From 70c7664cd3d2689f2ba9ed6bf0de0fc44501f613 Mon Sep 17 00:00:00 2001 From: "Yao, Jiewen" Date: Tue, 28 Jul 2015 07:20:58 +0000 Subject: Add Secure MOR implementation. Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to enforce MorLock Policy. Only SMM version is added because MOR is only supported in SMM variable case. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" Reviewed-by: "Chao Zhang" git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18092 6f19259b-4bc3-4df7-8a09-765794883524 --- .../MemoryOverwriteRequestControlLock.h | 43 ++++++++++++++++++++++ MdePkg/MdePkg.dec | 3 ++ 2 files changed, 46 insertions(+) create mode 100644 MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h (limited to 'MdePkg') diff --git a/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h new file mode 100644 index 0000000000..771306b882 --- /dev/null +++ b/MdePkg/Include/IndustryStandard/MemoryOverwriteRequestControlLock.h @@ -0,0 +1,43 @@ +/** @file + Support for Microsoft Secure MOR implementation, defined at + Microsoft Secure MOR implementation. + https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx + + Copyright (c) 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#ifndef __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__ +#define __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__ + +#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_GUID \ + { \ + 0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92} \ + } + +#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME L"MemoryOverwriteRequestControlLock" + +// +// VendorGuid: {BB983CCF-151D-40E1-A07B-4A17BE168292} +// Name: MemoryOverwriteRequestControlLock +// Attributes: NV+BS+RT +// Size: 0x1 byte +// +// The BIOS initializes MemoryOverwriteRequestControlLock to a value of 0x00 +// before BDS (BOOT#### processing). When the OS loader calls SetVariable by +// specifying 0x01, the access mode for both MemoryOverwriteRequestControlLock +// and MemoryOverwriteRequestControl is changed to read-only. If any other +// value is specified in the SetVariable call, it fails with the +// EFI_INVALID_PARAMETER error code. +// + +extern EFI_GUID gEfiMemoryOverwriteRequestControlLockGuid; + +#endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 598a6d07f4..7d74b69769 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -388,6 +388,9 @@ ## Include/Guid/MemoryOverwriteControl.h gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }} + + ## Include/IndustryStandard/MemoryOverwriteRequestControlLock.h + gEfiMemoryOverwriteRequestControlLockGuid = { 0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92}} ## Include/Guid/WinCertificate.h gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }} -- cgit v1.2.3