Update code to consume SmmIoLib to check Mmio validation.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
---
.../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +------------
.../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51 ----------------------
.../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +-
.../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +-
4 files changed, 3 insertions(+), 83 deletions(-)
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
index 33f77bd..e38acfd 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
@@ -1023,34 +1023,6 @@ GetAhciBarSize (
}
/**
- This function check if the memory region is in GCD MMIO region.
-
- @param Addr The memory region start address to be checked.
- @param Size The memory region length to be checked.
-
- @retval TRUE This memory region is in GCD MMIO region.
- @retval FALSE This memory region is not in GCD MMIO region.
-**/
-BOOLEAN
-EFIAPI
-OpalIsValidMmioSpace (
- IN EFI_PHYSICAL_ADDRESS Addr,
- IN UINTN Size
- )
-{
- UINTN Index;
- EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
-
- for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
- Desc = &mGcdMemSpace[Index];
- if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) {
- return TRUE;
- }
- }
-
- return FALSE;
-}
-/**
Get AHCI mode base address registers' Value.
@param[in] Bus The bus number of ata host controller.
@@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
//
// Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM.
//
- if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
+ if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
return EFI_UNSUPPORTED;
}
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
index 2f2a1d9..0ea92b1 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
@@ -61,9 +61,6 @@ VOID *mBuffer = NULL; // DMA can not read/write Data to smram, s
// NVME
NVME_CONTEXT mNvmeContext;
-EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL;
-UINTN mNumberOfDescriptors = 0;
-
/**
Add new bridge node or nvme device info to the device list.
@@ -648,44 +645,6 @@ S3SleepEntryCallBack (
}
/**
- OpalPassword Notification for SMM EndOfDxe protocol.
-
- @param[in] Protocol Points to the protocol's unique identifier.
- @param[in] Interface Points to the interface instance.
- @param[in] Handle The handle on which the interface was installed.
-
- @retval EFI_SUCCESS Notification runs successfully.
-**/
-EFI_STATUS
-EFIAPI
-OpalPasswordEndOfDxeNotification (
- IN CONST EFI_GUID *Protocol,
- IN VOID *Interface,
- IN EFI_HANDLE Handle
- )
-{
- UINTN NumberOfDescriptors;
- EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;
- EFI_STATUS Status;
-
- Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
- if (EFI_ERROR (Status)) {
- gBS->FreePool (MemSpaceMap);
- return Status;
- }
-
- mNumberOfDescriptors = NumberOfDescriptors;
- gBS->FreePool (MemSpaceMap);
-
- return EFI_SUCCESS;
-}
-
-/**
Main entry for this driver.
@param ImageHandle Image handle this driver.
@@ -711,7 +670,6 @@ OpalPasswordSmmInit (
EFI_SMM_VARIABLE_PROTOCOL *SmmVariable;
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
UINTN DataSize;
- EFI_EVENT EndOfDxeEvent;
EFI_PHYSICAL_ADDRESS Address;
mBuffer = NULL;
@@ -820,15 +778,6 @@ OpalPasswordSmmInit (
//
mSwSmiValue = (UINT8) Context.SwSmiInputValue;
- //
- // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar
- // is in MMIO space to avoid attack.
- //
- Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent);
- if (EFI_ERROR (Status)) {
- DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status));
- goto EXIT;
- }
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);
if (!EFI_ERROR (Status)) {
DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
index ab31a6b..ce88786 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
@@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/S3BootScriptLib.h>
#include <Library/DevicePathLib.h>
#include <Library/DxeServicesTableLib.h>
+#include <Library/SmmIoLib.h>
#include <IndustryStandard/Pci22.h>
@@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
extern VOID *mBuffer;
-extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace;
-extern UINTN mNumberOfDescriptors;
#pragma pack(1)
typedef struct {
diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
index cab0fd5..c62fa13 100644
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
@@ -58,6 +58,7 @@
DxeServicesTableLib
DevicePathLib
OpalPasswordSupportLib
+ SmmIoLib
[Guids]
gOpalExtraInfoVariableGuid ## CONSUMES ## GUID
@@ -69,7 +70,6 @@
gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES
gEfiSmmVariableProtocolGuid ## CONSUMES
gEfiStorageSecurityCommandProtocolGuid ## CONSUMES
- gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
[Depex]
gEfiSmmSwDispatch2ProtocolGuid AND
--
2.7.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, May 3, 2017 11:32 AM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib.
>
> Update code to consume SmmIoLib to check Mmio validation.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +------------
> .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51
> ----------------------
> .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +-
> .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +-
> 4 files changed, 3 insertions(+), 83 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> index 33f77bd..e38acfd 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> @@ -1023,34 +1023,6 @@ GetAhciBarSize (
> }
>
> /**
> - This function check if the memory region is in GCD MMIO region.
> -
> - @param Addr The memory region start address to be checked.
> - @param Size The memory region length to be checked.
> -
> - @retval TRUE This memory region is in GCD MMIO region.
> - @retval FALSE This memory region is not in GCD MMIO region.
> -**/
> -BOOLEAN
> -EFIAPI
> -OpalIsValidMmioSpace (
> - IN EFI_PHYSICAL_ADDRESS Addr,
> - IN UINTN Size
> - )
> -{
> - UINTN Index;
> - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
> -
> - for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
> - Desc = &mGcdMemSpace[Index];
> - if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) &&
> (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress +
> Desc->Length))) {
> - return TRUE;
> - }
> - }
> -
> - return FALSE;
> -}
> -/**
> Get AHCI mode base address registers' Value.
>
> @param[in] Bus The bus number of ata host controller.
> @@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
> //
> // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by
> modifying MMIO Bar to point to SMRAM.
> //
> - if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
> + if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
> return EFI_UNSUPPORTED;
> }
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> index 2f2a1d9..0ea92b1 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> @@ -61,9 +61,6 @@ VOID *mBuffer = NULL; // DMA can not
> read/write Data to smram, s
> // NVME
> NVME_CONTEXT mNvmeContext;
>
> -EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL;
> -UINTN mNumberOfDescriptors = 0;
> -
> /**
> Add new bridge node or nvme device info to the device list.
>
> @@ -648,44 +645,6 @@ S3SleepEntryCallBack (
> }
>
> /**
> - OpalPassword Notification for SMM EndOfDxe protocol.
> -
> - @param[in] Protocol Points to the protocol's unique identifier.
> - @param[in] Interface Points to the interface instance.
> - @param[in] Handle The handle on which the interface was installed.
> -
> - @retval EFI_SUCCESS Notification runs successfully.
> -**/
> -EFI_STATUS
> -EFIAPI
> -OpalPasswordEndOfDxeNotification (
> - IN CONST EFI_GUID *Protocol,
> - IN VOID *Interface,
> - IN EFI_HANDLE Handle
> - )
> -{
> - UINTN NumberOfDescriptors;
> - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;
> - EFI_STATUS Status;
> -
> - Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors,
> &MemSpaceMap);
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof
> (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
> - if (EFI_ERROR (Status)) {
> - gBS->FreePool (MemSpaceMap);
> - return Status;
> - }
> -
> - mNumberOfDescriptors = NumberOfDescriptors;
> - gBS->FreePool (MemSpaceMap);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> Main entry for this driver.
>
> @param ImageHandle Image handle this driver.
> @@ -711,7 +670,6 @@ OpalPasswordSmmInit (
> EFI_SMM_VARIABLE_PROTOCOL *SmmVariable;
> OPAL_EXTRA_INFO_VAR OpalExtraInfo;
> UINTN DataSize;
> - EFI_EVENT EndOfDxeEvent;
> EFI_PHYSICAL_ADDRESS Address;
>
> mBuffer = NULL;
> @@ -820,15 +778,6 @@ OpalPasswordSmmInit (
> //
> mSwSmiValue = (UINT8) Context.SwSmiInputValue;
>
> - //
> - // Create event to record GCD descriptors at end of dxe for judging
> AHCI/NVMe PCI Bar
> - // is in MMIO space to avoid attack.
> - //
> - Status = gSmst->SmmRegisterProtocolNotify
> (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification,
> &EndOfDxeEvent);
> - if (EFI_ERROR (Status)) {
> - DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail,
> Status: %r\n", Status));
> - goto EXIT;
> - }
> Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
> (VOID**)&SmmVariable);
> if (!EFI_ERROR (Status)) {
> DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> index ab31a6b..ce88786 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> #include <Library/S3BootScriptLib.h>
> #include <Library/DevicePathLib.h>
> #include <Library/DxeServicesTableLib.h>
> +#include <Library/SmmIoLib.h>
>
> #include <IndustryStandard/Pci22.h>
>
> @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
>
> extern VOID *mBuffer;
>
> -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace;
> -extern UINTN mNumberOfDescriptors;
> #pragma pack(1)
>
> typedef struct {
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> index cab0fd5..c62fa13 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> @@ -58,6 +58,7 @@
> DxeServicesTableLib
> DevicePathLib
> OpalPasswordSupportLib
> + SmmIoLib
>
> [Guids]
> gOpalExtraInfoVariableGuid ## CONSUMES ## GUID
> @@ -69,7 +70,6 @@
> gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES
> gEfiSmmVariableProtocolGuid ## CONSUMES
> gEfiStorageSecurityCommandProtocolGuid ## CONSUMES
> - gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
>
> [Depex]
> gEfiSmmSwDispatch2ProtocolGuid AND
> --
> 2.7.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.