diff options
author | Yao, Jiewen <Jiewen.Yao@intel.com> | 2015-07-28 07:20:58 +0000 |
---|---|---|
committer | jyao1 <jyao1@Edk2> | 2015-07-28 07:20:58 +0000 |
commit | 70c7664cd3d2689f2ba9ed6bf0de0fc44501f613 (patch) | |
tree | 1bcb81c930cc743881bee388aa781d8391154ae4 /MdePkg | |
parent | 5c61c5cfc82c9d4757043c2c0ffccaf561893a5c (diff) | |
download | edk2-platforms-70c7664cd3d2689f2ba9ed6bf0de0fc44501f613.tar.xz |
Add Secure MOR implementation.
Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to enforce MorLock Policy.
Only SMM version is added because MOR is only supported in SMM variable case.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com>
Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18092 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdePkg')
-rw-r--r-- | MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h | 43 | ||||
-rw-r--r-- | MdePkg/MdePkg.dec | 3 |
2 files changed, 46 insertions, 0 deletions
diff --git a/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h new file mode 100644 index 0000000000..771306b882 --- /dev/null +++ b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h @@ -0,0 +1,43 @@ +/** @file
+ Support for Microsoft Secure MOR implementation, defined at
+ Microsoft Secure MOR implementation.
+ https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
+
+ Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
+#define __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
+
+#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_GUID \
+ { \
+ 0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92} \
+ }
+
+#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME L"MemoryOverwriteRequestControlLock"
+
+//
+// VendorGuid: {BB983CCF-151D-40E1-A07B-4A17BE168292}
+// Name: MemoryOverwriteRequestControlLock
+// Attributes: NV+BS+RT
+// Size: 0x1 byte
+//
+// The BIOS initializes MemoryOverwriteRequestControlLock to a value of 0x00
+// before BDS (BOOT#### processing). When the OS loader calls SetVariable by
+// specifying 0x01, the access mode for both MemoryOverwriteRequestControlLock
+// and MemoryOverwriteRequestControl is changed to read-only. If any other
+// value is specified in the SetVariable call, it fails with the
+// EFI_INVALID_PARAMETER error code.
+//
+
+extern EFI_GUID gEfiMemoryOverwriteRequestControlLockGuid;
+
+#endif
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 598a6d07f4..7d74b69769 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -388,6 +388,9 @@ ## Include/Guid/MemoryOverwriteControl.h
gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }}
+
+ ## Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
+ gEfiMemoryOverwriteRequestControlLockGuid = { 0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92}}
## Include/Guid/WinCertificate.h
gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }}
|