1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
/** @file
PCH BIOS Write Protect Driver.
@copyright
Copyright (c) 2011 - 2012 Intel Corporation. All rights reserved
This software and associated documentation (if any) is furnished
under a license and may only be used or copied in accordance
with the terms of the license. Except as permitted by such
license, no part of this software or documentation may be
reproduced, stored in a retrieval system, or transmitted in any
form or by any means without the express written consent of
Intel Corporation.
This file contains a 'Sample Driver' and is licensed as such
under the terms of your license agreement with Intel or your
vendor. This file may be modified by the user, subject to
the additional terms of the license agreement
**/
#include "PchBiosWriteProtect.h"
///
/// Global variables
///
EFI_SMM_ICHN_DISPATCH_PROTOCOL *mIchnDispatch;
EFI_SMM_IO_TRAP_DISPATCH_PROTOCOL *mPchIoTrap;
UINTN mPciD31F0RegBase;
/**
This hardware SMI handler will be run every time the BIOS Write Enable bit is set.
@param[in] DispatchHandle Not used
@param[in] DispatchContext Not used
@retval None
**/
VOID
EFIAPI
PchBiosWpCallback (
IN EFI_HANDLE DispatchHandle,
IN EFI_SMM_ICHN_DISPATCH_CONTEXT *DispatchContext
)
{
///
/// Disable BIOSWE bit to protect BIOS
///
MmioAnd8 ((UINTN) (mPciD31F0RegBase + R_PCH_LPC_BIOS_CNTL), (UINT8) ~B_PCH_LPC_BIOS_CNTL_BIOSWE);
}
/**
Register an IchnBiosWp callback function to handle TCO BIOSWR SMI
SMM_BWP and BLE bits will be set here
@param[in] DispatchHandle Not used
@param[in] CallbackContext Information about the IO trap that occurred
@retval None
**/
VOID
EFIAPI
PchBiosLockIoTrapCallback (
IN EFI_HANDLE DispatchHandle,
IN EFI_SMM_IO_TRAP_DISPATCH_CALLBACK_CONTEXT *CallbackContext
)
{
EFI_STATUS Status;
EFI_SMM_ICHN_DISPATCH_CONTEXT IchnContext;
EFI_HANDLE IchnHandle;
///
/// Do not run the callback function if it is not Write cycle trapped or the wrtie data
/// is not PCH_BWP_SIGNATURE,
///
if ((CallbackContext->Type != WriteTrap) || (CallbackContext->WriteData != PCH_BWP_SIGNATURE)) {
return;
}
if (mIchnDispatch == NULL) {
return;
}
IchnHandle = NULL;
///
/// Set SMM_BWP bit before registering IchnBiosWp
///
MmioOr8 ((UINTN) (mPciD31F0RegBase + R_PCH_LPC_BIOS_CNTL), (UINT8) B_PCH_LPC_BIOS_CNTL_SMM_BWP);
///
/// Register an IchnBiosWp callback function to handle TCO BIOSWR SMI
///
IchnContext.Type = IchnBiosWp;
Status = mIchnDispatch->Register (
mIchnDispatch,
PchBiosWpCallback,
&IchnContext,
&IchnHandle
);
ASSERT_EFI_ERROR (Status);
}
/**
Entry point for Pch Bios Write Protect driver.
@param[in] ImageHandle Image handle of this driver.
@param[in] SystemTable Global system service table.
@retval EFI_SUCCESS Initialization complete.
**/
EFI_STATUS
EFIAPI
InstallPchBiosWriteProtect (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
DXE_PCH_PLATFORM_POLICY_PROTOCOL *PchPlatformPolicy;
EFI_HANDLE PchIoTrapHandle;
EFI_SMM_IO_TRAP_DISPATCH_REGISTER_CONTEXT PchIoTrapContext;
///
/// Locate PCH Platform Policy protocol
///
Status = gBS->LocateProtocol (&gDxePchPlatformPolicyProtocolGuid, NULL, (VOID **) &PchPlatformPolicy);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR | EFI_D_INFO, "Failed to locate PCH Policy protocol.\n"));
return Status;
}
if ((PchPlatformPolicy->LockDownConfig->BiosLock == PCH_DEVICE_ENABLE)) {
mPciD31F0RegBase = MmPciAddress (
0,
0,
PCI_DEVICE_NUMBER_PCH_LPC,
PCI_FUNCTION_NUMBER_PCH_LPC,
0
);
///
/// Get the ICHn protocol
///
mIchnDispatch = NULL;
Status = gBS->LocateProtocol (&gEfiSmmIchnDispatchProtocolGuid, NULL, (VOID **) &mIchnDispatch);
ASSERT_EFI_ERROR (Status);
///
/// Locate the PCH IO TRAP Dispatch protocol
///
PchIoTrapHandle = NULL;
Status = gBS->LocateProtocol (&gEfiSmmIoTrapDispatchProtocolGuid, NULL, (VOID **) &mPchIoTrap);
ASSERT_EFI_ERROR (Status);
///
/// Register BIOS Lock IO Trap SMI handler
///
PchIoTrapContext.Type = WriteTrap;
PchIoTrapContext.Length = 4;
PchIoTrapContext.Address = PchPlatformPolicy->LockDownConfig->PchBiosLockIoTrapAddress;
PchIoTrapContext.Context = NULL;
PchIoTrapContext.MergeDisable = FALSE;
Status = mPchIoTrap->Register (
mPchIoTrap,
PchBiosLockIoTrapCallback,
&PchIoTrapContext,
&PchIoTrapHandle
);
ASSERT_EFI_ERROR (Status);
DEBUG ((EFI_D_ERROR, "PchBiosLockIoTrapAddress = 0x%x\n", PchIoTrapContext.Address));
if ((PchPlatformPolicy->LockDownConfig->PchBiosLockIoTrapAddress == 0) &&
(PchIoTrapContext.Address == 0)) {
DEBUG ((EFI_D_ERROR | EFI_D_INFO, "Invalid PchIoTrapContext.Address!!!\n"));
ASSERT (FALSE);
} else {
if ((PchPlatformPolicy->LockDownConfig->PchBiosLockIoTrapAddress != 0) &&
(PchPlatformPolicy->LockDownConfig->PchBiosLockIoTrapAddress != PchIoTrapContext.Address)) {
DEBUG ((EFI_D_ERROR | EFI_D_INFO, "Invalid PchIoTrapContext.Address!!!\n"));
ASSERT (FALSE);
} else {
PchPlatformPolicy->LockDownConfig->PchBiosLockIoTrapAddress = PchIoTrapContext.Address;
}
}
}
return EFI_SUCCESS;
}
|
