summaryrefslogtreecommitdiff
path: root/SecurityPkg/VariableAuthenticated
diff options
context:
space:
mode:
Diffstat (limited to 'SecurityPkg/VariableAuthenticated')
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c153
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h13
2 files changed, 130 insertions, 36 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index e683783fa5..5f023dfdee 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -521,6 +521,7 @@ GetEndPointer (
@param IsVolatile The variable store is volatile or not;
if it is non-volatile, need FTW.
@param UpdatingVariable Pointer to updating variable.
+ @param ReclaimAnyway If TRUE, do reclaim anyway.
@return EFI_OUT_OF_RESOURCES
@return EFI_SUCCESS
@@ -532,7 +533,8 @@ Reclaim (
IN EFI_PHYSICAL_ADDRESS VariableBase,
OUT UINTN *LastVariableOffset,
IN BOOLEAN IsVolatile,
- IN VARIABLE_HEADER *UpdatingVariable
+ IN VARIABLE_HEADER *UpdatingVariable,
+ IN BOOLEAN ReclaimAnyway
)
{
VARIABLE_HEADER *Variable;
@@ -555,7 +557,9 @@ Reclaim (
CHAR16 *UpdatingVariableNamePtr;
UINTN CommonVariableTotalSize;
UINTN HwErrVariableTotalSize;
+ BOOLEAN NeedDoReclaim;
+ NeedDoReclaim = FALSE;
VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINTN) VariableBase);
CommonVariableTotalSize = 0;
@@ -574,11 +578,18 @@ Reclaim (
) {
VariableSize = (UINTN) NextVariable - (UINTN) Variable;
MaximumBufferSize += VariableSize;
+ } else {
+ NeedDoReclaim = TRUE;
}
Variable = NextVariable;
}
+ if (!ReclaimAnyway && !NeedDoReclaim) {
+ DEBUG ((EFI_D_INFO, "Variable driver: no DELETED variable found, so no variable space could be reclaimed.\n"));
+ return EFI_SUCCESS;
+ }
+
//
// Reserve the 1 Bytes with Oxff to identify the
// end of the variable buffer.
@@ -1524,6 +1535,7 @@ UpdateVariable (
UpdateVariableInfo (VariableName, VendorGuid, Variable->Volatile, FALSE, FALSE, TRUE, FALSE);
if (!Variable->Volatile) {
CacheVariable->CurrPtr->State = State;
+ FlushHobVariableToFlash (VariableName, VendorGuid);
}
}
goto Done;
@@ -1733,7 +1745,7 @@ UpdateVariable (
// Perform garbage collection & reclaim operation.
//
Status = Reclaim (mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
- &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, Variable->CurrPtr);
+ &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, Variable->CurrPtr, FALSE);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1848,7 +1860,7 @@ UpdateVariable (
// Perform garbage collection & reclaim operation.
//
Status = Reclaim (mVariableModuleGlobal->VariableGlobal.VolatileVariableBase,
- &mVariableModuleGlobal->VolatileLastVariableOffset, TRUE, Variable->CurrPtr);
+ &mVariableModuleGlobal->VolatileLastVariableOffset, TRUE, Variable->CurrPtr, FALSE);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1905,6 +1917,9 @@ UpdateVariable (
if (!EFI_ERROR (Status)) {
UpdateVariableInfo (VariableName, VendorGuid, Volatile, FALSE, TRUE, FALSE, FALSE);
+ if (!Volatile) {
+ FlushHobVariableToFlash (VariableName, VendorGuid);
+ }
}
Done:
@@ -2613,12 +2628,102 @@ ReclaimForOS(
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
&mVariableModuleGlobal->NonVolatileLastVariableOffset,
FALSE,
- NULL
+ NULL,
+ FALSE
);
ASSERT_EFI_ERROR (Status);
}
}
+/**
+ Flush the HOB variable to flash.
+
+ @param[in] VariableName Name of variable has been updated or deleted.
+ @param[in] VendorGuid Guid of variable has been updated or deleted.
+
+**/
+VOID
+FlushHobVariableToFlash (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_STORE_HEADER *VariableStoreHeader;
+ VARIABLE_HEADER *Variable;
+ VOID *VariableData;
+ BOOLEAN ErrorFlag;
+
+ ErrorFlag = FALSE;
+
+ //
+ // Flush the HOB variable to flash.
+ //
+ if (mVariableModuleGlobal->VariableGlobal.HobVariableBase != 0) {
+ VariableStoreHeader = (VARIABLE_STORE_HEADER *) (UINTN) mVariableModuleGlobal->VariableGlobal.HobVariableBase;
+ //
+ // Set HobVariableBase to 0, it can avoid SetVariable to call back.
+ //
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = 0;
+ for ( Variable = GetStartPointer (VariableStoreHeader)
+ ; (Variable < GetEndPointer (VariableStoreHeader) && IsValidVariableHeader (Variable))
+ ; Variable = GetNextVariablePtr (Variable)
+ ) {
+ if (Variable->State != VAR_ADDED) {
+ //
+ // The HOB variable has been set to DELETED state in local.
+ //
+ continue;
+ }
+ ASSERT ((Variable->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0);
+ if (VendorGuid == NULL || VariableName == NULL ||
+ !CompareGuid (VendorGuid, &Variable->VendorGuid) ||
+ StrCmp (VariableName, GetVariableNamePtr (Variable)) != 0) {
+ VariableData = GetVariableDataPtr (Variable);
+ Status = VariableServiceSetVariable (
+ GetVariableNamePtr (Variable),
+ &Variable->VendorGuid,
+ Variable->Attributes,
+ Variable->DataSize,
+ VariableData
+ );
+ DEBUG ((EFI_D_INFO, "Variable driver flush the HOB variable to flash: %g %s %r\n", &Variable->VendorGuid, GetVariableNamePtr (Variable), Status));
+ } else {
+ //
+ // The updated or deleted variable is matched with the HOB variable.
+ // Don't break here because we will try to set other HOB variables
+ // since this variable could be set successfully.
+ //
+ Status = EFI_SUCCESS;
+ }
+ if (!EFI_ERROR (Status)) {
+ //
+ // If set variable successful, or the updated or deleted variable is matched with the HOB variable,
+ // set the HOB variable to DELETED state in local.
+ //
+ DEBUG ((EFI_D_INFO, "Variable driver set the HOB variable to DELETED state in local: %g %s\n", &Variable->VendorGuid, GetVariableNamePtr (Variable)));
+ Variable->State &= VAR_DELETED;
+ } else {
+ ErrorFlag = TRUE;
+ }
+ }
+ if (ErrorFlag) {
+ //
+ // We still have HOB variable(s) not flushed in flash.
+ //
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) VariableStoreHeader;
+ } else {
+ //
+ // All HOB variables have been flushed in flash.
+ //
+ DEBUG ((EFI_D_INFO, "Variable driver: all HOB variables have been flushed in flash.\n"));
+ if (!AtRuntime ()) {
+ FreePool ((VOID *) VariableStoreHeader);
+ }
+ }
+ }
+
+}
/**
Initializes variable write service after FVB was ready.
@@ -2637,8 +2742,6 @@ VariableWriteServiceInitialize (
UINTN Index;
UINT8 Data;
EFI_PHYSICAL_ADDRESS VariableStoreBase;
- VARIABLE_HEADER *Variable;
- VOID *VariableData;
VariableStoreBase = mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase;
VariableStoreHeader = (VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase;
@@ -2656,7 +2759,8 @@ VariableWriteServiceInitialize (
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
&mVariableModuleGlobal->NonVolatileLastVariableOffset,
FALSE,
- NULL
+ NULL,
+ TRUE
);
if (EFI_ERROR (Status)) {
return Status;
@@ -2665,34 +2769,7 @@ VariableWriteServiceInitialize (
}
}
-
- //
- // Flush the HOB variable to flash and invalidate HOB variable.
- //
- if (mVariableModuleGlobal->VariableGlobal.HobVariableBase != 0) {
- //
- // Clear the HobVariableBase to avoid SetVariable() updating the variable in HOB
- //
- VariableStoreHeader = (VARIABLE_STORE_HEADER *) (UINTN) mVariableModuleGlobal->VariableGlobal.HobVariableBase;
- mVariableModuleGlobal->VariableGlobal.HobVariableBase = 0;
-
- for ( Variable = GetStartPointer (VariableStoreHeader)
- ; (Variable < GetEndPointer (VariableStoreHeader) && IsValidVariableHeader (Variable))
- ; Variable = GetNextVariablePtr (Variable)
- ) {
- ASSERT (Variable->State == VAR_ADDED);
- ASSERT ((Variable->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0);
- VariableData = GetVariableDataPtr (Variable);
- Status = VariableServiceSetVariable (
- GetVariableNamePtr (Variable),
- &Variable->VendorGuid,
- Variable->Attributes,
- Variable->DataSize,
- VariableData
- );
- ASSERT_EFI_ERROR (Status);
- }
- }
+ FlushHobVariableToFlash (NULL, NULL);
//
// Authenticated variable initialize.
@@ -2750,8 +2827,12 @@ VariableCommonInitialize (
GuidHob = GetFirstGuidHob (&gEfiAuthenticatedVariableGuid);
if (GuidHob != NULL) {
VariableStoreHeader = GET_GUID_HOB_DATA (GuidHob);
+ VariableStoreLength = (UINT64) (GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE));
if (GetVariableStoreStatus (VariableStoreHeader) == EfiValid) {
- mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) VariableStoreHeader;
+ mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);
+ if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0) {
+ return EFI_OUT_OF_RESOURCES;
+ }
} else {
DEBUG ((EFI_D_ERROR, "HOB Variable Store header is corrupted!\n"));
}
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
index 563485f929..6a51bcce2a 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
@@ -100,6 +100,19 @@ typedef struct {
} VARIABLE_CACHE_ENTRY;
/**
+ Flush the HOB variable to flash.
+
+ @param[in] VariableName Name of variable has been updated or deleted.
+ @param[in] VendorGuid Guid of variable has been updated or deleted.
+
+**/
+VOID
+FlushHobVariableToFlash (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ );
+
+/**
Writes a buffer to variable storage space, in the working block.
This function writes a buffer to variable storage space into a firmware
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 00:47:21 +0000