINT16),
- sizeof (UINT16)
- },
- NULL
- },
- {
- EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (UINT32),
- sizeof (UINT32)
- },
- NULL
- },
- {
- EFI_DRIVER_ORDER_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT16),
- MAX_UINTN
- },
- InternalVarCheckSizeArray
- },
- {
- EFI_SYS_PREP_ORDER_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT16),
- MAX_UINTN
- },
- InternalVarCheckSizeArray
- },
- {
- EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT16),
- sizeof (UINT16)
- },
- NULL
- },
- {
- EFI_SETUP_MODE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (UINT8),
- sizeof (UINT8)
- },
- NULL
- },
- {
- EFI_KEY_EXCHANGE_KEY_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_PLATFORM_KEY_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_SIGNATURE_SUPPORT_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (EFI_GUID),
- MAX_UINTN
- },
- InternalVarCheckSizeArray
- },
- {
- EFI_SECURE_BOOT_MODE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (UINT8),
- sizeof (UINT8)
- },
- NULL
- },
- {
- EFI_KEK_DEFAULT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_PK_DEFAULT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_DB_DEFAULT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_DBX_DEFAULT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_DBT_DEFAULT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (UINT64),
- sizeof (UINT64)
- },
- NULL
- },
- {
- EFI_OS_INDICATIONS_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT64),
- sizeof (UINT64)
- },
- NULL
- },
- {
- EFI_VENDOR_KEYS_VARIABLE_NAME,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_BS_RT,
- sizeof (UINT8),
- sizeof (UINT8)
- },
- NULL
- },
-};
-UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList2[] = {
- {
- L"Boot####",
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT32) + sizeof (UINT16),
- MAX_UINTN
- },
- InternalVarCheckLoadOption
- },
- {
- L"Driver####",
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT32) + sizeof (UINT16),
- MAX_UINTN
- },
- InternalVarCheckLoadOption
- },
- {
- L"SysPrep####",
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (UINT32) + sizeof (UINT16),
- MAX_UINTN
- },
- InternalVarCheckLoadOption
- },
- {
- L"Key####",
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (EFI_KEY_OPTION),
- sizeof (EFI_KEY_OPTION) + 3 * sizeof (EFI_INPUT_KEY)
- },
- InternalVarCheckKeyOption
- },
-};
-
-//
-// EFI_IMAGE_SECURITY_DATABASE_GUID
-//
-UEFI_DEFINED_VARIABLE_ENTRY mImageSecurityVariableList[] = {
- {
- EFI_IMAGE_SECURITY_DATABASE,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_IMAGE_SECURITY_DATABASE1,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
- 1,
- MAX_UINTN
- },
- NULL
- },
- {
- EFI_IMAGE_SECURITY_DATABASE2,
- {
- VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- 0,
- VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
- 1,
- MAX_UINTN
- },
- NULL
- },
-};
-
-/**
- Get UEFI defined global variable or image security database variable property.
- The code will check if variable guid is global variable or image security database guid first.
- If yes, further check if variable name is in mGlobalVariableList, mGlobalVariableList2 or mImageSecurityVariableList.
-
- @param[in] VariableName Pointer to variable name.
- @param[in] VendorGuid Variable Vendor Guid.
- @param[in] WildcardMatch Try wildcard match or not.
- @param[out] VariableProperty Pointer to variable property.
- @param[out] VarCheckFunction Pointer to check function.
-
- @retval EFI_SUCCESS Variable is not global variable or image security database variable.
- @retval EFI_INVALID_PARAMETER Variable is global variable or image security database variable, but variable name is not in the lists.
-
-**/
-EFI_STATUS
-GetUefiDefinedVariableProperty (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN BOOLEAN WildcardMatch,
- OUT VAR_CHECK_VARIABLE_PROPERTY **VariableProperty,
- OUT INTERNAL_VAR_CHECK_FUNCTION *VarCheckFunction OPTIONAL
- )
-{
- UINTN Index;
- UINTN NameLength;
-
- if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) {
- //
- // Try list 1, exactly match.
- //
- for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) {
- if (StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) {
- if (VarCheckFunction != NULL) {
- *VarCheckFunction = mGlobalVariableList[Index].CheckFunction;
- }
- *VariableProperty = &mGlobalVariableList[Index].VariableProperty;
- return EFI_SUCCESS;
- }
- }
-
- //
- // Try list 2.
- //
- NameLength = StrLen (VariableName) - 4;
- for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) {
- if (WildcardMatch) {
- if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) &&
- (StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength]) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) &&
- IsHexaDecimalDigitCharacter (VariableName[NameLength + 3])) {
- if (VarCheckFunction != NULL) {
- *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction;
- }
- *VariableProperty = &mGlobalVariableList2[Index].VariableProperty;
- return EFI_SUCCESS;
- }
- }
- if (StrCmp (mGlobalVariableList2[Index].Name, VariableName) == 0) {
- if (VarCheckFunction != NULL) {
- *VarCheckFunction = mGlobalVariableList2[Index].CheckFunction;
- }
- *VariableProperty = &mGlobalVariableList2[Index].VariableProperty;
- return EFI_SUCCESS;
- }
- }
-
- //
- // The variable name is not in the lists.
- //
- return EFI_INVALID_PARAMETER;
- }
-
- if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) {
- for (Index = 0; Index < sizeof (mImageSecurityVariableList)/sizeof (mImageSecurityVariableList[0]); Index++) {
- if (StrCmp (mImageSecurityVariableList[Index].Name, VariableName) == 0) {
- if (VarCheckFunction != NULL) {
- *VarCheckFunction = mImageSecurityVariableList[Index].CheckFunction;
- }
- *VariableProperty = &mImageSecurityVariableList[Index].VariableProperty;
- return EFI_SUCCESS;
- }
- }
-
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // It is not global variable, image security database variable.
- //
- return EFI_SUCCESS;
-}
-
-/**
- Internal SetVariable check.
-
- @param[in] VariableName Name of Variable to set.
- @param[in] VendorGuid Variable vendor GUID.
- @param[in] Attributes Attribute value of the variable.
- @param[in] DataSize Size of Data to set.
- @param[in] Data Data pointer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID was supplied,
- or the DataSize exceeds the minimum or maximum allowed,
- or the Data value is not following UEFI spec for UEFI defined variables.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval Others The return status from check handler.
+ @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
+ @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
+ @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
+ @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
+ as pending to be read-only.
+ @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
+ Or VariableName is an empty string.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
**/
EFI_STATUS
EFIAPI
-InternalVarCheckSetVariableCheck (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
+VariableLockRequestToLock (
+ IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
)
{
EFI_STATUS Status;
- UINTN Index;
- LIST_ENTRY *Link;
- VAR_CHECK_VARIABLE_ENTRY *Entry;
- CHAR16 *Name;
- VAR_CHECK_VARIABLE_PROPERTY *Property;
- INTERNAL_VAR_CHECK_FUNCTION VarCheckFunction;
-
- if (!mEndOfDxe) {
- //
- // Only do check after End Of Dxe.
- //
- return EFI_SUCCESS;
- }
+ VAR_CHECK_VARIABLE_PROPERTY Property;
- Property = NULL;
- VarCheckFunction = NULL;
-
- for ( Link = GetFirstNode (&mVarCheckVariableList)
- ; !IsNull (&mVarCheckVariableList, Link)
- ; Link = GetNextNode (&mVarCheckVariableList, Link)
- ) {
- Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link);
- Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
- Property = &Entry->VariableProperty;
- break;
- }
- }
- if (Property == NULL) {
- Status = GetUefiDefinedVariableProperty (VariableName, VendorGuid, TRUE, &Property, &VarCheckFunction);
- if (EFI_ERROR (Status)) {
- //
- // To prevent name collisions with possible future globally defined variables,
- // other internal firmware data variables that are not defined here must be
- // saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
- // any other GUID defined by the UEFI Specification. Implementations must
- // only permit the creation of variables with a UEFI Specification-defined
- // VendorGuid when these variables are documented in the UEFI Specification.
- //
- DEBUG ((EFI_D_INFO, "Variable Check UEFI defined variable fail %r - %s not in %g namespace\n", Status, VariableName, VendorGuid));
- return Status;
- }
- }
- if (Property != NULL) {
- if (mEnableLocking && ((Property->Property & VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY) != 0)) {
- DEBUG ((EFI_D_INFO, "Variable Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName));
- return EFI_WRITE_PROTECTED;
- }
- if (!((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0))) {
- //
- // Not to delete variable.
- //
- if ((Property->Attributes != 0) && ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes)) {
- DEBUG ((EFI_D_INFO, "Variable Check Attributes(0x%08x to 0x%08x) fail %r - %g:%s\n", Property->Attributes, Attributes, EFI_INVALID_PARAMETER, VendorGuid, VariableName));
- return EFI_INVALID_PARAMETER;
- }
- if (DataSize != 0) {
- if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) {
- DEBUG ((EFI_D_INFO, "Variable Check DataSize fail(0x%x not in 0x%x - 0x%x) %r - %g:%s\n", DataSize, Property->MinSize, Property->MaxSize, EFI_INVALID_PARAMETER, VendorGuid, VariableName));
- return EFI_INVALID_PARAMETER;
- }
- if (VarCheckFunction != NULL) {
- Status = VarCheckFunction (
- Property,
- DataSize,
- Data
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_INFO, "Internal Variable Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName));
- return Status;
- }
- }
- }
- }
- }
+ AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
- for (Index = 0; Index < mNumberOfHandler; Index++) {
- Status = mHandlerTable[Index] (
- VariableName,
- VendorGuid,
- Attributes,
- DataSize,
- Data
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));
- return Status;
- }
+ Status = VarCheckLibVariablePropertyGet (VariableName, VendorGuid, &Property);
+ if (!EFI_ERROR (Status)) {
+ Property.Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
+ } else {
+ Property.Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
+ Property.Property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
+ Property.Attributes = 0;
+ Property.MinSize = 1;
+ Property.MaxSize = MAX_UINTN;
}
- return EFI_SUCCESS;
-}
-
-/**
- Reallocates more global memory to store the registered handler list.
-
- @retval RETURN_SUCCESS Reallocate memory successfully.
- @retval RETURN_OUT_OF_RESOURCES No enough memory to allocate.
+ Status = VarCheckLibVariablePropertySet (VariableName, VendorGuid, &Property);
-**/
-RETURN_STATUS
-EFIAPI
-ReallocateHandlerTable (
- VOID
- )
-{
- VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *HandlerTable;
+ DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s %r\n", VendorGuid, VariableName, Status));
- //
- // Reallocate memory for check handler table.
- //
- HandlerTable = ReallocateRuntimePool (
- mMaxNumberOfHandler * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER),
- (mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE) * sizeof (VAR_CHECK_SET_VARIABLE_CHECK_HANDLER),
- mHandlerTable
- );
-
- //
- // No enough resource to allocate.
- //
- if (HandlerTable == NULL) {
- return RETURN_OUT_OF_RESOURCES;
- }
+ ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
- mHandlerTable = HandlerTable;
- //
- // Increase max handler number.
- //
- mMaxNumberOfHandler = mMaxNumberOfHandler + VAR_CHECK_HANDLER_TABLE_SIZE;
- return RETURN_SUCCESS;
+ return Status;
}
/**
@@ -931,132 +85,14 @@ VarCheckRegisterSetVariableCheckHandler ( {
EFI_STATUS Status;
- if (Handler == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (mEndOfDxe) {
- return EFI_ACCESS_DENIED;
- }
-
- DEBUG ((EFI_D_INFO, "RegisterSetVariableCheckHandler - 0x%x\n", Handler));
-
- Status = EFI_SUCCESS;
-
AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- //
- // Check whether the handler list is enough to store new handler.
- //
- if (mNumberOfHandler == mMaxNumberOfHandler) {
- //
- // Allocate more resources for new handler.
- //
- Status = ReallocateHandlerTable();
- if (EFI_ERROR (Status)) {
- goto Done;
- }
- }
-
- //
- // Register new handler into the handler list.
- //
- mHandlerTable[mNumberOfHandler] = Handler;
- mNumberOfHandler++;
-
-Done:
+ Status = VarCheckLibRegisterSetVariableCheckHandler (Handler);
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
return Status;
}
/**
- Variable property get function.
-
- @param[in] Name Pointer to the variable name.
- @param[in] Guid Pointer to the vendor GUID.
- @param[in] WildcardMatch Try wildcard match or not.
-
- @return Pointer to the property of variable specified by the Name and Guid.
-
-**/
-VAR_CHECK_VARIABLE_PROPERTY *
-VariablePropertyGetFunction (
- IN CHAR16 *Name,
- IN EFI_GUID *Guid,
- IN BOOLEAN WildcardMatch
- )
-{
- LIST_ENTRY *Link;
- VAR_CHECK_VARIABLE_ENTRY *Entry;
- CHAR16 *VariableName;
- VAR_CHECK_VARIABLE_PROPERTY *Property;
-
- Property = NULL;
-
- for ( Link = GetFirstNode (&mVarCheckVariableList)
- ; !IsNull (&mVarCheckVariableList, Link)
- ; Link = GetNextNode (&mVarCheckVariableList, Link)
- ) {
- Entry = BASE_CR (Link, VAR_CHECK_VARIABLE_ENTRY, Link);
- VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {
- return &Entry->VariableProperty;
- }
- }
-
- GetUefiDefinedVariableProperty (Name, Guid, WildcardMatch, &Property, NULL);
-
- return Property;
-}
-
-/**
- Internal variable property set.
-
- @param[in] Name Pointer to the variable name.
- @param[in] Guid Pointer to the vendor GUID.
- @param[in] VariableProperty Pointer to the input variable property.
-
- @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckVariablePropertySet (
- IN CHAR16 *Name,
- IN EFI_GUID *Guid,
- IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
- )
-{
- EFI_STATUS Status;
- VAR_CHECK_VARIABLE_ENTRY *Entry;
- CHAR16 *VariableName;
- VAR_CHECK_VARIABLE_PROPERTY *Property;
-
- Status = EFI_SUCCESS;
-
- Property = VariablePropertyGetFunction (Name, Guid, FALSE);
- if (Property != NULL) {
- CopyMem (Property, VariableProperty, sizeof (*VariableProperty));
- } else {
- Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name));
- if (Entry == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Done;
- }
- VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- StrCpyS (VariableName, StrSize(Name)/sizeof(CHAR16), Name);
- CopyGuid (&Entry->Guid, Guid);
- CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty));
- InsertTailList (&mVarCheckVariableList, &Entry->Link);
- }
-
-Done:
- return Status;
-}
-
-/**
Variable property set.
@param[in] Name Pointer to the variable name.
@@ -1079,85 +115,16 @@ VarCheckVariablePropertySet ( IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
)
{
- EFI_STATUS Status;
-
- if (Name == NULL || Name[0] == 0 || Guid == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (VariableProperty == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (mEndOfDxe) {
- return EFI_ACCESS_DENIED;
- }
+ EFI_STATUS Status;
AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- Status = InternalVarCheckVariablePropertySet (Name, Guid, VariableProperty);
-
+ Status = VarCheckLibVariablePropertySet (Name, Guid, VariableProperty);
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
return Status;
}
/**
- Internal variable property get.
-
- @param[in] Name Pointer to the variable name.
- @param[in] Guid Pointer to the vendor GUID.
- @param[out] VariableProperty Pointer to the output variable property.
-
- @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
- @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckVariablePropertyGet (
- IN CHAR16 *Name,
- IN EFI_GUID *Guid,
- OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
- )
-{
- LIST_ENTRY *Link;
- VARIABLE_ENTRY *Entry;
- CHAR16 *VariableName;
- BOOLEAN Found;
- VAR_CHECK_VARIABLE_PROPERTY *Property;
-
- Found = FALSE;
-
- Property = VariablePropertyGetFunction (Name, Guid, TRUE);
- if (Property != NULL) {
- CopyMem (VariableProperty, Property, sizeof (*VariableProperty));
- Found = TRUE;
- }
-
- for ( Link = GetFirstNode (&mLockedVariableList)
- ; !IsNull (&mLockedVariableList, Link)
- ; Link = GetNextNode (&mLockedVariableList, Link)
- ) {
- Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
- VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- if (CompareGuid (&Entry->Guid, Guid) && (StrCmp (VariableName, Name) == 0)) {
- VariableProperty->Property |= VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
- if (!Found) {
- VariableProperty->Revision = VAR_CHECK_VARIABLE_PROPERTY_REVISION;
- Found = TRUE;
- }
- }
- }
-
- return (Found ? EFI_SUCCESS : EFI_NOT_FOUND);
-}
-
-/**
Variable property get.
@param[in] Name Pointer to the variable name.
@@ -1179,18 +146,8 @@ VarCheckVariablePropertyGet ( {
EFI_STATUS Status;
- if (Name == NULL || Name[0] == 0 || Guid == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (VariableProperty == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- Status = InternalVarCheckVariablePropertyGet (Name, Guid, VariableProperty);
-
+ Status = VarCheckLibVariablePropertyGet (Name, Guid, VariableProperty);
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
return Status;
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 8aee8ff6a0..31e1937c2f 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -42,20 +42,15 @@ VARIABLE_STORE_HEADER *mNvVariableCache = NULL; VARIABLE_INFO_ENTRY *gVariableInfo = NULL;
///
-/// The list to store the variables which cannot be set after the EFI_END_OF_DXE_EVENT_GROUP_GUID
-/// or EVT_GROUP_READY_TO_BOOT event.
-///
-LIST_ENTRY mLockedVariableList = INITIALIZE_LIST_HEAD_VARIABLE (mLockedVariableList);
-
-///
/// The flag to indicate whether the platform has left the DXE phase of execution.
///
BOOLEAN mEndOfDxe = FALSE;
///
-/// The flag to indicate whether the variable storage locking is enabled.
+/// It indicates the var check request source.
+/// In the implementation, DXE is regarded as untrusted, and SMM is trusted.
///
-BOOLEAN mEnableLocking = TRUE;
+VAR_CHECK_REQUEST_SOURCE mRequestSource = VarCheckFromUntrusted;
//
// It will record the current boot error flag before EndOfDxe.
@@ -76,7 +71,7 @@ VARIABLE_ENTRY_PROPERTY mVariableEntryProperty[] = { },
};
-AUTH_VAR_LIB_CONTEXT_IN mContextIn = {
+AUTH_VAR_LIB_CONTEXT_IN mAuthContextIn = {
AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION,
//
// StructSize, TO BE FILLED
@@ -94,7 +89,7 @@ AUTH_VAR_LIB_CONTEXT_IN mContextIn = { VariableExLibAtRuntime,
};
-AUTH_VAR_LIB_CONTEXT_OUT mContextOut;
+AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut;
/**
@@ -878,7 +873,7 @@ IsUserVariable ( // then no need to check if the variable is user variable or not specially.
//
if (mEndOfDxe && (mVariableModuleGlobal->CommonMaxUserVariableSpace != mVariableModuleGlobal->CommonVariableSpace)) {
- if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) {
+ if (VarCheckLibVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) {
return TRUE;
}
}
@@ -910,7 +905,7 @@ CalculateCommonUserVariableTotalSize ( NextVariable = GetNextVariablePtr (Variable);
VariableSize = (UINTN) NextVariable - (UINTN) Variable;
if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
- if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) {
+ if (VarCheckLibVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) {
//
// No property, it is user variable.
//
@@ -932,12 +927,9 @@ InitializeVariableQuota ( VOID
)
{
- STATIC BOOLEAN Initialized;
-
- if (!mEndOfDxe || Initialized) {
+ if (!mEndOfDxe) {
return;
}
- Initialized = TRUE;
InitializeVarErrorFlag ();
CalculateCommonUserVariableTotalSize ();
@@ -2770,131 +2762,6 @@ Done: }
/**
- Check if a Unicode character is a hexadecimal character.
-
- This function checks if a Unicode character is a
- hexadecimal character. The valid hexadecimal character is
- L'0' to L'9', L'a' to L'f', or L'A' to L'F'.
-
-
- @param Char The character to check against.
-
- @retval TRUE If the Char is a hexadecmial character.
- @retval FALSE If the Char is not a hexadecmial character.
-
-**/
-BOOLEAN
-EFIAPI
-IsHexaDecimalDigitCharacter (
- IN CHAR16 Char
- )
-{
- return (BOOLEAN) ((Char >= L'0' && Char <= L'9') || (Char >= L'A' && Char <= L'F') || (Char >= L'a' && Char <= L'f'));
-}
-
-/**
-
- This code checks if variable is hardware error record variable or not.
-
- According to UEFI spec, hardware error record variable should use the EFI_HARDWARE_ERROR_VARIABLE VendorGuid
- and have the L"HwErrRec####" name convention, #### is a printed hex value and no 0x or h is included in the hex value.
-
- @param VariableName Pointer to variable name.
- @param VendorGuid Variable Vendor Guid.
-
- @retval TRUE Variable is hardware error record variable.
- @retval FALSE Variable is not hardware error record variable.
-
-**/
-BOOLEAN
-EFIAPI
-IsHwErrRecVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- if (!CompareGuid (VendorGuid, &gEfiHardwareErrorVariableGuid) ||
- (StrLen (VariableName) != StrLen (L"HwErrRec####")) ||
- (StrnCmp(VariableName, L"HwErrRec", StrLen (L"HwErrRec")) != 0) ||
- !IsHexaDecimalDigitCharacter (VariableName[0x8]) ||
- !IsHexaDecimalDigitCharacter (VariableName[0x9]) ||
- !IsHexaDecimalDigitCharacter (VariableName[0xA]) ||
- !IsHexaDecimalDigitCharacter (VariableName[0xB])) {
- return FALSE;
- }
-
- return TRUE;
-}
-
-/**
- Mark a variable that will become read-only after leaving the DXE phase of execution.
-
-
- @param[in] This The VARIABLE_LOCK_PROTOCOL instance.
- @param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
- @param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
-
- @retval EFI_SUCCESS The variable specified by the VariableName and the VendorGuid was marked
- as pending to be read-only.
- @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL.
- Or VariableName is an empty string.
- @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
- already been signaled.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the lock request.
-**/
-EFI_STATUS
-EFIAPI
-VariableLockRequestToLock (
- IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- VARIABLE_ENTRY *Entry;
- CHAR16 *Name;
- LIST_ENTRY *Link;
- VARIABLE_ENTRY *LockedEntry;
-
- if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (mEndOfDxe) {
- return EFI_ACCESS_DENIED;
- }
-
- Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (VariableName));
- if (Entry == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- DEBUG ((EFI_D_INFO, "[Variable] Lock: %g:%s\n", VendorGuid, VariableName));
-
- AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- for ( Link = GetFirstNode (&mLockedVariableList)
- ; !IsNull (&mLockedVariableList, Link)
- ; Link = GetNextNode (&mLockedVariableList, Link)
- ) {
- LockedEntry = BASE_CR (Link, VARIABLE_ENTRY, Link);
- Name = (CHAR16 *) ((UINTN) LockedEntry + sizeof (*LockedEntry));
- if (CompareGuid (&LockedEntry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
- goto Done;
- }
- }
-
- Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- StrCpyS (Name, StrSize (VariableName)/sizeof(CHAR16), VariableName);
- CopyGuid (&Entry->Guid, VendorGuid);
- InsertTailList (&mLockedVariableList, &Entry->Link);
-
-Done:
- ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
- return EFI_SUCCESS;
-}
-
-/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
@@ -3211,9 +3078,6 @@ VariableServiceSetVariable ( VARIABLE_HEADER *NextVariable;
EFI_PHYSICAL_ADDRESS Point;
UINTN PayloadSize;
- LIST_ENTRY *Link;
- VARIABLE_ENTRY *Entry;
- CHAR16 *Name;
//
// Check input parameters.
@@ -3301,9 +3165,6 @@ VariableServiceSetVariable ( if (StrSize (VariableName) + PayloadSize > PcdGet32 (PcdMaxHardwareErrorVariableSize) - GetVariableHeaderSize ()) {
return EFI_INVALID_PARAMETER;
}
- if (!IsHwErrRecVariable(VariableName, VendorGuid)) {
- return EFI_INVALID_PARAMETER;
- }
} else {
//
// The size of the VariableName, including the Unicode Null in bytes plus
@@ -3320,7 +3181,7 @@ VariableServiceSetVariable ( }
}
- Status = InternalVarCheckSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
+ Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -3342,24 +3203,6 @@ VariableServiceSetVariable ( mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) NextVariable - (UINTN) Point;
}
- if (mEndOfDxe && mEnableLocking) {
- //
- // Treat the variables listed in the forbidden variable list as read-only after leaving DXE phase.
- //
- for ( Link = GetFirstNode (&mLockedVariableList)
- ; !IsNull (&mLockedVariableList, Link)
- ; Link = GetNextNode (&mLockedVariableList, Link)
- ) {
- Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
- Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
- Status = EFI_WRITE_PROTECTED;
- DEBUG ((EFI_D_INFO, "[Variable]: Changing readonly variable after leaving DXE phase - %g:%s\n", VendorGuid, VariableName));
- goto Done;
- }
- }
- }
-
//
// Check whether the input variable is already existed.
//
@@ -4064,21 +3907,21 @@ VariableWriteServiceInitialize ( FlushHobVariableToFlash (NULL, NULL);
Status = EFI_SUCCESS;
- ZeroMem (&mContextOut, sizeof (mContextOut));
+ ZeroMem (&mAuthContextOut, sizeof (mAuthContextOut));
if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
//
// Authenticated variable initialize.
//
- mContextIn.StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_IN);
- mContextIn.MaxAuthVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ();
- Status = AuthVariableLibInitialize (&mContextIn, &mContextOut);
+ mAuthContextIn.StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_IN);
+ mAuthContextIn.MaxAuthVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ();
+ Status = AuthVariableLibInitialize (&mAuthContextIn, &mAuthContextOut);
if (!EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "Variable driver will work with auth variable support!\n"));
mVariableModuleGlobal->VariableGlobal.AuthSupport = TRUE;
- if (mContextOut.AuthVarEntry != NULL) {
- for (Index = 0; Index < mContextOut.AuthVarEntryCount; Index++) {
- VariableEntry = &mContextOut.AuthVarEntry[Index];
- Status = InternalVarCheckVariablePropertySet (
+ if (mAuthContextOut.AuthVarEntry != NULL) {
+ for (Index = 0; Index < mAuthContextOut.AuthVarEntryCount; Index++) {
+ VariableEntry = &mAuthContextOut.AuthVarEntry[Index];
+ Status = VarCheckLibVariablePropertySet (
VariableEntry->Name,
VariableEntry->Guid,
&VariableEntry->VariableProperty
@@ -4097,7 +3940,7 @@ VariableWriteServiceInitialize ( if (!EFI_ERROR (Status)) {
for (Index = 0; Index < sizeof (mVariableEntryProperty) / sizeof (mVariableEntryProperty[0]); Index++) {
VariableEntry = &mVariableEntryProperty[Index];
- Status = InternalVarCheckVariablePropertySet (VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty);
+ Status = VarCheckLibVariablePropertySet (VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty);
ASSERT_EFI_ERROR (Status);
}
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h index 9928837fd8..5c224b9737 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h @@ -36,13 +36,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Library/SynchronizationLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/AuthVariableLib.h>
+#include <Library/VarCheckLib.h>
#include <Guid/GlobalVariable.h>
#include <Guid/EventGroup.h>
#include <Guid/VariableFormat.h>
-#include <Guid/ImageAuthentication.h>
#include <Guid/SystemNvDataGuid.h>
#include <Guid/FaultTolerantWrite.h>
-#include <Guid/HardwareErrorVariable.h>
#include <Guid/VarErrorFlag.h>
#define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \
@@ -109,12 +108,6 @@ typedef struct { EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbInstance;
} VARIABLE_MODULE_GLOBAL;
-typedef struct {
- LIST_ENTRY Link;
- EFI_GUID Guid;
- //CHAR16 *Name;
-} VARIABLE_ENTRY;
-
/**
Flush the HOB variable to flash.
@@ -703,53 +696,6 @@ VariableLockRequestToLock ( );
/**
- Check if a Unicode character is a hexadecimal character.
-
- This function checks if a Unicode character is a
- hexadecimal character. The valid hexadecimal character is
- L'0' to L'9', L'a' to L'f', or L'A' to L'F'.
-
-
- @param Char The character to check against.
-
- @retval TRUE If the Char is a hexadecmial character.
- @retval FALSE If the Char is not a hexadecmial character.
-
-**/
-BOOLEAN
-EFIAPI
-IsHexaDecimalDigitCharacter (
- IN CHAR16 Char
- );
-
-/**
- Internal SetVariable check.
-
- @param[in] VariableName Name of Variable to set.
- @param[in] VendorGuid Variable vendor GUID.
- @param[in] Attributes Attribute value of the variable.
- @param[in] DataSize Size of Data to set.
- @param[in] Data Data pointer.
-
- @retval EFI_SUCCESS The SetVariable check result was success.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID were supplied,
- or the DataSize exceeds the minimum or maximum allowed,
- or the Data value is not following UEFI spec for UEFI defined variables.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval Others The return status from check handler.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckSetVariableCheck (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- );
-
-/**
Register SetVariable check handler.
@param[in] Handler Pointer to check handler.
@@ -770,45 +716,6 @@ VarCheckRegisterSetVariableCheckHandler ( );
/**
- Internal variable property get.
-
- @param[in] Name Pointer to the variable name.
- @param[in] Guid Pointer to the vendor GUID.
- @param[out] VariableProperty Pointer to the output variable property.
-
- @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
- @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckVariablePropertyGet (
- IN CHAR16 *Name,
- IN EFI_GUID *Guid,
- OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
- );
-
-/**
- Internal variable property set.
-
- @param[in] Name Pointer to the variable name.
- @param[in] Guid Pointer to the vendor GUID.
- @param[in] VariableProperty Pointer to the input variable property.
-
- @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
- @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalVarCheckVariablePropertySet (
- IN CHAR16 *Name,
- IN EFI_GUID *Guid,
- IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
- );
-
-
-/**
Variable property set.
@param[in] Name Pointer to the variable name.
@@ -862,7 +769,7 @@ InitializeVariableQuota ( extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal;
-extern AUTH_VAR_LIB_CONTEXT_OUT mContextOut;
+extern AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut;
/**
Finds variable in storage blocks of volatile and non-volatile storage areas.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c index 314ffddef1..caf51dfba6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c @@ -21,11 +21,9 @@ extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
EFI_EVENT mFtwRegistration = NULL;
-extern LIST_ENTRY mLockedVariableList;
-extern LIST_ENTRY mVarCheckVariableList;
-extern UINT32 mNumberOfHandler;
-extern VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable;
extern BOOLEAN mEndOfDxe;
+VOID ***mVarCheckAddressPointer = NULL;
+UINTN mVarCheckAddressPointerCount = 0;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
@@ -227,7 +225,6 @@ VariableClassAddressChangeEvent ( IN VOID *Context
)
{
- EFI_STATUS Status;
UINTN Index;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetBlockSize);
@@ -246,20 +243,16 @@ VariableClassAddressChangeEvent ( EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
- EfiConvertPointer (0x0, (VOID **) &mHandlerTable);
- for (Index = 0; Index < mNumberOfHandler; Index++) {
- EfiConvertPointer (0x0, (VOID **) &mHandlerTable[Index]);
- }
-
- Status = EfiConvertList (0x0, &mLockedVariableList);
- ASSERT_EFI_ERROR (Status);
- Status = EfiConvertList (0x0, &mVarCheckVariableList);
- ASSERT_EFI_ERROR (Status);
+ if (mAuthContextOut.AddressPointer != NULL) {
+ for (Index = 0; Index < mAuthContextOut.AddressPointerCount; Index++) {
+ EfiConvertPointer (0x0, (VOID **) mAuthContextOut.AddressPointer[Index]);
+ }
+ }
- if (mContextOut.AddressPointer != NULL) {
- for (Index = 0; Index < mContextOut.AddressPointerCount; Index++) {
- EfiConvertPointer (0x0, (VOID **) mContextOut.AddressPointer[Index]);
+ if (mVarCheckAddressPointer != NULL) {
+ for (Index = 0; Index < mVarCheckAddressPointerCount; Index++) {
+ EfiConvertPointer (0x0, (VOID **) mVarCheckAddressPointer[Index]);
}
}
}
@@ -283,14 +276,17 @@ OnReadyToBoot ( VOID *Context
)
{
- //
- // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.
- //
- mEndOfDxe = TRUE;
- //
- // The initialization for variable quota.
- //
- InitializeVariableQuota ();
+ if (!mEndOfDxe) {
+ //
+ // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID event is not signaled.
+ //
+ mEndOfDxe = TRUE;
+ mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);
+ //
+ // The initialization for variable quota.
+ //
+ InitializeVariableQuota ();
+ }
ReclaimForOS ();
if (FeaturePcdGet (PcdVariableCollectStatistics)) {
if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
@@ -319,7 +315,9 @@ OnEndOfDxe ( VOID *Context
)
{
+ DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
mEndOfDxe = TRUE;
+ mVarCheckAddressPointer = VarCheckLibInitializeAtEndOfDxe (&mVarCheckAddressPointerCount);
//
// The initialization for variable quota.
//
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 6a523b8d76..74b35ece09 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -62,9 +62,9 @@ UefiDriverEntryPoint
PcdLib
HobLib
- DevicePathLib
TpmMeasurementLib
AuthVariableLib
+ VarCheckLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -93,23 +93,10 @@ ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang"
## SOMETIMES_CONSUMES ## Variable:L"Lang"
## SOMETIMES_PRODUCES ## Variable:L"Lang"
- ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport"
- ## SOMETIMES_CONSUMES ## Variable:L"SetupMode"
- ## SOMETIMES_CONSUMES ## Variable:L"PK"
- ## SOMETIMES_CONSUMES ## Variable:L"KEK"
- ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
- ## SOMETIMES_CONSUMES ## Variable:L"SignatureSupport"
- ## SOMETIMES_CONSUMES ## Variable:L"VendorKeys"
gEfiGlobalVariableGuid
- ## SOMETIMES_CONSUMES ## Variable:L"DB"
- ## SOMETIMES_CONSUMES ## Variable:L"DBX"
- ## SOMETIMES_CONSUMES ## Variable:L"DBT"
- gEfiImageSecurityDatabaseGuid
-
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
- gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####"
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB
gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 95b532b1fb..fb16af31b1 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -45,7 +45,7 @@ BOOLEAN mAtRuntime = F UINT8 *mVariableBufferPayload = NULL;
UINTN mVariableBufferPayloadSize;
extern BOOLEAN mEndOfDxe;
-extern BOOLEAN mEnableLocking;
+extern VAR_CHECK_REQUEST_SOURCE mRequestSource;
/**
SecureBoot Hook for SetVariable.
@@ -97,7 +97,7 @@ SmmVariableSetVariable ( //
// Disable write protection when the calling SetVariable() through EFI_SMM_VARIABLE_PROTOCOL.
//
- mEnableLocking = FALSE;
+ mRequestSource = VarCheckFromTrusted;
Status = VariableServiceSetVariable (
VariableName,
VendorGuid,
@@ -105,7 +105,7 @@ SmmVariableSetVariable ( DataSize,
Data
);
- mEnableLocking = TRUE;
+ mRequestSource = VarCheckFromUntrusted;
return Status;
}
@@ -666,15 +666,18 @@ SmmVariableHandler ( break;
case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
- mEndOfDxe = TRUE;
- //
- // The initialization for variable quota.
- //
- InitializeVariableQuota ();
if (AtRuntime()) {
Status = EFI_UNSUPPORTED;
break;
}
+ if (!mEndOfDxe) {
+ mEndOfDxe = TRUE;
+ VarCheckLibInitializeAtEndOfDxe (NULL);
+ //
+ // The initialization for variable quota.
+ //
+ InitializeVariableQuota ();
+ }
ReclaimForOS ();
Status = EFI_SUCCESS;
break;
@@ -800,8 +803,9 @@ SmmEndOfDxeCallback ( IN EFI_HANDLE Handle
)
{
- DEBUG ((EFI_D_INFO, "[Variable]END_OF_DXE is signaled\n"));
+ DEBUG ((EFI_D_INFO, "[Variable]SMM_END_OF_DXE is signaled\n"));
mEndOfDxe = TRUE;
+ VarCheckLibInitializeAtEndOfDxe (NULL);
//
// The initialization for variable quota.
//
@@ -809,6 +813,7 @@ SmmEndOfDxeCallback ( if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {
ReclaimForOS ();
}
+
return EFI_SUCCESS;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 861d7474f6..efcd3179d7 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -69,9 +69,9 @@ DxeServicesTableLib
HobLib
PcdLib
- DevicePathLib
SmmMemLib
AuthVariableLib
+ VarCheckLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -101,23 +101,10 @@ ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang"
## SOMETIMES_CONSUMES ## Variable:L"Lang"
## SOMETIMES_PRODUCES ## Variable:L"Lang"
- ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport"
- ## SOMETIMES_CONSUMES ## Variable:L"SetupMode"
- ## SOMETIMES_CONSUMES ## Variable:L"PK"
- ## SOMETIMES_CONSUMES ## Variable:L"KEK"
- ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
- ## SOMETIMES_CONSUMES ## Variable:L"SignatureSupport"
- ## SOMETIMES_CONSUMES ## Variable:L"VendorKeys"
gEfiGlobalVariableGuid
- ## SOMETIMES_CONSUMES ## Variable:L"DB"
- ## SOMETIMES_CONSUMES ## Variable:L"DBX"
- ## SOMETIMES_CONSUMES ## Variable:L"DBT"
- gEfiImageSecurityDatabaseGuid
-
gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
- gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####"
gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB
gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID
gZeroGuid ## SOMETIMES_CONSUMES ## GUID
|