SecurityPkg OpalPasswordSmm: Consume SmmIoLib.

Update code to consume SmmIoLib to check Mmio validation.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
(cherry picked from commit 50e6bb98ee64af225e152660db2fa5d8711f359a)

4 files changed, 3 insertions, 83 deletions

diff --git a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
index 33f77bd8a2..e38acfd052 100644
--- a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
+++ b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
@@ -1023,34 +1023,6 @@ GetAhciBarSize (
 }

 

 /**

-  This function check if the memory region is in GCD MMIO region.

-

-  @param Addr  The memory region start address to be checked.

-  @param Size  The memory region length to be checked.

-

-  @retval TRUE  This memory region is in GCD MMIO region.

-  @retval FALSE This memory region is not in GCD MMIO region.

-**/

-BOOLEAN

-EFIAPI

-OpalIsValidMmioSpace (

-  IN  EFI_PHYSICAL_ADDRESS       Addr,

-  IN  UINTN                      Size

-  )

-{

-  UINTN                           Index;

-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;

-

-  for (Index = 0; Index < mNumberOfDescriptors; Index ++) {

-    Desc = &mGcdMemSpace[Index];

-    if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) {

-      return TRUE;

-    }

-  }

-

-  return FALSE;

-}

-/**

   Get AHCI mode base address registers' Value.

 

   @param[in] Bus         The bus number of ata host controller.

@@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
   //

   // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM.

   //

-  if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {

+  if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {

     return EFI_UNSUPPORTED;

   }

 

diff --git a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
index 2f2a1d9c13..0ea92b15c0 100644
--- a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
+++ b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
@@ -61,9 +61,6 @@ VOID                 *mBuffer = NULL; // DMA can not read/write Data to smram, s
 // NVME

 NVME_CONTEXT         mNvmeContext;

 

-EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace        = NULL;

-UINTN                             mNumberOfDescriptors = 0;

-

 /**

   Add new bridge node or nvme device info to the device list.

 

@@ -648,44 +645,6 @@ S3SleepEntryCallBack (
 }

 

 /**

-  OpalPassword Notification for SMM EndOfDxe protocol.

-

-  @param[in] Protocol   Points to the protocol's unique identifier.

-  @param[in] Interface  Points to the interface instance.

-  @param[in] Handle     The handle on which the interface was installed.

-

-  @retval EFI_SUCCESS   Notification runs successfully.

-**/

-EFI_STATUS

-EFIAPI

-OpalPasswordEndOfDxeNotification (

-  IN CONST EFI_GUID  *Protocol,

-  IN VOID            *Interface,

-  IN EFI_HANDLE      Handle

-  )

-{

-  UINTN                            NumberOfDescriptors;

-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *MemSpaceMap;

-  EFI_STATUS                       Status;

-

-  Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);

-  if (EFI_ERROR (Status)) {

-    return Status;

-  }

-

-  mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);

-  if (EFI_ERROR (Status)) {

-    gBS->FreePool (MemSpaceMap);

-    return Status;

-  }

-

-  mNumberOfDescriptors = NumberOfDescriptors;

-  gBS->FreePool (MemSpaceMap);

-

-  return EFI_SUCCESS;

-}

-

-/**

   Main entry for this driver.

 

   @param ImageHandle     Image handle this driver.

@@ -711,7 +670,6 @@ OpalPasswordSmmInit (
   EFI_SMM_VARIABLE_PROTOCOL             *SmmVariable;

   OPAL_EXTRA_INFO_VAR                   OpalExtraInfo;

   UINTN                                 DataSize;

-  EFI_EVENT                             EndOfDxeEvent;

   EFI_PHYSICAL_ADDRESS                  Address;

 

   mBuffer            = NULL;

@@ -820,15 +778,6 @@ OpalPasswordSmmInit (
   //

   mSwSmiValue = (UINT8) Context.SwSmiInputValue;

 

-  //

-  // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar

-  // is in MMIO space to avoid attack.

-  //

-  Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent);

-  if (EFI_ERROR (Status)) {

-    DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status));

-    goto EXIT;

-  }

   Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);

   if (!EFI_ERROR (Status)) {

     DataSize = sizeof (OPAL_EXTRA_INFO_VAR);

diff --git a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
index ab31a6bfe7..ce88786fab 100644
--- a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
+++ b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
@@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/S3BootScriptLib.h>

 #include <Library/DevicePathLib.h>

 #include <Library/DxeServicesTableLib.h>

+#include <Library/SmmIoLib.h>

 

 #include <IndustryStandard/Pci22.h>

 

@@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 

 extern VOID                              *mBuffer;

 

-extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace;

-extern UINTN                             mNumberOfDescriptors;

 #pragma pack(1)

 

 typedef struct {

diff --git a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
index cab0fd5656..c62fa13271 100644
--- a/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
+++ b/Core/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
@@ -58,6 +58,7 @@
   DxeServicesTableLib

   DevicePathLib

   OpalPasswordSupportLib

+  SmmIoLib

 

 [Guids]

   gOpalExtraInfoVariableGuid                    ## CONSUMES ## GUID

@@ -69,7 +70,6 @@
   gEfiSmmSxDispatch2ProtocolGuid                ## CONSUMES

   gEfiSmmVariableProtocolGuid                   ## CONSUMES

   gEfiStorageSecurityCommandProtocolGuid        ## CONSUMES

-  gEfiSmmEndOfDxeProtocolGuid                   ## CONSUMES

 

 [Depex]

   gEfiSmmSwDispatch2ProtocolGuid AND