summaryrefslogtreecommitdiff
path: root/MdeModulePkg
diff options
context:
space:
mode:
authorYao, Jiewen <jiewen.yao@intel.com>2016-01-19 13:22:05 +0000
committerHao Wu <hao.a.wu@intel.com>2016-02-23 14:52:55 +0800
commitcb9eb5e1f080a4a7f90de64f8638ef5060434c58 (patch)
tree652d21bc6bd4545fb1b40ccfe5efe91031d3b893 /MdeModulePkg
parentb47b351f64311af37520e7c389e8b3bdccca8c41 (diff)
downloadedk2-platforms-cb9eb5e1f080a4a7f90de64f8638ef5060434c58.tar.xz
MdeModulePkg: Add MorLock to variable driver.
This patch adds MorLock function to Variable main function. It also updates corresponding INF file to pass build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> Reviewed-by: "Zeng, Star" <star.zeng@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19690 6f19259b-4bc3-4df7-8a09-765794883524 (cherry picked from commit 2f6aa774fe38cf1dad5376e59cb2812989ef14c7)
Diffstat (limited to 'MdeModulePkg')
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c60
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf6
-rw-r--r--MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf6
3 files changed, 69 insertions, 3 deletions
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index 31e1937c2f..43360ee6cd 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -16,7 +16,7 @@
VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
integer overflow. It should also check attribute to avoid authentication bypass.
-Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -106,6 +106,43 @@ SecureBootHook (
);
/**
+ Initialization for MOR Lock Control.
+
+ @retval EFI_SUCEESS MorLock initialization success.
+ @return Others Some error occurs.
+**/
+EFI_STATUS
+MorLockInit (
+ VOID
+ );
+
+/**
+ This service is an MOR/MorLock checker handler for the SetVariable().
+
+ @param VariableName the name of the vendor's variable, as a
+ Null-Terminated Unicode String
+ @param VendorGuid Unify identifier for vendor.
+ @param Attributes Point to memory location to return the attributes of variable. If the point
+ is NULL, the parameter would be ignored.
+ @param DataSize The size in bytes of Data-Buffer.
+ @param Data Point to the content of the variable.
+
+ @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable driver can store the variable data.
+ @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or attributes is not allowed for MOR variable.
+ @retval EFI_ACCESS_DENIED The MOR/MorLock is locked.
+ @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this function.
+ Variable driver can just return EFI_SUCCESS.
+**/
+EFI_STATUS
+SetVariableCheckHandlerMor (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
+ );
+
+/**
Routine used to track statistical information about variable usage.
The data is stored in the EFI system table so it can be accessed later.
VariableInfo.efi can dump out the table. Only Boot Services variable
@@ -3181,6 +3218,21 @@ VariableServiceSetVariable (
}
}
+ //
+ // Special Handling for MOR Lock variable.
+ //
+ Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
+ if (Status == EFI_ALREADY_STARTED) {
+ //
+ // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor().
+ // Variable driver can just return SUCCESS.
+ //
+ return EFI_SUCCESS;
+ }
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
if (EFI_ERROR (Status)) {
return Status;
@@ -3946,6 +3998,12 @@ VariableWriteServiceInitialize (
}
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ //
+ // Initialize MOR Lock variable.
+ //
+ MorLockInit ();
+
return Status;
}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 62c1568a50..5e7b5c5341 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -9,7 +9,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
-# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -42,6 +42,7 @@
VariableDxe.c
Variable.h
Measurement.c
+ TcgMorLockDxe.c
VarCheck.c
VariableExLib.c
@@ -95,6 +96,9 @@
## SOMETIMES_PRODUCES ## Variable:L"Lang"
gEfiGlobalVariableGuid
+ gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
+ gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
+
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index efcd3179d7..02f01064f3 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -18,7 +18,7 @@
# may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
-# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -52,6 +52,7 @@
VarCheck.c
Variable.h
VariableExLib.c
+ TcgMorLockSmm.c
[Packages]
MdePkg/MdePkg.dec
@@ -103,6 +104,9 @@
## SOMETIMES_PRODUCES ## Variable:L"Lang"
gEfiGlobalVariableGuid
+ gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
+ gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
+
gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB