From ba9d087b8fb91f19c9accf9541332a36889e18ed Mon Sep 17 00:00:00 2001 From: Star Zeng Date: Tue, 17 Mar 2015 06:41:40 +0000 Subject: SecurityPkg Variable: Reuse scratch data area(at the end of volatile variable store) as serialization runtime buffer to reduce SMRAM consumption for SMM variable driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Star Zeng Reviewed-by: Guo Dong git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17059 6f19259b-4bc3-4df7-8a09-765794883524 --- .../VariableAuthenticated/RuntimeDxe/AuthService.c | 31 +++++++++------------- .../VariableAuthenticated/RuntimeDxe/AuthService.h | 1 - .../VariableAuthenticated/RuntimeDxe/Variable.h | 17 ++++++++++++ .../VariableAuthenticated/RuntimeDxe/VariableDxe.c | 1 - 4 files changed, 29 insertions(+), 21 deletions(-) (limited to 'SecurityPkg/VariableAuthenticated') diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 9b8f63f089..1e9e1907c0 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -55,14 +55,6 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; // VOID *mHashCtx = NULL; -// -// The serialization of the values of the VariableName, VendorGuid and Attributes -// parameters of the SetVariable() call and the TimeStamp component of the -// EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value -// i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data) -// -UINT8 *mSerializationRuntimeBuffer = NULL; - // // Requirement for different signature type which have been defined in UEFI spec. // These data are used to peform SignatureList format check while setting PK/KEK variable. @@ -182,15 +174,6 @@ AutenticatedVariableServiceInitialize ( return EFI_OUT_OF_RESOURCES; } - // - // Prepare runtime buffer for serialized data of time-based authenticated - // Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data). - // - mSerializationRuntimeBuffer = AllocateRuntimePool (PcdGet32 (PcdMaxVariableSize) + sizeof (EFI_GUID) + sizeof (UINT32) + sizeof (EFI_TIME)); - if (mSerializationRuntimeBuffer == NULL) { - return EFI_OUT_OF_RESOURCES; - } - // // Check "AuthVarKeyDatabase" variable's existence. // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set. @@ -2267,11 +2250,21 @@ VerifyTimeBasedPayload ( PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize; // - // Construct a buffer to fill with (VariableName, VendorGuid, Attributes, TimeStamp, Data). + // Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes + // parameters of the SetVariable() call and the TimeStamp component of the + // EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value + // i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data) // NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) + sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16); - NewData = mSerializationRuntimeBuffer; + // + // Here is to reuse scratch data area(at the end of volatile variable store) + // to reduce SMRAM consumption for SMM variable driver. + // The scratch buffer is enough to hold the serialized data and safe to use, + // because it will be used at here to do verification only first + // and then used in UpdateVariable() for a time based auth variable set. + // + NewData = (UINT8 *) GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase)); Buffer = NewData; Length = StrLen (VariableName) * sizeof (CHAR16); diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h index e0804f4e34..f28c82578e 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h @@ -351,6 +351,5 @@ extern UINT8 *mPubKeyStore; extern UINT8 *mCertDbStore; extern UINT32 mPubKeyNumber; extern VOID *mHashCtx; -extern UINT8 *mSerializationRuntimeBuffer; #endif diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h index f86b202fda..fd4dab2429 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h @@ -194,6 +194,23 @@ FindVariable ( IN BOOLEAN IgnoreRtCheck ); +/** + + Gets the pointer to the end of the variable storage area. + + This function gets pointer to the end of the variable storage + area, according to the input variable store header. + + @param VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the end of the variable storage area. + +**/ +VARIABLE_HEADER * +GetEndPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + /** This code gets the pointer to the variable data. diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c index 05a90fa8fc..f5bb9963e0 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c @@ -247,7 +247,6 @@ VariableClassAddressChangeEvent ( EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase); EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal); EfiConvertPointer (0x0, (VOID **) &mHashCtx); - EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer); EfiConvertPointer (0x0, (VOID **) &mNvVariableCache); EfiConvertPointer (0x0, (VOID **) &mPubKeyStore); EfiConvertPointer (0x0, (VOID **) &mCertDbStore); -- cgit v1.2.3