From 1c837cd545b6b91c41f1fbebf84b54cb7ccf499e Mon Sep 17 00:00:00 2001 From: jljusten Date: Tue, 19 Jul 2011 20:47:28 +0000 Subject: MdeModulePkg: Add SMM LockBox This includes: * LockBox protocol definition * LockBoxLib library interface definition * SmmLockBox GUID * LockBoxNullLib library implementation * 2 SmmLockBoxLib library implementations * SmmLockBox SMM driver Signed-off-by: jljusten Reviewed-by: mdkinney Reviewed-by: geekboy15a Reviewed-by: jyao1 Reviewed-by: lgao4 git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12029 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Library/LockBoxNullLib/LockBoxNullLib.c | 139 ++++++ .../Library/LockBoxNullLib/LockBoxNullLib.inf | 41 ++ .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.c | 455 +++++++++++++++++ .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf | 50 ++ .../Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h | 54 ++ .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.c | 542 +++++++++++++++++++++ .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf | 46 ++ 7 files changed, 1327 insertions(+) create mode 100644 MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.c create mode 100644 MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf create mode 100644 MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c create mode 100644 MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf create mode 100644 MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h create mode 100644 MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c create mode 100644 MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf (limited to 'MdeModulePkg/Library') diff --git a/MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.c b/MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.c new file mode 100644 index 0000000000..5d7b52c06e --- /dev/null +++ b/MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.c @@ -0,0 +1,139 @@ +/** @file + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + return RETURN_SUCCESS; +} + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + return RETURN_SUCCESS; +} + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + return RETURN_SUCCESS; +} + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + return RETURN_SUCCESS; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + return RETURN_SUCCESS; +} diff --git a/MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf b/MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf new file mode 100644 index 0000000000..4665112aef --- /dev/null +++ b/MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf @@ -0,0 +1,41 @@ +## @file +# Component description file for LockBox library. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = LockBoxNullLib + FILE_GUID = 0BA38EBD-E190-4df7-8EC4-0A6E2B43772D + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION DXE_SMM_DRIVER + + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + LockBoxNullLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c new file mode 100644 index 0000000000..9659f014e9 --- /dev/null +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c @@ -0,0 +1,455 @@ +/** @file + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "SmmLockBoxLibPrivate.h" + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE)]; + UINTN CommSize; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SaveLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + return EFI_INVALID_PARAMETER; + } + + // + // Get needed resource + // + Status = gBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&SmmCommunication + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterSave); + + LockBoxParameterSave = (EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterSave->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SAVE; + LockBoxParameterSave->Header.DataLength = sizeof(*LockBoxParameterSave); + LockBoxParameterSave->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterSave->Guid, Guid, sizeof(*Guid)); + LockBoxParameterSave->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + LockBoxParameterSave->Length = (UINT64)Length; + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterSave->Header.ReturnStatus; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SaveLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttributes; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)]; + UINTN CommSize; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) { + return EFI_INVALID_PARAMETER; + } + + // + // Get needed resource + // + Status = gBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&SmmCommunication + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterSetAttributes); + + LockBoxParameterSetAttributes = (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterSetAttributes->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES; + LockBoxParameterSetAttributes->Header.DataLength = sizeof(*LockBoxParameterSetAttributes); + LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterSetAttributes->Guid, Guid, sizeof(*Guid)); + LockBoxParameterSetAttributes->Attributes = (UINT64)Attributes; + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterSetAttributes->Header.ReturnStatus; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)]; + UINTN CommSize; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib UpdateLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + return EFI_INVALID_PARAMETER; + } + + // + // Get needed resource + // + Status = gBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&SmmCommunication + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterUpdate); + + LockBoxParameterUpdate = (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterUpdate->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_UPDATE; + LockBoxParameterUpdate->Header.DataLength = sizeof(*LockBoxParameterUpdate); + LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterUpdate->Guid, Guid, sizeof(*Guid)); + LockBoxParameterUpdate->Offset = (UINT64)Offset; + LockBoxParameterUpdate->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + LockBoxParameterUpdate->Length = (UINT64)Length; + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterUpdate->Header.ReturnStatus; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib UpdateLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)]; + UINTN CommSize; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Buffer == NULL) && (Length != NULL)) || + ((Buffer != NULL) && (Length == NULL))) { + return EFI_INVALID_PARAMETER; + } + + // + // Get needed resource + // + Status = gBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&SmmCommunication + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterRestore); + + LockBoxParameterRestore = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterRestore->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE; + LockBoxParameterRestore->Header.DataLength = sizeof(*LockBoxParameterRestore); + LockBoxParameterRestore->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterRestore->Guid, Guid, sizeof(*Guid)); + LockBoxParameterRestore->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + if (Length != NULL) { + LockBoxParameterRestore->Length = (EFI_PHYSICAL_ADDRESS)*Length; + } else { + LockBoxParameterRestore->Length = 0; + } + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + if (Length != NULL) { + *Length = (UINTN)LockBoxParameterRestore->Length; + } + + Status = (EFI_STATUS)LockBoxParameterRestore->Header.ReturnStatus; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)]; + UINTN CommSize; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Enter\n")); + + // + // Get needed resource + // + Status = gBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&SmmCommunication + ); + if (EFI_ERROR (Status)) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterRestoreAllInPlace); + + LockBoxParameterRestoreAllInPlace = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterRestoreAllInPlace->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE; + LockBoxParameterRestoreAllInPlace->Header.DataLength = sizeof(*LockBoxParameterRestoreAllInPlace); + LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)-1; + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterRestoreAllInPlace->Header.ReturnStatus; + + DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf new file mode 100644 index 0000000000..b9052e7979 --- /dev/null +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf @@ -0,0 +1,50 @@ +## @file +# Component description file for LockBox library. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxDxeLib + FILE_GUID = 4A0054B4-3CA8-4e1b-9339-9B58D5FBB7D2 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxDxeLib.c + SmmLockBoxLibPrivate.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + BaseLib + BaseMemoryLib + DebugLib + +[Guids] + gEfiSmmLockBoxCommunicationGuid ## CONSUMED + +[Protocols] + gEfiSmmCommunicationProtocolGuid ## CONSUMED diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h new file mode 100644 index 0000000000..3dfd03e417 --- /dev/null +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h @@ -0,0 +1,54 @@ +/** @file + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef _SMM_LOCK_BOX_LIB_PRIVATE_H_ +#define _SMM_LOCK_BOX_LIB_PRIVATE_H_ + +#include + +#pragma pack(push, 1) + +// +// Below data structure is used for lockbox registration in SMST +// + +#define SMM_LOCK_BOX_SIGNATURE_32 SIGNATURE_64 ('L','O','C','K','B','_','3','2') +#define SMM_LOCK_BOX_SIGNATURE_64 SIGNATURE_64 ('L','O','C','K','B','_','6','4') + +typedef struct { + UINT64 Signature; + EFI_PHYSICAL_ADDRESS LockBoxDataAddress; +} SMM_LOCK_BOX_CONTEXT; + +// +// Below data structure is used for lockbox management +// + +#define SMM_LOCK_BOX_DATA_SIGNATURE SIGNATURE_64 ('L','O','C','K','B','O','X','D') + +typedef struct { + UINT64 Signature; + EFI_GUID Guid; + EFI_PHYSICAL_ADDRESS Buffer; + UINT64 Length; + UINT64 Attributes; + EFI_PHYSICAL_ADDRESS SmramBuffer; + LIST_ENTRY Link; +} SMM_LOCK_BOX_DATA; + +#pragma pack(pop) + +#endif + diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c new file mode 100644 index 0000000000..51e6930a76 --- /dev/null +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c @@ -0,0 +1,542 @@ +/** @file + +Copyright (c) 2010, Intel Corporation. All rights reserved.
+ +This program and the accompanying materials +are licensed and made available under the terms and conditions +of the BSD License which accompanies this distribution. The +full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include +#include +#include +#include +#include + +#include "SmmLockBoxLibPrivate.h" + +/** + We need handle this library carefully. Only one library instance will construct the environment. + Below 2 global variable can only be used in constructor. They should NOT be used in any other library functions. +**/ +SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext; +LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue); + +/** + This function return SmmLockBox context from SMST. + + @return SmmLockBox context from SMST. +**/ +SMM_LOCK_BOX_CONTEXT * +InternalGetSmmLockBoxContext ( + VOID + ) +{ + UINTN Index; + + // + // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone + // + for (Index = 0; Index < gSmst->NumberOfTableEntries; Index++) { + if (CompareGuid (&gSmst->SmmConfigurationTable[Index].VendorGuid, &gEfiSmmLockBoxCommunicationGuid)) { + // + // Found. That means some other library instance is already run. + // No need to install again, just return. + // + return (SMM_LOCK_BOX_CONTEXT *)gSmst->SmmConfigurationTable[Index].VendorTable; + } + } + + // + // Not found. + // + return NULL; +} + +/** + Constructor for SmmLockBox library. + This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxSmmConstructuor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Enter\n")); + + // + // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone + // + SmmLockBoxContext = InternalGetSmmLockBoxContext (); + if (SmmLockBoxContext != NULL) { + // + // Find it. That means some other library instance is already run. + // No need to install again, just return. + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - already installed\n")); + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n")); + return EFI_SUCCESS; + } + + // + // If no one install this, it means this is first instance. Install it. + // + if (sizeof(UINTN) == sizeof(UINT64)) { + mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_64; + } else { + mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_32; + } + mSmmLockBoxContext.LockBoxDataAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)&mLockBoxQueue; + + Status = gSmst->SmmInstallConfigurationTable ( + gSmst, + &gEfiSmmLockBoxCommunicationGuid, + &mSmmLockBoxContext, + sizeof(mSmmLockBoxContext) + ); + ASSERT_EFI_ERROR (Status); + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - %x\n", (UINTN)&mSmmLockBoxContext)); + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib LockBoxDataAddress - %x\n", (UINTN)&mLockBoxQueue)); + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n")); + + return Status; +} + +/** + This function return SmmLockBox queue address. + + @return SmmLockBox queue address. +**/ +LIST_ENTRY * +InternalGetLockBoxQueue ( + VOID + ) +{ + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + + SmmLockBoxContext = InternalGetSmmLockBoxContext (); + ASSERT (SmmLockBoxContext != NULL); + if (SmmLockBoxContext == NULL) { + return NULL; + } + return (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress; +} + +/** + This function find LockBox by GUID. + + @param Guid The guid to indentify the LockBox + + @return LockBoxData +**/ +SMM_LOCK_BOX_DATA * +InternalFindLockBoxByGuid ( + IN EFI_GUID *Guid + ) +{ + LIST_ENTRY *Link; + SMM_LOCK_BOX_DATA *LockBox; + LIST_ENTRY *LockBoxQueue; + + LockBoxQueue = InternalGetLockBoxQueue (); + ASSERT (LockBoxQueue != NULL); + + for (Link = LockBoxQueue->ForwardLink; + Link != LockBoxQueue; + Link = Link->ForwardLink) { + LockBox = BASE_CR ( + Link, + SMM_LOCK_BOX_DATA, + Link + ); + if (CompareGuid (&LockBox->Guid, Guid)) { + return LockBox; + } + } + return NULL; +} + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + EFI_PHYSICAL_ADDRESS SmramBuffer; + EFI_STATUS Status; + LIST_ENTRY *LockBoxQueue; + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox != NULL) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_ALREADY_STARTED)); + return EFI_ALREADY_STARTED; + } + + // + // Allocate SMRAM buffer + // + Status = gSmst->SmmAllocatePages ( + AllocateAnyPages, + EfiRuntimeServicesData, + EFI_SIZE_TO_PAGES (Length), + &SmramBuffer + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Allocate LockBox + // + Status = gSmst->SmmAllocatePool ( + EfiRuntimeServicesData, + sizeof(*LockBox), + (VOID **)&LockBox + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + gSmst->SmmFreePages (SmramBuffer, EFI_SIZE_TO_PAGES (Length)); + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Save data + // + CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)Buffer, Length); + + // + // Insert LockBox to queue + // + LockBox->Signature = SMM_LOCK_BOX_DATA_SIGNATURE; + CopyMem (&LockBox->Guid, Guid, sizeof(EFI_GUID)); + LockBox->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + LockBox->Length = (UINT64)Length; + LockBox->SmramBuffer = SmramBuffer; + + LockBoxQueue = InternalGetLockBoxQueue (); + ASSERT (LockBoxQueue != NULL); + InsertTailList (LockBoxQueue, &LockBox->Link); + + // + // Done + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox == NULL) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_NOT_FOUND)); + return EFI_NOT_FOUND; + } + + // + // Update data + // + LockBox->Attributes = Attributes; + + // + // Done + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox == NULL) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_NOT_FOUND)); + return EFI_NOT_FOUND; + } + + // + // Update data + // + if (LockBox->Length < Offset + Length) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL)); + return EFI_BUFFER_TOO_SMALL; + } + CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length); + + // + // Done + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + VOID *RestoreBuffer; + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Enter\n")); + + // + // Restore this, Buffer and Length MUST be both NULL or both non-NULL + // + if ((Guid == NULL) || + ((Buffer == NULL) && (Length != NULL)) || + ((Buffer != NULL) && (Length == NULL))) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox == NULL) { + // + // Not found + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_NOT_FOUND)); + return EFI_NOT_FOUND; + } + + // + // Set RestoreBuffer + // + if (Buffer != NULL) { + // + // restore to new buffer + // + RestoreBuffer = Buffer; + } else { + // + // restore to original buffer + // + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) { + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_WRITE_PROTECTED)); + return EFI_WRITE_PROTECTED; + } + RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer; + } + + // + // Set RestoreLength + // + if (Length != NULL) { + if (*Length < (UINTN)LockBox->Length) { + // + // Input buffer is too small to hold all data. + // + *Length = (UINTN)LockBox->Length; + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL)); + return EFI_BUFFER_TOO_SMALL; + } + *Length = (UINTN)LockBox->Length; + } + + // + // Restore data + // + CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + + // + // Done + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + LIST_ENTRY *Link; + LIST_ENTRY *LockBoxQueue; + + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n")); + + LockBoxQueue = InternalGetLockBoxQueue (); + ASSERT (LockBoxQueue != NULL); + + // + // Restore all, Buffer and Length MUST be NULL + // + for (Link = LockBoxQueue->ForwardLink; + Link != LockBoxQueue; + Link = Link->ForwardLink) { + LockBox = BASE_CR ( + Link, + SMM_LOCK_BOX_DATA, + Link + ); + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) { + // + // Restore data + // + CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + } + } + // + // Done + // + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf new file mode 100644 index 0000000000..49d0952822 --- /dev/null +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf @@ -0,0 +1,46 @@ +## @file +# Component description file for LockBox library. +# +# Copyright (c) 2010, Intel Corporation. All rights reserved.
+# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions +# of the BSD License which accompanies this distribution. The +# full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxSmmLib + FILE_GUID = E04894D6-290D-4171-A362-0ACFD939F3C8 + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib|DXE_SMM_DRIVER + CONSTRUCTOR = SmmLockBoxSmmConstructuor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxSmmLib.c + SmmLockBoxLibPrivate.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + SmmServicesTableLib + BaseLib + DebugLib + +[Guids] + gEfiSmmLockBoxCommunicationGuid ## COMSUMED -- cgit v1.2.3