Security enhancement to SMM Base thunk drivers: Framework SMM drivers can't be loaded after SMRAM is locked.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@10316 6f19259b-4bc3-4df7-8a09-765794883524
author: rsun3 <rsun3@6f19259b-4bc3-4df7-8a09-765794883524> 2010-03-26 08:41:06 +0000
committer: rsun3 <rsun3@6f19259b-4bc3-4df7-8a09-765794883524> 2010-03-26 08:41:06 +0000
commit: 8edfbe027cc9f20624e64a392a160b7c9240e087 (patch)
tree: 5f6951ee4be0b9fe986244360c8ea33bb8992ff7 /EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk
parent: 123e0cacd05b2a38d7c5c6e46dcf6bf41ccf8a5b (diff)
download: edk2-platforms-8edfbe027cc9f20624e64a392a160b7c9240e087.tar.xz
2 files changed, 46 insertions, 1 deletions
diff --git a/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.c b/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.c
index e470da0af0..4834036a6b 100644
--- a/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.c
+++ b/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.c
@@ -44,6 +44,7 @@ EFI_HANDLE                         mSmmBaseHandle = NULL;
 EFI_SMM_BASE2_PROTOCOL             *mSmmBase2 = NULL;
 EFI_SMM_COMMUNICATION_PROTOCOL     *mSmmCommunication = NULL;
 EFI_SMM_BASE_HELPER_READY_PROTOCOL *mSmmBaseHelperReady = NULL;
+BOOLEAN                            mAtRuntime = FALSE;
 
 /**
   Determine if in SMM mode.
@@ -133,7 +134,7 @@ SmmBaseRegister (
   IN      BOOLEAN                   LegacyIA32Binary
   )
 {
-  if (LegacyIA32Binary) {
+  if (mAtRuntime || LegacyIA32Binary) {
     return EFI_UNSUPPORTED;
   }
 
@@ -166,6 +167,10 @@ SmmBaseUnregister (
   IN      EFI_HANDLE                ImageHandle
   )
 {
+  if (mAtRuntime) {
+    return EFI_UNSUPPORTED;
+  }
+
   mCommunicationData.FunctionData.Function = SmmBaseFunctionUnregister;
   mCommunicationData.FunctionData.Args.UnRegister.ImageHandle = ImageHandle;
 
@@ -308,6 +313,10 @@ SmmBaseSmmAllocatePool (
   OUT     VOID                      **Buffer
   )
 {
+  if (mAtRuntime) {
+    return EFI_UNSUPPORTED;
+  }
+
   mCommunicationData.FunctionData.Function = SmmBaseFunctionAllocatePool;
   mCommunicationData.FunctionData.Args.AllocatePool.PoolType = PoolType;
   mCommunicationData.FunctionData.Args.AllocatePool.Size = Size;
@@ -336,6 +345,10 @@ SmmBaseSmmFreePool (
   IN      VOID                      *Buffer
   )
 {
+  if (mAtRuntime) {
+    return EFI_UNSUPPORTED;
+  }
+
   mCommunicationData.FunctionData.Function = SmmBaseFunctionFreePool;
   mCommunicationData.FunctionData.Args.FreePool.Buffer = Buffer;
 
@@ -409,6 +422,24 @@ EFI_SMM_BASE_PROTOCOL  mSmmBase = {
 };
 
 /**
+  Notification function on Exit Boot Services Event.
+
+  This function sets a flag indicating it is in Runtime phase.
+
+  @param  Event        Event whose notification function is being invoked
+  @param  Context      Pointer to the notification function's context
+**/
+VOID
+EFIAPI
+SmmBaseExitBootServicesEventNotify (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  mAtRuntime = TRUE;
+}
+
+/**
   Entry Point for SMM Base Protocol on SMM Base2 Protocol Thunk driver.
 
   @param[in] ImageHandle  Image handle of this driver.
@@ -450,6 +481,19 @@ SmmBaseThunkMain (
   ASSERT_EFI_ERROR (Status);
 
   //
+  // Create event notification on Exit Boot Services event.
+  //
+  Status = gBS->CreateEventEx (
+                  EVT_NOTIFY_SIGNAL,
+                  TPL_NOTIFY,
+                  SmmBaseExitBootServicesEventNotify,
+                  NULL,
+                  &gEfiEventExitBootServicesGuid,
+                  &Event
+                  );
+  ASSERT_EFI_ERROR (Status);
+
+  //
   // Create event on SetVirtualAddressMap() to convert mSmmCommunication from a physical address to a virtual address
   //
   Status = gBS->CreateEventEx (
diff --git a/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.inf b/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.inf
index 976128165c..778c90cc3a 100644
--- a/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.inf
+++ b/EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk/SmmBaseOnSmmBase2Thunk.inf
@@ -44,6 +44,7 @@
 
 [Guids]
   gEfiEventVirtualAddressChangeGuid   # GUID ALWAYS_CONSUMED
+  gEfiEventExitBootServicesGuid       # GUID ALWAYS_CONSUMED
 
 [Protocols]
   gEfiSmmBase2ProtocolGuid            # PROTOCOL ALWAYS_CONSUMED
author	rsun3 <rsun3@6f19259b-4bc3-4df7-8a09-765794883524>	2010-03-26 08:41:06 +0000
committer	rsun3 <rsun3@6f19259b-4bc3-4df7-8a09-765794883524>	2010-03-26 08:41:06 +0000
commit	8edfbe027cc9f20624e64a392a160b7c9240e087 (patch)
tree	5f6951ee4be0b9fe986244360c8ea33bb8992ff7 /EdkCompatibilityPkg/Compatibility/SmmBaseOnSmmBase2Thunk
parent	123e0cacd05b2a38d7c5c6e46dcf6bf41ccf8a5b (diff)
download	edk2-platforms-8edfbe027cc9f20624e64a392a160b7c9240e087.tar.xz