SecurityPkg/SecurityPkg.dsc | 1 - .../TcgMorLock.c | 191 ------------------ .../TcgMorLock.h | 131 ------------ .../TcgMorLock.uni | 16 -- .../TcgMorLockExtra.uni | 14 -- .../TcgMorLockSmm.c | 152 -------------- .../TcgMorLockSmm.inf | 65 ------ 7 files changed, 570 deletions(-) delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
TcgMorLockSmm is only for secure MOR V1.
VariableSmm covers secure MOR V1 and V2.
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 1 -
.../TcgMorLock.c | 191 ------------------
.../TcgMorLock.h | 131 ------------
.../TcgMorLock.uni | 16 --
.../TcgMorLockExtra.uni | 14 --
.../TcgMorLockSmm.c | 152 --------------
.../TcgMorLockSmm.inf | 65 ------
7 files changed, 570 deletions(-)
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 64157e20f9..7898fe4282 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -338,7 +338,6 @@
[Components.IA32, Components.X64]
- SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
deleted file mode 100644
index aa230eeefa..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/** @file
- TCG MOR (Memory Overwrite Request) Lock Control Driver.
-
- This driver initializes MemoryOverwriteRequestControlLock variable.
- This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <PiDxe.h>
-#include <Guid/MemoryOverwriteControl.h>
-#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include "TcgMorLock.h"
-
-typedef struct {
- CHAR16 *VariableName;
- EFI_GUID *VendorGuid;
-} VARIABLE_TYPE;
-
-VARIABLE_TYPE mMorVariableType[] = {
- {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid},
- {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid},
-};
-
-/**
- Returns if this is MOR related variable.
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
-
- @retval TRUE The variable is MOR related.
- @retval FALSE The variable is NOT MOR related.
-**/
-BOOLEAN
-IsAnyMorVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
- if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
- (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- Returns if this is MOR lock variable.
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
-
- @retval TRUE The variable is MOR lock variable.
- @retval FALSE The variable is NOT MOR lock variable.
-**/
-BOOLEAN
-IsMorLockVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
- (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- This service is a checker handler for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-SetVariableCheckHandlerMor (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- UINTN MorLockDataSize;
- BOOLEAN MorLock;
- EFI_STATUS Status;
-
- //
- // do not handle non-MOR variable
- //
- if (!IsAnyMorVariable (VariableName, VendorGuid)) {
- return EFI_SUCCESS;
- }
-
- MorLockDataSize = sizeof(MorLock);
- Status = InternalGetVariable (
- MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
- &gEfiMemoryOverwriteRequestControlLockGuid,
- NULL,
- &MorLockDataSize,
- &MorLock
- );
- if (!EFI_ERROR (Status) && MorLock) {
- //
- // If lock, deny access
- //
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Delete not OK
- //
- if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // check format
- //
- if (IsMorLockVariable(VariableName, VendorGuid)) {
- //
- // set to any other value not OK
- //
- if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
- return EFI_INVALID_PARAMETER;
- }
- }
- //
- // Or grant access
- //
- return EFI_SUCCESS;
-}
-
-/**
- Entry Point for MOR Lock Control driver.
-
- @param[in] ImageHandle Image handle of this driver.
- @param[in] SystemTable A Pointer to the EFI System Table.
-
- @retval EFI_SUCCESS
- @return Others Some error occurs.
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverInit (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT8 Data;
-
- Data = 0;
- Status = InternalSetVariable (
- MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
- &gEfiMemoryOverwriteRequestControlLockGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- 1,
- &Data
- );
- return Status;
-}
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
deleted file mode 100644
index 5a6658c158..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/** @file
- TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _EFI_TCG_MOR_LOCK_H_
-#define _EFI_TCG_MOR_LOCK_H_
-
-/**
- This service is a wrapper for the UEFI Runtime Service GetVariable().
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize As input, point to the maximum size of return Data-Buffer.
- As output, point to the actual size of the returned Data-Buffer.
- @param Data Point to return Data-Buffer.
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NOT_FOUND The variable was not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
- been updated with the size needed to complete the request.
- @retval EFI_INVALID_PARAMETER VariableName is NULL.
- @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
- @retval EFI_INVALID_PARAMETER DataSize is NULL.
- @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
- @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
- @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
-**/
-EFI_STATUS
-EFIAPI
-InternalGetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT UINT32 *Attributes OPTIONAL,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- );
-
-/**
- This service is a wrapper for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalSetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- );
-
-/**
- This service is a checker handler for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-SetVariableCheckHandlerMor (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- );
-
-/**
- Entry Point for MOR Lock Control driver.
-
- @param[in] ImageHandle Image handle of this driver.
- @param[in] SystemTable A Pointer to the EFI System Table.
-
- @retval EFI_SUCCESS
- @return Others Some error occurs.
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverInit (
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
deleted file mode 100644
index 711b37d866..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
+++ /dev/null
@@ -1,16 +0,0 @@
-// /** @file
-// Initializes MemoryOverwriteRequestControlLock variable
-//
-// This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-//
-// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Initializes MemoryOverwriteRequestControlLock variable"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once."
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
deleted file mode 100644
index 2679c08c86..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
+++ /dev/null
@@ -1,14 +0,0 @@
-// /** @file
-// TcgMorLock Localized Strings and Content
-//
-// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TCG (Trusted Computing Group) MOR Lock"
-
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
deleted file mode 100644
index 8c92317313..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/** @file
- TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <PiSmm.h>
-#include <Library/SmmServicesTableLib.h>
-#include <Library/DebugLib.h>
-#include <Protocol/SmmVarCheck.h>
-#include <Protocol/SmmVariable.h>
-#include "TcgMorLock.h"
-
-EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
-
-/**
- This service is a wrapper for the UEFI Runtime Service GetVariable().
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize As input, point to the maximum size of return Data-Buffer.
- As output, point to the actual size of the returned Data-Buffer.
- @param Data Point to return Data-Buffer.
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NOT_FOUND The variable was not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
- been updated with the size needed to complete the request.
- @retval EFI_INVALID_PARAMETER VariableName is NULL.
- @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
- @retval EFI_INVALID_PARAMETER DataSize is NULL.
- @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
- @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
- @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
-**/
-EFI_STATUS
-EFIAPI
-InternalGetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT UINT32 *Attributes OPTIONAL,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- )
-{
- return mSmmVariable->SmmGetVariable (
- VariableName,
- VendorGuid,
- Attributes,
- DataSize,
- Data
- );
-}
-
-/**
- This service is a wrapper for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalSetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- return mSmmVariable->SmmSetVariable (
- VariableName,
- VendorGuid,
- Attributes,
- DataSize,
- Data
- );
-}
-
-/**
- Entry Point for MOR Lock Control driver.
-
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
- @param[in] SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS EntryPoint runs successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverEntryPointSmm (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck;
-
- //
- // This driver link to Smm Variable driver
- //
- DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
-
- Status = gSmst->SmmLocateProtocol (
- &gEfiSmmVariableProtocolGuid,
- NULL,
- (VOID **) &mSmmVariable
- );
- ASSERT_EFI_ERROR (Status);
-
- Status = gSmst->SmmLocateProtocol (
- &gEdkiiSmmVarCheckProtocolGuid,
- NULL,
- (VOID **) &SmmVarCheck
- );
- ASSERT_EFI_ERROR (Status);
-
- Status = MorLockDriverInit ();
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler (SetVariableCheckHandlerMor);
- ASSERT_EFI_ERROR (Status);
-
- return Status;
-}
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
deleted file mode 100644
index 875c1e5f3a..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+++ /dev/null
@@ -1,65 +0,0 @@
-## @file
-# Initializes MemoryOverwriteRequestControlLock variable
-#
-# This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-#
-# NOTE: This module only handles secure MOR V1 and is deprecated.
-# The secure MOR V2 is handled inside of variable driver.
-#
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TcgMorLockSmm
- MODULE_UNI_FILE = TcgMorLock.uni
- FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
- MODULE_TYPE = DXE_SMM_DRIVER
- VERSION_STRING = 1.0
- PI_SPECIFICATION_VERSION = 0x0001000A
- ENTRY_POINT = MorLockDriverEntryPointSmm
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 EBC
-#
-
-[Sources]
- TcgMorLock.h
- TcgMorLock.c
- TcgMorLockSmm.c
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- UefiDriverEntryPoint
- SmmServicesTableLib
- DebugLib
- BaseLib
- BaseMemoryLib
-
-[Guids]
- ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
- gEfiMemoryOverwriteControlDataGuid
-
- ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControlLock"
- ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
- gEfiMemoryOverwriteRequestControlLockGuid
-
-[Protocols]
- gEdkiiSmmVarCheckProtocolGuid ## CONSUMES
- gEfiSmmVariableProtocolGuid ## CONSUMES
-
-[Depex]
- gEfiSmmVariableProtocolGuid AND
- gSmmVariableWriteGuid AND
- ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TcgMorLockExtra.uni
--
2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79734): https://edk2.groups.io/g/devel/message/79734
Mute This Topic: https://groups.io/mt/85102356/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com> > -----Original Message----- > From: Zhang, Qi1 <qi1.zhang@intel.com> > Sent: Tuesday, August 24, 2021 10:28 AM > To: devel@edk2.groups.io > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; > Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1 > <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com> > Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583 > > TcgMorLockSmm is only for secure MOR V1. > VariableSmm covers secure MOR V1 and V2. > > Signed-off-by: Qi Zhang <qi1.zhang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > --- > SecurityPkg/SecurityPkg.dsc | 1 - > .../TcgMorLock.c | 191 ------------------ > .../TcgMorLock.h | 131 ------------ > .../TcgMorLock.uni | 16 -- > .../TcgMorLockExtra.uni | 14 -- > .../TcgMorLockSmm.c | 152 -------------- > .../TcgMorLockSmm.inf | 65 ------ > 7 files changed, 570 deletions(-) > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 64157e20f9..7898fe4282 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -338,7 +338,6 @@ > > > [Components.IA32, Components.X64] > > > > - SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > deleted file mode 100644 > index aa230eeefa..0000000000 > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > +++ /dev/null > @@ -1,191 +0,0 @@ > -/** @file > > - TCG MOR (Memory Overwrite Request) Lock Control Driver. > > - > > - This driver initializes MemoryOverwriteRequestControlLock variable. > > - This module will add Variable Hook and allow > MemoryOverwriteRequestControlLock variable set only once. > > - > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#include <PiDxe.h> > > -#include <Guid/MemoryOverwriteControl.h> > > -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h> > > -#include <Library/DebugLib.h> > > -#include <Library/BaseLib.h> > > -#include <Library/BaseMemoryLib.h> > > -#include "TcgMorLock.h" > > - > > -typedef struct { > > - CHAR16 *VariableName; > > - EFI_GUID *VendorGuid; > > -} VARIABLE_TYPE; > > - > > -VARIABLE_TYPE mMorVariableType[] = { > > - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > &gEfiMemoryOverwriteControlDataGuid}, > > - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > &gEfiMemoryOverwriteRequestControlLockGuid}, > > -}; > > - > > -/** > > - Returns if this is MOR related variable. > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - > > - @retval TRUE The variable is MOR related. > > - @retval FALSE The variable is NOT MOR related. > > -**/ > > -BOOLEAN > > -IsAnyMorVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid > > - ) > > -{ > > - UINTN Index; > > - > > - for (Index = 0; Index < > sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { > > - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) > && > > - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) { > > - return TRUE; > > - } > > - } > > - return FALSE; > > -} > > - > > -/** > > - Returns if this is MOR lock variable. > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - > > - @retval TRUE The variable is MOR lock variable. > > - @retval FALSE The variable is NOT MOR lock variable. > > -**/ > > -BOOLEAN > > -IsMorLockVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid > > - ) > > -{ > > - if ((StrCmp (VariableName, > MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && > > - (CompareGuid (VendorGuid, > &gEfiMemoryOverwriteRequestControlLockGuid))) { > > - return TRUE; > > - } > > - return FALSE; > > -} > > - > > -/** > > - This service is a checker handler for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -SetVariableCheckHandlerMor ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ) > > -{ > > - UINTN MorLockDataSize; > > - BOOLEAN MorLock; > > - EFI_STATUS Status; > > - > > - // > > - // do not handle non-MOR variable > > - // > > - if (!IsAnyMorVariable (VariableName, VendorGuid)) { > > - return EFI_SUCCESS; > > - } > > - > > - MorLockDataSize = sizeof(MorLock); > > - Status = InternalGetVariable ( > > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > - &gEfiMemoryOverwriteRequestControlLockGuid, > > - NULL, > > - &MorLockDataSize, > > - &MorLock > > - ); > > - if (!EFI_ERROR (Status) && MorLock) { > > - // > > - // If lock, deny access > > - // > > - return EFI_INVALID_PARAMETER; > > - } > > - > > - // > > - // Delete not OK > > - // > > - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) { > > - return EFI_INVALID_PARAMETER; > > - } > > - > > - // > > - // check format > > - // > > - if (IsMorLockVariable(VariableName, VendorGuid)) { > > - // > > - // set to any other value not OK > > - // > > - if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) { > > - return EFI_INVALID_PARAMETER; > > - } > > - } > > - // > > - // Or grant access > > - // > > - return EFI_SUCCESS; > > -} > > - > > -/** > > - Entry Point for MOR Lock Control driver. > > - > > - @param[in] ImageHandle Image handle of this driver. > > - @param[in] SystemTable A Pointer to the EFI System Table. > > - > > - @retval EFI_SUCCESS > > - @return Others Some error occurs. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -MorLockDriverInit ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - UINT8 Data; > > - > > - Data = 0; > > - Status = InternalSetVariable ( > > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > - &gEfiMemoryOverwriteRequestControlLockGuid, > > - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS > | EFI_VARIABLE_RUNTIME_ACCESS, > > - 1, > > - &Data > > - ); > > - return Status; > > -} > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > deleted file mode 100644 > index 5a6658c158..0000000000 > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > +++ /dev/null > @@ -1,131 +0,0 @@ > -/** @file > > - TCG MOR (Memory Overwrite Request) Lock Control Driver header file. > > - > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#ifndef _EFI_TCG_MOR_LOCK_H_ > > -#define _EFI_TCG_MOR_LOCK_H_ > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service GetVariable(). > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize As input, point to the maximum size of return Data-Buffer. > > - As output, point to the actual size of the returned Data-Buffer. > > - @param Data Point to return Data-Buffer. > > - > > - @retval EFI_SUCCESS The function completed successfully. > > - @retval EFI_NOT_FOUND The variable was not found. > > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. > DataSize has > > - been updated with the size needed to complete the request. > > - @retval EFI_INVALID_PARAMETER VariableName is NULL. > > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. > > - @retval EFI_INVALID_PARAMETER DataSize is NULL. > > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is > NULL. > > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a > hardware error. > > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to > an authentication failure. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalGetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - OUT UINT32 *Attributes OPTIONAL, > > - IN OUT UINTN *DataSize, > > - OUT VOID *Data > > - ); > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalSetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ); > > - > > -/** > > - This service is a checker handler for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -SetVariableCheckHandlerMor ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ); > > - > > -/** > > - Entry Point for MOR Lock Control driver. > > - > > - @param[in] ImageHandle Image handle of this driver. > > - @param[in] SystemTable A Pointer to the EFI System Table. > > - > > - @retval EFI_SUCCESS > > - @return Others Some error occurs. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -MorLockDriverInit ( > > - VOID > > - ); > > - > > -#endif > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > deleted file mode 100644 > index 711b37d866..0000000000 > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > +++ /dev/null > @@ -1,16 +0,0 @@ > -// /** @file > > -// Initializes MemoryOverwriteRequestControlLock variable > > -// > > -// This module will add Variable Hook and allow > MemoryOverwriteRequestControlLock variable set only once. > > -// > > -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > > -// > > -// SPDX-License-Identifier: BSD-2-Clause-Patent > > -// > > -// **/ > > - > > - > > -#string STR_MODULE_ABSTRACT #language en-US "Initializes > MemoryOverwriteRequestControlLock variable" > > - > > -#string STR_MODULE_DESCRIPTION #language en-US "This module will > add Variable Hook and allow MemoryOverwriteRequestControlLock variable set > only once." > > - > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > deleted file mode 100644 > index 2679c08c86..0000000000 > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > +++ /dev/null > @@ -1,14 +0,0 @@ > -// /** @file > > -// TcgMorLock Localized Strings and Content > > -// > > -// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -// > > -// SPDX-License-Identifier: BSD-2-Clause-Patent > > -// > > -// **/ > > - > > -#string STR_PROPERTIES_MODULE_NAME > > -#language en-US > > -"TCG (Trusted Computing Group) MOR Lock" > > - > > - > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > deleted file mode 100644 > index 8c92317313..0000000000 > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > +++ /dev/null > @@ -1,152 +0,0 @@ > -/** @file > > - TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper. > > - > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#include <PiSmm.h> > > -#include <Library/SmmServicesTableLib.h> > > -#include <Library/DebugLib.h> > > -#include <Protocol/SmmVarCheck.h> > > -#include <Protocol/SmmVariable.h> > > -#include "TcgMorLock.h" > > - > > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service GetVariable(). > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize As input, point to the maximum size of return Data-Buffer. > > - As output, point to the actual size of the returned Data-Buffer. > > - @param Data Point to return Data-Buffer. > > - > > - @retval EFI_SUCCESS The function completed successfully. > > - @retval EFI_NOT_FOUND The variable was not found. > > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. > DataSize has > > - been updated with the size needed to complete the request. > > - @retval EFI_INVALID_PARAMETER VariableName is NULL. > > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. > > - @retval EFI_INVALID_PARAMETER DataSize is NULL. > > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is > NULL. > > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a > hardware error. > > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to > an authentication failure. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalGetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - OUT UINT32 *Attributes OPTIONAL, > > - IN OUT UINTN *DataSize, > > - OUT VOID *Data > > - ) > > -{ > > - return mSmmVariable->SmmGetVariable ( > > - VariableName, > > - VendorGuid, > > - Attributes, > > - DataSize, > > - Data > > - ); > > -} > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalSetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ) > > -{ > > - return mSmmVariable->SmmSetVariable ( > > - VariableName, > > - VendorGuid, > > - Attributes, > > - DataSize, > > - Data > > - ); > > -} > > - > > -/** > > - Entry Point for MOR Lock Control driver. > > - > > - @param[in] ImageHandle The firmware allocated handle for the EFI image. > > - @param[in] SystemTable A pointer to the EFI System Table. > > - > > - @retval EFI_SUCCESS EntryPoint runs successfully. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -MorLockDriverEntryPointSmm ( > > - IN EFI_HANDLE ImageHandle, > > - IN EFI_SYSTEM_TABLE *SystemTable > > - ) > > -{ > > - EFI_STATUS Status; > > - EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck; > > - > > - // > > - // This driver link to Smm Variable driver > > - // > > - DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n")); > > - > > - Status = gSmst->SmmLocateProtocol ( > > - &gEfiSmmVariableProtocolGuid, > > - NULL, > > - (VOID **) &mSmmVariable > > - ); > > - ASSERT_EFI_ERROR (Status); > > - > > - Status = gSmst->SmmLocateProtocol ( > > - &gEdkiiSmmVarCheckProtocolGuid, > > - NULL, > > - (VOID **) &SmmVarCheck > > - ); > > - ASSERT_EFI_ERROR (Status); > > - > > - Status = MorLockDriverInit (); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - > > - Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler > (SetVariableCheckHandlerMor); > > - ASSERT_EFI_ERROR (Status); > > - > > - return Status; > > -} > > - > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > deleted file mode 100644 > index 875c1e5f3a..0000000000 > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > +++ /dev/null > @@ -1,65 +0,0 @@ > -## @file > > -# Initializes MemoryOverwriteRequestControlLock variable > > -# > > -# This module will add Variable Hook and allow > MemoryOverwriteRequestControlLock variable set only once. > > -# > > -# NOTE: This module only handles secure MOR V1 and is deprecated. > > -# The secure MOR V2 is handled inside of variable driver. > > -# > > -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -## > > - > > -[Defines] > > - INF_VERSION = 0x00010005 > > - BASE_NAME = TcgMorLockSmm > > - MODULE_UNI_FILE = TcgMorLock.uni > > - FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E > > - MODULE_TYPE = DXE_SMM_DRIVER > > - VERSION_STRING = 1.0 > > - PI_SPECIFICATION_VERSION = 0x0001000A > > - ENTRY_POINT = MorLockDriverEntryPointSmm > > - > > -# > > -# The following information is for reference only and not required by the build > tools. > > -# > > -# VALID_ARCHITECTURES = IA32 X64 EBC > > -# > > - > > -[Sources] > > - TcgMorLock.h > > - TcgMorLock.c > > - TcgMorLockSmm.c > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - MdeModulePkg/MdeModulePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - > > -[LibraryClasses] > > - UefiDriverEntryPoint > > - SmmServicesTableLib > > - DebugLib > > - BaseLib > > - BaseMemoryLib > > - > > -[Guids] > > - ## SOMETIMES_CONSUMES ## > Variable:L"MemoryOverwriteRequestControl" > > - gEfiMemoryOverwriteControlDataGuid > > - > > - ## SOMETIMES_CONSUMES ## > Variable:L"MemoryOverwriteRequestControlLock" > > - ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" > > - gEfiMemoryOverwriteRequestControlLockGuid > > - > > -[Protocols] > > - gEdkiiSmmVarCheckProtocolGuid ## CONSUMES > > - gEfiSmmVariableProtocolGuid ## CONSUMES > > - > > -[Depex] > > - gEfiSmmVariableProtocolGuid AND > > - gSmmVariableWriteGuid AND > > - ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid ) > > - > > -[UserExtensions.TianoCore."ExtraFiles"] > > - TcgMorLockExtra.uni > > -- > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79817): https://edk2.groups.io/g/devel/message/79817 Mute This Topic: https://groups.io/mt/85102356/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi This patch failed in CI - https://github.com/tianocore/edk2/pull/1922 Please take a look and submit patch again. > -----Original Message----- > From: Zhang, Qi1 <qi1.zhang@intel.com> > Sent: Tuesday, August 24, 2021 10:28 AM > To: devel@edk2.groups.io > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; > Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1 > <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com> > Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583 > > TcgMorLockSmm is only for secure MOR V1. > VariableSmm covers secure MOR V1 and V2. > > Signed-off-by: Qi Zhang <qi1.zhang@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > Cc: Rahul Kumar <rahul1.kumar@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > --- > SecurityPkg/SecurityPkg.dsc | 1 - > .../TcgMorLock.c | 191 ------------------ > .../TcgMorLock.h | 131 ------------ > .../TcgMorLock.uni | 16 -- > .../TcgMorLockExtra.uni | 14 -- > .../TcgMorLockSmm.c | 152 -------------- > .../TcgMorLockSmm.inf | 65 ------ > 7 files changed, 570 deletions(-) > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > delete mode 100644 > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 64157e20f9..7898fe4282 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -338,7 +338,6 @@ > > > [Components.IA32, Components.X64] > > > > - SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > deleted file mode 100644 > index aa230eeefa..0000000000 > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > +++ /dev/null > @@ -1,191 +0,0 @@ > -/** @file > > - TCG MOR (Memory Overwrite Request) Lock Control Driver. > > - > > - This driver initializes MemoryOverwriteRequestControlLock variable. > > - This module will add Variable Hook and allow > MemoryOverwriteRequestControlLock variable set only once. > > - > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#include <PiDxe.h> > > -#include <Guid/MemoryOverwriteControl.h> > > -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h> > > -#include <Library/DebugLib.h> > > -#include <Library/BaseLib.h> > > -#include <Library/BaseMemoryLib.h> > > -#include "TcgMorLock.h" > > - > > -typedef struct { > > - CHAR16 *VariableName; > > - EFI_GUID *VendorGuid; > > -} VARIABLE_TYPE; > > - > > -VARIABLE_TYPE mMorVariableType[] = { > > - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > &gEfiMemoryOverwriteControlDataGuid}, > > - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > &gEfiMemoryOverwriteRequestControlLockGuid}, > > -}; > > - > > -/** > > - Returns if this is MOR related variable. > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - > > - @retval TRUE The variable is MOR related. > > - @retval FALSE The variable is NOT MOR related. > > -**/ > > -BOOLEAN > > -IsAnyMorVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid > > - ) > > -{ > > - UINTN Index; > > - > > - for (Index = 0; Index < > sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { > > - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) > && > > - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) { > > - return TRUE; > > - } > > - } > > - return FALSE; > > -} > > - > > -/** > > - Returns if this is MOR lock variable. > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - > > - @retval TRUE The variable is MOR lock variable. > > - @retval FALSE The variable is NOT MOR lock variable. > > -**/ > > -BOOLEAN > > -IsMorLockVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid > > - ) > > -{ > > - if ((StrCmp (VariableName, > MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && > > - (CompareGuid (VendorGuid, > &gEfiMemoryOverwriteRequestControlLockGuid))) { > > - return TRUE; > > - } > > - return FALSE; > > -} > > - > > -/** > > - This service is a checker handler for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -SetVariableCheckHandlerMor ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ) > > -{ > > - UINTN MorLockDataSize; > > - BOOLEAN MorLock; > > - EFI_STATUS Status; > > - > > - // > > - // do not handle non-MOR variable > > - // > > - if (!IsAnyMorVariable (VariableName, VendorGuid)) { > > - return EFI_SUCCESS; > > - } > > - > > - MorLockDataSize = sizeof(MorLock); > > - Status = InternalGetVariable ( > > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > - &gEfiMemoryOverwriteRequestControlLockGuid, > > - NULL, > > - &MorLockDataSize, > > - &MorLock > > - ); > > - if (!EFI_ERROR (Status) && MorLock) { > > - // > > - // If lock, deny access > > - // > > - return EFI_INVALID_PARAMETER; > > - } > > - > > - // > > - // Delete not OK > > - // > > - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) { > > - return EFI_INVALID_PARAMETER; > > - } > > - > > - // > > - // check format > > - // > > - if (IsMorLockVariable(VariableName, VendorGuid)) { > > - // > > - // set to any other value not OK > > - // > > - if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) { > > - return EFI_INVALID_PARAMETER; > > - } > > - } > > - // > > - // Or grant access > > - // > > - return EFI_SUCCESS; > > -} > > - > > -/** > > - Entry Point for MOR Lock Control driver. > > - > > - @param[in] ImageHandle Image handle of this driver. > > - @param[in] SystemTable A Pointer to the EFI System Table. > > - > > - @retval EFI_SUCCESS > > - @return Others Some error occurs. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -MorLockDriverInit ( > > - VOID > > - ) > > -{ > > - EFI_STATUS Status; > > - UINT8 Data; > > - > > - Data = 0; > > - Status = InternalSetVariable ( > > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > - &gEfiMemoryOverwriteRequestControlLockGuid, > > - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS > | EFI_VARIABLE_RUNTIME_ACCESS, > > - 1, > > - &Data > > - ); > > - return Status; > > -} > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > deleted file mode 100644 > index 5a6658c158..0000000000 > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > +++ /dev/null > @@ -1,131 +0,0 @@ > -/** @file > > - TCG MOR (Memory Overwrite Request) Lock Control Driver header file. > > - > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#ifndef _EFI_TCG_MOR_LOCK_H_ > > -#define _EFI_TCG_MOR_LOCK_H_ > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service GetVariable(). > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize As input, point to the maximum size of return Data-Buffer. > > - As output, point to the actual size of the returned Data-Buffer. > > - @param Data Point to return Data-Buffer. > > - > > - @retval EFI_SUCCESS The function completed successfully. > > - @retval EFI_NOT_FOUND The variable was not found. > > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. > DataSize has > > - been updated with the size needed to complete the request. > > - @retval EFI_INVALID_PARAMETER VariableName is NULL. > > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. > > - @retval EFI_INVALID_PARAMETER DataSize is NULL. > > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is > NULL. > > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a > hardware error. > > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to > an authentication failure. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalGetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - OUT UINT32 *Attributes OPTIONAL, > > - IN OUT UINTN *DataSize, > > - OUT VOID *Data > > - ); > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalSetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ); > > - > > -/** > > - This service is a checker handler for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -SetVariableCheckHandlerMor ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ); > > - > > -/** > > - Entry Point for MOR Lock Control driver. > > - > > - @param[in] ImageHandle Image handle of this driver. > > - @param[in] SystemTable A Pointer to the EFI System Table. > > - > > - @retval EFI_SUCCESS > > - @return Others Some error occurs. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -MorLockDriverInit ( > > - VOID > > - ); > > - > > -#endif > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > deleted file mode 100644 > index 711b37d866..0000000000 > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > +++ /dev/null > @@ -1,16 +0,0 @@ > -// /** @file > > -// Initializes MemoryOverwriteRequestControlLock variable > > -// > > -// This module will add Variable Hook and allow > MemoryOverwriteRequestControlLock variable set only once. > > -// > > -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > > -// > > -// SPDX-License-Identifier: BSD-2-Clause-Patent > > -// > > -// **/ > > - > > - > > -#string STR_MODULE_ABSTRACT #language en-US "Initializes > MemoryOverwriteRequestControlLock variable" > > - > > -#string STR_MODULE_DESCRIPTION #language en-US "This module will > add Variable Hook and allow MemoryOverwriteRequestControlLock variable set > only once." > > - > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > deleted file mode 100644 > index 2679c08c86..0000000000 > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > +++ /dev/null > @@ -1,14 +0,0 @@ > -// /** @file > > -// TcgMorLock Localized Strings and Content > > -// > > -// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -// > > -// SPDX-License-Identifier: BSD-2-Clause-Patent > > -// > > -// **/ > > - > > -#string STR_PROPERTIES_MODULE_NAME > > -#language en-US > > -"TCG (Trusted Computing Group) MOR Lock" > > - > > - > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > deleted file mode 100644 > index 8c92317313..0000000000 > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > +++ /dev/null > @@ -1,152 +0,0 @@ > -/** @file > > - TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper. > > - > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > - > > -**/ > > - > > -#include <PiSmm.h> > > -#include <Library/SmmServicesTableLib.h> > > -#include <Library/DebugLib.h> > > -#include <Protocol/SmmVarCheck.h> > > -#include <Protocol/SmmVariable.h> > > -#include "TcgMorLock.h" > > - > > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service GetVariable(). > > - > > - @param VariableName the name of the vendor's variable, it's a Null- > Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize As input, point to the maximum size of return Data-Buffer. > > - As output, point to the actual size of the returned Data-Buffer. > > - @param Data Point to return Data-Buffer. > > - > > - @retval EFI_SUCCESS The function completed successfully. > > - @retval EFI_NOT_FOUND The variable was not found. > > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. > DataSize has > > - been updated with the size needed to complete the request. > > - @retval EFI_INVALID_PARAMETER VariableName is NULL. > > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. > > - @retval EFI_INVALID_PARAMETER DataSize is NULL. > > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is > NULL. > > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a > hardware error. > > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to > an authentication failure. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalGetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - OUT UINT32 *Attributes OPTIONAL, > > - IN OUT UINTN *DataSize, > > - OUT VOID *Data > > - ) > > -{ > > - return mSmmVariable->SmmGetVariable ( > > - VariableName, > > - VendorGuid, > > - Attributes, > > - DataSize, > > - Data > > - ); > > -} > > - > > -/** > > - This service is a wrapper for the UEFI Runtime Service SetVariable() > > - > > - @param VariableName the name of the vendor's variable, as a > > - Null-Terminated Unicode String > > - @param VendorGuid Unify identifier for vendor. > > - @param Attributes Point to memory location to return the attributes of > variable. If the point > > - is NULL, the parameter would be ignored. > > - @param DataSize The size in bytes of Data-Buffer. > > - @param Data Point to the content of the variable. > > - > > - @retval EFI_SUCCESS The firmware has successfully stored the variable > and its data as > > - defined by the Attributes. > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits > was supplied, or the > > - DataSize exceeds the maximum allowed. > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold > the variable and its data. > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > hardware failure. > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. > > - @retval EFI_SECURITY_VIOLATION The variable could not be written due to > EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > - set but the AuthInfo does NOT pass the validation check > carried > > - out by the firmware. > > - @retval EFI_NOT_FOUND The variable trying to be updated or deleted > was not found. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -InternalSetVariable ( > > - IN CHAR16 *VariableName, > > - IN EFI_GUID *VendorGuid, > > - IN UINT32 Attributes, > > - IN UINTN DataSize, > > - IN VOID *Data > > - ) > > -{ > > - return mSmmVariable->SmmSetVariable ( > > - VariableName, > > - VendorGuid, > > - Attributes, > > - DataSize, > > - Data > > - ); > > -} > > - > > -/** > > - Entry Point for MOR Lock Control driver. > > - > > - @param[in] ImageHandle The firmware allocated handle for the EFI image. > > - @param[in] SystemTable A pointer to the EFI System Table. > > - > > - @retval EFI_SUCCESS EntryPoint runs successfully. > > - > > -**/ > > -EFI_STATUS > > -EFIAPI > > -MorLockDriverEntryPointSmm ( > > - IN EFI_HANDLE ImageHandle, > > - IN EFI_SYSTEM_TABLE *SystemTable > > - ) > > -{ > > - EFI_STATUS Status; > > - EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck; > > - > > - // > > - // This driver link to Smm Variable driver > > - // > > - DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n")); > > - > > - Status = gSmst->SmmLocateProtocol ( > > - &gEfiSmmVariableProtocolGuid, > > - NULL, > > - (VOID **) &mSmmVariable > > - ); > > - ASSERT_EFI_ERROR (Status); > > - > > - Status = gSmst->SmmLocateProtocol ( > > - &gEdkiiSmmVarCheckProtocolGuid, > > - NULL, > > - (VOID **) &SmmVarCheck > > - ); > > - ASSERT_EFI_ERROR (Status); > > - > > - Status = MorLockDriverInit (); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - > > - Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler > (SetVariableCheckHandlerMor); > > - ASSERT_EFI_ERROR (Status); > > - > > - return Status; > > -} > > - > > diff --git > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > deleted file mode 100644 > index 875c1e5f3a..0000000000 > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > +++ /dev/null > @@ -1,65 +0,0 @@ > -## @file > > -# Initializes MemoryOverwriteRequestControlLock variable > > -# > > -# This module will add Variable Hook and allow > MemoryOverwriteRequestControlLock variable set only once. > > -# > > -# NOTE: This module only handles secure MOR V1 and is deprecated. > > -# The secure MOR V2 is handled inside of variable driver. > > -# > > -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > -# > > -## > > - > > -[Defines] > > - INF_VERSION = 0x00010005 > > - BASE_NAME = TcgMorLockSmm > > - MODULE_UNI_FILE = TcgMorLock.uni > > - FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E > > - MODULE_TYPE = DXE_SMM_DRIVER > > - VERSION_STRING = 1.0 > > - PI_SPECIFICATION_VERSION = 0x0001000A > > - ENTRY_POINT = MorLockDriverEntryPointSmm > > - > > -# > > -# The following information is for reference only and not required by the build > tools. > > -# > > -# VALID_ARCHITECTURES = IA32 X64 EBC > > -# > > - > > -[Sources] > > - TcgMorLock.h > > - TcgMorLock.c > > - TcgMorLockSmm.c > > - > > -[Packages] > > - MdePkg/MdePkg.dec > > - MdeModulePkg/MdeModulePkg.dec > > - SecurityPkg/SecurityPkg.dec > > - > > -[LibraryClasses] > > - UefiDriverEntryPoint > > - SmmServicesTableLib > > - DebugLib > > - BaseLib > > - BaseMemoryLib > > - > > -[Guids] > > - ## SOMETIMES_CONSUMES ## > Variable:L"MemoryOverwriteRequestControl" > > - gEfiMemoryOverwriteControlDataGuid > > - > > - ## SOMETIMES_CONSUMES ## > Variable:L"MemoryOverwriteRequestControlLock" > > - ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" > > - gEfiMemoryOverwriteRequestControlLockGuid > > - > > -[Protocols] > > - gEdkiiSmmVarCheckProtocolGuid ## CONSUMES > > - gEfiSmmVariableProtocolGuid ## CONSUMES > > - > > -[Depex] > > - gEfiSmmVariableProtocolGuid AND > > - gSmmVariableWriteGuid AND > > - ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid ) > > - > > -[UserExtensions.TianoCore."ExtraFiles"] > > - TcgMorLockExtra.uni > > -- > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79897): https://edk2.groups.io/g/devel/message/79897 Mute This Topic: https://groups.io/mt/85102356/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
I created a new PR and pass CI. https://github.com/tianocore/edk2/pull/1924 Thanks! Qi Zhang > -----Original Message----- > From: Yao, Jiewen <jiewen.yao@intel.com> > Sent: Friday, August 27, 2021 9:44 PM > To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io > Cc: Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1 > <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com> > Subject: RE: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver > > Hi > This patch failed in CI - https://github.com/tianocore/edk2/pull/1922 > > Please take a look and submit patch again. > > > -----Original Message----- > > From: Zhang, Qi1 <qi1.zhang@intel.com> > > Sent: Tuesday, August 24, 2021 10:28 AM > > To: devel@edk2.groups.io > > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen > > <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Kumar, > > Rahul1 <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com> > > Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583 > > > > TcgMorLockSmm is only for secure MOR V1. > > VariableSmm covers secure MOR V1 and V2. > > > > Signed-off-by: Qi Zhang <qi1.zhang@intel.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Jian J Wang <jian.j.wang@intel.com> > > Cc: Qi Zhang <qi1.zhang@intel.com> > > Cc: Rahul Kumar <rahul1.kumar@intel.com> > > Cc: Ray Ni <ray.ni@intel.com> > > --- > > SecurityPkg/SecurityPkg.dsc | 1 - > > .../TcgMorLock.c | 191 ------------------ > > .../TcgMorLock.h | 131 ------------ > > .../TcgMorLock.uni | 16 -- > > .../TcgMorLockExtra.uni | 14 -- > > .../TcgMorLockSmm.c | 152 -------------- > > .../TcgMorLockSmm.inf | 65 ------ > > 7 files changed, 570 deletions(-) > > delete mode 100644 > > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > > delete mode 100644 > > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > > delete mode 100644 > > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > > delete mode 100644 > > > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni > > delete mode 100644 > > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > > delete mode 100644 > > > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > > > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > > index 64157e20f9..7898fe4282 100644 > > --- a/SecurityPkg/SecurityPkg.dsc > > +++ b/SecurityPkg/SecurityPkg.dsc > > @@ -338,7 +338,6 @@ > > > > > > [Components.IA32, Components.X64] > > > > > > > > - > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf > > > > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf > > > > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf > > > > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf > > > > diff --git > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > > deleted file mode 100644 > > index aa230eeefa..0000000000 > > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c > > +++ /dev/null > > @@ -1,191 +0,0 @@ > > -/** @file > > > > - TCG MOR (Memory Overwrite Request) Lock Control Driver. > > > > - > > > > - This driver initializes MemoryOverwriteRequestControlLock variable. > > > > - This module will add Variable Hook and allow > > MemoryOverwriteRequestControlLock variable set only once. > > > > - > > > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights > > reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#include <PiDxe.h> > > > > -#include <Guid/MemoryOverwriteControl.h> > > > > -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h> > > > > -#include <Library/DebugLib.h> > > > > -#include <Library/BaseLib.h> > > > > -#include <Library/BaseMemoryLib.h> > > > > -#include "TcgMorLock.h" > > > > - > > > > -typedef struct { > > > > - CHAR16 *VariableName; > > > > - EFI_GUID *VendorGuid; > > > > -} VARIABLE_TYPE; > > > > - > > > > -VARIABLE_TYPE mMorVariableType[] = { > > > > - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, > > &gEfiMemoryOverwriteControlDataGuid}, > > > > - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > &gEfiMemoryOverwriteRequestControlLockGuid}, > > > > -}; > > > > - > > > > -/** > > > > - Returns if this is MOR related variable. > > > > - > > > > - @param VariableName the name of the vendor's variable, it's a > > Null- Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - > > > > - @retval TRUE The variable is MOR related. > > > > - @retval FALSE The variable is NOT MOR related. > > > > -**/ > > > > -BOOLEAN > > > > -IsAnyMorVariable ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid > > > > - ) > > > > -{ > > > > - UINTN Index; > > > > - > > > > - for (Index = 0; Index < > > sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { > > > > - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) > == 0) > > && > > > > - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) > { > > > > - return TRUE; > > > > - } > > > > - } > > > > - return FALSE; > > > > -} > > > > - > > > > -/** > > > > - Returns if this is MOR lock variable. > > > > - > > > > - @param VariableName the name of the vendor's variable, it's a > > Null- Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - > > > > - @retval TRUE The variable is MOR lock variable. > > > > - @retval FALSE The variable is NOT MOR lock variable. > > > > -**/ > > > > -BOOLEAN > > > > -IsMorLockVariable ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid > > > > - ) > > > > -{ > > > > - if ((StrCmp (VariableName, > > MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && > > > > - (CompareGuid (VendorGuid, > > &gEfiMemoryOverwriteRequestControlLockGuid))) { > > > > - return TRUE; > > > > - } > > > > - return FALSE; > > > > -} > > > > - > > > > -/** > > > > - This service is a checker handler for the UEFI Runtime Service > > SetVariable() > > > > - > > > > - @param VariableName the name of the vendor's variable, as a > > > > - Null-Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - @param Attributes Point to memory location to return the attributes of > > variable. If the point > > > > - is NULL, the parameter would be ignored. > > > > - @param DataSize The size in bytes of Data-Buffer. > > > > - @param Data Point to the content of the variable. > > > > - > > > > - @retval EFI_SUCCESS The firmware has successfully stored the > variable > > and its data as > > > > - defined by the Attributes. > > > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute > > bits was supplied, or the > > > > - DataSize exceeds the maximum allowed. > > > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode > string. > > > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to > hold > > the variable and its data. > > > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > > hardware failure. > > > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be > deleted. > > > > - @retval EFI_SECURITY_VIOLATION The variable could not be written > > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > > > - set but the AuthInfo does NOT pass the validation check > > carried > > > > - out by the firmware. > > > > - @retval EFI_NOT_FOUND The variable trying to be updated or > deleted > > was not found. > > > > - > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -SetVariableCheckHandlerMor ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid, > > > > - IN UINT32 Attributes, > > > > - IN UINTN DataSize, > > > > - IN VOID *Data > > > > - ) > > > > -{ > > > > - UINTN MorLockDataSize; > > > > - BOOLEAN MorLock; > > > > - EFI_STATUS Status; > > > > - > > > > - // > > > > - // do not handle non-MOR variable > > > > - // > > > > - if (!IsAnyMorVariable (VariableName, VendorGuid)) { > > > > - return EFI_SUCCESS; > > > > - } > > > > - > > > > - MorLockDataSize = sizeof(MorLock); > > > > - Status = InternalGetVariable ( > > > > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > > > - &gEfiMemoryOverwriteRequestControlLockGuid, > > > > - NULL, > > > > - &MorLockDataSize, > > > > - &MorLock > > > > - ); > > > > - if (!EFI_ERROR (Status) && MorLock) { > > > > - // > > > > - // If lock, deny access > > > > - // > > > > - return EFI_INVALID_PARAMETER; > > > > - } > > > > - > > > > - // > > > > - // Delete not OK > > > > - // > > > > - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == > > 0)) { > > > > - return EFI_INVALID_PARAMETER; > > > > - } > > > > - > > > > - // > > > > - // check format > > > > - // > > > > - if (IsMorLockVariable(VariableName, VendorGuid)) { > > > > - // > > > > - // set to any other value not OK > > > > - // > > > > - if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) { > > > > - return EFI_INVALID_PARAMETER; > > > > - } > > > > - } > > > > - // > > > > - // Or grant access > > > > - // > > > > - return EFI_SUCCESS; > > > > -} > > > > - > > > > -/** > > > > - Entry Point for MOR Lock Control driver. > > > > - > > > > - @param[in] ImageHandle Image handle of this driver. > > > > - @param[in] SystemTable A Pointer to the EFI System Table. > > > > - > > > > - @retval EFI_SUCCESS > > > > - @return Others Some error occurs. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -MorLockDriverInit ( > > > > - VOID > > > > - ) > > > > -{ > > > > - EFI_STATUS Status; > > > > - UINT8 Data; > > > > - > > > > - Data = 0; > > > > - Status = InternalSetVariable ( > > > > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, > > > > - &gEfiMemoryOverwriteRequestControlLockGuid, > > > > - EFI_VARIABLE_NON_VOLATILE | > EFI_VARIABLE_BOOTSERVICE_ACCESS > > | EFI_VARIABLE_RUNTIME_ACCESS, > > > > - 1, > > > > - &Data > > > > - ); > > > > - return Status; > > > > -} > > > > diff --git > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > > deleted file mode 100644 > > index 5a6658c158..0000000000 > > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h > > +++ /dev/null > > @@ -1,131 +0,0 @@ > > -/** @file > > > > - TCG MOR (Memory Overwrite Request) Lock Control Driver header file. > > > > - > > > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights > > reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#ifndef _EFI_TCG_MOR_LOCK_H_ > > > > -#define _EFI_TCG_MOR_LOCK_H_ > > > > - > > > > -/** > > > > - This service is a wrapper for the UEFI Runtime Service GetVariable(). > > > > - > > > > - @param VariableName the name of the vendor's variable, it's a > > Null- Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - @param Attributes Point to memory location to return the attributes of > > variable. If the point > > > > - is NULL, the parameter would be ignored. > > > > - @param DataSize As input, point to the maximum size of return Data- > Buffer. > > > > - As output, point to the actual size of the returned Data-Buffer. > > > > - @param Data Point to return Data-Buffer. > > > > - > > > > - @retval EFI_SUCCESS The function completed successfully. > > > > - @retval EFI_NOT_FOUND The variable was not found. > > > > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the > result. > > DataSize has > > > > - been updated with the size needed to complete the > request. > > > > - @retval EFI_INVALID_PARAMETER VariableName is NULL. > > > > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. > > > > - @retval EFI_INVALID_PARAMETER DataSize is NULL. > > > > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and > > Data is NULL. > > > > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due > to a > > hardware error. > > > > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved > > due to an authentication failure. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -InternalGetVariable ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid, > > > > - OUT UINT32 *Attributes OPTIONAL, > > > > - IN OUT UINTN *DataSize, > > > > - OUT VOID *Data > > > > - ); > > > > - > > > > -/** > > > > - This service is a wrapper for the UEFI Runtime Service > > SetVariable() > > > > - > > > > - @param VariableName the name of the vendor's variable, as a > > > > - Null-Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - @param Attributes Point to memory location to return the attributes of > > variable. If the point > > > > - is NULL, the parameter would be ignored. > > > > - @param DataSize The size in bytes of Data-Buffer. > > > > - @param Data Point to the content of the variable. > > > > - > > > > - @retval EFI_SUCCESS The firmware has successfully stored the > variable > > and its data as > > > > - defined by the Attributes. > > > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute > > bits was supplied, or the > > > > - DataSize exceeds the maximum allowed. > > > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode > string. > > > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to > hold > > the variable and its data. > > > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > > hardware failure. > > > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be > deleted. > > > > - @retval EFI_SECURITY_VIOLATION The variable could not be written > > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > > > - set but the AuthInfo does NOT pass the validation check > > carried > > > > - out by the firmware. > > > > - @retval EFI_NOT_FOUND The variable trying to be updated or > deleted > > was not found. > > > > - > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -InternalSetVariable ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid, > > > > - IN UINT32 Attributes, > > > > - IN UINTN DataSize, > > > > - IN VOID *Data > > > > - ); > > > > - > > > > -/** > > > > - This service is a checker handler for the UEFI Runtime Service > > SetVariable() > > > > - > > > > - @param VariableName the name of the vendor's variable, as a > > > > - Null-Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - @param Attributes Point to memory location to return the attributes of > > variable. If the point > > > > - is NULL, the parameter would be ignored. > > > > - @param DataSize The size in bytes of Data-Buffer. > > > > - @param Data Point to the content of the variable. > > > > - > > > > - @retval EFI_SUCCESS The firmware has successfully stored the > variable > > and its data as > > > > - defined by the Attributes. > > > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute > > bits was supplied, or the > > > > - DataSize exceeds the maximum allowed. > > > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode > string. > > > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to > hold > > the variable and its data. > > > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > > hardware failure. > > > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be > deleted. > > > > - @retval EFI_SECURITY_VIOLATION The variable could not be written > > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > > > - set but the AuthInfo does NOT pass the validation check > > carried > > > > - out by the firmware. > > > > - @retval EFI_NOT_FOUND The variable trying to be updated or > deleted > > was not found. > > > > - > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -SetVariableCheckHandlerMor ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid, > > > > - IN UINT32 Attributes, > > > > - IN UINTN DataSize, > > > > - IN VOID *Data > > > > - ); > > > > - > > > > -/** > > > > - Entry Point for MOR Lock Control driver. > > > > - > > > > - @param[in] ImageHandle Image handle of this driver. > > > > - @param[in] SystemTable A Pointer to the EFI System Table. > > > > - > > > > - @retval EFI_SUCCESS > > > > - @return Others Some error occurs. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -MorLockDriverInit ( > > > > - VOID > > > > - ); > > > > - > > > > -#endif > > > > diff --git > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > > deleted file mode 100644 > > index 711b37d866..0000000000 > > --- > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni > > +++ /dev/null > > @@ -1,16 +0,0 @@ > > -// /** @file > > > > -// Initializes MemoryOverwriteRequestControlLock variable > > > > -// > > > > -// This module will add Variable Hook and allow > > MemoryOverwriteRequestControlLock variable set only once. > > > > -// > > > > -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > > > > -// > > > > -// SPDX-License-Identifier: BSD-2-Clause-Patent > > > > -// > > > > -// **/ > > > > - > > > > - > > > > -#string STR_MODULE_ABSTRACT #language en-US "Initializes > > MemoryOverwriteRequestControlLock variable" > > > > - > > > > -#string STR_MODULE_DESCRIPTION #language en-US "This module > will > > add Variable Hook and allow MemoryOverwriteRequestControlLock > variable > > set only once." > > > > - > > > > diff --git > > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.u > n > > i > > > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra. > un > > i > > deleted file mode 100644 > > index 2679c08c86..0000000000 > > --- > > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.u > n > > i > > +++ /dev/null > > @@ -1,14 +0,0 @@ > > -// /** @file > > > > -// TcgMorLock Localized Strings and Content > > > > -// > > > > -// Copyright (c) 2015 - 2018, Intel Corporation. All rights > > reserved.<BR> > > > > -// > > > > -// SPDX-License-Identifier: BSD-2-Clause-Patent > > > > -// > > > > -// **/ > > > > - > > > > -#string STR_PROPERTIES_MODULE_NAME > > > > -#language en-US > > > > -"TCG (Trusted Computing Group) MOR Lock" > > > > - > > > > - > > > > diff --git > > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > > > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > > deleted file mode 100644 > > index 8c92317313..0000000000 > > --- > > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c > > +++ /dev/null > > @@ -1,152 +0,0 @@ > > -/** @file > > > > - TCG MOR (Memory Overwrite Request) Lock Control Driver SMM > wrapper. > > > > - > > > > -Copyright (c) 2015 - 2018, Intel Corporation. All rights > > reserved.<BR> > > > > -SPDX-License-Identifier: BSD-2-Clause-Patent > > > > - > > > > -**/ > > > > - > > > > -#include <PiSmm.h> > > > > -#include <Library/SmmServicesTableLib.h> > > > > -#include <Library/DebugLib.h> > > > > -#include <Protocol/SmmVarCheck.h> > > > > -#include <Protocol/SmmVariable.h> > > > > -#include "TcgMorLock.h" > > > > - > > > > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; > > > > - > > > > -/** > > > > - This service is a wrapper for the UEFI Runtime Service GetVariable(). > > > > - > > > > - @param VariableName the name of the vendor's variable, it's a > > Null- Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - @param Attributes Point to memory location to return the attributes of > > variable. If the point > > > > - is NULL, the parameter would be ignored. > > > > - @param DataSize As input, point to the maximum size of return Data- > Buffer. > > > > - As output, point to the actual size of the returned Data-Buffer. > > > > - @param Data Point to return Data-Buffer. > > > > - > > > > - @retval EFI_SUCCESS The function completed successfully. > > > > - @retval EFI_NOT_FOUND The variable was not found. > > > > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the > result. > > DataSize has > > > > - been updated with the size needed to complete the > request. > > > > - @retval EFI_INVALID_PARAMETER VariableName is NULL. > > > > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL. > > > > - @retval EFI_INVALID_PARAMETER DataSize is NULL. > > > > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and > > Data is NULL. > > > > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due > to a > > hardware error. > > > > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved > > due to an authentication failure. > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -InternalGetVariable ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid, > > > > - OUT UINT32 *Attributes OPTIONAL, > > > > - IN OUT UINTN *DataSize, > > > > - OUT VOID *Data > > > > - ) > > > > -{ > > > > - return mSmmVariable->SmmGetVariable ( > > > > - VariableName, > > > > - VendorGuid, > > > > - Attributes, > > > > - DataSize, > > > > - Data > > > > - ); > > > > -} > > > > - > > > > -/** > > > > - This service is a wrapper for the UEFI Runtime Service > > SetVariable() > > > > - > > > > - @param VariableName the name of the vendor's variable, as a > > > > - Null-Terminated Unicode String > > > > - @param VendorGuid Unify identifier for vendor. > > > > - @param Attributes Point to memory location to return the attributes of > > variable. If the point > > > > - is NULL, the parameter would be ignored. > > > > - @param DataSize The size in bytes of Data-Buffer. > > > > - @param Data Point to the content of the variable. > > > > - > > > > - @retval EFI_SUCCESS The firmware has successfully stored the > variable > > and its data as > > > > - defined by the Attributes. > > > > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute > > bits was supplied, or the > > > > - DataSize exceeds the maximum allowed. > > > > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode > string. > > > > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to > hold > > the variable and its data. > > > > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a > > hardware failure. > > > > - @retval EFI_WRITE_PROTECTED The variable in question is read-only. > > > > - @retval EFI_WRITE_PROTECTED The variable in question cannot be > deleted. > > > > - @retval EFI_SECURITY_VIOLATION The variable could not be written > > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS > > > > - set but the AuthInfo does NOT pass the validation check > > carried > > > > - out by the firmware. > > > > - @retval EFI_NOT_FOUND The variable trying to be updated or > deleted > > was not found. > > > > - > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -InternalSetVariable ( > > > > - IN CHAR16 *VariableName, > > > > - IN EFI_GUID *VendorGuid, > > > > - IN UINT32 Attributes, > > > > - IN UINTN DataSize, > > > > - IN VOID *Data > > > > - ) > > > > -{ > > > > - return mSmmVariable->SmmSetVariable ( > > > > - VariableName, > > > > - VendorGuid, > > > > - Attributes, > > > > - DataSize, > > > > - Data > > > > - ); > > > > -} > > > > - > > > > -/** > > > > - Entry Point for MOR Lock Control driver. > > > > - > > > > - @param[in] ImageHandle The firmware allocated handle for the EFI > image. > > > > - @param[in] SystemTable A pointer to the EFI System Table. > > > > - > > > > - @retval EFI_SUCCESS EntryPoint runs successfully. > > > > - > > > > -**/ > > > > -EFI_STATUS > > > > -EFIAPI > > > > -MorLockDriverEntryPointSmm ( > > > > - IN EFI_HANDLE ImageHandle, > > > > - IN EFI_SYSTEM_TABLE *SystemTable > > > > - ) > > > > -{ > > > > - EFI_STATUS Status; > > > > - EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck; > > > > - > > > > - // > > > > - // This driver link to Smm Variable driver > > > > - // > > > > - DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n")); > > > > - > > > > - Status = gSmst->SmmLocateProtocol ( > > > > - &gEfiSmmVariableProtocolGuid, > > > > - NULL, > > > > - (VOID **) &mSmmVariable > > > > - ); > > > > - ASSERT_EFI_ERROR (Status); > > > > - > > > > - Status = gSmst->SmmLocateProtocol ( > > > > - &gEdkiiSmmVarCheckProtocolGuid, > > > > - NULL, > > > > - (VOID **) &SmmVarCheck > > > > - ); > > > > - ASSERT_EFI_ERROR (Status); > > > > - > > > > - Status = MorLockDriverInit (); > > > > - if (EFI_ERROR (Status)) { > > > > - return Status; > > > > - } > > > > - > > > > - Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler > > (SetVariableCheckHandlerMor); > > > > - ASSERT_EFI_ERROR (Status); > > > > - > > > > - return Status; > > > > -} > > > > - > > > > diff --git > > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i > nf > > > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i > nf > > deleted file mode 100644 > > index 875c1e5f3a..0000000000 > > --- > > > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i > nf > > +++ /dev/null > > @@ -1,65 +0,0 @@ > > -## @file > > > > -# Initializes MemoryOverwriteRequestControlLock variable > > > > -# > > > > -# This module will add Variable Hook and allow > > MemoryOverwriteRequestControlLock variable set only once. > > > > -# > > > > -# NOTE: This module only handles secure MOR V1 and is deprecated. > > > > -# The secure MOR V2 is handled inside of variable driver. > > > > -# > > > > -# Copyright (c) 2015 - 2018, Intel Corporation. All rights > > reserved.<BR> > > > > -# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > -# > > > > -## > > > > - > > > > -[Defines] > > > > - INF_VERSION = 0x00010005 > > > > - BASE_NAME = TcgMorLockSmm > > > > - MODULE_UNI_FILE = TcgMorLock.uni > > > > - FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E > > > > - MODULE_TYPE = DXE_SMM_DRIVER > > > > - VERSION_STRING = 1.0 > > > > - PI_SPECIFICATION_VERSION = 0x0001000A > > > > - ENTRY_POINT = MorLockDriverEntryPointSmm > > > > - > > > > -# > > > > -# The following information is for reference only and not required by > > the build tools. > > > > -# > > > > -# VALID_ARCHITECTURES = IA32 X64 EBC > > > > -# > > > > - > > > > -[Sources] > > > > - TcgMorLock.h > > > > - TcgMorLock.c > > > > - TcgMorLockSmm.c > > > > - > > > > -[Packages] > > > > - MdePkg/MdePkg.dec > > > > - MdeModulePkg/MdeModulePkg.dec > > > > - SecurityPkg/SecurityPkg.dec > > > > - > > > > -[LibraryClasses] > > > > - UefiDriverEntryPoint > > > > - SmmServicesTableLib > > > > - DebugLib > > > > - BaseLib > > > > - BaseMemoryLib > > > > - > > > > -[Guids] > > > > - ## SOMETIMES_CONSUMES ## > > Variable:L"MemoryOverwriteRequestControl" > > > > - gEfiMemoryOverwriteControlDataGuid > > > > - > > > > - ## SOMETIMES_CONSUMES ## > > Variable:L"MemoryOverwriteRequestControlLock" > > > > - ## PRODUCES ## > Variable:L"MemoryOverwriteRequestControlLock" > > > > - gEfiMemoryOverwriteRequestControlLockGuid > > > > - > > > > -[Protocols] > > > > - gEdkiiSmmVarCheckProtocolGuid ## CONSUMES > > > > - gEfiSmmVariableProtocolGuid ## CONSUMES > > > > - > > > > -[Depex] > > > > - gEfiSmmVariableProtocolGuid AND > > > > - gSmmVariableWriteGuid AND > > > > - ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid ) > > > > - > > > > -[UserExtensions.TianoCore."ExtraFiles"] > > > > - TcgMorLockExtra.uni > > > > -- > > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79912): https://edk2.groups.io/g/devel/message/79912 Mute This Topic: https://groups.io/mt/85102356/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.