diff options
| author | Laszlo Ersek <lersek@redhat.com> | 2016-04-27 18:01:02 +0200 |
|---|---|---|
| committer | Laszlo Ersek <lersek@redhat.com> | 2016-04-28 19:35:29 +0200 |
| commit | 84d2070aef8440819168f7f5736319d375a03447 (patch) | |
| tree | a38fe541fbcb69531b5ce67998e211603adc95e5 /ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/QueryTable.c | |
| parent | 70017e446125a454b6dc8f8fe6e4cfe5ff35b38e (diff) | |
| download | edk2-platforms-84d2070aef8440819168f7f5736319d375a03447.tar.xz | |
OvmfPkg: PlatformBdsLib: lock down SMM regardless of S3
At the moment, the EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is only installed if
S3 is enabled -- at the end of SaveS3BootScript().
While a runtime OS is never booted with SMM unlocked (because the SMM IPL
locks down SMM as a last resort:
> SMM IPL! DXE SMM Ready To Lock Protocol not installed before Ready To
> Boot signal
> SmmInstallProtocolInterface: [EfiSmmReadyToLockProtocol] 0
> Patch page table start ...
> Patch page table done!
> SMM IPL locked SMRAM window
), we shouldn't allow UEFI drivers and applications either to mess with
SMM just because S3 is disabled. So install
EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL in PlatformBdsInit() unconditionally.
Cc: Feng Tian <feng.tian@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
Diffstat (limited to 'ShellPkg/Library/UefiShellDebug1CommandsLib/SmbiosView/QueryTable.c')
0 files changed, 0 insertions, 0 deletions