From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95983+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95983+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720142; cv=none; d=zohomail.com; s=zohoarc; b=VIkNrblPfsiKsERLQs5zMfbaHCCRBrU6bxFbuvt6oI1e7AOLt43sCdzZD8hPBf3eUCmDAJ+IsNqP8IiWYs0DdnJ7YxG/2I/rx/BATBMySlZXJUkfcDbA/M/bxxJoniNpkIjNrsgDFsww0+waO/uglR09Ql15h9o05rDTEppgjZw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720142; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=9oEm3vWw6VFr+q8x5PjT7dbL58CsBiIwOFgOd/3zIAs=; b=KbiVURSe1o66vxVHG4kI2wHbiYm5+ezuDVxFmUsQT8EZh9JT8dtr54so9Kso58UsJbaK5fq33qGoXdTVoRl7LSOGX6Br+CoPJjnxSZXJVGNzBMZKz/v8xgORdbdOpEmzbI9vN9kiSS+s4CY1G3jzv4hG5n/K9DMTu0PZj7hY+fs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95983+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720142986101.25236450865657; Sun, 6 Nov 2022 00:35:42 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id SsW4YY1788612x1NJH80bxuz; Sun, 06 Nov 2022 00:35:42 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.14269.1667720141472727483 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948728" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948728" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:24 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513425" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513425" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:24 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 01/19] MdePkg: Add reference to new Ppi Guid Date: Sun, 6 Nov 2022 00:34:51 -0700 Message-Id: <20221106073509.3071-2-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: 9xirEQT0p9XHrVcmHe82tDfix1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720142; bh=tYCZlNynBr5IbCJ4IGqBxM3/gKY1S9MJeRYbyHOrWHA=; h=Cc:Date:From:Reply-To:Subject:To; b=AUoSSfHUT2Ctatn9IOXTwuFMlf/tPp2blPdAJ3ck38uecC9NfshGsstWRYV7Wj84KdV /afr8oHXGr8RDT33fL1gQLfDRKluZbvO7Gno44KqaL+PPox2K2frt+XEu+OjFDH0wYxG9 ZKy2KlpetQW/De9pf8/B3ma2AlRnq3ndmPA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720144855100005 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Add reference to gEfiPeiVariableStoreDiscoveredPpiGuid which contains information whether variable store is available. Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- MdePkg/Include/Ppi/ReadOnlyVariable2.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/MdePkg/Include/Ppi/ReadOnlyVariable2.h b/MdePkg/Include/Ppi/Re= adOnlyVariable2.h index 926c0bc82a43..c5a8470565bb 100644 --- a/MdePkg/Include/Ppi/ReadOnlyVariable2.h +++ b/MdePkg/Include/Ppi/ReadOnlyVariable2.h @@ -2,7 +2,7 @@ This file declares Read-only Variable Service2 PPI. This ppi permits read-only access to the UEFI variable store during the = PEI phase. =20 -Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @par Revision Reference: @@ -106,4 +106,6 @@ struct _EFI_PEI_READ_ONLY_VARIABLE2_PPI { =20 extern EFI_GUID gEfiPeiReadOnlyVariable2PpiGuid; =20 +extern EFI_GUID gEfiPeiVariableStoreDiscoveredPpiGuid; + #endif --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95983): https://edk2.groups.io/g/devel/message/95983 Mute This Topic: https://groups.io/mt/94840819/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95982+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95982+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720150; cv=none; d=zohomail.com; s=zohoarc; b=J+t6shjDVGBKOmgnOIctIgQR5Vuyv2P55YzP42ON29fnELwn6+Bio37sUTOujZ6tUlv2W0qzbcDcqd9oP3ZDKPhpJ2eFWxhShKCF1JQvO7aLRRTnaQyKfGAQUG7PBaU7yRGF25i353UYTARbMcncXeBgnhjlXGmaxwnxp8x7n8Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720150; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=xtRX1YFNbRLa7LfyxVBVJ0ZdLNhOHO7Ffd2rfkcwg0o=; b=MDLpny56h8MtTZ5/Z3p/XC4oYrCAFzPUfDiEIGBydQbuaw8AgtwTSty51VkGBqfy+105VnGEu25jTCtUtCe/yuGQN8K3S7KdWd0zl8a0Xw1+c9UywOeJQWuvocSicOnZwQAQgGJ9xV2GaDIkm4ok3sqsu68nfYa+L/iOrU3WQx4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95982+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720150240200.3265925351185; Sun, 6 Nov 2022 00:35:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fOG9YY1788612xwPYS6yNRuA; Sun, 06 Nov 2022 00:35:49 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.14306.1667720141929357296 for ; Sun, 06 Nov 2022 00:35:41 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948729" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948729" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:25 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513430" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513430" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:25 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 02/19] MdeModulePkg: Update AUTH_VARIABLE_INFO struct Date: Sun, 6 Nov 2022 00:34:52 -0700 Message-Id: <20221106073509.3071-3-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: 1xzIzs3fm0Vi8UHC4m60uy2kx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720149; bh=VnG/6dBu4QNcgHCNwHpvG+Kz4GbbvdQByGea2onRcRw=; h=Cc:Date:From:Reply-To:Subject:To; b=EqXPMMe4BLKJYFB6bzioyTtaWMcFpZYzY2Avl6foldPO6ZI1owkmfUvnmPF59YH6BLg YfBHKKu6vD0gt8YUfNxQpBu471i2BeMDsaRgT7NLWu9TDuQ9eldh5A4dTlOstiGIRd+pH KV3AkeUQnwoe/D+qxZ91E7WCcN+1jkpzoaI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720150878100055 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Added NameSize and State to AUTH_VARIABLE_INFO struct. The size of the name and state is needed when creating the variable digest. Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- MdeModulePkg/Include/Library/AuthVariableLib.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Include/Library/AuthVariableLib.h b/MdeModulePkg/= Include/Library/AuthVariableLib.h index 37aceba699e6..32391bbf2b61 100644 --- a/MdeModulePkg/Include/Library/AuthVariableLib.h +++ b/MdeModulePkg/Include/Library/AuthVariableLib.h @@ -1,7 +1,7 @@ /** @file Provides services to initialize and process authenticated variables. =20 -Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -25,9 +25,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent (OFFSET_OF (WIN_CERTIFICATE_UEFI_GU= ID, CertData))) =20 typedef struct { + UINTN NameSize; CHAR16 *VariableName; EFI_GUID *VendorGuid; UINT32 Attributes; + UINT8 State; UINTN DataSize; VOID *Data; UINT32 PubKeyIndex; --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95982): https://edk2.groups.io/g/devel/message/95982 Mute This Topic: https://groups.io/mt/94840818/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95984+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95984+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720144; cv=none; d=zohomail.com; s=zohoarc; b=g7Fcx4Yv+hOLmQavSkmazFIi6fYAt+3Gue613KnxCjasS6XIM19G8T63aO7oJXQsaKHnwakH1uMpv8/FT/7uFbdibP19LN1+h5FdOUt7X+t6bgbXrzKyqWU+dVrM2aTvpvGJShw/8DLFw9v1jnbLLXrgg+iIA8zbje7nA4SVAlE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720144; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=OyQt6B2gzPkMtfwlfFRHnXHJyJzpNz7Sn5uXq+7X2NI=; b=mwvtV8KtZZrm6BHGUlki30V/47eg+Nm5XuDBKJOw9LSdXt4CfHBGhMFe/hlaYQcHSC24MUyHwDssEKnxVM/p4j7/SltB/4rzxebMC10WSezk/D3mJGSGw9OGvzhyPIQ2i+aXSKth4v1uNAiYHTFaT5q83W1fTcg5jb3F5+sE5OE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95984+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720144256721.2300194347081; Sun, 6 Nov 2022 00:35:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id h4FrYY1788612xheIIyJx4Lb; Sun, 06 Nov 2022 00:35:43 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.14306.1667720141929357296 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948730" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948730" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:25 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513435" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513435" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:25 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 03/19] MdeModulePkg: Add new ProtectedVariable GUIDs Date: Sun, 6 Nov 2022 00:34:53 -0700 Message-Id: <20221106073509.3071-4-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: lwqsxS1codvZVZXob5LiTyjfx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720143; bh=pKsDWYLNwLOLhWn7q6vwUb4M0C8nTzz93S2RRmfWUiw=; h=Cc:Date:From:Reply-To:Subject:To; b=QsW2lcBJc3DOxlcojmdBx+BJIiuju7qJzcnTWSs88bWoeVAnN/Qv74/HUzrT9OfuUKs BIaFj9yxjbBSTtKi9CaCB2duj2DrZX3UusWR7LLMZ35+hnjsK8pbMKEW+TOiBbTxMlbIr EFVnCNYB6nWLt9aS4eIc/kErI06iisgbmyw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720144857100006 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 New ProtectVariable GUIDs for passing variable information from PEI phase to SMM phase. Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- MdeModulePkg/Include/Guid/ProtectedVariable.h | 22 ++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/MdeModulePkg/Include/Guid/ProtectedVariable.h b/MdeModulePkg/I= nclude/Guid/ProtectedVariable.h new file mode 100644 index 000000000000..0c6e19e0456b --- /dev/null +++ b/MdeModulePkg/Include/Guid/ProtectedVariable.h @@ -0,0 +1,22 @@ +/** @file + The GUID definitions specific for protected variable services. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PROTECTED_VARIABLE_H_ +#define PROTECTED_VARIABLE_H_ + +#define EDKII_PROTECTED_VARIABLE_GLOBAL_GUID \ + { 0x8ebf379a, 0xf18e, 0x4728, { 0xa4, 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe,= 0x91 } } + +#define EDKII_METADATA_HMAC_VARIABLE_GUID \ + { 0xb54cda50, 0xec54, 0x4b20, { 0x85, 0xb4, 0x57, 0xbf, 0x52, 0x98, 0x68= , 0x3d } } + +extern EFI_GUID gEdkiiProtectedVariableGlobalGuid; +extern EFI_GUID gEdkiiMetaDataHmacVariableGuid; +extern EFI_GUID gEdkiiProtectedVariableContextGuid; + +#endif // __PROTECTED_VARIABLE_H__ --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95984): https://edk2.groups.io/g/devel/message/95984 Mute This Topic: https://groups.io/mt/94840820/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95985+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95985+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720150; cv=none; d=zohomail.com; s=zohoarc; b=M+325vQEoz+BGcsdu2ho1occ7BPRi4/1C8P+PnP91Um+vvYD//EQzUPzIqjQ6RAo2iRsJA95wAU2ThyYr/Pew1GkMeDx5DDBUtGlxrgCw8Tk1YNwdlLnG6PyVl+SmpMNhIWDpo0R2vyFq/7rbSEpnKbzZmQK0BjZt3iHuvcP1Gk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720150; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=XRzeyqoQVqbaw+1W4wSfB8v3SJCqvNTQBDozNlBl6QE=; b=C8imGZ7eRxMYzYjRl5hkpL+/Ajern27pGyWSDIYfpdBpgwDmgL/x5YKPrOACzE1Zi4sDzuT2m0RWOstZKcNgKB3mVTxPDmTsMuS83EeG3VFUaI2/ykgcbkJSuwDedjmlzzvnWDuufGZEi8i0j3bGVOVGzdu3eJ3sR+XiyJv3fQI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95985+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720149952827.4201682153825; Sun, 6 Nov 2022 00:35:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 7VAdYY1788612xKJaVIROKN4; Sun, 06 Nov 2022 00:35:49 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.14269.1667720141472727483 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948731" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948731" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:26 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513439" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513439" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:25 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 04/19] MdeModulePkg: Add new include files Date: Sun, 6 Nov 2022 00:34:54 -0700 Message-Id: <20221106073509.3071-5-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: VSs9qAFsvAgfbpcZLleyXFyax1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720149; bh=b81gt986eWoxyjgz/L8WkHuDxJHI+6Z03a9wlAUmG4A=; h=Cc:Date:From:Reply-To:Subject:To; b=Qfg73FCsfdEkNDBu2ukX87KERCeKNtsD3KFvV2+wh9LxdMGJAWVImFkX/SXaBr8ae7F cRJJDb+eJydKzzXMymsn6wNOaFoxFb6ZBqGRoZ8jsN3TLXt0fVjtA5PxdmvRVIKcAHhkg DQtGufeuDq8bdoeJWShm55ucqoIbP+NvgQk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720150937100063 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V4: Updated with review comments for misspellings, mismatch function prototype, missing function header comments, incorrect function description. V1: Add EncryptionVariableLib.h for providing encryption and decryption services for protected variables. Add ProtectedVariableLib.h for providing integrity or variables. Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- MdeModulePkg/Include/Library/EncryptionVariableLib.h | 165 ++++++ MdeModulePkg/Include/Library/ProtectedVariableLib.h | 607 +++++++++++++++= +++++ 2 files changed, 772 insertions(+) diff --git a/MdeModulePkg/Include/Library/EncryptionVariableLib.h b/MdeModu= lePkg/Include/Library/EncryptionVariableLib.h new file mode 100644 index 000000000000..68981f5aad6a --- /dev/null +++ b/MdeModulePkg/Include/Library/EncryptionVariableLib.h @@ -0,0 +1,165 @@ +/** @file + Provides services to encrypt/decrypt variables. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef ENCRYPTION_VARIABLE_LIB_H_ +#define ENCRYPTION_VARIABLE_LIB_H_ + +#include + +#include + +#include + +#define ENC_TYPE_NULL 0 +#define ENC_TYPE_AES TPM_ALG_AES + +typedef struct _VARIABLE_ENCRYPTION_FLAGS { + BOOLEAN Auth; // Variable is authenticated or not + BOOLEAN DecryptInPlace; // Do decryption in place + BOOLEAN Protected; // Variable is protected or not +} VARIABLE_ENCRYPTION_FLAGS; + +typedef struct _VARIABLE_ENCRYPTION_INFO { + AUTH_VARIABLE_INFO Header; // Authenticated varabil= e header + VARIABLE_HEADER *Buffer; // Pointer to variable b= uffer + UINT64 StoreIndex; // Variable store index + VOID *PlainData; // Pointer to plain data + UINT32 PlainDataSize; // Size of plain data + VOID *CipherData; // Pointer to cipher data + UINT32 CipherDataSize; // Size of cipher data + UINT32 CipherHeaderSize; // Size of cipher header + UINT32 CipherDataType; // Type of cipher data + VOID *Key; // Pointer to encrypt/de= crypt key + UINT32 KeySize; // Size of key + VARIABLE_ENCRYPTION_FLAGS Flags; // Encryption flags +} VARIABLE_ENCRYPTION_INFO; + +/** + Encrypt variable data. + + @param[in, out] VarInfo Pointer to structure containing detailed inf= ormation about a variable. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_INVALID_PARAMETER If ProtectedVarLibContextIn =3D=3D NUL= L or ProtectedVarLibContextOut =3D=3D NULL. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process encrypted varia= ble. + +**/ +EFI_STATUS +EFIAPI +EncryptVariable ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarInfo + ); + +/** + Decrypt variable data. + + If VarEncInfo->CipherData is not NULL, it must holds the cipher data to = be + decrypted. Otherwise, assume the cipher data from variable data buffer, = i.e. + VarEncInfo->Header.Data. + + If VarEncInfo->Flags.DecryptInPlace is TRUE, the decrypted data will be = put + back in the same buffer as cipher buffer got above, after encryption hea= der, + which helps to identify later if the data in buffer is decrypted or not.= This + can avoid repeat decryption when accessing the same variable more than o= nce. + + If VarEncInfo->Flags.DecryptInPlace is FALSE, VarEncInfo->PlainData must= be + passed in with a valid buffer with VarEncInfo->PlainDataSize set correct= ly + with its size. + + Note the VarEncInfo->PlainData is always pointing to the buffer address = with + decrypted data without encryption header, and VarEncInfo->PlainDataSize = is + always the size of original variable data, if this function returned + successfully. + + @param[in, out] VarInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS Variable was decrypted successfully. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_BUFFER_TOO_SMALL VarEncInfo->PlainData is not NULL but + VarEncInfo->PlainDataSize is too small. + @retval EFI_ABORTED Unknown error occurred during decrypting. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_COMPROMISED_DATA The cipher header is not valid. + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. + +**/ +EFI_STATUS +EFIAPI +DecryptVariable ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarInfo + ); + +/** + Get cipher information about a variable, including plaindata size, + cipher algorithm type, etc. + + For data passed in with VarEncInfo, + + VarEncInfo->Header.Data + - The variable data in normal variable structure. + VarEncInfo->Header.DataSize + - The size of variable data. + + For data passed out with VarEncInfo (valid only if EFI_SUCCESS is return= ed), + + VarEncInfo->CipherDataType + - ENC_TYPE_NULL, if the variable is not encrypted or has been decryp= ted; + - ENC_TYPE_AES, if the variable is encrypted. + VarEncInfo->CipherHeaderSize + - Size of cipher header put before encrypted or decrypted data. + VarEncInfo->PlainData + - NULL, if the variable is encrypted; Or + - pointer to original variable data, if the variable has been decryp= ted. + VarEncInfo->PlainDataSize + - The size of original variable data + VarEncInfo->CipherData + - NULL, if the variable is decrypted; Or + - pointer to start of encrypted variable data, including encryption = header; + VarEncInfo->CipherDataSize + - The size of encrypted variable data, including encryption header. + + @param[in, out] VarInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS The information was retrieved successful= ly. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_NOT_FOUND No cipher information recognized. + @retval EFI_UNSUPPORTED Unsupported interface. + +**/ +EFI_STATUS +EFIAPI +GetCipherDataInfo ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarInfo + ); + +/** + Force set cipher information for a variable, like plaindata size, + cipher algorithm type, cipher data etc. + + The destination buffer must be passed via VarEncInfo->Header.Data. + + This method is only used to update and/or change plain data information. + + @param[in, out] VarInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS The information was updated successfully. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_UNSUPPORTED If this method is not supported. + +**/ +EFI_STATUS +EFIAPI +SetCipherDataInfo ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarInfo + ); + +#endif //_ENCRYPTION_VARIABLE_LIB_H_ diff --git a/MdeModulePkg/Include/Library/ProtectedVariableLib.h b/MdeModul= ePkg/Include/Library/ProtectedVariableLib.h new file mode 100644 index 000000000000..d31432a0c2b0 --- /dev/null +++ b/MdeModulePkg/Include/Library/ProtectedVariableLib.h @@ -0,0 +1,607 @@ +/** @file + Defines interfaces of protected variable services for non-volatile varia= ble + storage. + +Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PROTECTED_VARIABLE_LIB_H_ +#define PROTECTED_VARIABLE_LIB_H_ + +#include +#include + +#include + +#include +#include + +#include +#include + +#pragma pack(1) + +typedef struct _VARIABLE_DIGEST_FLAGS { + BOOLEAN Auth; // Authenticated variable for= mat + BOOLEAN Valid; // Valid variable data in cur= rent variable + BOOLEAN Protected; // Protected variable (used i= n calculating HMAC) + BOOLEAN Encrypted; // Encrypted variable + BOOLEAN Freeable; // Memory reserved for curren= t node can be freed + BOOLEAN CacheIndexAhead; // Indicates if CacheIndex is= Ahead relative to Global structure + BOOLEAN Reserved[2]; // Reserved fields +} VARIABLE_DIGEST_FLAGS; + +typedef struct _VARIABLE_DIGEST { + /// + /// Pointer to digest of next variable in a pre-defined rule of order for + /// integration verification. In other words, the final HMAC of all + /// protected variables is calculated by concatenating digest of each + /// variable in the order of this singly linked list. + /// + EFI_PHYSICAL_ADDRESS Prev; + EFI_PHYSICAL_ADDRESS Next; + /// + /// Index to variable in physical store, used to locate the variable dir= ectly + /// inside the store (Implementation dependent). + /// + EFI_PHYSICAL_ADDRESS StoreIndex; + /// + /// Index to variable in memory cache, used to locate the variable direc= tly + /// inside the cache (Implementation dependent). + /// + EFI_PHYSICAL_ADDRESS CacheIndex; + + /// + /// Pointer to Cache offset within Global Structure + /// + UINT32 CacheOffset; + + /// + /// Frequently accessed information relating to the variable. + /// + UINT16 DigestSize; // Size of digest value + UINT16 NameSize; // Size of variable name + UINT32 DataSize; // Size of variable data + UINT32 PlainDataSize; // Size of plain data of current= variable (if encrypted) + UINT32 State; // State of current variable + UINT32 Attributes; // Attributes of current variable + + EFI_GUID VendorGuid; // GUID + VARIABLE_DIGEST_FLAGS Flags; // Variable digest flags + // + // Data with variable length are put at the end of this structure. + // + // CHAR16 VariableName[NameSize/2]; + // UINT8 DigestValue[DigestSize]; +} VARIABLE_DIGEST; + +#pragma pack() + +#define VAR_DIG_NAMEOFF(VarDig) (sizeof (VARIABLE_DIGEST)) +#define VAR_DIG_DIGOFF(VarDig) (VAR_DIG_NAMEOFF (VarDig) + (VarDig)->Nam= eSize) + +#define VAR_DIG_END(VarDig) (VAR_DIG_DIGOFF (VarDig) + (VarDig)->DigestSi= ze) + +#define VAR_DIG_VALUE(VarDig) (VOID *)((UINTN)(VarDig) + VAR_DIG_DIGOFF (= VarDig)) +#define VAR_DIG_NAME(VarDig) (CHAR16 *)((UINTN)(VarDig) + VAR_DIG_NAMEOF= F (VarDig)) +#define VAR_DIG_GUID(VarDig) &(VAR_DIG_PTR (VarDig)->VendorGuid) + +#define VAR_DIG_PTR(Addr) ((VARIABLE_DIGEST *)(UINTN)(Addr)) +#define VAR_DIG_ADR(Ptr) ((EFI_PHYSICAL_ADDRESS)(UINTN)(Ptr)) +#define VAR_DIG_NEXT(VarDig) (VAR_DIG_PTR ((VarDig)->Next)) +#define VAR_DIG_PREV(VarDig) (VAR_DIG_PTR ((VarDig)->Prev)) + +#define VAR_INDEX_INVALID ((UINT64)(-1)) + +#define VAR_HDR_PTR(Addr) ((VARIABLE_HEADER *)(UINTN)(Addr)) + +typedef VARIABLE_ENCRYPTION_INFO PROTECTED_VARIABLE_INFO; + +/** + + This function writes data to the NV variable storage at given position. + + Note: Per current variable service architecture, only SMM is allowed to + (directly) change NV variable storage. + + @param VariableInfo Pointer to structure holding details of = a variable. + @param Offset Offset to the given variable to write fr= om. + @param Size Size of data to be written. + @param Buffer Pointer to the buffer from which data is= written. + + @retval EFI_INVALID_PARAMETER Invalid parameters passed in. + @retval EFI_UNSUPPORTED Updating NV variable storage is not suppo= rted. + @retval EFI_OUT_OF_RESOURCES Not enough resource to complete the opera= tion. + @retval EFI_SUCCESS Variable store successfully updated. + +**/ +typedef +EFI_STATUS +(EFIAPI *PROTECTED_VAR_LIB_UPDATE_VARIABLE_STORE)( + IN PROTECTED_VARIABLE_INFO *VariableInfo, + IN UINTN Offset, + IN UINT32 Size, + IN UINT8 *Buffer + ); + +/** + Update the variable region with Variable information. + + @param[in] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure + for input of the variable. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +typedef +EFI_STATUS +(EFIAPI *PROTECTED_VAR_LIB_UPDATE_VARIABLE)( + IN AUTH_VARIABLE_INFO *AuthVariableInfo + ); + +/** + + Retrieve details about a variable and return them in VariableInfo->Heade= r. + + If VariableInfo->Address is given, this function will calculate its offs= et + relative to given variable storage via VariableStore; Otherwise, it will= try + other internal variable storages or cached copies. It's assumed that, fo= r all + copies of NV variable storage, all variables are stored in the same rela= tive + position. If VariableInfo->Address is found in the range of any storage = copies, + its offset relative to that storage should be the same in other copies. + + If VariableInfo->Offset is given (non-zero) but not VariableInfo->Addres= s, + this function will return the variable memory address inside VariableSto= re, + if given, via VariableInfo->Address; Otherwise, the address of other sto= rage + copies will be returned, if any. + + For a new variable whose offset has not been determined, a value of -1 as + VariableInfo->Offset should be passed to skip the offset calculation. + + @param VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL or both VariableInfo= ->Address + and VariableInfo->Offset are NULL (0). + @retval EFI_NOT_FOUND If given Address or Offset is out of rang= e of + any given or internal storage copies. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +typedef +EFI_STATUS +(EFIAPI *PROTECTED_VAR_LIB_GET_VAR_INFO)( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ); + +/** + + Retrieve details of the variable next to given variable within VariableS= tore. + + If VarInfo->Address is NULL, the first one in VariableStore is returned. + + VariableStart and/or VariableEnd can be given optionally for the situati= on + in which the valid storage space is smaller than the VariableStore->Size. + This usually happens when PEI variable services make a compact variable + cache to save memory, which cannot make use VariableStore->Size to deter= mine + the correct variable storage range. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL. + @retval EFI_NOT_FOUND If the end of VariableInfo is reached. + @retval EFI_SUCCESS The next variable is retrieved successful= ly. + +**/ +typedef +EFI_STATUS +(EFIAPI *PROTECTED_VAR_LIB_GET_NEXT_VAR_INFO)( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ); + +/** + + Initiate a variable retrieval in SMM environment from non-SMM environmen= t. + + This is usually required in BS/RT environment when local cached copy is = in + encrypted form. Variable decryption can only be done in SMM environment. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[out] Attributes Attribute value of the variable found. + @param[in, out] DataSize Size of Data found. If size is less t= han the + data, this value contains the require= d size. + @param[out] Data Data pointer. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_NOT_FOUND The specified variable could not be f= ound. + +**/ +typedef +EFI_STATUS +(EFIAPI *PROTECTED_VAR_LIB_FIND_VAR_SMM)( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +/** + Check if a HOB variable store is available or not. + + @retval EFI_NOT_READY HOB variable store info not available. + @retval EFI_NOT_FOUND HOB variable store is NOT available. + @retval EFI_SUCCESS HOB variable store is available. +**/ +typedef +EFI_STATUS +(EFIAPI *PROTECTED_VAR_LIB_HOB_STORE_AVAILABLE)( + VOID + ); + +typedef enum { + FromPeiModule, + FromBootServiceModule, + FromRuntimeModule, + FromSmmModule +} VARIABLE_SERVICE_USER; + +#pragma pack(1) + +#define PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION 0x02 + +typedef struct _PROTECTED_VARIABLE_CONTEXT_IN { + UINT32 StructVersion; + UINT32 StructSize; + UINT32 MaxVariableSize; + + VARIABLE_SERVICE_USER VariableServiceUser; + + PROTECTED_VAR_LIB_FIND_VAR_SMM FindVariableSmm; + PROTECTED_VAR_LIB_GET_VAR_INFO GetVariableInfo; + PROTECTED_VAR_LIB_GET_NEXT_VAR_INFO GetNextVariableInfo; + PROTECTED_VAR_LIB_UPDATE_VARIABLE_STORE UpdateVariableStore; + PROTECTED_VAR_LIB_UPDATE_VARIABLE UpdateVariable; + PROTECTED_VAR_LIB_HOB_STORE_AVAILABLE IsHobVariableStoreAvailable; +} PROTECTED_VARIABLE_CONTEXT_IN; + +#pragma pack() + +/** + + Initialization for protected variable services. + + If this initialization failed upon any error, the whole variable services + should not be used. A system reset might be needed to re-construct NV + variable storage to be the default state. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + @retval EFI_COMPROMISED_DATA If failed to check integrity of protec= ted variables. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibInitialize ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ); + +/** + + An alternative version of ProtectedVariableLibGetData to get plain data,= if + encrypted, from given variable, for different use cases. + + @param[in,out] VarInfo Pointer to structure containing variable= information. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER VarInfo is NULL or both VarInfo->Addre= ss and + VarInfo->Offset are invalid. + @retval EFI_NOT_FOUND The specified variable could not be fo= und. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ); + +/** + This service retrieves a variable's value using its name and GUID. + + Read the specified variable from the UEFI variable store. If the Data + buffer is too small to hold the contents of the variable, the error + EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buf= fer + size to obtain the data. + + @param VariableName A pointer to a null-terminated string that= is the variable's name. + @param VariableGuid A pointer to an EFI_GUID that is the varia= ble's GUID. The combination of + VariableGuid and VariableName must be uniq= ue. + @param Attributes If non-NULL, on return, points to the vari= able's attributes. + @param DataSize On entry, points to the size in bytes of t= he Data buffer. + On return, points to the size of the data = returned in Data. + @param Data Points to the buffer which will hold the r= eturned variable value. + May be NULL with a zero DataSize in order = to determine the size of the buffer needed. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable was be found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resultin= g data. + DataSize is updated with the size required= for + the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Da= ta is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByName ( + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +/** + + Retrieve plain data, if encrypted, of given variable. + + If variable encryption is employed, this function will initiate a SMM re= quest + to get the plain data. Due to security consideration, the decryption can= only + be done in SMM environment. + + @param[in] Variable Pointer to header of a Variable. + @param[out] Data Pointer to plain data of the given va= riable. + @param[in, out] DataSize Size of data returned or data buffer = needed. + @param[in] AuthFlag Auth-variable indicator. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_NOT_FOUND The specified variable could not be f= ound. + @retval EFI_BUFFER_TOO_SMALL If *DataSize is smaller than needed. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByBuffer ( + IN VARIABLE_HEADER *Variable, + IN OUT VOID *Data, + IN OUT UINT32 *DataSize, + IN BOOLEAN AuthFlag + ); + +/** + + Prepare for variable update. + + This is needed only once during current boot to mitigate replay attack. = Its + major job is to advance RPMC (Replay Protected Monotonic Counter). + + @retval EFI_SUCCESS Variable is ready to update hereafter. + @retval EFI_UNSUPPORTED Updating variable is not supported. + @retval EFI_DEVICE_ERROR Error in advancing RPMC. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteInit ( + VOID + ); + +/** + + Update a variable with protection provided by this library. + + If variable encryption is employed, the new variable data will be encryp= ted + before being written to NV variable storage. + + A special variable, called "MetaDataHmacVar", will always be updated alo= ng + with variable being updated to reflect the changes (HMAC value) of all + protected valid variables. The only exceptions, currently, are variable + "MetaDataHmacVar" itself and variable "VarErrorLog". + + The buffer passed by NewVariable must be double of maximum variable size, + which allows to pass the "MetaDataHmacVar" back to caller along with enc= rypted + new variable data, if any. This can make sure the new variable data and + "MetaDataHmacVar" can be written at almost the same time to reduce the c= hance + of compromising the integrity. + + If *NewVariableSize is zero, it means to delete variable passed by CurrV= ariable + and/or CurrVariableInDel. "MetaDataHmacVar" will be updated as well in s= uch + case because of less variables in storage. NewVariable should be always = passed + in to convey new "MetaDataHmacVar" back. + + @param[in,out] CurrVariable Variable to be updated. It's NULL if + adding a new variable. + @param[in,out] CurrVariableInDel In-delete-transition copy of updatin= g variable. + @param[in] NewVariable Buffer of new variable data. + @param[out] NewVariable Buffer of "MetaDataHmacVar" and new + variable (encrypted). + @param[in] NewVariableSize Size of NewVariable. + @param[out] NewVariableSize Size of (encrypted) NewVariable and + "MetaDataHmacVar". + + @retval EFI_SUCCESS The variable is updated with protection = successfully. + @retval EFI_INVALID_PARAMETER NewVariable is NULL. + @retval EFI_NOT_FOUND Information missing to finish the operat= ion. + @retval EFI_ABORTED Failed to encrypt variable or calculate = HMAC. + @retval EFI_NOT_READY The RPMC device is not yet initialized. + @retval EFI_DEVICE_ERROR The RPMC device has error in updating. + @retval EFI_ACCESS_DENIED The given variable is not allowed to upd= ate. + Currently this only happens on updating + "MetaDataHmacVar" from code outside of t= his + library. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibUpdate ( + IN OUT VARIABLE_HEADER *CurrVariable OPTIONAL, + IN OUT VARIABLE_HEADER *CurrVariableInDel OPTIONAL, + IN OUT VARIABLE_HEADER *NewVariable, + IN OUT UINTN *NewVariableSize + ); + +/** + + Finalize a variable updating after it's written to NV variable storage + successfully. + + This usually includes works like increasing RPMC, synchronizing local ca= che, + updating new position of "MetaDataHmacVar", deleting old copy of "MetaDa= taHmacVar" + completely, etc. + + @param[in] NewVariable Buffer of new variables and MetaDataHm= acVar. + @param[in] VariableSize Size of buffer pointed by NewVariable. + @param[in] StoreIndex StoreIndex to NV variable storage from= where the new + variable and MetaDataHmacVar have been= written. + + @retval EFI_SUCCESS No problem in winding up the variable write = operation. + @retval Others Failed to updating state of old copy of upda= ted + variable, or failed to increase RPMC, etc. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteFinal ( + IN VARIABLE_HEADER *NewVariable, + IN UINTN VariableSize, + IN UINT64 StoreIndex + ); + +/** + Find the request variable. + + @param[in, out] VarInfo Pointer to variable data. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_INVALID_PARAMETER Variable info is NULL. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFind ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ); + +/** + Return the next variable name and GUID. + + This function is called multiple times to retrieve the VariableName + and VariableGuid of all variables currently available in the system. + On each call, the previous results are passed into the interface, + and, on return, the interface returns the data for the next + interface. When the entire variable list has been returned, + EFI_NOT_FOUND is returned. + + @param VariableNameSize On entry, points to the size of the buffer poi= nted to by VariableName. + On return, the size of the variable name buffe= r. + @param VariableName On entry, a pointer to a null-terminated strin= g that is the variable's name. + On return, points to the next variable's null-= terminated name string. + @param VariableGuid On entry, a pointer to an EFI_GUID that is the= variable's GUID. + On return, a pointer to the next variable's GU= ID. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the = resulting + data. VariableNameSize is updated with the= size + required for the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid or + VariableNameSize is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFindNext ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ); + +/** + Find variable via information in data structure PROTECTED_VARIABLE_INFO. + + If VarInfo->StoreIndex is given and valid, always used it to search var= iable + in store. Otherwise, search the variable via variable name and guid poi= nted + by VarInfo->Header.VariableName and VarInfo->Header.VendorGuid. + + @param VarInfo Pointer to data containing variable information. + + @return EFI_SUCCESS Found the variable. + @return EFI_INVALID_PARAMETER No valid variable information is given. + @return EFI_NOT_FOUND The given variable was not found or no more + variables available. +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFindNextEx ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ); + +/** + Refresh variable information changed by variable service. + + @param Variable Pointer to buffer of the updated variable. + @param VariableSize Size of variable pointed by Variable. + @param StoreIndex New index of the variable in store. + @param RefreshData Flag to indicate if the variable has been update= d. + + @return EFI_SUCCESS No error occurred in updating. + @return EFI_NOT_FOUND The given variable was not found in + ProtectedVariableLib. +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibRefresh ( + IN VARIABLE_HEADER *Variable, + IN UINTN VariableSize, + IN UINT64 StoreIndex, + IN BOOLEAN RefreshData + ); + +/** + Get sorted protected variable list. + + @param Buffer Pointer to a pointer of buffer. + @param NumElements Pointer to number of elements in list. + + @return EFI_SUCCESS Successfully retrieved sorted list. + @return others Unsuccessful. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetSortedList ( + IN OUT EFI_PHYSICAL_ADDRESS **Buffer, + IN OUT UINTN *NumElements + ); + +/** + + Determine if the variable is the HMAC variable + + @param VariableName Pointer to variable name. + + @return TRUE Variable is HMAC variable + @return FALSE Variable is not HMAC variable + +**/ +BOOLEAN +ProtectedVariableLibIsHmac ( + IN CHAR16 *VariableName + ); + +#endif --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95985): https://edk2.groups.io/g/devel/message/95985 Mute This Topic: https://groups.io/mt/94840821/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95986+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95986+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720144; cv=none; d=zohomail.com; s=zohoarc; b=GatKRzVEGGk7Qrym3ZlBJoRwnD2T30xu/B81/YrcXCozhNqKhCoJalqzVZHrVKebRhxqKnSWq1yGipD6j/zmcaDaTYo+HqDruy93VvNyzZ901B1+RM5HTmfA4WlwVre8rdciGpEIkb42CmC2pGF2nM+L3dfNpbuu+yZmzH8cEQY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720144; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=M/7w6NumMuERu/YaiVhI//esw1Xl7G3vf9azV+S0IHg=; b=X1YVMO2LzOZl9bD3NNLVsIAX3Zae80Axh6sUmOIc4lgIFaC/ddVE/0qcBsSzD0eEvM2l3qjpkoqyqb5p11qn4ie8vVyZiyRPopR4lsVuOkbpNBRZB0ywBcDbtXHhMHg3PMPb23z+tk9hQ2s7BoFcZBG0Fgjkn6ZbXyCyR9l3Qd4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95986+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720144243174.49301694331393; Sun, 6 Nov 2022 00:35:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id pKo6YY1788612xD4wvKXIfRj; Sun, 06 Nov 2022 00:35:43 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.14306.1667720141929357296 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948732" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948732" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:26 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513444" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513444" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:26 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 05/19] MdeModulePkg: Add new GUID for Variable Store Info Date: Sun, 6 Nov 2022 00:34:55 -0700 Message-Id: <20221106073509.3071-6-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: QKZVABrSxBNbIuhNwp6sTmAVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720143; bh=aKNvrrNzdVbT18pgih2AqyYKxzTF7VVXFFpbwz1fw64=; h=Cc:Date:From:Reply-To:Subject:To; b=F6hEavwjg9fxwJ5RKKfiiq3ANvf5poLgT5+sFjujPKvvyzb5JCpNu2hmsSnIlQTNJTZ G38q4qK5QpDR09OcqLKJ8BzgDwmDgjYRv5NYaoddCd2luC69MbuHA11NnSpmXwGGYc/GS s0yZUFkAK3VszkDEE4xk+N+9OxAtHDTjaZw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720144860100009 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Discover if Variable Store Info HOB has been published by platform driver. It contains information in regards to HOB or NV Variable Store availability Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- MdeModulePkg/MdeModulePkg.dec | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 58e6ab004882..e896dd038479 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -4,7 +4,7 @@ # and libraries instances, which are used for those modules. # # Copyright (c) 2019, NVIDIA CORPORATION. All rights reserved. -# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.
# Copyright (c) 2016, Linaro Ltd. All rights reserved.
# (C) Copyright 2016 - 2019 Hewlett Packard Enterprise Development LP
# Copyright (c) 2017, AMD Incorporated. All rights reserved.
@@ -93,6 +93,14 @@ [LibraryClasses] # TpmMeasurementLib|Include/Library/TpmMeasurementLib.h =20 + ## @libraryclass Provides interfaces to encrypt/decrypt variable. + # + EncryptionVariableLib|Include/Library/EncryptionVariableLib.h + + ## @libraryclass Provides interfaces to encrypt/decrypt variable. + # + ProtectedVariableLib|Include/Library/ProtectedVariableLib.h + ## @libraryclass Provides authenticated variable services. # AuthVariableLib|Include/Library/AuthVariableLib.h @@ -516,6 +524,9 @@ [Ppis] gEdkiiPeiCapsuleOnDiskPpiGuid =3D { 0x71a9ea61, 0x5a35, 0x4a= 5d, { 0xac, 0xef, 0x9c, 0xf8, 0x6d, 0x6d, 0x67, 0xe0 } } gEdkiiPeiBootInCapsuleOnDiskModePpiGuid =3D { 0xb08a11e4, 0xe2b7, 0x4b= 75, { 0xb5, 0x15, 0xaf, 0x61, 0x6, 0x68, 0xbf, 0xd1 } } =20 + ## Include/Ppi/ReadOnlyVariable2.h + gEfiPeiVariableStoreDiscoveredPpiGuid =3D { 0xa2fc038d, 0xfdf5, 0x45= 01, { 0xaf, 0x8e, 0x69, 0xb0, 0x20, 0xec, 0xe6, 0x63 } } + [Protocols] ## Load File protocol provides capability to load and unload EFI image i= nto memory and execute it. # Include/Protocol/LoadPe32Image.h --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95986): https://edk2.groups.io/g/devel/message/95986 Mute This Topic: https://groups.io/mt/94840822/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95987+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95987+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720144; cv=none; d=zohomail.com; s=zohoarc; b=SV2srxFMuHivwysMNH3ZDiuZVFZTPH2EP0SKdscjxYOzfUWqdRm5ov1TEtd82r08jdcNiWZjdRAJcykcd7iX6RlfutAYLVAzDTOGKAwnYVyNCojtRtypMnp/OoicUCgcGlLQFb7wbTTqDLBH9dmaCM5+oKHoU6SzblOqN7RufTw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720144; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=XFCKafn1IlcFHZIksgG26XiH2iTysP6ETSmH52mmtWo=; b=UA8RYJvuzd9SmfteMVtEX7JGL50Cs8iM/Fl2bGyr7UVtza/WXDoLIPZr1SCmyUtBVRosxFiQIHikGxEDnzo4enpzVbCqG7J0lrKbRhihw272G3NSqNUE7DmUdh+FMO56IIoKclMRPO26uclP2uR1KC/H6eJdqyB61PgQE09FgBk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95987+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720144640565.0758934943977; Sun, 6 Nov 2022 00:35:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id nKrjYY1788612xKi1NPSuF5W; Sun, 06 Nov 2022 00:35:44 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.14269.1667720141472727483 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948733" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948733" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:27 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513448" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513448" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:26 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 06/19] MdeModulePkg: Add Null ProtectedVariable Library Date: Sun, 6 Nov 2022 00:34:56 -0700 Message-Id: <20221106073509.3071-7-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: PEOdtRWU0ztULQTGwPFrPWb2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720144; bh=ZNVdUadHpSyGrB1PG61xNwqYZb0ZRGLLlJiNGu+Lgio=; h=Cc:Date:From:Reply-To:Subject:To; b=aHcTMo0GII4twcrFnhKceDddFij9TWD4T+tIT1qiDV8Gm97Gfqw2p0xalXPBRIVc/Kd 3qBQSjk2AvEgxZu2GhvrLi8UO/nQFxTim41VY1dzz333xkdeG3qrT2DqPWfHAmEVSRBD7 0Qzw7ED4L7nAnBghqzl4he84BXAgE8G6rVQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720144897100012 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V4: Applied code review comments - removed APIs that are not being used. V1: Add Null versions of the ProtectedVariable Library. This will be the default libraries for platforms that do not support ProtectedVariable. Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull.inf= | 34 ++ MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c = | 336 ++++++++++++++++++++ 2 files changed, 370 insertions(+) diff --git a/MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariabl= eLibNull.inf b/MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVaria= bleLibNull.inf new file mode 100644 index 000000000000..6a17191c4e1e --- /dev/null +++ b/MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNul= l.inf @@ -0,0 +1,34 @@ +## @file +# Provides null version of protected variable services. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D ProtectedVariableLibNull + FILE_GUID =3D 352C6A1B-403A-4E37-8517-FAA50BC45251 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 0.1 + LIBRARY_CLASS =3D ProtectedVariableLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + ProtectedVariable.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + diff --git a/MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariabl= e.c b/MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c new file mode 100644 index 000000000000..074559f84f52 --- /dev/null +++ b/MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariable.c @@ -0,0 +1,336 @@ +/** @file + NULL version of ProtectedVariableLib used to disable protected variable = services. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include + +/** + + Initialization for protected varibale services. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibInitialize ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Prepare for variable update. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteInit ( + VOID + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Update a variable with protection provided by this library. + + @param[in,out] CurrVariable Variable to be updated. It's NULL if + adding a new variable. + @param[in] CurrVariableInDel In-delete-transiion copy of updating= variable. + @param[in,out] NewVariable Buffer of new variable data. + Buffer of "MetaDataHmacVar" and new + variable (encrypted). + @param[in,out] NewVariableSize Size of NewVariable. + Size of (encrypted) NewVariable and + "MetaDataHmacVar". + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibUpdate ( + IN OUT VARIABLE_HEADER *CurrVariable, + IN VARIABLE_HEADER *CurrVariableInDel, + IN OUT VARIABLE_HEADER *NewVariable, + IN OUT UINTN *NewVariableSize + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Finalize a variable updating after it's written to NV variable storage + successfully. + + @param[in] NewVariable Buffer of new variables and MetaDataHm= acVar. + @param[in] VariableSize Size of buffer pointed by NewVariable. + @param[in] StoreIndex New index of the variable in store. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteFinal ( + IN VARIABLE_HEADER *NewVariable, + IN UINTN VariableSize, + IN UINT64 StoreIndex + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Retrieve plain data, if encrypted, of given variable. + + @param[in] Variable Pointer to header of a Variable. + @param[in,out] Data Pointer to plain data of the given va= riable. + @param[in,out] DataSize Size of data returned or data buffer = needed. + @param[in] AuthFlag Auth-variable indicator. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetData ( + IN VARIABLE_HEADER *Variable, + IN OUT VOID *Data, + IN OUT UINT32 *DataSize, + IN BOOLEAN AuthFlag + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Get the specified protected variable. + + @param[in] VariableName Pointer to variable name. + @param[in] VariableGuid Pointer to vairable GUID. + @param[out] Attributes Pointer to attributes. + @param[in,out] DataSize Pointer to data size. + @param[out] Data Pointer to data. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGet ( + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Find the protected variable. + + @param[in,out] VarInfo Pointer to structure containing variable= information. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFind ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Find next protected variable. + + @param[in,out] VariableNameSize Pointer to size of variable name. + @param[in,out] VariableName Pointer to variable name. + @param[in,out] VariableGuid Pointer to vairable GUID. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFindNext ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Find next protected variable stub. + + @param[in,out] VarInfo Pointer to structure containing variable= information. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFindNextEx ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Get protected variable by information. + + @param[in,out] VarInfo Pointer to structure containing variable= information. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Get protected variable by name. + + @param[in] VariableName Pointer to variable name. + @param[in] VariableGuid Pointer to vairable GUID. + @param[out] Attributes Pointer to attributes. + @param[in,out] DataSize Pointer to data size. + @param[out] Data Pointer to data. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByName ( + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Get protected variable by name. + + @param[in] Variable Pointer to variable name. + @param[in,out] Data Pointer to variable data. + @param[in,out] DataSize Pointer to data size. + @param[in] AuthFlag Authenticate flag. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByBuffer ( + IN VARIABLE_HEADER *Variable, + IN OUT VOID *Data, + IN OUT UINT32 *DataSize, + IN BOOLEAN AuthFlag + ) +{ + return EFI_UNSUPPORTED; +} + +/** + Refresh variable information changed by variable service. + + @param[in] Variable Pointer to buffer of the updated variable. + @param[in] VariableSize Size of variable pointed by Variable. + @param[in] StoreIndex New index of the variable in store. + @param[in] RefreshData Flag to indicate if the variable has been u= pdated. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibRefresh ( + IN VARIABLE_HEADER *Variable, + IN UINTN VariableSize, + IN UINT64 StoreIndex, + IN BOOLEAN RefreshData + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Get sorted protected variable list. + + @param[in,out] Buffer Pointer to buffer. + @param[in,out] NumElements Pointer to number of elements. + + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetSortedList ( + IN OUT EFI_PHYSICAL_ADDRESS **Buffer, + IN OUT UINTN *NumElements + ) +{ + return EFI_UNSUPPORTED; +} + +/** + + Determine if the variable is the HMAC variable. + + @param[in] VariableName Pointer to variable name. + + @return FALSE Variable is not HMAC variable + +**/ +BOOLEAN +ProtectedVariableLibIsHmac ( + IN CHAR16 *VariableName + ) +{ + return FALSE; +} --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95987): https://edk2.groups.io/g/devel/message/95987 Mute This Topic: https://groups.io/mt/94840823/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95988+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95988+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720145; cv=none; d=zohomail.com; s=zohoarc; b=iz6bWo53XCXZQ/6MEz5NDjyVozQ6RwEI2iWkMrtOqTF3deM4hUfu2cgQtxk3x0Lu3MTmJuurkde+TWy8W4J799IDyh/ZxV0CQxaMNgLRLvT/LI0yR672nSld1TBLF7Q1Cmr5c90FsYQwzcTH9gNa3/o2evSZgqWrjtq2GWGingI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720145; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Zgr7zofCp/+/tzPjxf+n40i4Jt9TWUS8xdvFpJ3gKGs=; b=hmoUQYemcLiX07O72C4SiXfYHfV3MgTZWNgVwHnsDqaTjW2Kzm5KlGAQrfBet8/MFDg10u8wgW7OTTLyljIikGG9RViEjxuVFA8Cc/zndEVoIQubXJMIaGaI578pyw3GYDvTtOvIPL3ht0FRG+WU4K8RxJ7qobY+r9RKcAMRPdw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95988+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720145913802.5773735385036; Sun, 6 Nov 2022 00:35:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Xh6cYY1788612xfTG8msnkuq; Sun, 06 Nov 2022 00:35:44 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.14306.1667720141929357296 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948734" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948734" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:28 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513452" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513452" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:27 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Hao A Wu , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 07/19] MdeModulePkg: Add new Variable functionality Date: Sun, 6 Nov 2022 00:34:57 -0700 Message-Id: <20221106073509.3071-8-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: wS0dgPLn0QmioVpbPRLHwpI0x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720144; bh=lYiISyCC0S9F0pR6S8GT7W5lng+QqNSdvRIXsvaOWSQ=; h=Cc:Date:From:Reply-To:Subject:To; b=FzhSeLJUZnOpc17+KlxWyetfl1fq1B0KGLIYj8vkNxM4PT6tzEImALKXA5dbN1P0Sef OV+j6l/Sk1DjvCraIWlqTpaf/ejAELn8kwxLNNOtEE1Vs3/vFTNwNudnO4ArOgwgreV1n tP02n4HwTof3oLrNH868a8ZWeQUYEnJFa2E= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720146951100032 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V5: Add PEI Variable Protection into a new directory and leave the existing PEI Variable unchanged. V3: Update GetNvVariableStore() to call GetVariableFlashNvStorageInfo() and SafeUint64ToUint32(). V1: Provide new APIs for retrieving variable information. Add new function stubs for retrieving Protected variable information. Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Acked-by: Hao A Wu --- MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf | 79 ++ MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h | 225 += ++++ MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h | 309 += ++++++ MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h | 116 += ++ MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c | 628 += ++++++++++++ MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c | 941 += +++++++++++++++++++ MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c | 307 += ++++++ MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni | 16 + MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni | 14 + 9 files changed, 2635 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf = b/MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf new file mode 100644 index 000000000000..953a7c6b884f --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf @@ -0,0 +1,79 @@ +## @file +# Implements ReadOnly Variable Services required by PEIM and installs PEI= ReadOnly Varaiable2 PPI. +# +# This module implements ReadOnly Variable Services required by PEIM and = installs PEI ReadOnly Varaiable2 PPI. +# +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D PeiVariable + MODULE_UNI_FILE =3D PeiVariable.uni + FILE_GUID =3D 8D104D19-593B-4DDF-81CF-8168A9EDE9C7 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D PeimInitializeVariableServices + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC +# + +[Sources] + Variable.c + Variable.h + VariableStore.c + VariableStore.h + VariableParsing.c + VariableParsing.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseMemoryLib + PcdLib + HobLib + PeimEntryPoint + DebugLib + PeiServicesTablePointerLib + PeiServicesLib + SafeIntLib + VariableFlashInfoLib + ProtectedVariableLib + +[Guids] + ## CONSUMES ## GUID # Variable store header + ## SOMETIMES_CONSUMES ## HOB + gEfiAuthenticatedVariableGuid + ## SOMETIMES_CONSUMES ## GUID # Variable store header + ## SOMETIMES_CONSUMES ## HOB + gEfiVariableGuid + ## SOMETIMES_PRODUCES ## HOB + ## SOMETIMES_CONSUMES ## HOB + gEfiVariableIndexTableGuid + gEfiSystemNvDataFvGuid ## SOMETIMES_CONSUMES ## GUID + ## SOMETIMES_CONSUMES ## HOB + ## CONSUMES ## GUID # Dependence + gEdkiiFaultTolerantWriteGuid + +[Ppis] + gEfiPeiReadOnlyVariable2PpiGuid ## PRODUCES + gEfiPeiVariableStoreDiscoveredPpiGuid ## CONSUMES + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable ## SOM= ETIMES_CONSUMES + +[Depex] + gEdkiiFaultTolerantWriteGuid + +# [BootMode] +# RECOVERY_FULL ## SOMETIMES_CONSUMES + +[UserExtensions.TianoCore."ExtraFiles"] + PeiVariableExtra.uni diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h b/Mde= ModulePkg/Universal/Variable/Protected/Pei/Variable.h new file mode 100644 index 000000000000..1bdbdd2b807b --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/Variable.h @@ -0,0 +1,225 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by PeiVariable module. + +Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PEI_VARIABLE_H_ +#define PEI_VARIABLE_H_ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +typedef enum { + VariableStoreTypeHob, + VariableStoreTypeNv, + VariableStoreTypeMax +} VARIABLE_STORE_TYPE; + +typedef struct { + VARIABLE_STORE_HEADER *VariableStoreHeader; + VARIABLE_INDEX_TABLE *IndexTable; + // + // If it is not NULL, it means there may be an inconsecutive variable wh= ose + // partial content is still in NV storage, but another partial content i= s backed up + // in spare block. + // + FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *FtwLastWriteData; + BOOLEAN AuthFlag; +} VARIABLE_STORE_INFO; + +// +// Functions +// + +/** + Provide the functionality of the variable services. + + @param FileHandle Handle of the file being invoked. + Type EFI_PEI_FILE_HANDLE is defined in FfsFindNextFi= le(). + @param PeiServices General purpose services available to every PEIM. + + @retval EFI_SUCCESS If the interface could be successfully installed + @retval Others Returned from PeiServicesInstallPpi() + +**/ +EFI_STATUS +EFIAPI +PeimInitializeVariableServices ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ); + +/** + This service retrieves a variable's value using its name and GUID. + + Read the specified variable from the UEFI variable store. If the Data + buffer is too small to hold the contents of the variable, the error + EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buf= fer + size to obtain the data. + + @param This A pointer to this instance of the EFI_PEI_= READ_ONLY_VARIABLE2_PPI. + @param VariableName A pointer to a null-terminated string that= is the variable's name. + @param VariableGuid A pointer to an EFI_GUID that is the varia= ble's GUID. The combination of + VariableGuid and VariableName must be uniq= ue. + @param Attributes If non-NULL, on return, points to the vari= able's attributes. + @param DataSize On entry, points to the size in bytes of t= he Data buffer. + On return, points to the size of the data = returned in Data. + @param Data Points to the buffer which will hold the r= eturned variable value. + May be NULL with a zero DataSize in order = to determine the size of the buffer needed. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable was not found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resultin= g data. + DataSize is updated with the size required= for + the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Da= ta is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetVariable ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +/** + Return the next variable name and GUID. + + This function is called multiple times to retrieve the VariableName + and VariableGuid of all variables currently available in the system. + On each call, the previous results are passed into the interface, + and, on return, the interface returns the data for the next + interface. When the entire variable list has been returned, + EFI_NOT_FOUND is returned. + + @param This A pointer to this instance of the EFI_PEI_READ= _ONLY_VARIABLE2_PPI. + + @param VariableNameSize On entry, points to the size of the buffer poi= nted to by VariableName. + @param VariableName On entry, a pointer to a null-terminated strin= g that is the variable's name. + On return, points to the next variable's null-= terminated name string. + + @param VariableGuid On entry, a pointer to an UEFI _GUID that is t= he variable's GUID. + On return, a pointer to the next variable's GU= ID. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the = resulting + data. VariableNameSize is updated with the= size + required for the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid or + VariableNameSize is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetNextVariableName ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ); + +/** + This service retrieves a variable's value using its name and GUID. + + Read the specified variable from the UEFI variable store. If the Data + buffer is too small to hold the contents of the variable, the error + EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buf= fer + size to obtain the data. + + @param This A pointer to this instance of the EFI_PEI_= READ_ONLY_VARIABLE2_PPI. + @param VariableName A pointer to a null-terminated string that= is the variable's name. + @param VariableGuid A pointer to an EFI_GUID that is the varia= ble's GUID. The combination of + VariableGuid and VariableName must be uniq= ue. + @param Attributes If non-NULL, on return, points to the vari= able's attributes. + @param DataSize On entry, points to the size in bytes of t= he Data buffer. + On return, points to the size of the data = returned in Data. + @param Data Points to the buffer which will hold the r= eturned variable value. + May be NULL with a zero DataSize in order = to determine the size of the buffer needed. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable was not found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resultin= g data. + DataSize is updated with the size required= for + the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Da= ta is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetVariableEx ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +/** + Return the next variable name and GUID. + + This function is called multiple times to retrieve the VariableName + and VariableGuid of all variables currently available in the system. + On each call, the previous results are passed into the interface, + and, on return, the interface returns the data for the next + interface. When the entire variable list has been returned, + EFI_NOT_FOUND is returned. + + @param This A pointer to this instance of the EFI_PEI_READ= _ONLY_VARIABLE2_PPI. + + @param VariableNameSize On entry, points to the size of the buffer poi= nted to by VariableName. + @param VariableName On entry, a pointer to a null-terminated strin= g that is the variable's name. + On return, points to the next variable's null-= terminated name string. + + @param VariableGuid On entry, a pointer to an UEFI _GUID that is t= he variable's GUID. + On return, a pointer to the next variable's GU= ID. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the = resulting + data. VariableNameSize is updated with the= size + required for the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid or + VariableNameSize is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetNextVariableNameEx ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.= h b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h new file mode 100644 index 000000000000..d7af6cb6e8be --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.h @@ -0,0 +1,309 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by PeiVariable module. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PEI_VARIABLE_PARSING_H_ +#define PEI_VARIABLE_PARSING_H_ + +#include "Variable.h" + +/** + + Gets the pointer to the first variable header in given variable store ar= ea. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the first variable header. + +**/ +VARIABLE_HEADER * +GetStartPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + +/** + + Gets the pointer to the end of the variable storage area. + + This function gets pointer to the end of the variable storage + area, according to the input variable store header. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the end of the variable storage area. + +**/ +VARIABLE_HEADER * +GetEndPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + +/** + This code checks if variable header is valid or not. + + @param[in] Variable Pointer to the Variable Header. + + @retval TRUE Variable header is valid. + @retval FALSE Variable header is not valid. + +**/ +BOOLEAN +IsValidVariableHeader ( + IN VARIABLE_HEADER *Variable + ); + +/** + This code gets the pointer to the next variable header. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Variable Pointer to the Variable Header. + @param[in] VariableHeader Pointer to the Variable Header that has co= nsecutive content. + + @return A VARIABLE_HEADER* pointer to next variable header. + +**/ +VARIABLE_HEADER * +GetNextVariablePtr ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableHeader + ); + +/** + This code gets the pointer to the variable guid. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return A EFI_GUID* pointer to Vendor Guid. + +**/ +EFI_GUID * +GetVendorGuidPtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ); + +/** + This code gets the pointer to the variable name. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return A CHAR16* pointer to Variable Name. + +**/ +CHAR16 * +GetVariableNamePtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ); + +/** + This code gets the size of name of variable. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return Size of variable in bytes in type UINTN. + +**/ +UINTN +NameSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ); + +/** + This code gets the size of data of variable. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return Size of variable in bytes in type UINTN. + +**/ +UINTN +DataSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ); + +/** + This code gets the pointer to the variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] VariableHeader Pointer to the Variable Header that has co= nsecutive content. + @param[in] AuthFlag Authenticated variable flag. + + @return A UINT8* pointer to Variable Data. + +**/ +UINT8 * +GetVariableDataPtr ( + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableHeader, + IN BOOLEAN AuthFlag + ); + +/** + Get variable header that has consecutive content. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Variable Pointer to the Variable Header. + @param[out] VariableHeader Pointer to Pointer to the Variable Header tha= t has consecutive content. + + @retval TRUE Variable header is valid. + @retval FALSE Variable header is not valid. + +**/ +BOOLEAN +GetVariableHeader ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN VARIABLE_HEADER *Variable, + OUT VARIABLE_HEADER **VariableHeader + ); + +/** + This code gets the size of variable header. + + @param[in] AuthFlag Authenticated variable flag. + + @return Size of variable header in bytes in type UINTN. + +**/ +UINTN +GetVariableHeaderSize ( + IN BOOLEAN AuthFlag + ); + +/** + Get variable name or data to output buffer. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] NameOrData Pointer to the variable name/data that may be = inconsecutive. + @param[in] Size Variable name/data size. + @param[out] Buffer Pointer to output buffer to hold the variable = name/data. + +**/ +VOID +GetVariableNameOrData ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN UINT8 *NameOrData, + IN UINTN Size, + OUT UINT8 *Buffer + ); + +/** + This function compares a variable with variable entries in database. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Variable Pointer to the variable in our database + @param[in] VariableHeader Pointer to the Variable Header that has conse= cutive content. + @param[in] VariableName Name of the variable to compare to 'Variable' + @param[in] VendorGuid GUID of the variable to compare to 'Variable' + @param[out] PtrTrack Variable Track Pointer structure that contains= Variable Information. + + @retval EFI_SUCCESS Found match variable + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +CompareWithValidVariable ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableHeader, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack + ); + +/** + + Retrieve details of the variable next to given variable within VariableS= tore. + + If VarInfo->Address is NULL, the first one in VariableStore is returned. + + VariableStart and/or VariableEnd can be given optionally for the situati= on + in which the valid storage space is smaller than the VariableStore->Size. + This usually happens when PEI variable services make a compact variable + cache to save memory, which cannot make use VariableStore->Size to deter= mine + the correct variable storage range. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo or VariableStore is NULL. + @retval EFI_NOT_FOUND If the end of VariableStore is reached. + @retval EFI_SUCCESS The next variable is retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetNextVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ); + +/** + + Retrieve details about a variable and return them in VariableInfo->Heade= r. + + If VariableInfo->Address is given, this function will calculate its offs= et + relative to given variable storage via VariableStore; Otherwise, it will= try + other internal variable storages or cached copies. It's assumed that, fo= r all + copies of NV variable storage, all variables are stored in the same rela= tive + position. If VariableInfo->Address is found in the range of any storage = copies, + its offset relative to that storage should be the same in other copies. + + If VariableInfo->Offset is given (non-zero) but not VariableInfo->Addres= s, + this function will return the variable memory address inside VariableSto= re, + if given, via VariableInfo->Address; Otherwise, the address of other sto= rage + copies will be returned, if any. + + For a new variable whose offset has not been determined, a value of -1 as + VariableInfo->Offset should be passed to skip the offset calculation. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL or both VariableInfo= ->Address + and VariableInfo->Offset are NULL (0). + @retval EFI_NOT_FOUND If given Address or Offset is out of rang= e of + any given or internal storage copies. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ); + +/** + + Find variable specified with input parameters. + + @param[in] StoreInfo Pointer to variable information. + @param[in] VariableName Pointer to variable name. + @param[in] VendorGuid Pointer to variable GUID. + @param[in] PtrTrack Pointer to variable track. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL or both VariableInfo= ->Address + and VariableInfo->Offset are NULL (0). + @retval EFI_NOT_FOUND If given Address or Offset is out of rang= e of + any given or internal storage copies. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +EFI_STATUS +FindVariableEx ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h = b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h new file mode 100644 index 000000000000..6e2f6f939bab --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.h @@ -0,0 +1,116 @@ +/** @file + Implement ReadOnly Variable Services required by PEIM and install + PEI ReadOnly Varaiable2 PPI. These services operates the non volatile st= orage space. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PEI_VARIABLE_STORE_H_ +#define PEI_VARIABLE_STORE_H_ + +/** + Get variable store status. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @retval EfiRaw Variable store is raw + @retval EfiValid Variable store is valid + @retval EfiInvalid Variable store is invalid + +**/ +VARIABLE_STORE_STATUS +GetVariableStoreStatus ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + +/** + Reports HOB variable store is available or not. + + @retval EFI_NOT_READY HOB variable store info not available. + @retval EFI_NOT_FOUND HOB variable store is NOT available. + @retval EFI_SUCCESS HOB variable store is available. +**/ +EFI_STATUS +EFIAPI +IsHobVariableStoreAvailable ( + VOID + ); + +/** + Get HOB variable store. + + @param[out] StoreInfo Return the store info. + +**/ +VOID +GetHobVariableStore ( + OUT VARIABLE_STORE_INFO *StoreInfo + ); + +/** + Get NV variable store. + + @param[out] StoreInfo Return the store info. + @param[out] VariableStoreHeader Return header of FV containing the sto= re. + +**/ +VOID +GetNvVariableStore ( + OUT VARIABLE_STORE_INFO *StoreInfo, + OUT EFI_FIRMWARE_VOLUME_HEADER **VariableFvHeader + ); + +/** + Return the variable store header and the store info based on the Index. + + @param[in] Type The type of the variable store. + @param[out] StoreInfo Return the store info. + + @return Pointer to the variable store header. +**/ +VARIABLE_STORE_HEADER * +GetVariableStore ( + IN VARIABLE_STORE_TYPE Type, + OUT VARIABLE_STORE_INFO *StoreInfo + ); + +/** + Make a cached copy of NV variable storage. + + To save memory in PEI phase, only valid variables are copied into cache. + An IndexTable could be used to store the offset (relative to NV storage + base) of each copied variable, in case we need to restore the storage + as the same (valid) variables layout as in original one. + + Variables with valid format and following state can be taken as valid: + - with state VAR_ADDED; + - with state VAR_IN_DELETED_TRANSITION but without the same variable + with state VAR_ADDED; + - with state VAR_ADDED and/or VAR_IN_DELETED_TRANSITION for variable + MetaDataHmacVar. + + @param[out] StoreCacheBase Base address of variable storage cache. + @param[in,out] StoreCacheSize Size of space in StoreCacheBase. + @param[out] IndexTable Buffer of index (offset) table with en= tries of + VariableNumber. + @param[out] VariableNumber Number of valid variables. + @param[out] AuthFlag Aut-variable indicator. + + @return EFI_INVALID_PARAMETER Invalid StoreCacheSize and/or StoreCacheBa= se. + @return EFI_VOLUME_CORRUPTED Invalid or no NV variable storage found. + @return EFI_BUFFER_TOO_SMALL StoreCacheSize is smaller than needed. + @return EFI_SUCCESS NV variable storage is cached successfully. +**/ +EFI_STATUS +EFIAPI +InitNvVariableStore ( + OUT EFI_PHYSICAL_ADDRESS StoreCacheBase OPTIONAL, + IN OUT UINT32 *StoreCacheSize, + OUT UINT32 *IndexTable OPTIONAL, + OUT UINT32 *VariableNumber OPTIONAL, + OUT BOOLEAN *AuthFlag OPTIONAL + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c b/Mde= ModulePkg/Universal/Variable/Protected/Pei/Variable.c new file mode 100644 index 000000000000..ce790946626e --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/Variable.c @@ -0,0 +1,628 @@ +/** @file + Implement ReadOnly Variable Services required by PEIM and install + PEI ReadOnly Varaiable2 PPI. These services operates the non volatile st= orage space. + +Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" +#include "VariableParsing.h" +#include "VariableStore.h" + +// +// Module globals +// +EFI_PEI_READ_ONLY_VARIABLE2_PPI mVariablePpi =3D { + PeiGetVariableEx, + PeiGetNextVariableNameEx +}; + +EFI_PEI_PPI_DESCRIPTOR mPpiListVariable =3D { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiPeiReadOnlyVariable2PpiGuid, + &mVariablePpi +}; + +/** + Provide the functionality of the variable services. + + @param FileHandle Handle of the file being invoked. + Type EFI_PEI_FILE_HANDLE is defined in FfsFindNextF= ile(). + @param PeiServices General purpose services available to every PEIM. + + @retval EFI_SUCCESS If the interface could be successfully installed + @retval Others Returned from PeiServicesInstallPpi() +**/ +EFI_STATUS +EFIAPI +PeimInitializeVariableServices ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN ContextIn; + + // + // If protected variable services are not supported, EFI_UNSUPPORTED sho= uld + // be always returned. Check it here. + // + ContextIn.StructVersion =3D PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION; + ContextIn.StructSize =3D sizeof (ContextIn); + + ContextIn.MaxVariableSize =3D 0; + ContextIn.VariableServiceUser =3D FromPeiModule; + ContextIn.GetVariableInfo =3D GetVariableInfo; + ContextIn.GetNextVariableInfo =3D GetNextVariableInfo; + ContextIn.FindVariableSmm =3D NULL; + ContextIn.UpdateVariableStore =3D NULL; + ContextIn.UpdateVariable =3D NULL; + ContextIn.IsHobVariableStoreAvailable =3D IsHobVariableStoreAvailable; + + Status =3D ProtectedVariableLibInitialize (&ContextIn); + if (EFI_ERROR (Status) && (Status !=3D EFI_UNSUPPORTED)) { + return Status; + } + + return PeiServicesInstallPpi (&mPpiListVariable); +} + +/** + Find the variable in the specified variable store. + + @param StoreInfo Pointer to the store info structure. + @param VariableName Name of the variable to be found + @param VendorGuid Vendor GUID to be found. + @param PtrTrack Variable Track Pointer structure that contai= ns Variable Information. + + @retval EFI_SUCCESS Variable found successfully + @retval EFI_NOT_FOUND Variable not found + @retval EFI_INVALID_PARAMETER Invalid variable name + +**/ +EFI_STATUS +FindVariableEx ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack + ) +{ + VARIABLE_HEADER *Variable; + VARIABLE_HEADER *LastVariable; + VARIABLE_HEADER *MaxIndex; + UINTN Index; + UINTN Offset; + BOOLEAN StopRecord; + VARIABLE_HEADER *InDeletedVariable; + VARIABLE_STORE_HEADER *VariableStoreHeader; + VARIABLE_INDEX_TABLE *IndexTable; + VARIABLE_HEADER *VariableHeader; + + VariableStoreHeader =3D StoreInfo->VariableStoreHeader; + + if (VariableStoreHeader =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + if (GetVariableStoreStatus (VariableStoreHeader) !=3D EfiValid) { + return EFI_UNSUPPORTED; + } + + if (~VariableStoreHeader->Size =3D=3D 0) { + return EFI_NOT_FOUND; + } + + IndexTable =3D StoreInfo->IndexTable; + PtrTrack->StartPtr =3D GetStartPointer (VariableStoreHeader); + PtrTrack->EndPtr =3D GetEndPointer (VariableStoreHeader); + + InDeletedVariable =3D NULL; + + // + // No Variable Address equals zero, so 0 as initial value is safe. + // + MaxIndex =3D NULL; + VariableHeader =3D NULL; + + if (IndexTable !=3D NULL) { + // + // traverse the variable index table to look for varible. + // The IndexTable->Index[Index] records the distance of two neighbouri= ng VAR_ADDED type variables. + // + for (Offset =3D 0, Index =3D 0; Index < IndexTable->Length; Index++) { + ASSERT (Index < sizeof (IndexTable->Index) / sizeof (IndexTable->Ind= ex[0])); + Offset +=3D IndexTable->Index[Index]; + MaxIndex =3D (VARIABLE_HEADER *)((UINT8 *)IndexTable->StartPtr + Off= set); + GetVariableHeader (StoreInfo, MaxIndex, &VariableHeader); + if (CompareWithValidVariable (StoreInfo, MaxIndex, VariableHeader, V= ariableName, VendorGuid, PtrTrack) =3D=3D EFI_SUCCESS) { + if (VariableHeader->State =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_= ADDED)) { + InDeletedVariable =3D PtrTrack->CurrPtr; + } else { + return EFI_SUCCESS; + } + } + } + + if (IndexTable->GoneThrough !=3D 0) { + // + // If the table has all the existing variables indexed, return. + // + PtrTrack->CurrPtr =3D InDeletedVariable; + return (PtrTrack->CurrPtr =3D=3D NULL) ? EFI_NOT_FOUND : EFI_SUCCESS; + } + } + + if (MaxIndex !=3D NULL) { + // + // HOB exists but the variable cannot be found in HOB + // If not found in HOB, then let's start from the MaxIndex we've found. + // + Variable =3D GetNextVariablePtr (StoreInfo, MaxIndex, VariableHead= er); + LastVariable =3D MaxIndex; + } else { + // + // Start Pointers for the variable. + // Actual Data Pointer where data can be written. + // + Variable =3D PtrTrack->StartPtr; + LastVariable =3D PtrTrack->StartPtr; + } + + // + // Find the variable by walk through variable store + // + StopRecord =3D FALSE; + while (GetVariableHeader (StoreInfo, Variable, &VariableHeader)) { + if ((VariableHeader->State =3D=3D VAR_ADDED) || (VariableHeader->State= =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_ADDED))) { + // + // Record Variable in VariableIndex HOB + // + if ((IndexTable !=3D NULL) && !StopRecord) { + Offset =3D (UINTN)Variable - (UINTN)LastVariable; + if ((Offset > 0x0FFFF) || (IndexTable->Length >=3D sizeof (IndexTa= ble->Index) / sizeof (IndexTable->Index[0]))) { + // + // Stop to record if the distance of two neighbouring VAR_ADDED = variable is larger than the allowable scope(UINT16), + // or the record buffer is full. + // + StopRecord =3D TRUE; + } else { + IndexTable->Index[IndexTable->Length++] =3D (UINT16)Offset; + LastVariable =3D Variable; + } + } + + if (CompareWithValidVariable (StoreInfo, Variable, VariableHeader, V= ariableName, VendorGuid, PtrTrack) =3D=3D EFI_SUCCESS) { + if (VariableHeader->State =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_= ADDED)) { + InDeletedVariable =3D PtrTrack->CurrPtr; + } else { + return EFI_SUCCESS; + } + } + } + + Variable =3D GetNextVariablePtr (StoreInfo, Variable, VariableHeader); + } + + // + // If gone through the VariableStore, that means we never find in Firmwa= re any more. + // + if ((IndexTable !=3D NULL) && !StopRecord) { + IndexTable->GoneThrough =3D 1; + } + + PtrTrack->CurrPtr =3D InDeletedVariable; + + return (PtrTrack->CurrPtr =3D=3D NULL) ? EFI_NOT_FOUND : EFI_SUCCESS; +} + +/** + Find the variable in HOB and Non-Volatile variable storages. + + @param VariableName Name of the variable to be found + @param VendorGuid Vendor GUID to be found. + @param PtrTrack Variable Track Pointer structure that contains Var= iable Information. + @param StoreInfo Return the store info. + + @retval EFI_SUCCESS Variable found successfully + @retval EFI_NOT_FOUND Variable not found + @retval EFI_INVALID_PARAMETER Invalid variable name +**/ +EFI_STATUS +FindVariable ( + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack, + OUT VARIABLE_STORE_INFO *StoreInfo + ) +{ + EFI_STATUS Status; + VARIABLE_STORE_TYPE Type; + + if ((VariableName[0] !=3D 0) && (VendorGuid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + for (Type =3D (VARIABLE_STORE_TYPE)0; Type < VariableStoreTypeMax; Type+= +) { + GetVariableStore (Type, StoreInfo); + Status =3D FindVariableEx ( + StoreInfo, + VariableName, + VendorGuid, + PtrTrack + ); + if (!EFI_ERROR (Status)) { + return Status; + } + } + + return EFI_NOT_FOUND; +} + +/** + This service retrieves a variable's value using its name and GUID. + + Read the specified variable from the UEFI variable store. If the Data + buffer is too small to hold the contents of the variable, the error + EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buf= fer + size to obtain the data. + + @param This A pointer to this instance of the EFI_PEI_= READ_ONLY_VARIABLE2_PPI. + @param VariableName A pointer to a null-terminated string that= is the variable's name. + @param VariableGuid A pointer to an EFI_GUID that is the varia= ble's GUID. The combination of + VariableGuid and VariableName must be uniq= ue. + @param Attributes If non-NULL, on return, points to the vari= able's attributes. + @param DataSize On entry, points to the size in bytes of t= he Data buffer. + On return, points to the size of the data = returned in Data. + @param Data Points to the buffer which will hold the r= eturned variable value. + May be NULL with a zero DataSize in order = to determine the size of the buffer needed. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable was be found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resultin= g data. + DataSize is updated with the size required= for + the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Da= ta is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetVariable ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + VARIABLE_POINTER_TRACK Variable; + UINTN VarDataSize; + EFI_STATUS Status; + VARIABLE_STORE_INFO StoreInfo; + VARIABLE_HEADER *VariableHeader; + + if ((VariableName =3D=3D NULL) || (VariableGuid =3D=3D NULL) || (DataSiz= e =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (VariableName[0] =3D=3D 0) { + return EFI_NOT_FOUND; + } + + VariableHeader =3D NULL; + + // + // Find existing variable + // + Status =3D FindVariable (VariableName, VariableGuid, &Variable, &StoreIn= fo); + if (EFI_ERROR (Status)) { + return Status; + } + + GetVariableHeader (&StoreInfo, Variable.CurrPtr, &VariableHeader); + + // + // Get data size + // + VarDataSize =3D DataSizeOfVariable (VariableHeader, StoreInfo.AuthFlag); + if (*DataSize >=3D VarDataSize) { + if (Data =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + GetVariableNameOrData (&StoreInfo, GetVariableDataPtr (Variable.CurrPt= r, VariableHeader, StoreInfo.AuthFlag), VarDataSize, Data); + Status =3D EFI_SUCCESS; + } else { + Status =3D EFI_BUFFER_TOO_SMALL; + } + + if (Attributes !=3D NULL) { + *Attributes =3D VariableHeader->Attributes; + } + + *DataSize =3D VarDataSize; + + return Status; +} + +/** + Return the next variable name and GUID. + + This function is called multiple times to retrieve the VariableName + and VariableGuid of all variables currently available in the system. + On each call, the previous results are passed into the interface, + and, on return, the interface returns the data for the next + interface. When the entire variable list has been returned, + EFI_NOT_FOUND is returned. + + @param This A pointer to this instance of the EFI_PEI_READ= _ONLY_VARIABLE2_PPI. + + @param VariableNameSize On entry, points to the size of the buffer poi= nted to by VariableName. + On return, the size of the variable name buffe= r. + @param VariableName On entry, a pointer to a null-terminated strin= g that is the variable's name. + On return, points to the next variable's null-= terminated name string. + @param VariableGuid On entry, a pointer to an EFI_GUID that is the= variable's GUID. + On return, a pointer to the next variable's GU= ID. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the = resulting + data. VariableNameSize is updated with the= size + required for the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid or + VariableNameSize is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetNextVariableName ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ) +{ + VARIABLE_STORE_TYPE Type; + VARIABLE_POINTER_TRACK Variable; + VARIABLE_POINTER_TRACK VariableInHob; + VARIABLE_POINTER_TRACK VariablePtrTrack; + UINTN VarNameSize; + EFI_STATUS Status; + VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax]; + VARIABLE_HEADER *VariableHeader; + VARIABLE_STORE_INFO StoreInfo; + VARIABLE_STORE_INFO StoreInfoForNv; + VARIABLE_STORE_INFO StoreInfoForHob; + + if ((VariableName =3D=3D NULL) || (VariableGuid =3D=3D NULL) || (Variabl= eNameSize =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + VariableHeader =3D NULL; + + Status =3D FindVariable (VariableName, VariableGuid, &Variable, &StoreIn= fo); + if ((Variable.CurrPtr =3D=3D NULL) || (Status !=3D EFI_SUCCESS)) { + return Status; + } + + if (VariableName[0] !=3D 0) { + // + // If variable name is not NULL, get next variable + // + GetVariableHeader (&StoreInfo, Variable.CurrPtr, &VariableHeader); + Variable.CurrPtr =3D GetNextVariablePtr (&StoreInfo, Variable.CurrPtr,= VariableHeader); + } + + VariableStoreHeader[VariableStoreTypeHob] =3D GetVariableStore (Variable= StoreTypeHob, &StoreInfoForHob); + VariableStoreHeader[VariableStoreTypeNv] =3D GetVariableStore (Variable= StoreTypeNv, &StoreInfoForNv); + + while (TRUE) { + // + // Switch from HOB to Non-Volatile. + // + while (!GetVariableHeader (&StoreInfo, Variable.CurrPtr, &VariableHead= er)) { + // + // Find current storage index + // + for (Type =3D (VARIABLE_STORE_TYPE)0; Type < VariableStoreTypeMax; T= ype++) { + if ((VariableStoreHeader[Type] !=3D NULL) && (Variable.StartPtr = =3D=3D GetStartPointer (VariableStoreHeader[Type]))) { + break; + } + } + + ASSERT (Type < VariableStoreTypeMax); + // + // Switch to next storage + // + for (Type++; Type < VariableStoreTypeMax; Type++) { + if (VariableStoreHeader[Type] !=3D NULL) { + break; + } + } + + // + // Capture the case that + // 1. current storage is the last one, or + // 2. no further storage + // + if (Type =3D=3D VariableStoreTypeMax) { + return EFI_NOT_FOUND; + } + + Variable.StartPtr =3D GetStartPointer (VariableStoreHeader[Type]); + Variable.EndPtr =3D GetEndPointer (VariableStoreHeader[Type]); + Variable.CurrPtr =3D Variable.StartPtr; + GetVariableStore (Type, &StoreInfo); + } + + if ((VariableHeader->State =3D=3D VAR_ADDED) || (VariableHeader->State= =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_ADDED))) { + if (VariableHeader->State =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_AD= DED)) { + // + // If it is a IN_DELETED_TRANSITION variable, + // and there is also a same ADDED one at the same time, + // don't return it. + // + Status =3D FindVariableEx ( + &StoreInfo, + GetVariableNamePtr (Variable.CurrPtr, StoreInfo.AuthFla= g), + GetVendorGuidPtr (VariableHeader, StoreInfo.AuthFlag), + &VariablePtrTrack + ); + if (!EFI_ERROR (Status) && (VariablePtrTrack.CurrPtr !=3D Variable= .CurrPtr)) { + Variable.CurrPtr =3D GetNextVariablePtr (&StoreInfo, Variable.Cu= rrPtr, VariableHeader); + continue; + } + } + + // + // Don't return NV variable when HOB overrides it + // + if ((VariableStoreHeader[VariableStoreTypeHob] !=3D NULL) && (Variab= leStoreHeader[VariableStoreTypeNv] !=3D NULL) && + (Variable.StartPtr =3D=3D GetStartPointer (VariableStoreHeader[V= ariableStoreTypeNv])) + ) + { + Status =3D FindVariableEx ( + &StoreInfoForHob, + GetVariableNamePtr (Variable.CurrPtr, StoreInfo.AuthFla= g), + GetVendorGuidPtr (VariableHeader, StoreInfo.AuthFlag), + &VariableInHob + ); + if (!EFI_ERROR (Status)) { + Variable.CurrPtr =3D GetNextVariablePtr (&StoreInfo, Variable.Cu= rrPtr, VariableHeader); + continue; + } + } + + VarNameSize =3D NameSizeOfVariable (VariableHeader, StoreInfo.AuthFl= ag); + ASSERT (VarNameSize !=3D 0); + + if (VarNameSize <=3D *VariableNameSize) { + GetVariableNameOrData (&StoreInfo, (UINT8 *)GetVariableNamePtr (Va= riable.CurrPtr, StoreInfo.AuthFlag), VarNameSize, (UINT8 *)VariableName); + + CopyMem (VariableGuid, GetVendorGuidPtr (VariableHeader, StoreInfo= .AuthFlag), sizeof (EFI_GUID)); + + Status =3D EFI_SUCCESS; + } else { + Status =3D EFI_BUFFER_TOO_SMALL; + } + + *VariableNameSize =3D VarNameSize; + // + // Variable is found + // + return Status; + } else { + Variable.CurrPtr =3D GetNextVariablePtr (&StoreInfo, Variable.CurrPt= r, VariableHeader); + } + } +} + +/** + This service retrieves a variable's value using its name and GUID. + + Read the specified variable from the UEFI variable store. If the Data + buffer is too small to hold the contents of the variable, the error + EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buf= fer + size to obtain the data. + + @param This A pointer to this instance of the EFI_PEI_= READ_ONLY_VARIABLE2_PPI. + @param VariableName A pointer to a null-terminated string that= is the variable's name. + @param VariableGuid A pointer to an EFI_GUID that is the varia= ble's GUID. The combination of + VariableGuid and VariableName must be uniq= ue. + @param Attributes If non-NULL, on return, points to the vari= able's attributes. + @param DataSize On entry, points to the size in bytes of t= he Data buffer. + On return, points to the size of the data = returned in Data. + @param Data Points to the buffer which will hold the r= eturned variable value. + May be NULL with a zero DataSize in order = to determine the size of the buffer needed. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable was be found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resultin= g data. + DataSize is updated with the size required= for + the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Da= ta is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetVariableEx ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + EFI_STATUS Status; + + // + // If variable protection is employed, always get variable data through + // ProtectedVariableLib. + // + Status =3D ProtectedVariableLibGetByName (VariableName, VariableGuid, At= tributes, DataSize, Data); + if (Status !=3D EFI_UNSUPPORTED) { + return Status; + } + + return PeiGetVariable (This, VariableName, VariableGuid, Attributes, Dat= aSize, Data); +} + +/** + Return the next variable name and GUID. + + This function is called multiple times to retrieve the VariableName + and VariableGuid of all variables currently available in the system. + On each call, the previous results are passed into the interface, + and, on return, the interface returns the data for the next + interface. When the entire variable list has been returned, + EFI_NOT_FOUND is returned. + + @param This A pointer to this instance of the EFI_PEI_READ= _ONLY_VARIABLE2_PPI. + + @param VariableNameSize On entry, points to the size of the buffer poi= nted to by VariableName. + On return, the size of the variable name buffe= r. + @param VariableName On entry, a pointer to a null-terminated strin= g that is the variable's name. + On return, points to the next variable's null-= terminated name string. + @param VariableGuid On entry, a pointer to an EFI_GUID that is the= variable's GUID. + On return, a pointer to the next variable's GU= ID. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the = resulting + data. VariableNameSize is updated with the= size + required for the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid or + VariableNameSize is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +PeiGetNextVariableNameEx ( + IN CONST EFI_PEI_READ_ONLY_VARIABLE2_PPI *This, + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ) +{ + EFI_STATUS Status; + + // + // If variable protection is employed, always get next variable through + // ProtectedVariableLib. + // + Status =3D ProtectedVariableLibFindNext (VariableNameSize, VariableName,= VariableGuid); + if (Status !=3D EFI_UNSUPPORTED) { + return Status; + } + + return PeiGetNextVariableName (This, VariableNameSize, VariableName, Var= iableGuid); +} diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.= c b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c new file mode 100644 index 000000000000..2d605d39cbb6 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableParsing.c @@ -0,0 +1,941 @@ +/** @file + Implement ReadOnly Variable Services required by PEIM and install + PEI ReadOnly Varaiable2 PPI. These services operates the non volatile st= orage space. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" +#include "VariableStore.h" + +/** + + Gets the pointer to the first variable header in given variable store ar= ea. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the first variable header. + +**/ +VARIABLE_HEADER * +GetStartPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ) +{ + // + // The start of variable store + // + return (VARIABLE_HEADER *)HEADER_ALIGN (VarStoreHeader + 1); +} + +/** + + Gets the pointer to the end of the variable storage area. + + This function gets pointer to the end of the variable storage + area, according to the input variable store header. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the end of the variable storage area. + +**/ +VARIABLE_HEADER * +GetEndPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ) +{ + // + // The end of variable store + // + return (VARIABLE_HEADER *)HEADER_ALIGN ((UINTN)VarStoreHeader + VarStore= Header->Size); +} + +/** + This code checks if variable header is valid or not. + + @param[in] Variable Pointer to the Variable Header. + + @retval TRUE Variable header is valid. + @retval FALSE Variable header is not valid. + +**/ +BOOLEAN +IsValidVariableHeader ( + IN VARIABLE_HEADER *Variable + ) +{ + if ((Variable =3D=3D NULL) || (Variable->StartId !=3D VARIABLE_DATA)) { + return FALSE; + } + + return TRUE; +} + +/** + This code gets the size of variable header. + + @param[in] AuthFlag Authenticated variable flag. + + @return Size of variable header in bytes in type UINTN. + +**/ +UINTN +GetVariableHeaderSize ( + IN BOOLEAN AuthFlag + ) +{ + UINTN Value; + + if (AuthFlag) { + Value =3D sizeof (AUTHENTICATED_VARIABLE_HEADER); + } else { + Value =3D sizeof (VARIABLE_HEADER); + } + + return Value; +} + +/** + This code gets the size of name of variable. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return Size of variable in bytes in type UINTN. + +**/ +UINTN +NameSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFlag) { + if ((AuthVariable->State =3D=3D (UINT8)(-1)) || + (AuthVariable->DataSize =3D=3D (UINT32)(-1)) || + (AuthVariable->NameSize =3D=3D (UINT32)(-1)) || + (AuthVariable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)AuthVariable->NameSize; + } else { + if ((Variable->State =3D=3D (UINT8)(-1)) || + (Variable->DataSize =3D=3D (UINT32)(-1)) || + (Variable->NameSize =3D=3D (UINT32)(-1)) || + (Variable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)Variable->NameSize; + } +} + +/** + This code gets the size of data of variable. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return Size of variable in bytes in type UINTN. + +**/ +UINTN +DataSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFlag) { + if ((AuthVariable->State =3D=3D (UINT8)(-1)) || + (AuthVariable->DataSize =3D=3D (UINT32)(-1)) || + (AuthVariable->NameSize =3D=3D (UINT32)(-1)) || + (AuthVariable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)AuthVariable->DataSize; + } else { + if ((Variable->State =3D=3D (UINT8)(-1)) || + (Variable->DataSize =3D=3D (UINT32)(-1)) || + (Variable->NameSize =3D=3D (UINT32)(-1)) || + (Variable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)Variable->DataSize; + } +} + +/** + This code gets the pointer to the variable name. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return A CHAR16* pointer to Variable Name. + +**/ +CHAR16 * +GetVariableNamePtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ) +{ + return (CHAR16 *)((UINTN)Variable + GetVariableHeaderSize (AuthFlag)); +} + +/** + This code gets the pointer to the variable guid. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFlag Authenticated variable flag. + + @return A EFI_GUID* pointer to Vendor Guid. + +**/ +EFI_GUID * +GetVendorGuidPtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFlag) { + return &AuthVariable->VendorGuid; + } else { + return &Variable->VendorGuid; + } +} + +/** + This code gets the pointer to the variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] VariableHeader Pointer to the Variable Header that has co= nsecutive content. + @param[in] AuthFlag Authenticated variable flag. + + @return A UINT8* pointer to Variable Data. + +**/ +UINT8 * +GetVariableDataPtr ( + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableHeader, + IN BOOLEAN AuthFlag + ) +{ + UINTN Value; + + // + // Be careful about pad size for alignment + // + Value =3D (UINTN)GetVariableNamePtr (Variable, AuthFlag); + Value +=3D NameSizeOfVariable (VariableHeader, AuthFlag); + Value +=3D GET_PAD_SIZE (NameSizeOfVariable (VariableHeader, AuthFlag)); + + return (UINT8 *)Value; +} + +/** + This code gets the pointer to the next variable header. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Variable Pointer to the Variable Header. + @param[in] VariableHeader Pointer to the Variable Header that has co= nsecutive content. + + @return A VARIABLE_HEADER* pointer to next variable header. + +**/ +VARIABLE_HEADER * +GetNextVariablePtr ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableHeader + ) +{ + EFI_PHYSICAL_ADDRESS TargetAddress; + EFI_PHYSICAL_ADDRESS SpareAddress; + UINTN Value; + + Value =3D (UINTN)GetVariableDataPtr (Variable, VariableHeader, StoreIn= fo->AuthFlag); + Value +=3D DataSizeOfVariable (VariableHeader, StoreInfo->AuthFlag); + Value +=3D GET_PAD_SIZE (DataSizeOfVariable (VariableHeader, StoreInfo->= AuthFlag)); + // + // Be careful about pad size for alignment + // + Value =3D HEADER_ALIGN (Value); + + if (StoreInfo->FtwLastWriteData !=3D NULL) { + TargetAddress =3D StoreInfo->FtwLastWriteData->TargetAddress; + SpareAddress =3D StoreInfo->FtwLastWriteData->SpareAddress; + if (((UINTN)Variable < (UINTN)TargetAddress) && (Value >=3D (UINTN)Tar= getAddress)) { + // + // Next variable is in spare block. + // + Value =3D (UINTN)SpareAddress + (Value - (UINTN)TargetAddress); + } + } + + return (VARIABLE_HEADER *)Value; +} + +/** + Compare two variable names, one of them may be inconsecutive. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Name1 Pointer to one variable name. + @param[in] Name2 Pointer to another variable name. + @param[in] NameSize Variable name size. + + @retval TRUE Name1 and Name2 are identical. + @retval FALSE Name1 and Name2 are not identical. + +**/ +BOOLEAN +CompareVariableName ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN CONST CHAR16 *Name1, + IN CONST CHAR16 *Name2, + IN UINTN NameSize + ) +{ + EFI_PHYSICAL_ADDRESS TargetAddress; + EFI_PHYSICAL_ADDRESS SpareAddress; + UINTN PartialNameSize; + + if (StoreInfo->FtwLastWriteData !=3D NULL) { + TargetAddress =3D StoreInfo->FtwLastWriteData->TargetAddress; + SpareAddress =3D StoreInfo->FtwLastWriteData->SpareAddress; + if (((UINTN)Name1 < (UINTN)TargetAddress) && (((UINTN)Name1 + NameSize= ) > (UINTN)TargetAddress)) { + // + // Name1 is inconsecutive. + // + PartialNameSize =3D (UINTN)TargetAddress - (UINTN)Name1; + // + // Partial content is in NV storage. + // + if (CompareMem ((UINT8 *)Name1, (UINT8 *)Name2, PartialNameSize) =3D= =3D 0) { + // + // Another partial content is in spare block. + // + if (CompareMem ((UINT8 *)(UINTN)SpareAddress, (UINT8 *)Name2 + Par= tialNameSize, NameSize - PartialNameSize) =3D=3D 0) { + return TRUE; + } + } + + return FALSE; + } else if (((UINTN)Name2 < (UINTN)TargetAddress) && (((UINTN)Name2 + N= ameSize) > (UINTN)TargetAddress)) { + // + // Name2 is inconsecutive. + // + PartialNameSize =3D (UINTN)TargetAddress - (UINTN)Name2; + // + // Partial content is in NV storage. + // + if (CompareMem ((UINT8 *)Name2, (UINT8 *)Name1, PartialNameSize) =3D= =3D 0) { + // + // Another partial content is in spare block. + // + if (CompareMem ((UINT8 *)(UINTN)SpareAddress, (UINT8 *)Name1 + Par= tialNameSize, NameSize - PartialNameSize) =3D=3D 0) { + return TRUE; + } + } + + return FALSE; + } + } + + // + // Both Name1 and Name2 are consecutive. + // + if (CompareMem ((UINT8 *)Name1, (UINT8 *)Name2, NameSize) =3D=3D 0) { + return TRUE; + } + + return FALSE; +} + +/** + This function compares a variable with variable entries in database. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Variable Pointer to the variable in our database + @param[in] VariableHeader Pointer to the Variable Header that has + consecutive content. + @param[in] VariableName Name of the variable to compare to 'Variab= le' + @param[in] VendorGuid GUID of the variable to compare to 'Variab= le' + @param[out] PtrTrack Variable Track Pointer structure that cont= ains + Variable Information. + + @retval EFI_SUCCESS Found match variable + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +CompareWithValidVariable ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableHeader, + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack + ) +{ + VOID *Point; + EFI_GUID *TempVendorGuid; + + TempVendorGuid =3D GetVendorGuidPtr (VariableHeader, StoreInfo->AuthFlag= ); + + if (VariableName[0] =3D=3D 0) { + PtrTrack->CurrPtr =3D Variable; + return EFI_SUCCESS; + } else { + // + // Don't use CompareGuid function here for performance reasons. + // Instead we compare the GUID a UINT32 at a time and branch + // on the first failed comparison. + // + if ((((INT32 *)VendorGuid)[0] =3D=3D ((INT32 *)TempVendorGuid)[0]) && + (((INT32 *)VendorGuid)[1] =3D=3D ((INT32 *)TempVendorGuid)[1]) && + (((INT32 *)VendorGuid)[2] =3D=3D ((INT32 *)TempVendorGuid)[2]) && + (((INT32 *)VendorGuid)[3] =3D=3D ((INT32 *)TempVendorGuid)[3]) + ) + { + ASSERT (NameSizeOfVariable (VariableHeader, StoreInfo->AuthFlag) != =3D 0); + Point =3D (VOID *)GetVariableNamePtr (Variable, StoreInfo->AuthFlag); + if (CompareVariableName (StoreInfo, VariableName, Point, NameSizeOfV= ariable (VariableHeader, StoreInfo->AuthFlag))) { + PtrTrack->CurrPtr =3D Variable; + return EFI_SUCCESS; + } + } + } + + return EFI_NOT_FOUND; +} + +/** + Get variable header that has consecutive content. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] Variable Pointer to the Variable Header. + @param[out] VariableHeader Pointer to Pointer to the Variable Header + that has consecutive content. + + @retval TRUE Variable header is valid. + @retval FALSE Variable header is not valid. + +**/ +BOOLEAN +GetVariableHeader ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN VARIABLE_HEADER *Variable, + OUT VARIABLE_HEADER **VariableHeader + ) +{ + EFI_PHYSICAL_ADDRESS TargetAddress; + EFI_PHYSICAL_ADDRESS SpareAddress; + EFI_HOB_GUID_TYPE *GuidHob; + UINTN PartialHeaderSize; + + if (Variable =3D=3D NULL) { + return FALSE; + } + + // + // First assume variable header pointed by Variable is consecutive. + // + *VariableHeader =3D Variable; + + if (StoreInfo->FtwLastWriteData !=3D NULL) { + TargetAddress =3D StoreInfo->FtwLastWriteData->TargetAddress; + SpareAddress =3D StoreInfo->FtwLastWriteData->SpareAddress; + if (((UINTN)Variable > (UINTN)SpareAddress) && + (((UINTN)Variable - (UINTN)SpareAddress + (UINTN)TargetAddress) >= =3D (UINTN)GetEndPointer (StoreInfo->VariableStoreHeader))) + { + // + // Reach the end of variable store. + // + return FALSE; + } + + if (((UINTN)Variable < (UINTN)TargetAddress) && (((UINTN)Variable + Ge= tVariableHeaderSize (StoreInfo->AuthFlag)) > (UINTN)TargetAddress)) { + // + // Variable header pointed by Variable is inconsecutive, + // create a guid hob to combine the two partial variable header cont= ent together. + // + GuidHob =3D GetFirstGuidHob (&gEfiCallerIdGuid); + if (GuidHob !=3D NULL) { + *VariableHeader =3D (VARIABLE_HEADER *)GET_GUID_HOB_DATA (GuidHob); + } else { + *VariableHeader =3D (VARIABLE_HEADER *)BuildGuidHob (&gEfiCaller= IdGuid, GetVariableHeaderSize (StoreInfo->AuthFlag)); + PartialHeaderSize =3D (UINTN)TargetAddress - (UINTN)Variable; + // + // Partial content is in NV storage. + // + CopyMem ((UINT8 *)*VariableHeader, (UINT8 *)Variable, PartialHeade= rSize); + // + // Another partial content is in spare block. + // + CopyMem ((UINT8 *)*VariableHeader + PartialHeaderSize, (UINT8 *)(U= INTN)SpareAddress, GetVariableHeaderSize (StoreInfo->AuthFlag) - PartialHea= derSize); + } + } + } else { + if (Variable >=3D GetEndPointer (StoreInfo->VariableStoreHeader)) { + // + // Reach the end of variable store. + // + return FALSE; + } + } + + return IsValidVariableHeader (*VariableHeader); +} + +/** + Get variable name or data to output buffer. + + @param[in] StoreInfo Pointer to variable store info structure. + @param[in] NameOrData Pointer to the variable name/data that may be= inconsecutive. + @param[in] Size Variable name/data size. + @param[out] Buffer Pointer to output buffer to hold the variable= name/data. + +**/ +VOID +GetVariableNameOrData ( + IN VARIABLE_STORE_INFO *StoreInfo, + IN UINT8 *NameOrData, + IN UINTN Size, + OUT UINT8 *Buffer + ) +{ + EFI_PHYSICAL_ADDRESS TargetAddress; + EFI_PHYSICAL_ADDRESS SpareAddress; + UINTN PartialSize; + + if (StoreInfo->FtwLastWriteData !=3D NULL) { + TargetAddress =3D StoreInfo->FtwLastWriteData->TargetAddress; + SpareAddress =3D StoreInfo->FtwLastWriteData->SpareAddress; + if (((UINTN)NameOrData < (UINTN)TargetAddress) && (((UINTN)NameOrData = + Size) > (UINTN)TargetAddress)) { + // + // Variable name/data is inconsecutive. + // + PartialSize =3D (UINTN)TargetAddress - (UINTN)NameOrData; + // + // Partial content is in NV storage. + // + CopyMem (Buffer, NameOrData, PartialSize); + // + // Another partial content is in spare block. + // + CopyMem (Buffer + PartialSize, (UINT8 *)(UINTN)SpareAddress, Size - = PartialSize); + return; + } + } + + // + // Variable name/data is consecutive. + // + CopyMem (Buffer, NameOrData, Size); +} + +/** + + Internal function to retrieve variable information. + + @param[in,out] VariableInfo Pointer to variable information. + @param[in] StoreInfo Pointer to store copy of variable (optio= nal). + @param[in] VariablePtr Pointer to variable buffer. + @param[in] VariableHeader Pointer to variable header. + + @retval EFI_INVALID_PARAMETER One ore more required parameters are NULL. + @retval EFI_BUFFER_TOO_SMALL Given buffer is too small to hold data. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetVariableInfoInternal ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo, + IN VARIABLE_STORE_INFO *StoreInfo OPTIONAL, + IN VARIABLE_HEADER *VariablePtr, + IN VARIABLE_HEADER *VariableHeader + ) +{ + VARIABLE_HEADER *VariableBuffer; + AUTHENTICATED_VARIABLE_HEADER *AuthVariableHeader; + UINTN NameSize; + UINTN DataSize; + UINTN VariableSize; + + if ((VariableInfo =3D=3D NULL) || (VariablePtr =3D=3D NULL) || (Variable= Header =3D=3D NULL)) { + ASSERT (VariableInfo !=3D NULL); + ASSERT (VariablePtr !=3D NULL); + ASSERT (VariableHeader !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + VariableBuffer =3D VariableInfo->Buffer; + + // + // Make a copy of the whole variable if VariableInfo->Buffer is given. B= ut + // don't do this if StoreInfo is not given, because VariableInfo->Buffer + // has already hold a copy of variable in such situation. + // + NameSize =3D NameSizeOfVariable (VariableHeader, VariableInfo->Flags.Aut= h); + DataSize =3D DataSizeOfVariable (VariableHeader, VariableInfo->Flags.Aut= h); + if ((VariableBuffer !=3D NULL) && (VariableBuffer !=3D VariablePtr)) { + if (StoreInfo !=3D NULL) { + CopyMem ( + VariableBuffer, + VariableHeader, + GetVariableHeaderSize (VariableInfo->Flags.Auth) + ); + GetVariableNameOrData ( + StoreInfo, + (UINT8 *)GetVariableNamePtr (VariablePtr, VariableInfo->Flags.Auth= ), + NameSize, + (UINT8 *)GetVariableNamePtr (VariableBuffer, VariableInfo->Flags.A= uth) + ); + GetVariableNameOrData ( + StoreInfo, + (UINT8 *)GetVariableDataPtr (VariablePtr, VariableHeader, Variable= Info->Flags.Auth), + DataSize, + (UINT8 *)GetVariableDataPtr (VariableBuffer, VariableHeader, Varia= bleInfo->Flags.Auth) + ); + } else { + // + // Suppose the variable is in consecutive space. + // + VariableSize =3D GetVariableHeaderSize (VariableInfo->Flags.Auth) + + NameSize + GET_PAD_SIZE (NameSize) + + DataSize; + CopyMem (VariableBuffer, VariablePtr, VariableSize); + } + } + + // + // Generally, if no consecutive buffer passed in, don't return back any = data. + // + // If follow pointers are NULL, return back pointers to following data i= nside + // VariableInfo->Buffer, if it's given. + // + // VariableInfo->Header.VariableName + // VariableInfo->Header.Data + // VariableInfo->Header.VendorGuid + // VariableInfo->Header.TimeStamp + // + // Otherwise, suppose they're buffers used to hold a copy of correspondi= ng + // data. + // + // + + // + // AuthVariable header + // + if (VariableInfo->Flags.Auth) { + AuthVariableHeader =3D (AUTHENTICATED_VARIABLE_HEADER *)VariableHeader; + + VariableInfo->Header.State =3D AuthVariableHeader->State; + VariableInfo->Header.Attributes =3D AuthVariableHeader->Attributes; + VariableInfo->Header.PubKeyIndex =3D AuthVariableHeader->PubKeyInde= x; + VariableInfo->Header.MonotonicCount =3D ReadUnaligned64 ( + &(AuthVariableHeader->Monotoni= cCount) + ); + if (VariableInfo->Header.TimeStamp !=3D NULL) { + CopyMem ( + VariableInfo->Header.TimeStamp, + &AuthVariableHeader->TimeStamp, + sizeof (EFI_TIME) + ); + } else if (VariableBuffer !=3D NULL) { + AuthVariableHeader =3D (AUTHENTICATED_VARIABLE_HEADER *)= VariableBuffer; + VariableInfo->Header.TimeStamp =3D &AuthVariableHeader->TimeStamp; + } + } else { + VariableInfo->Header.State =3D VariableHeader->State; + VariableInfo->Header.Attributes =3D VariableHeader->Attributes; + VariableInfo->Header.PubKeyIndex =3D 0; + VariableInfo->Header.MonotonicCount =3D 0; + VariableInfo->Header.TimeStamp =3D NULL; + } + + // + // VendorGuid + // + if (VariableInfo->Header.VendorGuid !=3D NULL) { + CopyGuid ( + VariableInfo->Header.VendorGuid, + GetVendorGuidPtr (VariableHeader, VariableInfo->Flags.Auth) + ); + } else if (VariableBuffer !=3D NULL) { + VariableInfo->Header.VendorGuid + =3D GetVendorGuidPtr (VariableBuffer, VariableInfo->Flags.Auth); + } + + // + // VariableName + // + if ( (VariableInfo->Header.VariableName !=3D NULL) + && (VariableInfo->Header.NameSize >=3D NameSize)) + { + GetVariableNameOrData ( + StoreInfo, + (UINT8 *)GetVariableNamePtr (VariablePtr, VariableInfo->Flags.Auth), + NameSize, + (UINT8 *)VariableInfo->Header.VariableName + ); + } else if (VariableBuffer !=3D NULL) { + VariableInfo->Header.VariableName + =3D GetVariableNamePtr (VariableBuffer, VariableInfo->Flags.Auth); + } else if (VariableInfo->Header.VariableName !=3D NULL) { + return EFI_BUFFER_TOO_SMALL; + } + + // + // Data + // + if ( (VariableInfo->Header.Data !=3D NULL) + && (VariableInfo->Header.DataSize >=3D DataSize)) + { + GetVariableNameOrData ( + StoreInfo, + GetVariableDataPtr (VariablePtr, VariableHeader, StoreInfo->AuthFlag= ), + DataSize, + VariableInfo->Header.Data + ); + } else if (VariableBuffer !=3D NULL) { + VariableInfo->Header.Data + =3D GetVariableDataPtr (VariableBuffer, VariableBuffer, VariableInfo= ->Flags.Auth); + } else if (VariableInfo->Header.Data !=3D NULL) { + return EFI_BUFFER_TOO_SMALL; + } + + // + // Update size information about name & data. + // + VariableInfo->Header.NameSize =3D NameSize; + VariableInfo->Header.DataSize =3D DataSize; + + return EFI_SUCCESS; +} + +/** + + Retrieve details about a variable, given by VariableInfo->Buffer or + VariableInfo->Index, and pass the details back in VariableInfo->Header. + + This function is used to resolve the variable data structure into + VariableInfo->Header, for easier access later without revisiting the var= iable + data in variable store. If pointers in the structure of VariableInfo->He= ader + are not NULL, it's supposed that they are buffers passed in to hold a co= py of + data of corresponding data fields in variable data structure. Otherwise,= this + function simply returns pointers pointing to address of those data field= s. + + The variable is specified by either VariableInfo->Index or VariableInfo-= >Buffer. + If VariableInfo->Index is given, this function finds the corresponding v= ariable + first from variable storage according to the Index. + + If both VariableInfo->Index and VariableInfo->Buffer are given, it's sup= posed + that VariableInfo->Buffer is a buffer passed in to hold a whole copy of + requested variable data to be returned. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL or both VariableInfo= ->Buffer + and VariableInfo->Index are NULL (0). + @retval EFI_NOT_FOUND If given Buffer or Index is out of range = of + any given or internal storage copies. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ) +{ + VARIABLE_HEADER *VariablePtr; + VARIABLE_HEADER *VariableHeader; + VARIABLE_STORE_TYPE StoreType; + VARIABLE_STORE_INFO StoreInfo; + UINTN Offset; + + if ((VariableInfo =3D=3D NULL) || + ((VariableInfo->Buffer =3D=3D NULL) && (VariableInfo->StoreIndex =3D= =3D VAR_INDEX_INVALID))) + { + ASSERT (VariableInfo !=3D NULL); + ASSERT (VariableInfo->StoreIndex !=3D VAR_INDEX_INVALID || VariableInf= o->Buffer !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + StoreInfo.VariableStoreHeader =3D NULL; + for (StoreType =3D VariableStoreTypeHob; StoreType < VariableStoreTypeMa= x; ++StoreType) { + GetVariableStore (StoreType, &StoreInfo); + if (StoreInfo.VariableStoreHeader !=3D NULL) { + break; + } + } + + ASSERT (StoreInfo.VariableStoreHeader !=3D NULL); + + // + // No StoreIndex? Don't retrieve variable information from store but jus= t from + // VariableInfo->Buffer. + // + if (VariableInfo->StoreIndex =3D=3D VAR_INDEX_INVALID) { + VariablePtr =3D VariableInfo->Buffer; + VariableHeader =3D VariablePtr; + + return GetVariableInfoInternal (VariableInfo, NULL, VariablePtr, Varia= bleHeader); + } + + Offset =3D (UINTN)VariableInfo->StoreIndex; + if ( (StoreInfo.FtwLastWriteData !=3D NULL) + && (Offset >=3D ((UINTN)StoreInfo.FtwLastWriteData->TargetAddress + - (UINTN)StoreInfo.VariableStoreHeader))) + { + Offset -=3D ((UINTN)StoreInfo.FtwLastWriteData->TargetAddress + - (UINTN)StoreInfo.VariableStoreHeader); + VariablePtr =3D (VARIABLE_HEADER *) + ((UINTN)StoreInfo.FtwLastWriteData->SpareAddress + Offse= t); + } else { + VariablePtr =3D (VARIABLE_HEADER *) + ((UINTN)StoreInfo.VariableStoreHeader + Offset); + } + + // + // Note that variable might be in unconsecutive space. Always get a copy + // of its header in consecutive buffer. + // + if (!GetVariableHeader (&StoreInfo, VariablePtr, &VariableHeader)) { + return EFI_NOT_FOUND; + } + + return GetVariableInfoInternal (VariableInfo, &StoreInfo, VariablePtr, V= ariableHeader); +} + +/** + + Retrieve details of the variable next to given variable within VariableS= tore. + + If VarInfo->Buffer is NULL, the first one in VariableStore is returned. + + VariableStart and/or VariableEnd can be given optionally for the situati= on + in which the valid storage space is smaller than the VariableStore->Size. + This usually happens when PEI variable services make a compact variable + cache to save memory, which cannot make use VariableStore->Size to deter= mine + the correct variable storage range. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo or VariableStore is NULL. + @retval EFI_NOT_FOUND If the end of VariableStore is reached. + @retval EFI_SUCCESS The next variable is retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetNextVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ) +{ + VARIABLE_HEADER *VariablePtr; + VARIABLE_HEADER *VariableHeader; + VARIABLE_STORE_INFO StoreInfo; + VARIABLE_STORE_TYPE StoreType; + UINTN Offset; + + if (VariableInfo =3D=3D NULL) { + ASSERT (VariableInfo !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + StoreInfo.VariableStoreHeader =3D NULL; + for (StoreType =3D VariableStoreTypeHob; StoreType < VariableStoreTypeMa= x; ++StoreType) { + GetVariableStore (StoreType, &StoreInfo); + if (StoreInfo.VariableStoreHeader !=3D NULL) { + break; + } + } + + ASSERT (StoreInfo.VariableStoreHeader !=3D NULL); + + // + // VariableInfo->StoreIndex is supposed to be the index to variable found + // last time. Use it to get the variable next to it in store. If it's in= valid, + // return the first variable available in store. + // + VariableInfo->Flags.Auth =3D StoreInfo.AuthFlag; + if (VariableInfo->StoreIndex =3D=3D VAR_INDEX_INVALID) { + VariablePtr =3D GetStartPointer (StoreInfo.VariableStoreHeader); + } else { + Offset =3D (UINTN)VariableInfo->StoreIndex; + if ( (StoreInfo.FtwLastWriteData !=3D NULL) + && (Offset >=3D ((UINTN)StoreInfo.FtwLastWriteData->TargetAddress + - (UINTN)StoreInfo.VariableStoreHeader))) + { + Offset -=3D ((UINTN)StoreInfo.FtwLastWriteData->TargetAddress + - (UINTN)StoreInfo.VariableStoreHeader); + VariablePtr =3D (VARIABLE_HEADER *) + ((UINTN)StoreInfo.FtwLastWriteData->SpareAddress + Off= set); + } else { + VariablePtr =3D (VARIABLE_HEADER *) + ((UINTN)StoreInfo.VariableStoreHeader + Offset); + } + + // + // Note that variable might be in unconsecutive space. Always get a co= py + // of its header in consecutive buffer. + // + if (!GetVariableHeader (&StoreInfo, VariablePtr, &VariableHeader)) { + return EFI_NOT_FOUND; + } + + VariablePtr =3D GetNextVariablePtr (&StoreInfo, VariablePtr, VariableH= eader); + } + + // + // Get a copy of variable header in consecutive buffer. + // + if (!GetVariableHeader (&StoreInfo, VariablePtr, &VariableHeader)) { + return EFI_NOT_FOUND; + } + + // + // Use the offset to the start of variable store as index of the variabl= e. + // + if ( (StoreInfo.FtwLastWriteData =3D=3D NULL) + || ((UINTN)VariablePtr < (UINTN)StoreInfo.FtwLastWriteData->TargetAdd= ress)) + { + VariableInfo->StoreIndex + =3D (UINT64)((UINTN)VariablePtr - (UINTN)StoreInfo.VariableStoreHead= er); + } else { + VariableInfo->StoreIndex + =3D (UINT64)((UINTN)StoreInfo.FtwLastWriteData->TargetAddress + - (UINTN)StoreInfo.VariableStoreHeader); + VariableInfo->StoreIndex + +=3D (UINT64)((UINTN)VariablePtr - (UINTN)StoreInfo.FtwLastWriteData= ->SpareAddress); + } + + if ((StoreType =3D=3D VariableStoreTypeHob) && (VariableInfo->Buffer =3D= =3D NULL)) { + VariableInfo->Buffer =3D VariablePtr; + } + + return GetVariableInfoInternal (VariableInfo, &StoreInfo, VariablePtr, V= ariableHeader); +} diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c = b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c new file mode 100644 index 000000000000..75edc3fc5051 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/VariableStore.c @@ -0,0 +1,307 @@ +/** @file + Implement ReadOnly Variable Services required by PEIM and install + PEI ReadOnly Varaiable2 PPI. These services operates the non volatile st= orage space. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "VariableParsing.h" +#include "VariableStore.h" + +/** + Get variable store status. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @retval EfiRaw Variable store is raw + @retval EfiValid Variable store is valid + @retval EfiInvalid Variable store is invalid + +**/ +VARIABLE_STORE_STATUS +GetVariableStoreStatus ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ) +{ + if ((CompareGuid (&VarStoreHeader->Signature, &gEfiAuthenticatedVariable= Guid) || + CompareGuid (&VarStoreHeader->Signature, &gEfiVariableGuid)) && + (VarStoreHeader->Format =3D=3D VARIABLE_STORE_FORMATTED) && + (VarStoreHeader->State =3D=3D VARIABLE_STORE_HEALTHY) + ) + { + return EfiValid; + } + + if ((((UINT32 *)(&VarStoreHeader->Signature))[0] =3D=3D 0xffffffff) && + (((UINT32 *)(&VarStoreHeader->Signature))[1] =3D=3D 0xffffffff) && + (((UINT32 *)(&VarStoreHeader->Signature))[2] =3D=3D 0xffffffff) && + (((UINT32 *)(&VarStoreHeader->Signature))[3] =3D=3D 0xffffffff) && + (VarStoreHeader->Size =3D=3D 0xffffffff) && + (VarStoreHeader->Format =3D=3D 0xff) && + (VarStoreHeader->State =3D=3D 0xff) + ) + { + return EfiRaw; + } else { + return EfiInvalid; + } +} + +/** + Reports HOB variable store is available or not. + + @retval EFI_NOT_READY HOB variable store info not available. + @retval EFI_NOT_FOUND HOB variable store is NOT available. + @retval EFI_SUCCESS HOB variable store is available. +**/ +EFI_STATUS +EFIAPI +IsHobVariableStoreAvailable ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + VOID *VariableStoreInfoHob; + + // + // Discover if Variable Store Info Hob has been published by platform dr= iver. + // It contains information regards to HOB or NV Variable Store availabil= ity + // + GuidHob =3D GetFirstGuidHob (&gEfiPeiVariableStoreDiscoveredPpiGuid); + if (GuidHob =3D=3D NULL) { + return EFI_NOT_READY; + } + + // + // Check if HOB Variable Store is available + // + VariableStoreInfoHob =3D GET_GUID_HOB_DATA (GuidHob); + if (*(BOOLEAN *)VariableStoreInfoHob =3D=3D TRUE) { + return EFI_SUCCESS; + } + + // + // This might be NV Variable Store + // + return EFI_NOT_FOUND; +} + +/** + Get HOB variable store. + + @param[out] StoreInfo Return the store info. + +**/ +VOID +GetHobVariableStore ( + OUT VARIABLE_STORE_INFO *StoreInfo + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + + // + // Make sure there is no more than one Variable HOB. + // + DEBUG_CODE_BEGIN (); + GuidHob =3D GetFirstGuidHob (&gEfiAuthenticatedVariableGuid); + if (GuidHob !=3D NULL) { + if ((GetNextGuidHob (&gEfiAuthenticatedVariableGuid, GET_NEXT_HOB (Gui= dHob)) !=3D NULL)) { + DEBUG ((DEBUG_ERROR, "ERROR: Found two Auth Variable HOBs\n")); + ASSERT (FALSE); + } else if (GetFirstGuidHob (&gEfiVariableGuid) !=3D NULL) { + DEBUG ((DEBUG_ERROR, "ERROR: Found one Auth + one Normal Variable HO= Bs\n")); + ASSERT (FALSE); + } + } else { + GuidHob =3D GetFirstGuidHob (&gEfiVariableGuid); + if (GuidHob !=3D NULL) { + if ((GetNextGuidHob (&gEfiVariableGuid, GET_NEXT_HOB (GuidHob)) !=3D= NULL)) { + DEBUG ((DEBUG_ERROR, "ERROR: Found two Normal Variable HOBs\n")); + ASSERT (FALSE); + } + } + } + + DEBUG_CODE_END (); + + GuidHob =3D GetFirstGuidHob (&gEfiAuthenticatedVariableGuid); + if (GuidHob !=3D NULL) { + StoreInfo->VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)GET_GUID_H= OB_DATA (GuidHob); + StoreInfo->AuthFlag =3D TRUE; + } else { + GuidHob =3D GetFirstGuidHob (&gEfiVariableGuid); + if (GuidHob !=3D NULL) { + StoreInfo->VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)GET_GUID= _HOB_DATA (GuidHob); + StoreInfo->AuthFlag =3D FALSE; + } + } +} + +/** + Get NV variable store. + + @param[out] StoreInfo Return the store info. + @param[out] VariableFvHeader Return header of FV containing the sto= re. + +**/ +VOID +GetNvVariableStore ( + OUT VARIABLE_STORE_INFO *StoreInfo, + OUT EFI_FIRMWARE_VOLUME_HEADER **VariableFvHeader + ) +{ + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + VARIABLE_STORE_HEADER *StoreHeader; + FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *HobData; + FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *FtwLastWriteData; + EFI_PHYSICAL_ADDRESS NvStorageBase; + UINT32 NvStorageSize; + UINT32 BackUpOffset; + UINT64 NvStorageSize64; + + Status =3D GetVariableFlashNvStorageInfo (&NvStorageBase, &NvStorageSize= 64); + ASSERT_EFI_ERROR (Status); + + Status =3D SafeUint64ToUint32 (NvStorageSize64, &NvStorageSize); + // This driver currently assumes the size will be UINT32 so assert the v= alue is safe for now. + ASSERT_EFI_ERROR (Status); + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)NvStorageBase; + + // + // Check the FTW last write data hob. + // + BackUpOffset =3D 0; + FtwLastWriteData =3D NULL; + HobData =3D NULL; + GuidHob =3D GetFirstGuidHob (&gEdkiiFaultTolerantWriteGuid); + + if (GuidHob !=3D NULL) { + HobData =3D (FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *)GET_GUID_HOB_DATA = (GuidHob); + if (HobData->TargetAddress =3D=3D NvStorageBase) { + // + // Let FvHeader point to spare block. + // + DEBUG (( + EFI_D_INFO, + "PeiVariable: NV storage is backed up in spare block: 0x%x\n", + (UINTN)HobData->SpareAddress + )); + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)HobData->SpareAddr= ess; + HobData =3D NULL; + } else if ((HobData->TargetAddress > NvStorageBase) && + (HobData->TargetAddress < (NvStorageBase + NvStorageSize))) + { + // + // Flash NV storage from the offset is backed up in spare block. + // + BackUpOffset =3D (UINT32)(HobData->TargetAddress - NvStorageBase); + DEBUG (( + EFI_D_INFO, + "PeiVariable: High partial NV storage from offset: %x is backed up= in spare block: 0x%x\n", + BackUpOffset, + (UINTN)FtwLastWriteData->SpareAddress + )); + // + // At least one block data in flash NV storage is still valid, so st= ill + // leave FvHeader point to NV storage base. + // + } + } + + if (StoreInfo !=3D NULL) { + StoreInfo->FtwLastWriteData =3D HobData; + } + + if (VariableFvHeader !=3D NULL) { + *VariableFvHeader =3D FvHeader; + } + + // + // Check if the Firmware Volume is not corrupted + // + if ((FvHeader->Signature =3D=3D EFI_FVH_SIGNATURE) && + CompareGuid (&gEfiSystemNvDataFvGuid, &FvHeader->FileSystemGuid)) + { + StoreHeader =3D (VARIABLE_STORE_HEADER *)((UINTN)FvHeader + FvHeader->= HeaderLength); + } else { + StoreHeader =3D NULL; + DEBUG ((DEBUG_ERROR, "Firmware Volume for Variable Store is corrupted\= n")); + } + + if (StoreInfo !=3D NULL) { + StoreInfo->VariableStoreHeader =3D StoreHeader; + if (StoreHeader !=3D NULL) { + StoreInfo->AuthFlag =3D CompareGuid ( + &StoreHeader->Signature, + &gEfiAuthenticatedVariableGuid + ); + } + } +} + +/** + Return the variable store header and the store info based on the Index. + + @param[in] Type The type of the variable store. + @param[out] StoreInfo Return the store info. + + @return Pointer to the variable store header. +**/ +VARIABLE_STORE_HEADER * +GetVariableStore ( + IN VARIABLE_STORE_TYPE Type, + OUT VARIABLE_STORE_INFO *StoreInfo + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + + StoreInfo->VariableStoreHeader =3D NULL; + StoreInfo->IndexTable =3D NULL; + StoreInfo->FtwLastWriteData =3D NULL; + StoreInfo->AuthFlag =3D FALSE; + switch (Type) { + case VariableStoreTypeHob: + GetHobVariableStore (StoreInfo); + break; + + case VariableStoreTypeNv: + if (!PcdGetBool (PcdEmuVariableNvModeEnable)) { + // + // Emulated non-volatile variable mode is not enabled. + // + GetNvVariableStore (StoreInfo, NULL); + if (StoreInfo->VariableStoreHeader !=3D NULL) { + GuidHob =3D GetFirstGuidHob (&gEfiVariableIndexTableGuid); + if (GuidHob !=3D NULL) { + StoreInfo->IndexTable =3D GET_GUID_HOB_DATA (GuidHob); + } else { + // + // If it's the first time to access variable region in flash, = create a guid hob to record + // VAR_ADDED type variable info. + // Note that as the resource of PEI phase is limited, only sto= re the limited number of + // VAR_ADDED type variables to reduce access time. + // + StoreInfo->IndexTable =3D (VARIABLE_INDEX_TABLE *= )BuildGuidHob (&gEfiVariableIndexTableGuid, sizeof (VARIABLE_INDEX_TABLE)); + StoreInfo->IndexTable->Length =3D 0; + StoreInfo->IndexTable->StartPtr =3D GetStartPointer (StoreI= nfo->VariableStoreHeader); + StoreInfo->IndexTable->EndPtr =3D GetEndPointer (StoreInf= o->VariableStoreHeader); + StoreInfo->IndexTable->GoneThrough =3D 0; + } + } + } + + break; + + default: + ASSERT (FALSE); + break; + } + + return StoreInfo->VariableStoreHeader; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni = b/MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni new file mode 100644 index 000000000000..106c1dfdc5c0 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariable.uni @@ -0,0 +1,16 @@ +// /** @file +// Implements ReadOnly Variable Services required by PEIM and installs PEI= ReadOnly Varaiable2 PPI. +// +// This module implements ReadOnly Variable Services required by PEIM and = installs PEI ReadOnly Varaiable2 PPI. +// +// Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Implements ReadOn= ly Variable Services required by PEIM and installs PEI ReadOnly Varaiable2 = PPI" + +#string STR_MODULE_DESCRIPTION #language en-US "This module imple= ments ReadOnly Variable Services required by PEIM and installs PEI ReadOnly= Varaiable2 PPI." + diff --git a/MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra= .uni b/MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni new file mode 100644 index 000000000000..22dd992be908 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/Pei/PeiVariableExtra.uni @@ -0,0 +1,14 @@ +// /** @file +// PeiVariable Localized Strings and Content +// +// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"Variable Access PEI Module" + + --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95988): https://edk2.groups.io/g/devel/message/95988 Mute This Topic: https://groups.io/mt/94840824/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95989+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95989+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720145; cv=none; d=zohomail.com; s=zohoarc; b=Clli3zrMraFxzfqv9pSIe9zOSgSDu06v5kbbO/uTCYmanCNXAPU10GExcNqxz4J4CXL8qwtDk7HKFMCUIS+4VEc/GrAoUo5WyU4iQj+syQwukB06567502LPoq4jykvAlhuqg77+gA3RusaIEeMVIpw7ZjdE9Y27gGX0vfy3mTc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720145; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=uUN7GbeyrbQ38BuixFiQ2DiteJ7lhRqrHt/AVWERDTY=; b=dRW8a6CjekVNXP+3fK5Xq/L6FbAUzss7fv2O+fRJ7kfKzgApzUX1hBLOcaM2akZVJufBPNjcPY5m5cSBnW5NSFVvuR5PvILHYj0A371QLO6HruT2I285lApYAMh3xIbInLqOOlFxoqQqtxa7mH8I49qy4OPWdJyOy8BJQXY9on4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95989+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720145713994.3334733331186; Sun, 6 Nov 2022 00:35:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EWGrYY1788612xeAw7MZhhKT; Sun, 06 Nov 2022 00:35:45 -0700 X-Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.14269.1667720141472727483 for ; Sun, 06 Nov 2022 00:35:42 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="336948735" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="336948735" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:29 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513455" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513455" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:27 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Hao A Wu , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 08/19] MdeModulePkg: Add support for Protected Variables Date: Sun, 6 Nov 2022 00:34:58 -0700 Message-Id: <20221106073509.3071-9-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: DHtosHKBS0cZzaT7V1OGZKsVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720145; bh=Dq8RBDvdx1ySLggsfyxRwfYEZefCgh3nocqKPhsZpu8=; h=Cc:Date:From:Reply-To:Subject:To; b=Bgm2h1AXU9ABw6n2F/sojaxGQlaX31saBgx6X6iutPBech+ndTKekCazF/VT2mZcW1P Qh8o6uUY2CL5i0cn/Qpzw3xqckxoaEyYvRPLVPRQ4+MpnEEGfjp1v4D9A6vOryL8R9AWa 8J2CGeENe6ucXd4Xeesy2o/yf6DlAdyNpmk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720147190100036 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V5: Add RuntimeDxe Variable Protection into a new directory and keep existing Variable for RuntimeDxe unchanged. v4: Applied code review - remove unreferenced library from .inf. Updated some function description and parameters. V3: Fix 'NextVariableStore' parameter for CopyMem. It was causing an exception. Need to correctly cast 'NextVariableStore' so all platforms build. Add code to initialize 'ContextIn' structure in SmmVariableReay() to fix issue with NULL function pointer. V1: Add support for Protected Variables. Add new API to retrieve Variable Infomation and data. Add new API to update variable in non-volatile storage or cached copy. Cc: Jian J Wang Cc: Liming Gao Cc: Hao A Wu Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUnitTest/Va= riableLockRequestToLockUnitTest.inf | 36 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeDxe.in= f | 151 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.inf = | 153 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRuntimeDxe= .inf | 119 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandaloneMm.= inf | 143 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/PrivilegePolymorphic.= h | 158 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h = | 948 +++++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVolatile.h= | 67 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing.h = | 424 ++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeCache.= h | 51 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c = | 343 ++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c = | 504 +++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUnitTest/Va= riableLockRequestToLockUnitTest.c | 607 +++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBarrierDxe= .c | 27 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBarrierSmm= .c | 26 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe.c = | 153 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSmm.c = | 569 +++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c = | 101 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c = | 4037 ++++++++++++++++++++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c = | 670 ++++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib.c = | 417 ++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableLockRequestTo= Lock.c | 96 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVolatile.c= | 537 +++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing.c = | 1110 ++++++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePolicySmmDxe.= c | 575 +++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeCache.= c | 158 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c = | 1268 ++++++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRuntimeDxe= .c | 1895 +++++++++ MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandaloneMm.= c | 89 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableTraditionalMm= .c | 130 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeDxe.un= i | 22 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeDxeExt= ra.uni | 14 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.uni = | 27 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmExtra.uni = | 14 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRuntimeDxe= .uni | 23 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRuntimeDxe= Extra.uni | 14 + 36 files changed, 15676 insertions(+) diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDx= eUnitTest/VariableLockRequestToLockUnitTest.inf b/MdeModulePkg/Universal/Va= riable/Protected/RuntimeDxe/RuntimeDxeUnitTest/VariableLockRequestToLockUni= tTest.inf new file mode 100644 index 000000000000..586d877fca90 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUnitTe= st/VariableLockRequestToLockUnitTest.inf @@ -0,0 +1,36 @@ +## @file +# This is a host-based unit test for the VariableLockRequestToLock shim. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +[Defines] + INF_VERSION =3D 0x00010017 + BASE_NAME =3D VariableLockRequestToLockUnitTest + FILE_GUID =3D A657FCD8-4A0D-46B4-8DC9-F089626383AD + VERSION_STRING =3D 1.0 + MODULE_TYPE =3D HOST_APPLICATION + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + +[Sources] + VariableLockRequestToLockUnitTest.c + ../VariableLockRequestToLock.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + +[LibraryClasses] + UnitTestLib + DebugLib + VariablePolicyLib + VariablePolicyHelperLib + BaseMemoryLib + MemoryAllocationLib diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableR= untimeDxe.inf b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variab= leRuntimeDxe.inf new file mode 100644 index 000000000000..6adc2c636e84 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeD= xe.inf @@ -0,0 +1,151 @@ +## @file +# Provides variable service. +# +# This module installs variable arch protocol and variable write arch pro= tocol to provide +# variable services: SetVariable, GetVariable, GetNextVariableName and Qu= eryVariableInfo. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable data. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# +# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D VariableRuntimeDxe + MODULE_UNI_FILE =3D VariableRuntimeDxe.uni + FILE_GUID =3D 146F4448-56BF-405C-A8C4-B77FFD24BE00 + MODULE_TYPE =3D DXE_RUNTIME_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D VariableServiceInitialize + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC +# +# VIRTUAL_ADDRESS_MAP_CALLBACK =3D VariableClassAddressChangeEvent +# + +[Sources] + Reclaim.c + Variable.c + VariableDxe.c + Variable.h + VariableNonVolatile.c + VariableNonVolatile.h + VariableParsing.c + VariableParsing.h + VariableRuntimeCache.c + VariableRuntimeCache.h + PrivilegePolymorphic.h + Measurement.c + TcgMorLockDxe.c + VarCheck.c + VariableExLib.c + SpeculationBarrierDxe.c + VariableLockRequestToLock.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + SynchronizationLib + UefiLib + UefiBootServicesTableLib + BaseMemoryLib + DebugLib + UefiRuntimeLib + DxeServicesTableLib + UefiDriverEntryPoint + PcdLib + HobLib + TpmMeasurementLib + AuthVariableLib + VarCheckLib + VariableFlashInfoLib + VariablePolicyLib + VariablePolicyHelperLib + SafeIntLib + ProtectedVariableLib + +[Protocols] + gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiFaultTolerantWriteProtocolGuid + gEfiVariableWriteArchProtocolGuid ## PRODUCES + gEfiVariableArchProtocolGuid ## PRODUCES + gEdkiiVariableLockProtocolGuid ## PRODUCES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES + gEdkiiVarCheckProtocolGuid ## PRODUCES + +[Guids] + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + gEfiGlobalVariableGuid + + gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ##= Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ##= Variable:L"MemoryOverwriteRequestControlLock" + + gEfiEventVirtualAddressChangeGuid ## CONSUMES ##= Event + gEfiSystemNvDataFvGuid ## CONSUMES ##= GUID + gEfiEndOfDxeEventGroupGuid ## CONSUMES ##= Event + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ##= HOB + + ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag" + ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag" + gEdkiiVarErrorFlagGuid + + ## SOMETIMES_CONSUMES ## Variable:L"db" + ## SOMETIMES_CONSUMES ## Variable:L"dbx" + ## SOMETIMES_CONSUMES ## Variable:L"dbt" + gEfiImageSecurityDatabaseGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CON= SUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable ## SOM= ETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved ## SOM= ETIMES_CONSUMES + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES= # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES= # Auto update PlatformLang/Lang + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + VariableRuntimeDxeExtra.uni diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mm.inf b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.i= nf new file mode 100644 index 000000000000..2651ec514df3 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.inf @@ -0,0 +1,153 @@ +## @file +# Provides SMM variable service. +# +# This module installs SMM variable protocol into SMM protocol database, +# which can be used by SMM driver, and installs SMM variable protocol +# into BS protocol database, which can be used to notify the SMM Runtime +# Dxe driver that the SMM variable service is ready. +# This module should be used with SMM Runtime DXE module together. The +# SMM Runtime DXE module would install variable arch protocol and variable +# write arch protocol based on SMM variable module. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable data and communicate bu= ffer in SMM mode. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# The whole SMM authentication variable design relies on the integrity = of flash part and SMM. +# which is assumed to be protected by platform. All variable code and me= tadata in flash/SMM Memory +# may not be modified without authorization. If platform fails to protect= these resources, +# the authentication service provided in this driver will be broken, and = the behavior is undefined. +# +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D VariableSmm + MODULE_UNI_FILE =3D VariableSmm.uni + FILE_GUID =3D 1C32FDDF-7FF1-4EE5-BDA0-ED9AAC623D3C + MODULE_TYPE =3D DXE_SMM_DRIVER + VERSION_STRING =3D 1.0 + PI_SPECIFICATION_VERSION =3D 0x0001000A + ENTRY_POINT =3D VariableServiceInitialize + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + + +[Sources] + Reclaim.c + Variable.c + VariableTraditionalMm.c + VariableSmm.c + VariableNonVolatile.c + VariableNonVolatile.h + VariableParsing.c + VariableParsing.h + VariableRuntimeCache.c + VariableRuntimeCache.h + VarCheck.c + Variable.h + PrivilegePolymorphic.h + VariableExLib.c + TcgMorLockSmm.c + SpeculationBarrierSmm.c + VariableLockRequestToLock.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + MemoryAllocationLib + BaseLib + SynchronizationLib + UefiLib + MmServicesTableLib + BaseMemoryLib + DebugLib + DxeServicesTableLib + HobLib + PcdLib + SmmMemLib + AuthVariableLib + VarCheckLib + UefiBootServicesTableLib + VariableFlashInfoLib + VariablePolicyLib + VariablePolicyHelperLib + SafeIntLib + ProtectedVariableLib + +[Protocols] + gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiSmmFaultTolerantWriteProtocolGuid + ## PRODUCES + ## UNDEFINED # SmiHandlerRegister + gEfiSmmVariableProtocolGuid + gEfiMmEndOfDxeProtocolGuid ## NOTIFY + gEdkiiSmmVarCheckProtocolGuid ## PRODUCES + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + gEfiGlobalVariableGuid + + gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ##= Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ##= Variable:L"MemoryOverwriteRequestControlLock" + + gSmmVariableWriteGuid ## PRODUCES ##= GUID # Install protocol + gEfiSystemNvDataFvGuid ## CONSUMES ##= GUID + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ##= HOB + + ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag" + ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag" + gEdkiiVarErrorFlagGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable ## SO= METIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved ## SO= METIMES_CONSUMES + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CO= NSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CO= NSUMES # Auto update PlatformLang/Lang + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + VariableSmmExtra.uni diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Var= iableSmmRuntimeDxe.inf new file mode 100644 index 000000000000..0d169913c9c9 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRunti= meDxe.inf @@ -0,0 +1,119 @@ +## @file +# Runtime DXE part corresponding to SMM authenticated variable module. +# +# This module installs variable arch protocol and variable write arch pro= tocol to provide +# variable service. This module need work together with SMM authenticated= variable module. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable data. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# The whole SMM authentication variable design relies on the integrity = of flash part and SMM. +# which is assumed to be protected by platform. All variable code and me= tadata in flash/SMM Memory +# may not be modified without authorization. If platform fails to protect= these resources, +# the authentication service provided in this driver will be broken, and = the behavior is undefined. +# +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D VariableSmmRuntimeDxe + MODULE_UNI_FILE =3D VariableSmmRuntimeDxe.uni + FILE_GUID =3D 3C9DF4B3-559F-4AE4-AEA3-E4B0C3D9D3EE + MODULE_TYPE =3D DXE_RUNTIME_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D VariableSmmRuntimeInitialize + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# +# VIRTUAL_ADDRESS_MAP_CALLBACK =3D VariableAddressChangeEvent +# + +[Sources] + VariableSmmRuntimeDxe.c + PrivilegePolymorphic.h + Measurement.c + VariableParsing.c + VariableParsing.h + Variable.h + VariablePolicySmmDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + UefiBootServicesTableLib + DebugLib + UefiRuntimeLib + DxeServicesTableLib + UefiDriverEntryPoint + TpmMeasurementLib + SafeIntLib + PcdLib + MmUnblockMemoryLib + ProtectedVariableLib + +[Protocols] + gEfiVariableWriteArchProtocolGuid ## PRODUCES + gEfiVariableArchProtocolGuid ## PRODUCES + gEfiMmCommunication2ProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + ## UNDEFINED # Used to do smm communication + gEfiSmmVariableProtocolGuid + gEdkiiVariableLockProtocolGuid ## PRODUCES + gEdkiiVarCheckProtocolGuid ## PRODUCES + gEdkiiVariablePolicyProtocolGuid ## PRODUCES + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableVariableRuntimeCache #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics #= # CONSUMES + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable = ## CONSUMES + +[Guids] + ## PRODUCES ## GUID # Signature of Variable store header + ## CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## PRODUCES ## GUID # Signature of Variable store header + ## CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + ## CONSUMES ## GUID # Locate protocol + ## CONSUMES ## GUID # Protocol notify + gSmmVariableWriteGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"db" + ## SOMETIMES_CONSUMES ## Variable:L"dbx" + ## SOMETIMES_CONSUMES ## Variable:L"dbt" + gEfiImageSecurityDatabaseGuid + + gVarCheckPolicyLibMmiHandlerGuid + gEfiEndOfDxeEventGroupGuid + +[Depex] + gEfiMmCommunication2ProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + VariableSmmRuntimeDxeExtra.uni diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= tandaloneMm.inf b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Vari= ableStandaloneMm.inf new file mode 100644 index 000000000000..fb5a6c947890 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandalo= neMm.inf @@ -0,0 +1,143 @@ +## @file +# Provides SMM variable service. +# +# This module installs SMM variable protocol into SMM protocol database, +# which can be used by SMM driver, and installs SMM variable protocol +# into BS protocol database, which can be used to notify the SMM Runtime +# Dxe driver that the SMM variable service is ready. +# This module should be used with SMM Runtime DXE module together. The +# SMM Runtime DXE module would install variable arch protocol and variable +# write arch protocol based on SMM variable module. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable data and communicate bu= ffer in SMM mode. +# This external input must be validated carefully to avoid security issue= s such as +# buffer overflow or integer overflow. +# The whole SMM authentication variable design relies on the integrity = of flash part and SMM. +# which is assumed to be protected by platform. All variable code and me= tadata in flash/SMM Memory +# may not be modified without authorization. If platform fails to protect= these resources, +# the authentication service provided in this driver will be broken, and = the behavior is undefined. +# +# Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
+# Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x0001001B + BASE_NAME =3D VariableStandaloneMm + FILE_GUID =3D 417E6192-7678-4A75-B638-305A86D82936 + MODULE_TYPE =3D MM_STANDALONE + VERSION_STRING =3D 1.0 + PI_SPECIFICATION_VERSION =3D 0x00010032 + ENTRY_POINT =3D VariableServiceInitialize + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 +# + + +[Sources] + Reclaim.c + Variable.c + VariableSmm.c + VariableStandaloneMm.c + VariableNonVolatile.c + VariableNonVolatile.h + VariableParsing.c + VariableParsing.h + VariableRuntimeCache.c + VariableRuntimeCache.h + VarCheck.c + Variable.h + PrivilegePolymorphic.h + VariableExLib.c + TcgMorLockSmm.c + SpeculationBarrierSmm.c + VariableLockRequestToLock.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + AuthVariableLib + BaseLib + BaseMemoryLib + DebugLib + HobLib + MemoryAllocationLib + MmServicesTableLib + SafeIntLib + StandaloneMmDriverEntryPoint + SynchronizationLib + VarCheckLib + VariableFlashInfoLib + VariablePolicyLib + VariablePolicyHelperLib + ProtectedVariableLib + +[Protocols] + gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiSmmFaultTolerantWriteProtocolGuid + ## PRODUCES + ## UNDEFINED # SmiHandlerRegister + gEfiSmmVariableProtocolGuid + gEfiMmEndOfDxeProtocolGuid ## NOTIFY + gEdkiiSmmVarCheckProtocolGuid ## PRODUCES + +[Guids] + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + gEfiGlobalVariableGuid + + gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ##= Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ##= Variable:L"MemoryOverwriteRequestControlLock" + + gEfiSystemNvDataFvGuid ## CONSUMES ##= GUID + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ##= HOB + + ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag" + ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag" + gEdkiiVarErrorFlagGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize #= # CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable ## SO= METIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved ## SO= METIMES_CONSUMES + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CO= NSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CO= NSUMES # Auto update PlatformLang/Lang + +[Depex] + TRUE diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Privilege= Polymorphic.h b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Privil= egePolymorphic.h new file mode 100644 index 000000000000..7f14515b694f --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/PrivilegePolymor= phic.h @@ -0,0 +1,158 @@ +/** @file + Polymorphic functions that are called from both the privileged driver (i= .e., + the DXE_SMM variable module) and the non-privileged drivers (i.e., one or + both of the DXE_RUNTIME variable modules). + + Each of these functions has two implementations, appropriate for privile= ged + vs. non-privileged driver code. + + Copyright (c) 2017, Red Hat, Inc.
+ Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef PRIVILEGE_POLYMORPHIC_H_ +#define PRIVILEGE_POLYMORPHIC_H_ + +#include + +/** + SecureBoot Hook for auth variable update. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. +**/ +VOID +EFIAPI +SecureBootHook ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ); + +/** + Initialization for MOR Control Lock. + + @retval EFI_SUCCESS MorLock initialization success. + @return Others Some error occurs. +**/ +EFI_STATUS +MorLockInit ( + VOID + ); + +/** + Delayed initialization for MOR Control Lock at EndOfDxe. + + This function performs any operations queued by MorLockInit(). +**/ +VOID +MorLockInitAtEndOfDxe ( + VOID + ); + +/** + This service is an MOR/MorLock checker handler for the SetVariable(). + + @param[in] VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param[in] VendorGuid Unify identifier for vendor. + @param[in] Attributes Attributes bitmask to set for the variable. + @param[in] DataSize The size in bytes of Data-Buffer. + @param[in] Data Point to the content of the variable. + + @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable + driver can store the variable data. + @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or + attributes is not allowed for MOR variab= le. + @retval EFI_ACCESS_DENIED The MOR/MorLock is locked. + @retval EFI_ALREADY_STARTED The MorLock variable is handled inside t= his + function. Variable driver can just return + EFI_SUCCESS. +**/ +EFI_STATUS +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ); + +/** + This service is consumed by the variable modules to place a barrier to s= top + speculative execution. + + Ensures that no later instruction will execute speculatively, until all = prior + instructions have completed. + +**/ +VOID +VariableSpeculationBarrier ( + VOID + ); + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +VariableNotifySmmReady ( + VOID + ); + +/** + Notify the system that the SMM variable write driver is ready. +**/ +VOID +VariableNotifySmmWriteReady ( + VOID + ); + +/** + Variable Driver main entry point. The Variable driver places the 4 EFI + runtime services in the EFI System Table and installs arch protocols + for variable read and write services being available. It also registers + a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. + + @retval EFI_SUCCESS Variable service successfully initialized. +**/ +EFI_STATUS +EFIAPI +MmVariableServiceInitialize ( + VOID + ); + +/** + This function checks if the buffer is valid per processor architecture a= nd + does not overlap with SMRAM. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and does n= ot + overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlaps + with SMRAM. +**/ +BOOLEAN +VariableSmmIsBufferOutsideSmmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ); + +/** + Whether the TCG or TCG2 protocols are installed in the UEFI protocol dat= abase. + This information is used by the MorLock code to infer whether an existing + MOR variable is legitimate or not. + + @retval TRUE Either the TCG or TCG2 protocol is installed in the UEFI + protocol database + @retval FALSE Neither the TCG nor the TCG2 protocol is installed in the = UEFI + protocol database +**/ +BOOLEAN +VariableHaveTcgProtocols ( + VOID + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.= h b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h new file mode 100644 index 000000000000..c679e524043f --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.h @@ -0,0 +1,948 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by Variable modules. + +Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef VARIABLE_H_ +#define VARIABLE_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "PrivilegePolymorphic.h" + +#define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE |\ + EFI_VARIABLE_BOOTSERVICE_ACCESS | \ + EFI_VARIABLE_RUNTIME_ACCESS | \ + EFI_VARIABLE_HARDWARE_ERROR_RECORD |= \ + EFI_VARIABLE_TIME_BASED_AUTHENTICATE= D_WRITE_ACCESS | \ + EFI_VARIABLE_APPEND_WRITE) + +/// +/// The size of a 3 character ISO639 language code. +/// +#define ISO_639_2_ENTRY_SIZE 3 + +typedef enum { + VariableStoreTypeVolatile, + VariableStoreTypeHob, + VariableStoreTypeNv, + VariableStoreTypeMax +} VARIABLE_STORE_TYPE; + +typedef struct { + UINT32 PendingUpdateOffset; + UINT32 PendingUpdateLength; + VARIABLE_STORE_HEADER *Store; +} VARIABLE_RUNTIME_CACHE; + +typedef struct { + BOOLEAN *ReadLock; + BOOLEAN *PendingUpdate; + BOOLEAN *HobFlushComplete; + VARIABLE_RUNTIME_CACHE VariableRuntimeHobCache; + VARIABLE_RUNTIME_CACHE VariableRuntimeNvCache; + VARIABLE_RUNTIME_CACHE VariableRuntimeVolatileCache; +} VARIABLE_RUNTIME_CACHE_CONTEXT; + +typedef struct { + VARIABLE_HEADER *CurrPtr; + // + // If both ADDED and IN_DELETED_TRANSITION variable are present, + // InDeletedTransitionPtr will point to the IN_DELETED_TRANSITION one. + // Otherwise, CurrPtr will point to the ADDED or IN_DELETED_TRANSITION o= ne, + // and InDeletedTransitionPtr will be NULL at the same time. + // + VARIABLE_HEADER *InDeletedTransitionPtr; + VARIABLE_HEADER *EndPtr; + VARIABLE_HEADER *StartPtr; + BOOLEAN Volatile; +} VARIABLE_POINTER_TRACK; + +typedef struct { + EFI_PHYSICAL_ADDRESS HobVariableBase; + EFI_PHYSICAL_ADDRESS VolatileVariableBase; + EFI_PHYSICAL_ADDRESS NonVolatileVariableBase; + VARIABLE_RUNTIME_CACHE_CONTEXT VariableRuntimeCacheContext; + EFI_LOCK VariableServicesLock; + UINT32 ReentrantState; + BOOLEAN AuthFormat; + BOOLEAN AuthSupport; + BOOLEAN EmuNvMode; +} VARIABLE_GLOBAL; + +typedef struct { + VARIABLE_GLOBAL VariableGlobal; + UINTN VolatileLastVariableOffset; + UINTN NonVolatileLastVariableOffset; + UINTN CommonVariableSpace; + UINTN CommonMaxUserVariableSpace; + UINTN CommonRuntimeVariableSpace; + UINTN CommonVariableTotalSize; + UINTN CommonUserVariableTotalSize; + UINTN HwErrVariableTotalSize; + UINTN MaxVariableSize; + UINTN MaxAuthVariableSize; + UINTN MaxVolatileVariableSize; + UINTN ScratchBufferSize; + CHAR8 *PlatformLangCodes; + CHAR8 *LangCodes; + CHAR8 *PlatformLang; + CHAR8 Lang[ISO_639_2_ENTRY_SIZE + 1]; + EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbInstance; +} VARIABLE_MODULE_GLOBAL; + +/** + Flush the HOB variable to flash. + + @param[in] VariableName Name of variable has been updated or delet= ed. + @param[in] VendorGuid Guid of variable has been updated or delet= ed. + +**/ +VOID +FlushHobVariableToFlash ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ); + +/** + Writes a buffer to variable storage space, in the working block. + + This function writes a buffer to variable storage space into a firmware + volume block device. The destination is specified by the parameter + VariableBase. Fault Tolerant Write protocol is used for writing. + + @param VariableBase Base address of the variable to write. + @param VariableBuffer Point to the variable data buffer. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND Fail to locate Fault Tolerant Write protocol. + @retval EFI_ABORTED The function could not complete successfully. + +**/ +EFI_STATUS +FtwVariableSpace ( + IN EFI_PHYSICAL_ADDRESS VariableBase, + IN VARIABLE_STORE_HEADER *VariableBuffer + ); + +/** + Finds variable in storage blocks of volatile and non-volatile storage ar= eas. + + This code finds variable in storage blocks of volatile and non-volatile = storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS= attribute check + at runtime when searching existing variable, only VariableName and Vendo= rGuid are compared. + Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible= at runtime. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Vendor GUID to be found. + @param[out] PtrTrack VARIABLE_POINTER_TRACK structure for= output, + including the range searched and the= target position. + @param[in] Global Pointer to VARIABLE_GLOBAL structure= , including + base of volatile variable storage ar= ea, base of + NV variable storage area, and a lock. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS a= ttribute + check at runtime when searching vari= able. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty stri= ng, while + VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +FindVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack, + IN VARIABLE_GLOBAL *Global, + IN BOOLEAN IgnoreRtCheck + ); + +/** + This function is to check if the remaining variable space is enough to s= et + all Variables from argument list successfully. The purpose of the check + is to keep the consistency of the Variables to be in variable storage. + + Note: Variables are assumed to be in same storage. + The set sequence of Variables will be same with the sequence of Variable= Entry from argument list, + so follow the argument sequence to check the Variables. + + @param[in] Attributes Variable attributes for Variable entries. + @param[in] Marker VA_LIST style variable argument list. + The variable argument list with type VARIA= BLE_ENTRY_CONSISTENCY *. + A NULL terminates the list. The VariableSi= ze of + VARIABLE_ENTRY_CONSISTENCY is the variable= data size as input. + It will be changed to variable total size = as output. + + @retval TRUE Have enough variable space to set the Vari= ables successfully. + @retval FALSE No enough variable space to set the Variab= les successfully. + +**/ +BOOLEAN +EFIAPI +CheckRemainingSpaceForConsistencyInternal ( + IN UINT32 Attributes, + IN VA_LIST Marker + ); + +/** + Update the variable region with Variable information. If EFI_VARIABLE_AU= THENTICATED_WRITE_ACCESS is set, + index of associated public key is needed. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Variable data. + @param[in] DataSize Size of data. 0 means delete. + @param[in] Attributes Attributes of the variable. + @param[in] KeyIndex Index of associated public key. + @param[in] MonotonicCount Value of associated monotonic count. + @param[in, out] Variable The variable information that is used to k= eep track of variable usage. + + @param[in] TimeStamp Value of associated TimeStamp. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_OUT_OF_RESOURCES Variable region is full, cannot write othe= r data into this region. + +**/ +EFI_STATUS +UpdateVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL, + IN UINT32 KeyIndex OPTIONAL, + IN UINT64 MonotonicCount OPTIONAL, + IN OUT VARIABLE_POINTER_TRACK *Variable, + IN EFI_TIME *TimeStamp OPTIONAL + ); + +/** + Return TRUE if ExitBootServices () has been called. + + @retval TRUE If ExitBootServices () has been called. +**/ +BOOLEAN +AtRuntime ( + VOID + ); + +/** + Initializes a basic mutual exclusion lock. + + This function initializes a basic mutual exclusion lock to the released = state + and returns the lock. Each lock provides mutual exclusion access at its= task + priority level. Since there is no preemption or multiprocessor support = in EFI, + acquiring the lock only consists of raising to the locks TPL. + If Lock is NULL, then ASSERT(). + If Priority is not a valid TPL value, then ASSERT(). + + @param Lock A pointer to the lock data structure to initialize. + @param Priority EFI TPL is associated with the lock. + + @return The lock. + +**/ +EFI_LOCK * +InitializeLock ( + IN OUT EFI_LOCK *Lock, + IN EFI_TPL Priority + ); + +/** + Acquires lock only at boot time. Simply returns at runtime. + + This is a temperary function that will be removed when + EfiAcquireLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiAcquireLock() at boot time, and simply returns + at runtime. + + @param Lock A pointer to the lock to acquire. + +**/ +VOID +AcquireLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ); + +/** + Releases lock only at boot time. Simply returns at runtime. + + This is a temperary function which will be removed when + EfiReleaseLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiReleaseLock() at boot time and simply returns + at runtime. + + @param Lock A pointer to the lock to release. + +**/ +VOID +ReleaseLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ); + +/** + Retrieve the FVB protocol interface by HANDLE. + + @param[in] FvBlockHandle The handle of FVB protocol that provides s= ervices for + reading, writing, and erasing the target b= lock. + @param[out] FvBlock The interface of FVB protocol + + @retval EFI_SUCCESS The interface information for the specifie= d protocol was returned. + @retval EFI_UNSUPPORTED The device does not support the FVB protoc= ol. + @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or= FvBlock is NULL. + +**/ +EFI_STATUS +GetFvbByHandle ( + IN EFI_HANDLE FvBlockHandle, + OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock + ); + +/** + Function returns an array of handles that support the FVB protocol + in a buffer allocated from pool. + + @param[out] NumberHandles The number of handles returned in Buffer. + @param[out] Buffer A pointer to the buffer to return the requ= ested + array of handles that support FVB protoco= l. + + @retval EFI_SUCCESS The array of handles was returned in Buffe= r, and the number of + handles in Buffer was returned in NumberHa= ndles. + @retval EFI_NOT_FOUND No FVB handle was found. + @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store t= he matching results. + @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL. + +**/ +EFI_STATUS +GetFvbCountAndBuffer ( + OUT UINTN *NumberHandles, + OUT EFI_HANDLE **Buffer + ); + +/** + Initializes variable store area for non-volatile and volatile variable. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + +**/ +EFI_STATUS +VariableCommonInitialize ( + VOID + ); + +/** + This function reclaims variable storage if free size is below the thresh= old. + +**/ +VOID +ReclaimForOS ( + VOID + ); + +/** + Get maximum variable size, covering both non-volatile and volatile varia= bles. + + @return Maximum variable size. + +**/ +UINTN +GetMaxVariableSize ( + VOID + ); + +/** + Initializes variable write service. + + @retval EFI_SUCCESS Function successfully executed. + @retval Others Fail to initialize the variable service. + +**/ +EFI_STATUS +VariableWriteServiceInitialize ( + VOID + ); + +/** + Retrieve the SMM Fault Tolerent Write protocol interface. + + @param[out] FtwProtocol The interface of SMM Ftw protocol + + @retval EFI_SUCCESS The SMM SAR protocol instance was found an= d returned in SarProtocol. + @retval EFI_NOT_FOUND The SMM SAR protocol instance was not foun= d. + @retval EFI_INVALID_PARAMETER SarProtocol is NULL. + +**/ +EFI_STATUS +GetFtwProtocol ( + OUT VOID **FtwProtocol + ); + +/** + Get the proper fvb handle and/or fvb protocol by the given Flash address. + + @param[in] Address The Flash address. + @param[out] FvbHandle In output, if it is not NULL, it points to the= proper FVB handle. + @param[out] FvbProtocol In output, if it is not NULL, it points to the= proper FVB protocol. + +**/ +EFI_STATUS +GetFvbInfoByAddress ( + IN EFI_PHYSICAL_ADDRESS Address, + OUT EFI_HANDLE *FvbHandle OPTIONAL, + OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvbProtocol OPTIONAL + ); + +/** + + This code finds variable in storage blocks (Volatile or Non-Volatile). + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are exte= rnal input. + This function will do basic validation, before parse the data. + + @param VariableName Name of Variable to be found. + @param VendorGuid Variable vendor GUID. + @param Attributes Attribute value of the variable found. + @param DataSize Size of Data found. If size is less th= an the + data, this value contains the required= size. + @param Data The buffer to return the contents of t= he variable. May be NULL + with a zero DataSize in order to deter= mine the size buffer needed. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SUCCESS Find the specified variable. + @return EFI_NOT_FOUND Not found. + @return EFI_BUFFER_TO_SMALL DataSize is too small for the result. + +**/ +EFI_STATUS +EFIAPI +VariableServiceGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +/** + + This code Finds the Next available variable. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param VariableNameSize The size of the VariableName buffer. T= he size must be large + enough to fit input string supplied in= VariableName buffer. + @param VariableName Pointer to variable name. + @param VendorGuid Variable Vendor Guid. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The next variable was not found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for = the result. + VariableNameSize has been updated with= the size needed to complete the request. + @retval EFI_INVALID_PARAMETER VariableNameSize is NULL. + @retval EFI_INVALID_PARAMETER VariableName is NULL. + @retval EFI_INVALID_PARAMETER VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER The input values of VariableName and V= endorGuid are not a name and + GUID of an existing variable. + @retval EFI_INVALID_PARAMETER Null-terminator is not found in the fi= rst VariableNameSize bytes of + the input VariableName buffer. + +**/ +EFI_STATUS +EFIAPI +VariableServiceGetNextVariableName ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VendorGuid + ); + +/** + + This code sets variable in storage blocks (Volatile or Non-Volatile). + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are exte= rnal input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security = issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication byp= ass. + + @param VariableName Name of Variable to be found. + @param VendorGuid Variable vendor GUID. + @param Attributes Attribute value of the variable = found + @param DataSize Size of Data found. If size is l= ess than the + data, this value contains the re= quired size. + @param Data Data pointer. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SUCCESS Set successfully. + @return EFI_OUT_OF_RESOURCES Resource not enough to set varia= ble. + @return EFI_NOT_FOUND Not found. + @return EFI_WRITE_PROTECTED Variable is read-only. + +**/ +EFI_STATUS +EFIAPI +VariableServiceSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ); + +/** + + This code returns information about the EFI variables. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param Attributes Attributes bitmask to specify the = type of variables + on which to return information. + @param MaximumVariableStorageSize Pointer to the maximum size of the= storage space available + for the EFI variables associated w= ith the attributes specified. + @param RemainingVariableStorageSize Pointer to the remaining size of t= he storage space available + for EFI variables associated with = the attributes specified. + @param MaximumVariableSize Pointer to the maximum size of an = individual EFI variables + associated with the attributes spe= cified. + + @return EFI_SUCCESS Query successfully. + +**/ +EFI_STATUS +EFIAPI +VariableServiceQueryVariableInfoInternal ( + IN UINT32 Attributes, + OUT UINT64 *MaximumVariableStorageSize, + OUT UINT64 *RemainingVariableStorageSize, + OUT UINT64 *MaximumVariableSize + ); + +/** + + This code returns information about the EFI variables. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param Attributes Attributes bitmask to specify the = type of variables + on which to return information. + @param MaximumVariableStorageSize Pointer to the maximum size of the= storage space available + for the EFI variables associated w= ith the attributes specified. + @param RemainingVariableStorageSize Pointer to the remaining size of t= he storage space available + for EFI variables associated with = the attributes specified. + @param MaximumVariableSize Pointer to the maximum size of an = individual EFI variables + associated with the attributes spe= cified. + + @return EFI_INVALID_PARAMETER An invalid combination of attribut= e bits was supplied. + @return EFI_SUCCESS Query successfully. + @return EFI_UNSUPPORTED The attribute is not supported on = this platform. + +**/ +EFI_STATUS +EFIAPI +VariableServiceQueryVariableInfo ( + IN UINT32 Attributes, + OUT UINT64 *MaximumVariableStorageSize, + OUT UINT64 *RemainingVariableStorageSize, + OUT UINT64 *MaximumVariableSize + ); + +/** + Mark a variable that will become read-only after leaving the DXE phase o= f execution. + + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be mad= e read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made = read-only subsequently. + + @retval EFI_SUCCESS The variable specified by the VariableName= and the VendorGuid was marked + as pending to be read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the l= ock request. +**/ +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ); + +/** + Register SetVariable check handler. + + @param[in] Handler Pointer to check handler. + + @retval EFI_SUCCESS The SetVariable check handler was register= ed successfully. + @retval EFI_INVALID_PARAMETER Handler is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVa= riable check handler register request. + @retval EFI_UNSUPPORTED This interface is not implemented. + For example, it is unsupported in VarCheck= protocol if both VarCheck and SmmVarCheck protocols are present. + +**/ +EFI_STATUS +EFIAPI +VarCheckRegisterSetVariableCheckHandler ( + IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler + ); + +/** + Variable property set. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[in] VariableProperty Pointer to the input variable property. + + @retval EFI_SUCCESS The property of variable specified by the = Name and Guid was set successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or= Name is an empty string, + or the fields of VariableProperty are not = valid. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the varia= ble property set request. + +**/ +EFI_STATUS +EFIAPI +VarCheckVariablePropertySet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ); + +/** + Variable property get. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[out] VariableProperty Pointer to the output variable property. + + @retval EFI_SUCCESS The property of variable specified by the = Name and Guid was got successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or= Name is an empty string. + @retval EFI_NOT_FOUND The property of variable specified by the = Name and Guid was not found. + +**/ +EFI_STATUS +EFIAPI +VarCheckVariablePropertyGet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ); + +/** + Initialize variable quota. + +**/ +VOID +InitializeVariableQuota ( + VOID + ); + +extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal; +extern EFI_FIRMWARE_VOLUME_HEADER *mNvFvHeaderCache; +extern VARIABLE_STORE_HEADER *mNvVariableCache; +extern VARIABLE_INFO_ENTRY *gVariableInfo; +extern BOOLEAN mEndOfDxe; +extern VAR_CHECK_REQUEST_SOURCE mRequestSource; + +extern AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut; + +/** + Finds variable in storage blocks of volatile and non-volatile storage ar= eas. + + This code finds variable in storage blocks of volatile and non-volatile = storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Variable vendor GUID to be found. + @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structur= e for + output of the variable found. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, + while VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +EFIAPI +VariableExLibFindVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT AUTH_VARIABLE_INFO *AuthVariableInfo + ); + +/** + Finds next variable in storage blocks of volatile and non-volatile stora= ge areas. + + This code finds next variable in storage blocks of volatile and non-vola= tile storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Variable vendor GUID to be found. + @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structur= e for + output of the next variable. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, + while VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +EFIAPI +VariableExLibFindNextVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT AUTH_VARIABLE_INFO *AuthVariableInfo + ); + +/** + Update the variable region with Variable information. + + @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure f= or + input of the variable. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +EFI_STATUS +EFIAPI +VariableExLibUpdateVariable ( + IN AUTH_VARIABLE_INFO *AuthVariableInfo + ); + +/** + Get scratch buffer. + + @param[in, out] ScratchBufferSize Scratch buffer size. If input size is = greater than + the maximum supported buffer size, thi= s value contains + the maximum supported buffer size as o= utput. + @param[out] ScratchBuffer Pointer to scratch buffer address. + + @retval EFI_SUCCESS Get scratch buffer successfully. + @retval EFI_UNSUPPORTED If input size is greater than the maximum supp= orted buffer size. + +**/ +EFI_STATUS +EFIAPI +VariableExLibGetScratchBuffer ( + IN OUT UINTN *ScratchBufferSize, + OUT VOID **ScratchBuffer + ); + +/** + This function is to check if the remaining variable space is enough to s= et + all Variables from argument list successfully. The purpose of the check + is to keep the consistency of the Variables to be in variable storage. + + Note: Variables are assumed to be in same storage. + The set sequence of Variables will be same with the sequence of Variable= Entry from argument list, + so follow the argument sequence to check the Variables. + + @param[in] Attributes Variable attributes for Variable entries. + @param ... The variable argument list with type VARIA= BLE_ENTRY_CONSISTENCY *. + A NULL terminates the list. The VariableSi= ze of + VARIABLE_ENTRY_CONSISTENCY is the variable= data size as input. + It will be changed to variable total size = as output. + + @retval TRUE Have enough variable space to set the Vari= ables successfully. + @retval FALSE No enough variable space to set the Variab= les successfully. + +**/ +BOOLEAN +EFIAPI +VariableExLibCheckRemainingSpaceForConsistency ( + IN UINT32 Attributes, + ... + ); + +/** + Return TRUE if at OS runtime. + + @retval TRUE If at OS runtime. + @retval FALSE If at boot time. + +**/ +BOOLEAN +EFIAPI +VariableExLibAtRuntime ( + VOID + ); + +/** + Is user variable? + + @param[in] Variable Pointer to variable header. + + @retval TRUE User variable. + @retval FALSE System variable. + +**/ +BOOLEAN +IsUserVariable ( + IN VARIABLE_HEADER *Variable + ); + +/** + + Variable store garbage collection and reclaim operation. + + @param[in] VariableBase Base address of variable store. + @param[out] LastVariableOffset Offset of last variable. + @param[in] IsVolatile The variable store is volatile o= r not; + if it is non-volatile, need FTW. + @param[in, out] UpdatingPtrTrack Pointer to updating variable poi= nter track structure. + @param[in] NewVariable Pointer to new variable. + @param[in] NewVariableSize New variable size. + + @return EFI_SUCCESS Reclaim operation has finished succ= essfully. + @return EFI_OUT_OF_RESOURCES No enough memory resources or varia= ble space. + @return Others Unexpect error happened during recl= aim operation. + +**/ +EFI_STATUS +Reclaim ( + IN EFI_PHYSICAL_ADDRESS VariableBase, + OUT UINTN *LastVariableOffset, + IN BOOLEAN IsVolatile, + IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack, + IN VARIABLE_HEADER *NewVariable, + IN UINTN NewVariableSize + ); + +/** + + This function writes data to the FWH at the correct LBA even if the LBAs + are fragmented. + + @param Global Pointer to VARIABLE_GLOBAL structure. + @param Volatile Point out the Variable is Volatile or Non= -Volatile. + @param SetByIndex TRUE if target pointer is given as index. + FALSE if target pointer is absolute. + @param Fvb Pointer to the writable FVB protocol. + @param DataPtrIndex Pointer to the Data from the end of VARIA= BLE_STORE_HEADER + structure. + @param DataSize Size of data to be written. + @param Buffer Pointer to the buffer from which data is = written. + + @retval EFI_INVALID_PARAMETER Parameters not valid. + @retval EFI_UNSUPPORTED Fvb is a NULL for Non-Volatile variable u= pdate. + @retval EFI_OUT_OF_RESOURCES The remaining size is not enough. + @retval EFI_SUCCESS Variable store successfully updated. + +**/ +EFI_STATUS +UpdateVariableStore ( + IN VARIABLE_GLOBAL *Global, + IN BOOLEAN Volatile, + IN BOOLEAN SetByIndex, + IN EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb, + IN UINTN DataPtrIndex, + IN UINT32 DataSize, + IN UINT8 *Buffer + ); + +/** + Update partial data of a variable on NV storage and/or cached copy. + + @param[in] VariableInfo Pointer to a variable with detailed informatio= n. + @param[in] Offset Offset to write from. + @param[in] Size Size of data Buffer to update. + @param[in] Buffer Pointer to data buffer to update. + + @retval EFI_SUCCESS The variable data was updated successful= ly. + @retval EFI_UNSUPPORTED If this function is called directly in r= untime. + @retval EFI_INVALID_PARAMETER If VariableInfo, Buffer or Size are not = valid. + @retval Others Failed to update NV storage or variable = cache. + +**/ +EFI_STATUS +EFIAPI +VariableExLibUpdateNvVariable ( + IN PROTECTED_VARIABLE_INFO *VariableInfo, + IN UINTN Offset, + IN UINT32 Size, + IN UINT8 *Buffer + ); + +/** + Finds the given variable in a variable store in SMM. + + Caution: This function may receive untrusted input. + The data size is external input, so this function will validate it caref= ully to avoid buffer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[out] Attributes Attribute value of the variable found. + @param[in, out] DataSize Size of Data found. If size is less t= han the + data, this value contains the require= d size. + @param[out] Data Data pointer. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_NOT_FOUND The specified variable could not be f= ound. + +**/ +EFI_STATUS +EFIAPI +FindVariableInSmm ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableN= onVolatile.h b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variabl= eNonVolatile.h new file mode 100644 index 000000000000..a84db4877c13 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVolat= ile.h @@ -0,0 +1,67 @@ +/** @file + Common variable non-volatile store routines. + +Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef VARIABLE_NON_VOLATILE_H_ +#define VARIABLE_NON_VOLATILE_H_ + +#include "Variable.h" + +/** + Get non-volatile maximum variable size. + + @return Non-volatile maximum variable size. + +**/ +UINTN +GetNonVolatileMaxVariableSize ( + VOID + ); + +/** + Init emulated non-volatile variable store. + + @param[out] VariableStoreBase Output pointer to emulated non-volatile va= riable store base. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + +**/ +EFI_STATUS +InitEmuNonVolatileVariableStore ( + EFI_PHYSICAL_ADDRESS *VariableStoreBase + ); + +/** + Init real non-volatile variable store. + + @param[out] VariableStoreBase Output pointer to real non-volatile variab= le store base. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + @retval EFI_VOLUME_CORRUPTED Variable Store or Firmware Volume for Vari= able Store is corrupted. + +**/ +EFI_STATUS +InitRealNonVolatileVariableStore ( + OUT EFI_PHYSICAL_ADDRESS *VariableStoreBase + ); + +/** + Init non-volatile variable store. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + @retval EFI_VOLUME_CORRUPTED Variable Store or Firmware Volume for Vari= able Store is corrupted. + +**/ +EFI_STATUS +InitNonVolatileVariableStore ( + VOID + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableP= arsing.h b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePar= sing.h new file mode 100644 index 000000000000..5b040e00982f --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing.h @@ -0,0 +1,424 @@ +/** @file + Functions in this module are associated with variable parsing operations= and + are intended to be usable across variable driver source files. + +Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef VARIABLE_PARSING_H_ +#define VARIABLE_PARSING_H_ + +#include +#include "Variable.h" + +/** + + This code checks if variable header is valid or not. + + @param[in] Variable Pointer to the Variable Header. + @param[in] VariableStoreEnd Pointer to the Variable Store End. + @param[in] AuthFormat Auth-variable indicator. + + @retval TRUE Variable header is valid. + @retval FALSE Variable header is not valid. + +**/ +BOOLEAN +IsValidVariableHeader ( + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableStoreEnd, + IN BOOLEAN AuthFormat + ); + +/** + + This code gets the current status of Variable Store. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @retval EfiRaw Variable store status is raw. + @retval EfiValid Variable store status is valid. + @retval EfiInvalid Variable store status is invalid. + +**/ +VARIABLE_STORE_STATUS +GetVariableStoreStatus ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + +/** + This code gets the size of variable header. + + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + + @return Size of variable header in bytes in type UINTN. + +**/ +UINTN +GetVariableHeaderSize ( + IN BOOLEAN AuthFormat + ); + +/** + + This code gets the size of name of variable. + + @param[in] Variable Pointer to the variable header. + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + + @return UINTN Size of variable in bytes. + +**/ +UINTN +NameSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + This code sets the size of name of variable. + + @param[in] Variable Pointer to the Variable Header. + @param[in] NameSize Name size to set. + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + +**/ +VOID +SetNameSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN UINTN NameSize, + IN BOOLEAN AuthFormat + ); + +/** + + This code gets the size of variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + + @return Size of variable in bytes. + +**/ +UINTN +DataSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + This code sets the size of variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] DataSize Data size to set. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not us= ed. + +**/ +VOID +SetDataSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN UINTN DataSize, + IN BOOLEAN AuthFormat + ); + +/** + + This code gets the pointer to the variable name. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Pointer to Variable Name which is Unicode encoding. + +**/ +CHAR16 * +GetVariableNamePtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + This code gets the pointer to the variable guid. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return A EFI_GUID* pointer to Vendor Guid. + +**/ +EFI_GUID * +GetVendorGuidPtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + + This code gets the pointer to the variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Pointer to Variable Data. + +**/ +UINT8 * +GetVariableDataPtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + This code gets the variable data offset related to variable header. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Variable Data offset. + +**/ +UINTN +GetVariableDataOffset ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + Get variable data payload. + + @param[in] Variable Pointer to the Variable Header. + @param[out] Data Pointer to buffer used to store the variabl= e data. + @param[in] DataSize Size of buffer passed by Data. + @param[out] DataSize Size of data copied into Data buffer. + @param[in] AuthFlag Auth-variable indicator. + + @return EFI_SUCCESS Data was fetched. + @return EFI_INVALID_PARAMETER DataSize is NULL. + @return EFI_BUFFER_TOO_SMALL DataSize is smaller than size of variabl= e data. + +**/ +EFI_STATUS +GetVariableData ( + IN VARIABLE_HEADER *Variable, + IN OUT VOID *Data, + IN OUT UINT32 *DataSize, + IN BOOLEAN AuthFlag + ); + +/** + + This code gets the pointer to the next variable header. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Pointer to next variable header. + +**/ +VARIABLE_HEADER * +GetNextVariablePtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ); + +/** + + Gets the pointer to the first variable header in given variable store ar= ea. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the first variable header. + +**/ +VARIABLE_HEADER * +GetStartPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + +/** + + Gets the pointer to the end of the variable storage area. + + This function gets pointer to the end of the variable storage + area, according to the input variable store header. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the end of the variable storage area. + +**/ +VARIABLE_HEADER * +GetEndPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ); + +/** + Compare two EFI_TIME data. + + + @param[in] FirstTime A pointer to the first EFI_TIME data. + @param[in] SecondTime A pointer to the second EFI_TIME data. + + @retval TRUE The FirstTime is not later than the SecondTim= e. + @retval FALSE The FirstTime is later than the SecondTime. + +**/ +BOOLEAN +VariableCompareTimeStampInternal ( + IN EFI_TIME *FirstTime, + IN EFI_TIME *SecondTime + ); + +/** + Find the variable in the specified variable store. + + @param[in] VariableName Name of the variable to be found + @param[in] VendorGuid Vendor GUID to be found. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS = attribute + check at runtime when searching var= iable. + @param[in, out] PtrTrack Variable Track Pointer structure th= at contains Variable Information. + @param[in] AuthFormat TRUE indicates authenticated variab= les are used. + FALSE indicates authenticated varia= bles are not used. + + @retval EFI_SUCCESS Variable found successfully + @retval EFI_NOT_FOUND Variable not found +**/ +EFI_STATUS +FindVariableEx ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN BOOLEAN IgnoreRtCheck, + IN OUT VARIABLE_POINTER_TRACK *PtrTrack, + IN BOOLEAN AuthFormat + ); + +/** + This code finds the next available variable. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param[in] VariableName Pointer to variable name. + @param[in] VendorGuid Variable Vendor Guid. + @param[in] VariableStoreList A list of variable stores that should be u= sed to get the next variable. + The maximum number of entries is the max v= alue of VARIABLE_STORE_TYPE. + @param[out] VariablePtr Pointer to variable header address. + @param[in] AuthFormat TRUE indicates authenticated variables are= used. + FALSE indicates authenticated variables ar= e not used. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The next variable was not found. + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, wh= ile VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER The input values of VariableName and Vendo= rGuid are not a name and + GUID of an existing variable. + +**/ +EFI_STATUS +EFIAPI +VariableServiceGetNextVariableInternal ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VARIABLE_STORE_HEADER **VariableStoreList, + OUT VARIABLE_HEADER **VariablePtr, + IN BOOLEAN AuthFormat + ); + +/** + Routine used to track statistical information about variable usage. + The data is stored in the EFI system table so it can be accessed later. + VariableInfo.efi can dump out the table. Only Boot Services variable + accesses are tracked by this code. The PcdVariableCollectStatistics + build flag controls if this feature is enabled. + + A read that hits in the cache will have Read and Cache true for + the transaction. Data is allocated by this routine, but never + freed. + + @param[in] VariableName Name of the Variable to track. + @param[in] VendorGuid Guid of the Variable to track. + @param[in] Volatile TRUE if volatile FALSE if non-volatile. + @param[in] Read TRUE if GetVariable() was called. + @param[in] Write TRUE if SetVariable() was called. + @param[in] Delete TRUE if deleted via SetVariable(). + @param[in] Cache TRUE for a cache hit. + @param[in,out] VariableInfo Pointer to a pointer of VARIABLE_INFO_ENT= RY structures. + +**/ +VOID +UpdateVariableInfo ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN BOOLEAN Volatile, + IN BOOLEAN Read, + IN BOOLEAN Write, + IN BOOLEAN Delete, + IN BOOLEAN Cache, + IN OUT VARIABLE_INFO_ENTRY **VariableInfo + ); + +/** + + Retrieve details of the variable next to given variable within VariableS= tore. + + If VariableInfo->StoreIndex is invalid, the first one in VariableStore i= s returned. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo or VariableStore is NULL. + @retval EFI_NOT_FOUND If the end of VariableStore is reached. + @retval EFI_SUCCESS The next variable is retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetNextVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ); + +/** + + Retrieve details about a variable and return them in VariableInfo->Heade= r. + + If VariableInfo->Buffer is given, this function will calculate its offset + relative to given variable storage via VariableStore; Otherwise, it will= try + other internal variable storages or cached copies. It's assumed that, fo= r all + copies of NV variable storage, all variables are stored in the same rela= tive + position. If VariableInfo->Buffer is found in the range of any storage c= opies, + its offset relative to that storage should be the same in other copies. + + If VariableInfo->Offset is given (non-zero) but not VariableInfo->Buffer, + this function will return the variable memory address inside VariableSto= re, + if given, via VariableInfo->Address; Otherwise, the address of other sto= rage + copies will be returned, if any. + + For a new variable whose offset has not been determined, a value of -1 as + VariableInfo->Offset should be passed to skip the offset calculation. + + @param VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL or both VariableInfo= ->Address + and VariableInfo->Offset are NULL (0). + @retval EFI_NOT_FOUND If given Address or Offset is out of rang= e of + any given or internal storage copies. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableR= untimeCache.h b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variab= leRuntimeCache.h new file mode 100644 index 000000000000..77dbce0f907c --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeC= ache.h @@ -0,0 +1,51 @@ +/** @file + The common variable volatile store routines shared by the DXE_RUNTIME va= riable + module and the DXE_SMM variable module. + +Copyright (c) 2019-2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef VARIABLE_RUNTIME_CACHE_H_ +#define VARIABLE_RUNTIME_CACHE_H_ + +#include "Variable.h" + +/** + Copies any pending updates to runtime variable caches. + + @retval EFI_UNSUPPORTED The volatile store to be updated is not = initialized properly. + @retval EFI_SUCCESS The volatile store was updated successfu= lly. + +**/ +EFI_STATUS +FlushPendingRuntimeVariableCacheUpdates ( + VOID + ); + +/** + Synchronizes the runtime variable caches with all pending updates outsid= e runtime. + + Ensures all conditions are met to maintain coherency for runtime cache u= pdates. This function will attempt + to write the given update (and any other pending updates) if the ReadLoc= k is available. Otherwise, the + update is added as a pending update for the given variable store and it = will be flushed to the runtime cache + at the next opportunity the ReadLock is available. + + @param[in] VariableRuntimeCache Variable runtime cache structure for the= runtime cache being synchronized. + @param[in] Offset Offset in bytes to apply the update. + @param[in] Length Length of data in bytes of the update. + + @retval EFI_SUCCESS The update was added as a pending update= successfully. If the variable runtime + cache ReadLock was available, the runtim= e cache was updated successfully. + @retval EFI_UNSUPPORTED The volatile store to be updated is not = initialized properly. + +**/ +EFI_STATUS +SynchronizeRuntimeVariableCache ( + IN VARIABLE_RUNTIME_CACHE *VariableRuntimeCache, + IN UINTN Offset, + IN UINTN Length + ); + +#endif diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measureme= nt.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c new file mode 100644 index 000000000000..c15cce97165d --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Measurement.c @@ -0,0 +1,343 @@ +/** @file + Measure TCG required variable. + +Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "PrivilegePolymorphic.h" + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; +} VARIABLE_TYPE; + +VARIABLE_TYPE mVariableType[] =3D { + { EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid }, + { EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid }, + { EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid }, + { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid }, + { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid }, + { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid }, +}; + +// +// "SecureBoot" may update following PK Del/Add +// Cache its value to detect value update +// +UINT8 *mSecureBootVarData =3D NULL; +UINTN mSecureBootVarDataSize =3D 0; + +/** + This function will return if this variable is SecureBootPolicy Variable. + + @param[in] VariableName A Null-terminated string that is the name = of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + + @retval TRUE This is SecureBootPolicy Variable + @retval FALSE This is not SecureBootPolicy Variable +**/ +BOOLEAN +IsSecureBootPolicyVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + UINTN Index; + + for (Index =3D 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0= ]); Index++) { + if ((StrCmp (VariableName, mVariableType[Index].VariableName) =3D=3D 0= ) && + (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) + { + return TRUE; + } + } + + return FALSE; +} + +/** + Measure and log an EFI variable, and extend the measurement result into = a specific PCR. + + @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureVariable ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize + ) +{ + EFI_STATUS Status; + UINTN VarNameLength; + UEFI_VARIABLE_DATA *VarLog; + UINT32 VarLogSize; + + ASSERT ((VarSize =3D=3D 0 && VarData =3D=3D NULL) || (VarSize !=3D 0 && = VarData !=3D NULL)); + + VarNameLength =3D StrLen (VarName); + VarLogSize =3D (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*V= arName) + VarSize + - sizeof (VarLog->UnicodeName) - sizeof (VarLog= ->VariableData)); + + VarLog =3D (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize); + if (VarLog =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName= )); + VarLog->UnicodeNameLength =3D VarNameLength; + VarLog->VariableDataLength =3D VarSize; + CopyMem ( + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); + if (VarSize !=3D 0) { + CopyMem ( + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); + } + + DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, EventType -= %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_DRIVER_CONFIG)); + DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, Ve= ndorGuid)); + + Status =3D TpmMeasureAndLogData ( + 7, + EV_EFI_VARIABLE_DRIVER_CONFIG, + VarLog, + VarLogSize, + VarLog, + VarLogSize + ); + FreePool (VarLog); + return Status; +} + +/** + Returns the status whether get the variable success. The function retrie= ves + variable through the UEFI Runtime Service GetVariable(). The + returned buffer is allocated using AllocatePool(). The caller is respon= sible + for freeing this buffer with FreePool(). + + This API is only invoked in boot time. It may NOT be invoked at runtime. + + @param[in] Name The pointer to a Null-terminated Unicode string. + @param[in] Guid The pointer to an EFI_GUID structure + @param[out] Value The buffer point saved the variable info. + @param[out] Size The buffer size of the variable. + + @return EFI_OUT_OF_RESOURCES Allocate buffer failed. + @return EFI_SUCCESS Find the specified variable. + @return Others Errors Return errors from call to gRT->GetVar= iable. + +**/ +EFI_STATUS +InternalGetVariable ( + IN CONST CHAR16 *Name, + IN CONST EFI_GUID *Guid, + OUT VOID **Value, + OUT UINTN *Size + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + + // + // Try to get the variable size. + // + BufferSize =3D 0; + *Value =3D NULL; + if (Size !=3D NULL) { + *Size =3D 0; + } + + Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu= fferSize, *Value); + if (Status !=3D EFI_BUFFER_TOO_SMALL) { + return Status; + } + + // + // Allocate buffer to get the variable. + // + *Value =3D AllocatePool (BufferSize); + ASSERT (*Value !=3D NULL); + if (*Value =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Get the variable data. + // + Status =3D gRT->GetVariable ((CHAR16 *)Name, (EFI_GUID *)Guid, NULL, &Bu= fferSize, *Value); + if (EFI_ERROR (Status)) { + FreePool (*Value); + *Value =3D NULL; + } + + if (Size !=3D NULL) { + *Size =3D BufferSize; + } + + return Status; +} + +/** + SecureBoot Hook for SetVariable. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + +**/ +VOID +EFIAPI +SecureBootHook ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + UINTN VariableDataSize; + VOID *VariableData; + + if (!IsSecureBootPolicyVariable (VariableName, VendorGuid)) { + return; + } + + // + // We should NOT use Data and DataSize here,because it may include signa= ture, + // or is just partial with append attributes, or is deleted. + // We should GetVariable again, to get full variable content. + // + Status =3D InternalGetVariable ( + VariableName, + VendorGuid, + &VariableData, + &VariableDataSize + ); + if (EFI_ERROR (Status)) { + // + // Measure DBT only if present and not empty + // + if ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) =3D=3D 0) && + CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) + { + DEBUG ((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n= ", EFI_IMAGE_SECURITY_DATABASE2)); + return; + } else { + VariableData =3D NULL; + VariableDataSize =3D 0; + } + } + + Status =3D MeasureVariable ( + VariableName, + VendorGuid, + VariableData, + VariableDataSize + ); + DEBUG ((DEBUG_INFO, "MeasureBootPolicyVariable - %r\n", Status)); + + if (VariableData !=3D NULL) { + FreePool (VariableData); + } + + // + // "SecureBoot" is 8bit & read-only. It can only be changed according to= PK update + // + if ((StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) =3D=3D 0) && + CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)) + { + Status =3D InternalGetVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + &VariableData, + &VariableDataSize + ); + if (EFI_ERROR (Status)) { + return; + } + + // + // If PK update is successful. "SecureBoot" shall always exist ever si= nce variable write service is ready + // + ASSERT (mSecureBootVarData !=3D NULL); + + if (CompareMem (mSecureBootVarData, VariableData, VariableDataSize) != =3D 0) { + FreePool (mSecureBootVarData); + mSecureBootVarData =3D VariableData; + mSecureBootVarDataSize =3D VariableDataSize; + + DEBUG ((DEBUG_INFO, "%s variable updated according to PK change. Rem= easure the value!\n", EFI_SECURE_BOOT_MODE_NAME)); + Status =3D MeasureVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + mSecureBootVarData, + mSecureBootVarDataSize + ); + DEBUG ((DEBUG_INFO, "MeasureBootPolicyVariable - %r\n", Status)); + } else { + // + // "SecureBoot" variable is not changed + // + FreePool (VariableData); + } + } + + return; +} + +/** + Some Secure Boot Policy Variable may update following other variable cha= nges(SecureBoot follows PK change, etc). + Record their initial State when variable write service is ready. + +**/ +VOID +EFIAPI +RecordSecureBootPolicyVarData ( + VOID + ) +{ + EFI_STATUS Status; + + // + // Record initial "SecureBoot" variable value. + // It is used to detect SecureBoot variable change in SecureBootHook. + // + Status =3D InternalGetVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + (VOID **)&mSecureBootVarData, + &mSecureBootVarDataSize + ); + if (EFI_ERROR (Status)) { + // + // Read could fail when Auth Variable solution is not supported + // + DEBUG ((DEBUG_INFO, "RecordSecureBootPolicyVarData GetVariable %s Stat= us %x\n", EFI_SECURE_BOOT_MODE_NAME, Status)); + } +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c= b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c new file mode 100644 index 000000000000..a5b7f8a1fbe2 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Reclaim.c @@ -0,0 +1,504 @@ +/** @file + Handles non-volatile variable store garbage collection, using FTW + (Fault Tolerant Write) protocol. + +Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" +#include "VariableNonVolatile.h" +#include "VariableParsing.h" +#include "VariableRuntimeCache.h" + +/** + Gets LBA of block and offset by given address. + + This function gets the Logical Block Address (LBA) of a firmware + volume block containing the given address, and the offset of the + address on the block. + + @param Address Address which should be contained + by returned FVB handle. + @param Lba Pointer to LBA for output. + @param Offset Pointer to offset for output. + + @retval EFI_SUCCESS LBA and offset successfully returned. + @retval EFI_NOT_FOUND Fail to find FVB handle by address. + @retval EFI_ABORTED Fail to find valid LBA and offset. + +**/ +EFI_STATUS +GetLbaAndOffsetByAddress ( + IN EFI_PHYSICAL_ADDRESS Address, + OUT EFI_LBA *Lba, + OUT UINTN *Offset + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS FvbBaseAddress; + EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb; + EFI_FIRMWARE_VOLUME_HEADER *FwVolHeader; + EFI_FV_BLOCK_MAP_ENTRY *FvbMapEntry; + UINT32 LbaIndex; + + Fvb =3D NULL; + *Lba =3D (EFI_LBA)(-1); + *Offset =3D 0; + + // + // Get the proper FVB protocol. + // + Status =3D GetFvbInfoByAddress (Address, NULL, &Fvb); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Get the Base Address of FV. + // + Status =3D Fvb->GetPhysicalAddress (Fvb, &FvbBaseAddress); + if (EFI_ERROR (Status)) { + return Status; + } + + FwVolHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)((UINTN)FvbBaseAddress); + + // + // Get the (LBA, Offset) of Address. + // + if ((FwVolHeader->FvLength) > (FwVolHeader->HeaderLength)) { + // + // BUGBUG: Assume one FV has one type of BlockLength. + // + FvbMapEntry =3D &FwVolHeader->BlockMap[0]; + for (LbaIndex =3D 1; LbaIndex <=3D FvbMapEntry->NumBlocks; LbaIndex += =3D 1) { + if (Address < (FvbBaseAddress + FvbMapEntry->Length * LbaIndex)) { + // + // Found the (Lba, Offset). + // + *Lba =3D LbaIndex - 1; + *Offset =3D (UINTN)(Address - (FvbBaseAddress + FvbMapEntry->Lengt= h * (LbaIndex - 1))); + return EFI_SUCCESS; + } + } + } + + return EFI_ABORTED; +} + +/** + Writes a buffer to variable storage space, in the working block. + + This function writes a buffer to variable storage space into a firmware + volume block device. The destination is specified by parameter + VariableBase. Fault Tolerant Write protocol is used for writing. + + @param VariableBase Base address of variable to write + @param VariableBuffer Point to the variable data buffer. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND Fail to locate Fault Tolerant Write protocol. + @retval EFI_ABORTED The function could not complete successfully. + +**/ +EFI_STATUS +FtwVariableSpace ( + IN EFI_PHYSICAL_ADDRESS VariableBase, + IN VARIABLE_STORE_HEADER *VariableBuffer + ) +{ + EFI_STATUS Status; + EFI_HANDLE FvbHandle; + EFI_LBA VarLba; + UINTN VarOffset; + UINTN FtwBufferSize; + EFI_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol; + + // + // Locate fault tolerant write protocol. + // + Status =3D GetFtwProtocol ((VOID **)&FtwProtocol); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + + // + // Locate Fvb handle by address. + // + Status =3D GetFvbInfoByAddress (VariableBase, &FvbHandle, NULL); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Get LBA and Offset by address. + // + Status =3D GetLbaAndOffsetByAddress (VariableBase, &VarLba, &VarOffset); + if (EFI_ERROR (Status)) { + return EFI_ABORTED; + } + + FtwBufferSize =3D ((VARIABLE_STORE_HEADER *)((UINTN)VariableBase))->Size; + ASSERT (FtwBufferSize =3D=3D VariableBuffer->Size); + + // + // FTW write record. + // + Status =3D FtwProtocol->Write ( + FtwProtocol, + VarLba, // LBA + VarOffset, // Offset + FtwBufferSize, // NumBytes + NULL, // PrivateData NULL + FvbHandle, // Fvb Handle + (VOID *)VariableBuffer // write buffer + ); + + return Status; +} + +/** + + Variable store garbage collection and reclaim operation. + + @param[in] VariableBase Base address of variable store. + @param[out] LastVariableOffset Offset of last variable. + @param[in] IsVolatile The variable store is volatile o= r not; + if it is non-volatile, need FTW. + @param[in, out] UpdatingPtrTrack Pointer to updating variable poi= nter track structure. + @param[in] NewVariable Pointer to new variable. + @param[in] NewVariableSize New variable size. + + @return EFI_SUCCESS Reclaim operation has finished succ= essfully. + @return EFI_OUT_OF_RESOURCES No enough memory resources or varia= ble space. + @return Others Unexpect error happened during recl= aim operation. + +**/ +EFI_STATUS +Reclaim ( + IN EFI_PHYSICAL_ADDRESS VariableBase, + OUT UINTN *LastVariableOffset, + IN BOOLEAN IsVolatile, + IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack, + IN VARIABLE_HEADER *NewVariable, + IN UINTN NewVariableSize + ) +{ + VARIABLE_HEADER *Variable; + VARIABLE_HEADER *AddedVariable; + VARIABLE_HEADER *NextVariable; + VARIABLE_HEADER *NextAddedVariable; + VARIABLE_STORE_HEADER *VariableStoreHeader; + UINT8 *ValidBuffer; + UINTN MaximumBufferSize; + UINTN VariableSize; + UINTN NameSize; + UINT8 *CurrPtr; + VOID *Point0; + VOID *Point1; + BOOLEAN FoundAdded; + EFI_STATUS Status; + EFI_STATUS DoneStatus; + UINTN CommonVariableTotalSize; + UINTN CommonUserVariableTotalSize; + UINTN HwErrVariableTotalSize; + VARIABLE_HEADER *UpdatingVariable; + VARIABLE_HEADER *UpdatingInDeletedTransition; + BOOLEAN AuthFormat; + + AuthFormat =3D mVariableModuleGlobal->VariableGlobal.Au= thFormat; + UpdatingVariable =3D NULL; + UpdatingInDeletedTransition =3D NULL; + if (UpdatingPtrTrack !=3D NULL) { + UpdatingVariable =3D UpdatingPtrTrack->CurrPtr; + UpdatingInDeletedTransition =3D UpdatingPtrTrack->InDeletedTransitionP= tr; + } + + VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)((UINTN)VariableBase); + + CommonVariableTotalSize =3D 0; + CommonUserVariableTotalSize =3D 0; + HwErrVariableTotalSize =3D 0; + + if (IsVolatile || mVariableModuleGlobal->VariableGlobal.EmuNvMode) { + // + // Start Pointers for the variable. + // + Variable =3D GetStartPointer (VariableStoreHeader); + MaximumBufferSize =3D sizeof (VARIABLE_STORE_HEADER); + + while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHe= ader), AuthFormat)) { + NextVariable =3D GetNextVariablePtr (Variable, AuthFormat); + if (((Variable->State =3D=3D VAR_ADDED) || (Variable->State =3D=3D (= VAR_IN_DELETED_TRANSITION & VAR_ADDED))) && + (Variable !=3D UpdatingVariable) && + (Variable !=3D UpdatingInDeletedTransition) + ) + { + VariableSize =3D (UINTN)NextVariable - (UINTN)Variable; + MaximumBufferSize +=3D VariableSize; + } + + Variable =3D NextVariable; + } + + if (NewVariable !=3D NULL) { + // + // Add the new variable size. + // + MaximumBufferSize +=3D NewVariableSize; + } + + // + // Reserve the 1 Bytes with Oxff to identify the + // end of the variable buffer. + // + MaximumBufferSize +=3D 1; + ValidBuffer =3D AllocatePool (MaximumBufferSize); + if (ValidBuffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // For NV variable reclaim, don't allocate pool here and just use mNvV= ariableCache + // as the buffer to reduce SMRAM consumption for SMM variable driver. + // + MaximumBufferSize =3D mNvVariableCache->Size; + ValidBuffer =3D (UINT8 *)mNvVariableCache; + } + + SetMem (ValidBuffer, MaximumBufferSize, 0xff); + + // + // Copy variable store header. + // + CopyMem (ValidBuffer, VariableStoreHeader, sizeof (VARIABLE_STORE_HEADER= )); + CurrPtr =3D (UINT8 *)GetStartPointer ((VARIABLE_STORE_HEADER *)ValidBuff= er); + + // + // Reinstall all ADDED variables as long as they are not identical to Up= dating Variable. + // + Variable =3D GetStartPointer (VariableStoreHeader); + while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHead= er), AuthFormat)) { + NextVariable =3D GetNextVariablePtr (Variable, AuthFormat); + if ((Variable !=3D UpdatingVariable) && (Variable->State =3D=3D VAR_AD= DED)) { + VariableSize =3D (UINTN)NextVariable - (UINTN)Variable; + CopyMem (CurrPtr, (UINT8 *)Variable, VariableSize); + if (!IsVolatile) { + (VOID)ProtectedVariableLibRefresh ( + (VARIABLE_HEADER *)CurrPtr, + VariableSize, + (UINTN)CurrPtr - (UINTN)ValidBuffer, + FALSE + ); + + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) + =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) + { + HwErrVariableTotalSize +=3D VariableSize; + } else { + CommonVariableTotalSize +=3D VariableSize; + if (IsUserVariable (Variable)) { + CommonUserVariableTotalSize +=3D VariableSize; + } + } + } + + CurrPtr +=3D VariableSize; + } + + Variable =3D NextVariable; + } + + // + // Reinstall all in delete transition variables. + // + Variable =3D GetStartPointer (VariableStoreHeader); + while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHead= er), AuthFormat)) { + NextVariable =3D GetNextVariablePtr (Variable, AuthFormat); + if ((Variable !=3D UpdatingVariable) && (Variable !=3D UpdatingInDelet= edTransition) && (Variable->State =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_A= DDED)) && + (ProtectedVariableLibIsHmac (GetVariableNamePtr (Variable, AuthFor= mat)) =3D=3D FALSE)) + { + FoundAdded =3D FALSE; + AddedVariable =3D GetStartPointer ((VARIABLE_STORE_HEADER *)ValidBuf= fer); + while (IsValidVariableHeader (AddedVariable, GetEndPointer ((VARIABL= E_STORE_HEADER *)ValidBuffer), AuthFormat)) { + NextAddedVariable =3D GetNextVariablePtr (AddedVariable, AuthForma= t); + NameSize =3D NameSizeOfVariable (AddedVariable, AuthForma= t); + if (CompareGuid ( + GetVendorGuidPtr (AddedVariable, AuthFormat), + GetVendorGuidPtr (Variable, AuthFormat) + ) && (NameSize =3D=3D NameSizeOfVariable (Variable, AuthForm= at))) + { + Point0 =3D (VOID *)GetVariableNamePtr (AddedVariable, AuthFormat= ); + Point1 =3D (VOID *)GetVariableNamePtr (Variable, AuthFormat); + if (CompareMem (Point0, Point1, NameSize) =3D=3D 0) { + FoundAdded =3D TRUE; + break; + } + } + + AddedVariable =3D NextAddedVariable; + } + + if (!FoundAdded) { + // + // Promote VAR_IN_DELETED_TRANSITION to VAR_ADDED. + // + VariableSize =3D (UINTN)NextVariable - (UINTN)Variable; + CopyMem (CurrPtr, (UINT8 *)Variable, VariableSize); + ((VARIABLE_HEADER *)CurrPtr)->State =3D VAR_ADDED; + if (!IsVolatile) { + (VOID)ProtectedVariableLibRefresh ( + (VARIABLE_HEADER *)CurrPtr, + VariableSize, + (UINTN)CurrPtr - (UINTN)ValidBuffer, + FALSE + ); + + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) + =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) + { + HwErrVariableTotalSize +=3D VariableSize; + } else { + CommonVariableTotalSize +=3D VariableSize; + if (IsUserVariable (Variable)) { + CommonUserVariableTotalSize +=3D VariableSize; + } + } + } + + CurrPtr +=3D VariableSize; + } + } + + Variable =3D NextVariable; + } + + // + // Install the new variable if it is not NULL. + // + if (NewVariable !=3D NULL) { + if (((UINTN)CurrPtr - (UINTN)ValidBuffer) + NewVariableSize > Variable= StoreHeader->Size) { + // + // No enough space to store the new variable. + // + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + + if (!IsVolatile) { + if ((NewVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) = =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + HwErrVariableTotalSize +=3D NewVariableSize; + } else if ((NewVariable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RE= CORD) !=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + CommonVariableTotalSize +=3D NewVariableSize; + if (IsUserVariable (NewVariable)) { + CommonUserVariableTotalSize +=3D NewVariableSize; + } + } + + if ((HwErrVariableTotalSize > PcdGet32 (PcdHwErrStorageSize)) || + (CommonVariableTotalSize > mVariableModuleGlobal->CommonVariable= Space) || + (CommonUserVariableTotalSize > mVariableModuleGlobal->CommonMaxU= serVariableSpace)) + { + // + // No enough space to store the new variable by NV or NV+HR attrib= ute. + // + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + } + + CopyMem (CurrPtr, (UINT8 *)NewVariable, NewVariableSize); + ((VARIABLE_HEADER *)CurrPtr)->State =3D VAR_ADDED; + if (UpdatingVariable !=3D NULL) { + UpdatingPtrTrack->CurrPtr =3D (VARIABLE_HEADER *)((UI= NTN)UpdatingPtrTrack->StartPtr + ((UINTN)CurrPtr - (UINTN)GetStartPointer (= (VARIABLE_STORE_HEADER *)ValidBuffer))); + UpdatingPtrTrack->InDeletedTransitionPtr =3D NULL; + } + + CurrPtr +=3D NewVariableSize; + } + + if (IsVolatile || mVariableModuleGlobal->VariableGlobal.EmuNvMode) { + // + // If volatile/emulated non-volatile variable store, just copy valid b= uffer. + // + SetMem ((UINT8 *)(UINTN)VariableBase, VariableStoreHeader->Size, 0xff); + CopyMem ((UINT8 *)(UINTN)VariableBase, ValidBuffer, (UINTN)CurrPtr - (= UINTN)ValidBuffer); + *LastVariableOffset =3D (UINTN)CurrPtr - (UINTN)ValidBuffer; + if (!IsVolatile) { + // + // Emulated non-volatile variable mode. + // + mVariableModuleGlobal->HwErrVariableTotalSize =3D HwErrVariable= TotalSize; + mVariableModuleGlobal->CommonVariableTotalSize =3D CommonVariabl= eTotalSize; + mVariableModuleGlobal->CommonUserVariableTotalSize =3D CommonUserVar= iableTotalSize; + } + + Status =3D EFI_SUCCESS; + } else { + // + // If non-volatile variable store, perform FTW here. + // + Status =3D FtwVariableSpace ( + VariableBase, + (VARIABLE_STORE_HEADER *)ValidBuffer + ); + if (!EFI_ERROR (Status)) { + *LastVariableOffset =3D (UINTN)CurrPt= r - (UINTN)ValidBuffer; + mVariableModuleGlobal->HwErrVariableTotalSize =3D HwErrVariable= TotalSize; + mVariableModuleGlobal->CommonVariableTotalSize =3D CommonVariabl= eTotalSize; + mVariableModuleGlobal->CommonUserVariableTotalSize =3D CommonUserVar= iableTotalSize; + } else { + mVariableModuleGlobal->HwErrVariableTotalSize =3D 0; + mVariableModuleGlobal->CommonVariableTotalSize =3D 0; + mVariableModuleGlobal->CommonUserVariableTotalSize =3D 0; + Variable =3D GetStartPoint= er ((VARIABLE_STORE_HEADER *)(UINTN)VariableBase); + while (IsValidVariableHeader (Variable, GetEndPointer ((VARIABLE_STO= RE_HEADER *)(UINTN)VariableBase), AuthFormat)) { + NextVariable =3D GetNextVariablePtr (Variable, AuthFormat); + VariableSize =3D (UINTN)NextVariable - (UINTN)Variable; + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) = =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + mVariableModuleGlobal->HwErrVariableTotalSize +=3D VariableSize; + } else if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_REC= ORD) !=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + mVariableModuleGlobal->CommonVariableTotalSize +=3D VariableSize; + if (IsUserVariable (Variable)) { + mVariableModuleGlobal->CommonUserVariableTotalSize +=3D Variab= leSize; + } + } + + Variable =3D NextVariable; + } + + *LastVariableOffset =3D (UINTN)Variable - (UINTN)VariableBase; + } + } + +Done: + DoneStatus =3D EFI_SUCCESS; + if (IsVolatile || mVariableModuleGlobal->VariableGlobal.EmuNvMode) { + DoneStatus =3D SynchronizeRuntimeVariableCache ( + &mVariableModuleGlobal->VariableGlobal.VariableRuntimeC= acheContext.VariableRuntimeVolatileCache, + 0, + VariableStoreHeader->Size + ); + ASSERT_EFI_ERROR (DoneStatus); + FreePool (ValidBuffer); + } else { + // + // For NV variable reclaim, we use mNvVariableCache as the buffer, so = copy the data back. + // + CopyMem (mNvVariableCache, (UINT8 *)(UINTN)VariableBase, VariableStore= Header->Size); + DoneStatus =3D SynchronizeRuntimeVariableCache ( + &mVariableModuleGlobal->VariableGlobal.VariableRuntimeC= acheContext.VariableRuntimeNvCache, + 0, + VariableStoreHeader->Size + ); + ASSERT_EFI_ERROR (DoneStatus); + } + + if (!EFI_ERROR (Status) && EFI_ERROR (DoneStatus)) { + Status =3D DoneStatus; + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDx= eUnitTest/VariableLockRequestToLockUnitTest.c b/MdeModulePkg/Universal/Vari= able/Protected/RuntimeDxe/RuntimeDxeUnitTest/VariableLockRequestToLockUnitT= est.c new file mode 100644 index 000000000000..b2bcb97932ba --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUnitTe= st/VariableLockRequestToLockUnitTest.c @@ -0,0 +1,607 @@ +/** @file + This is a host-based unit test for the VariableLockRequestToLock shim. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#define UNIT_TEST_NAME "VarPol/VarLock Shim Unit Test" +#define UNIT_TEST_VERSION "1.0" + +/// =3D=3D=3D CODE UNDER TEST =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ); + +/// =3D=3D=3D TEST DATA =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +// +// Test GUID 1 {F955BA2D-4A2C-480C-BFD1-3CC522610592} +// +EFI_GUID mTestGuid1 =3D { + 0xf955ba2d, 0x4a2c, 0x480c, { 0xbf, 0xd1, 0x3c, 0xc5, 0x22, 0x61, 0x5, 0= x92 } +}; + +// +// Test GUID 2 {2DEA799E-5E73-43B9-870E-C945CE82AF3A} +// +EFI_GUID mTestGuid2 =3D { + 0x2dea799e, 0x5e73, 0x43b9, { 0x87, 0xe, 0xc9, 0x45, 0xce, 0x82, 0xaf, 0= x3a } +}; + +// +// Test GUID 3 {698A2BFD-A616-482D-B88C-7100BD6682A9} +// +EFI_GUID mTestGuid3 =3D { + 0x698a2bfd, 0xa616, 0x482d, { 0xb8, 0x8c, 0x71, 0x0, 0xbd, 0x66, 0x82, 0= xa9 } +}; + +#define TEST_VAR_1_NAME L"TestVar1" +#define TEST_VAR_2_NAME L"TestVar2" +#define TEST_VAR_3_NAME L"TestVar3" + +#define TEST_POLICY_ATTRIBUTES_NULL 0 +#define TEST_POLICY_MIN_SIZE_NULL 0 +#define TEST_POLICY_MAX_SIZE_NULL MAX_UINT32 + +#define TEST_POLICY_MIN_SIZE_10 10 +#define TEST_POLICY_MAX_SIZE_200 200 + +/// =3D=3D=3D HELPER FUNCTIONS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Mocked version of GetVariable, for testing. + + @param VariableName + @param VendorGuid + @param Attributes + @param DataSize + @param Data +**/ +EFI_STATUS +EFIAPI +StubGetVariableNull ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + UINT32 MockedAttr; + UINTN MockedDataSize; + VOID *MockedData; + EFI_STATUS MockedReturn; + + check_expected_ptr (VariableName); + check_expected_ptr (VendorGuid); + check_expected_ptr (DataSize); + + MockedAttr =3D (UINT32)mock (); + MockedDataSize =3D (UINTN)mock (); + MockedData =3D (VOID *)(UINTN)mock (); + MockedReturn =3D (EFI_STATUS)mock (); + + if (Attributes !=3D NULL) { + *Attributes =3D MockedAttr; + } + + if ((Data !=3D NULL) && !EFI_ERROR (MockedReturn)) { + CopyMem (Data, MockedData, MockedDataSize); + } + + *DataSize =3D MockedDataSize; + + return MockedReturn; +} + +// +// Anything you think might be helpful that isn't a test itself. +// + +/** + This is a common setup function that will ensure the library is always + initialized with the stubbed GetVariable. + + Not used by all test cases, but by most. + + @param[in] Context Unit test case context +**/ +STATIC +UNIT_TEST_STATUS +EFIAPI +LibInitMocked ( + IN UNIT_TEST_CONTEXT Context + ) +{ + return EFI_ERROR (InitVariablePolicyLib (StubGetVariableNull)) ? UNIT_TE= ST_ERROR_PREREQUISITE_NOT_MET : UNIT_TEST_PASSED; +} + +/** + Common cleanup function to make sure that the library is always de-initi= alized + prior to the next test case. + + @param[in] Context Unit test case context +**/ +STATIC +VOID +EFIAPI +LibCleanup ( + IN UNIT_TEST_CONTEXT Context + ) +{ + DeinitVariablePolicyLib (); +} + +/// =3D=3D=3D TEST CASES =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/// =3D=3D=3D=3D=3D SHIM SUITE =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +/** + Test Case that locks a single variable using the Variable Lock Protocol. + The call is expected to succeed. + + @param[in] Context Unit test case context +**/ +UNIT_TEST_STATUS +EFIAPI +LockingWithoutAnyPoliciesShouldSucceed ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Test Case that locks the same variable twice using the Variable Lock Pro= tocol. + Both calls are expected to succeed. + + @param[in] Context Unit test case context + **/ +UNIT_TEST_STATUS +EFIAPI +LockingTwiceShouldSucceed ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + return UNIT_TEST_PASSED; +} + +/** + Test Case that locks a variable using the Variable Policy Protocol then = locks + the same variable using the Variable Lock Protocol. + Both calls are expected to succeed. + + @param[in] Context Unit test case context + **/ +UNIT_TEST_STATUS +EFIAPI +LockingALockedVariableShouldSucceed ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewEntry; + + // + // Create a variable policy that locks the variable. + // + Status =3D CreateBasicVariablePolicy ( + &mTestGuid1, + TEST_VAR_1_NAME, + TEST_POLICY_MIN_SIZE_NULL, + TEST_POLICY_MAX_SIZE_200, + TEST_POLICY_ATTRIBUTES_NULL, + TEST_POLICY_ATTRIBUTES_NULL, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewEntry + ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // + // Register the new policy. + // + Status =3D RegisterVariablePolicy (NewEntry); + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + FreePool (NewEntry); + + return UNIT_TEST_PASSED; +} + +/** + Test Case that locks a variable using the Variable Policy Protocol with a + policy other than LOCK_NOW then attempts to lock the same variable using= the + Variable Lock Protocol. The call to Variable Policy is expected to succ= eed + and the call to Variable Lock is expected to fail. + + @param[in] Context Unit test case context + **/ +UNIT_TEST_STATUS +EFIAPI +LockingAnUnlockedVariableShouldFail ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewEntry; + + // Create a variable policy that locks the variable. + Status =3D CreateVarStateVariablePolicy ( + &mTestGuid1, + TEST_VAR_1_NAME, + TEST_POLICY_MIN_SIZE_NULL, + TEST_POLICY_MAX_SIZE_200, + TEST_POLICY_ATTRIBUTES_NULL, + TEST_POLICY_ATTRIBUTES_NULL, + &mTestGuid2, + 1, + TEST_VAR_2_NAME, + &NewEntry + ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // Register the new policy. + Status =3D RegisterVariablePolicy (NewEntry); + + // Configure the stub to not care about parameters. We're testing errors. + expect_any_always (StubGetVariableNull, VariableName); + expect_any_always (StubGetVariableNull, VendorGuid); + expect_any_always (StubGetVariableNull, DataSize); + + // With a policy, make sure that writes still work, since the variable d= oesn't exist. + will_return (StubGetVariableNull, TEST_POLICY_ATTRIBUTES_NULL); // A= ttributes + will_return (StubGetVariableNull, 0); // S= ize + will_return (StubGetVariableNull, (UINTN)NULL); // D= ataPtr + will_return (StubGetVariableNull, EFI_NOT_FOUND); // S= tatus + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_TRUE (EFI_ERROR (Status)); + + FreePool (NewEntry); + + return UNIT_TEST_PASSED; +} + +/** + Test Case that locks a variable using the Variable Policy Protocol with a + policy other than LOCK_NOW, but is currently locked. Then attempts to l= ock + the same variable using the Variable Lock Protocol. The call to Variable + Policy is expected to succeed and the call to Variable Lock also expecte= d to + succeed. + + @param[in] Context Unit test case context + **/ +UNIT_TEST_STATUS +EFIAPI +LockingALockedVariableWithMatchingDataShouldSucceed ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewEntry; + UINT8 Data; + + // Create a variable policy that locks the variable. + Status =3D CreateVarStateVariablePolicy ( + &mTestGuid1, + TEST_VAR_1_NAME, + TEST_POLICY_MIN_SIZE_NULL, + TEST_POLICY_MAX_SIZE_200, + TEST_POLICY_ATTRIBUTES_NULL, + TEST_POLICY_ATTRIBUTES_NULL, + &mTestGuid2, + 1, + TEST_VAR_2_NAME, + &NewEntry + ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // Register the new policy. + Status =3D RegisterVariablePolicy (NewEntry); + + // Configure the stub to not care about parameters. We're testing errors. + expect_any_always (StubGetVariableNull, VariableName); + expect_any_always (StubGetVariableNull, VendorGuid); + expect_any_always (StubGetVariableNull, DataSize); + + // With a policy, make sure that writes still work, since the variable d= oesn't exist. + Data =3D 1; + will_return (StubGetVariableNull, TEST_POLICY_ATTRIBUTES_NULL); // A= ttributes + will_return (StubGetVariableNull, sizeof (Data)); // S= ize + will_return (StubGetVariableNull, (UINTN)&Data); // D= ataPtr + will_return (StubGetVariableNull, EFI_SUCCESS); // S= tatus + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_TRUE (!EFI_ERROR (Status)); + + FreePool (NewEntry); + + return UNIT_TEST_PASSED; +} + +/** + Test Case that locks a variable using the Variable Policy Protocol with a + policy other than LOCK_NOW, but variable data does not match. Then atte= mpts + to lock the same variable using the Variable Lock Protocol. The call to + Variable Policy is expected to succeed and the call to Variable Lock is + expected to fail. + + @param[in] Context Unit test case context + **/ +UNIT_TEST_STATUS +EFIAPI +LockingALockedVariableWithNonMatchingDataShouldFail ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewEntry; + UINT8 Data; + + // Create a variable policy that locks the variable. + Status =3D CreateVarStateVariablePolicy ( + &mTestGuid1, + TEST_VAR_1_NAME, + TEST_POLICY_MIN_SIZE_NULL, + TEST_POLICY_MAX_SIZE_200, + TEST_POLICY_ATTRIBUTES_NULL, + TEST_POLICY_ATTRIBUTES_NULL, + &mTestGuid2, + 1, + TEST_VAR_2_NAME, + &NewEntry + ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // Register the new policy. + Status =3D RegisterVariablePolicy (NewEntry); + + // Configure the stub to not care about parameters. We're testing errors. + expect_any_always (StubGetVariableNull, VariableName); + expect_any_always (StubGetVariableNull, VendorGuid); + expect_any_always (StubGetVariableNull, DataSize); + + // With a policy, make sure that writes still work, since the variable d= oesn't exist. + Data =3D 2; + will_return (StubGetVariableNull, TEST_POLICY_ATTRIBUTES_NULL); // A= ttributes + will_return (StubGetVariableNull, sizeof (Data)); // S= ize + will_return (StubGetVariableNull, (UINTN)&Data); // D= ataPtr + will_return (StubGetVariableNull, EFI_SUCCESS); // S= tatus + + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_TRUE (EFI_ERROR (Status)); + + FreePool (NewEntry); + + return UNIT_TEST_PASSED; +} + +/** + Test Case that locks a variable using Variable Lock Protocol Policy Prot= ocol + then and then attempts to lock the same variable using the Variable Poli= cy + Protocol. The call to Variable Lock is expected to succeed and the call= to + Variable Policy is expected to fail. + + @param[in] Context Unit test case context + **/ +UNIT_TEST_STATUS +EFIAPI +SettingPolicyForALockedVariableShouldFail ( + IN UNIT_TEST_CONTEXT Context + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewEntry; + + // Lock the variable. + Status =3D VariableLockRequestToLock (NULL, TEST_VAR_1_NAME, &mTestGuid1= ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // Create a variable policy that locks the variable. + Status =3D CreateVarStateVariablePolicy ( + &mTestGuid1, + TEST_VAR_1_NAME, + TEST_POLICY_MIN_SIZE_NULL, + TEST_POLICY_MAX_SIZE_200, + TEST_POLICY_ATTRIBUTES_NULL, + TEST_POLICY_ATTRIBUTES_NULL, + &mTestGuid2, + 1, + TEST_VAR_2_NAME, + &NewEntry + ); + UT_ASSERT_NOT_EFI_ERROR (Status); + + // Register the new policy. + Status =3D RegisterVariablePolicy (NewEntry); + UT_ASSERT_TRUE (EFI_ERROR (Status)); + + FreePool (NewEntry); + + return UNIT_TEST_PASSED; +} + +/** + Main entry point to this unit test application. + + Sets up and runs the test suites. +**/ +VOID +EFIAPI +UnitTestMain ( + VOID + ) +{ + EFI_STATUS Status; + UNIT_TEST_FRAMEWORK_HANDLE Framework; + UNIT_TEST_SUITE_HANDLE ShimTests; + + Framework =3D NULL; + + DEBUG ((DEBUG_INFO, "%a v%a\n", UNIT_TEST_NAME, UNIT_TEST_VERSION)); + + // + // Start setting up the test framework for running the tests. + // + Status =3D InitUnitTestFramework (&Framework, UNIT_TEST_NAME, gEfiCaller= BaseName, UNIT_TEST_VERSION); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status =3D %r\n= ", Status)); + goto EXIT; + } + + // + // Add all test suites and tests. + // + Status =3D CreateUnitTestSuite ( + &ShimTests, + Framework, + "Variable Lock Shim Tests", + "VarPolicy.VarLockShim", + NULL, + NULL + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for ShimTests\n")); + Status =3D EFI_OUT_OF_RESOURCES; + goto EXIT; + } + + AddTestCase ( + ShimTests, + "Locking a variable with no matching policies should always work", + "EmptyPolicies", + LockingWithoutAnyPoliciesShouldSucceed, + LibInitMocked, + LibCleanup, + NULL + ); + AddTestCase ( + ShimTests, + "Locking a variable twice should always work", + "DoubleLock", + LockingTwiceShouldSucceed, + LibInitMocked, + LibCleanup, + NULL + ); + AddTestCase ( + ShimTests, + "Locking a variable that's already locked by another policy should wor= k", + "LockAfterPolicy", + LockingALockedVariableShouldSucceed, + LibInitMocked, + LibCleanup, + NULL + ); + AddTestCase ( + ShimTests, + "Locking a variable that already has an unlocked policy should fail", + "LockAfterUnlockedPolicy", + LockingAnUnlockedVariableShouldFail, + LibInitMocked, + LibCleanup, + NULL + ); + AddTestCase ( + ShimTests, + "Locking a variable that already has an locked policy should succeed", + "LockAfterLockedPolicyMatchingData", + LockingALockedVariableWithMatchingDataShouldSucceed, + LibInitMocked, + LibCleanup, + NULL + ); + AddTestCase ( + ShimTests, + "Locking a variable that already has an locked policy with matching da= ta should succeed", + "LockAfterLockedPolicyNonMatchingData", + LockingALockedVariableWithNonMatchingDataShouldFail, + LibInitMocked, + LibCleanup, + NULL + ); + AddTestCase ( + ShimTests, + "Adding a policy for a variable that has previously been locked should= always fail", + "SetPolicyAfterLock", + SettingPolicyForALockedVariableShouldFail, + LibInitMocked, + LibCleanup, + NULL + ); + + // + // Execute the tests. + // + Status =3D RunAllTestSuites (Framework); + +EXIT: + if (Framework !=3D NULL) { + FreeUnitTestFramework (Framework); + } + + return; +} + +/// +/// Avoid ECC error for function name that starts with lower case letter +/// +#define Main main + +/** + Standard POSIX C entry point for host based unit test execution. + + @param[in] Argc Number of arguments + @param[in] Argv Array of pointers to arguments + + @retval 0 Success + @retval other Error +**/ +INT32 +Main ( + IN INT32 Argc, + IN CHAR8 *Argv[] + ) +{ + UnitTestMain (); + return 0; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Speculati= onBarrierDxe.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Specu= lationBarrierDxe.c new file mode 100644 index 000000000000..b219ea9ec074 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBarri= erDxe.c @@ -0,0 +1,27 @@ +/** @file + Barrier to stop speculative execution (DXE version). + +Copyright (c) 2018, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" + +/** + This service is consumed by the variable modules to place a barrier to s= top + speculative execution. + + Ensures that no later instruction will execute speculatively, until all = prior + instructions have completed. + +**/ +VOID +VariableSpeculationBarrier ( + VOID + ) +{ + // + // Do nothing. + // +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Speculati= onBarrierSmm.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Specu= lationBarrierSmm.c new file mode 100644 index 000000000000..7107c042928e --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/SpeculationBarri= erSmm.c @@ -0,0 +1,26 @@ +/** @file + Barrier to stop speculative execution (SMM version). + +Copyright (c) 2018, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include "Variable.h" + +/** + This service is consumed by the variable modules to place a barrier to s= top + speculative execution. + + Ensures that no later instruction will execute speculatively, until all = prior + instructions have completed. + +**/ +VOID +VariableSpeculationBarrier ( + VOID + ) +{ + SpeculationBarrier (); +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLoc= kDxe.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe= .c new file mode 100644 index 000000000000..88984c31ab4f --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockDxe.c @@ -0,0 +1,153 @@ +/** @file + TCG MOR (Memory Overwrite Request) Lock Control support (DXE version). + + This module clears MemoryOverwriteRequestControlLock variable to indicate + MOR lock control unsupported. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include "Variable.h" + +#include +#include + +/** + This service is an MOR/MorLock checker handler for the SetVariable(). + + @param[in] VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param[in] VendorGuid Unify identifier for vendor. + @param[in] Attributes Attributes bitmask to set for the variable. + @param[in] DataSize The size in bytes of Data-Buffer. + @param[in] Data Point to the content of the variable. + + @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable + driver can store the variable data. + @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or + attributes is not allowed for MOR variab= le. + @retval EFI_ACCESS_DENIED The MOR/MorLock is locked. + @retval EFI_ALREADY_STARTED The MorLock variable is handled inside t= his + function. Variable driver can just return + EFI_SUCCESS. +**/ +EFI_STATUS +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + // + // Just let it pass. No need provide protection for DXE version. + // + return EFI_SUCCESS; +} + +/** + Initialization for MOR Control Lock. + + @retval EFI_SUCCESS MorLock initialization success. + @return Others Some error occurs. +**/ +EFI_STATUS +MorLockInit ( + VOID + ) +{ + // + // Always clear variable to report unsupported to OS. + // The reason is that the DXE version is not proper to provide *protecti= on*. + // BIOS should use SMM version variable driver to provide such capabilit= y. + // + VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + 0, // Attributes + 0, // DataSize + NULL // Data + ); + + // + // The MOR variable can effectively improve platform security only when = the + // MorLock variable protects the MOR variable. In turn MorLock cannot be= made + // secure without SMM support in the platform firmware (see above). + // + // Thus, delete the MOR variable, should it exist for any reason (some O= Ses + // are known to create MOR unintentionally, in an attempt to set it), th= en + // also lock the MOR variable, in order to prevent other modules from + // creating it. + // + VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + 0, // Attributes + 0, // DataSize + NULL // Data + ); + + return EFI_SUCCESS; +} + +/** + Delayed initialization for MOR Control Lock at EndOfDxe. + + This function performs any operations queued by MorLockInit(). +**/ +VOID +MorLockInitAtEndOfDxe ( + VOID + ) +{ + EFI_STATUS Status; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; + + // First, we obviously need to locate the VariablePolicy protocol. + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL,= (VOID **)&VariablePolicy); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Could not locate VariablePolicy protocol! %= r\n", __FUNCTION__, Status)); + return; + } + + // If we're successful, go ahead and set the policies to protect the tar= get variables. + Status =3D RegisterBasicVariablePolicy ( + VariablePolicy, + &gEfiMemoryOverwriteRequestControlLockGuid, + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTI= ON__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status)); + } + + Status =3D RegisterBasicVariablePolicy ( + VariablePolicy, + &gEfiMemoryOverwriteControlDataGuid, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Could not lock variable %s! %r\n", __FUNCTI= ON__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status)); + } + + return; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLoc= kSmm.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSmm= .c new file mode 100644 index 000000000000..296afd2ec414 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/TcgMorLockSmm.c @@ -0,0 +1,569 @@ +/** @file + TCG MOR (Memory Overwrite Request) Lock Control support (SMM version). + + This module initilizes MemoryOverwriteRequestControlLock variable. + This module adds Variable Hook and check MemoryOverwriteRequestControlLo= ck. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include "Variable.h" + +#include +#include +#include + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; +} VARIABLE_TYPE; + +VARIABLE_TYPE mMorVariableType[] =3D { + { MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteContro= lDataGuid }, + { MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteReques= tControlLockGuid }, +}; + +BOOLEAN mMorPassThru =3D FALSE; + +#define MOR_LOCK_DATA_UNLOCKED 0x0 +#define MOR_LOCK_DATA_LOCKED_WITHOUT_KEY 0x1 +#define MOR_LOCK_DATA_LOCKED_WITH_KEY 0x2 + +#define MOR_LOCK_V1_SIZE 1 +#define MOR_LOCK_V2_KEY_SIZE 8 + +typedef enum { + MorLockStateUnlocked =3D 0, + MorLockStateLocked =3D 1, +} MOR_LOCK_STATE; + +BOOLEAN mMorLockInitializationRequired =3D FALSE; +UINT8 mMorLockKey[MOR_LOCK_V2_KEY_SIZE]; +BOOLEAN mMorLockKeyEmpty =3D TRUE; +BOOLEAN mMorLockPassThru =3D FALSE; +MOR_LOCK_STATE mMorLockState =3D MorLockStateUnlocked; + +/** + Returns if this is MOR related variable. + + @param VariableName the name of the vendor's variable, it's a Null-Term= inated Unicode String + @param VendorGuid Unify identifier for vendor. + + @retval TRUE The variable is MOR related. + @retval FALSE The variable is NOT MOR related. +**/ +BOOLEAN +IsAnyMorVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + UINTN Index; + + for (Index =3D 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariable= Type[0]); Index++) { + if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) =3D= =3D 0) && + (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) + { + return TRUE; + } + } + + return FALSE; +} + +/** + Returns if this is MOR lock variable. + + @param VariableName the name of the vendor's variable, it's a Null-Term= inated Unicode String + @param VendorGuid Unify identifier for vendor. + + @retval TRUE The variable is MOR lock variable. + @retval FALSE The variable is NOT MOR lock variable. +**/ +BOOLEAN +IsMorLockVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) = =3D=3D 0) && + (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid= ))) + { + return TRUE; + } + + return FALSE; +} + +/** + Set MOR lock variable. + + @param Data MOR Lock variable data. + + @retval EFI_SUCCESS The firmware has successfully stored the= variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits= was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold = the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved due to a= hardware failure. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be delet= ed. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to= EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set but the AuthInfo does NOT pass the v= alidation check carried + out by the firmware. + @retval EFI_NOT_FOUND The variable trying to be updated or del= eted was not found. +**/ +EFI_STATUS +SetMorLockVariable ( + IN UINT8 Data + ) +{ + EFI_STATUS Status; + + mMorLockPassThru =3D TRUE; + Status =3D VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVIC= E_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (Data), + &Data + ); + mMorLockPassThru =3D FALSE; + return Status; +} + +/** + This service is an MorLock checker handler for the SetVariable(). + + @param VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes o= f variable. If the point + is NULL, the parameter would be ignored. + @param DataSize The size in bytes of Data-Buffer. + @param Data Point to the content of the variable. + + @retval EFI_SUCCESS The MorLock check pass, and Variable dri= ver can store the variable data. + @retval EFI_INVALID_PARAMETER The MorLock data or data size or attribu= tes is not allowed. + @retval EFI_ACCESS_DENIED The MorLock is locked. + @retval EFI_WRITE_PROTECTED The MorLock deletion is not allowed. + @retval EFI_ALREADY_STARTED The MorLock variable is handled inside t= his function. + Variable driver can just return EFI_SUCC= ESS. +**/ +EFI_STATUS +SetVariableCheckHandlerMorLock ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + EFI_STATUS Status; + + // + // Basic Check + // + if ((Attributes =3D=3D 0) || (DataSize =3D=3D 0) || (Data =3D=3D NULL)) { + // + // Permit deletion for passthru request, deny it otherwise. + // + return mMorLockPassThru ? EFI_SUCCESS : EFI_WRITE_PROTECTED; + } + + if ((Attributes !=3D (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVI= CE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)) || + ((DataSize !=3D MOR_LOCK_V1_SIZE) && (DataSize !=3D MOR_LOCK_V2_KEY_= SIZE))) + { + return EFI_INVALID_PARAMETER; + } + + // + // Do not check if the request is passthru. + // + if (mMorLockPassThru) { + return EFI_SUCCESS; + } + + if (mMorLockState =3D=3D MorLockStateUnlocked) { + // + // In Unlocked State + // + if (DataSize =3D=3D MOR_LOCK_V1_SIZE) { + // + // V1 - lock permanently + // + if (*(UINT8 *)Data =3D=3D MOR_LOCK_DATA_UNLOCKED) { + // + // Unlock + // + Status =3D SetMorLockVariable (MOR_LOCK_DATA_UNLOCKED); + if (!EFI_ERROR (Status)) { + // + // return EFI_ALREADY_STARTED to skip variable set. + // + return EFI_ALREADY_STARTED; + } else { + // + // SetVar fail + // + return Status; + } + } else if (*(UINT8 *)Data =3D=3D MOR_LOCK_DATA_LOCKED_WITHOUT_KEY) { + // + // Lock without key + // + Status =3D SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITHOUT_KEY); + if (!EFI_ERROR (Status)) { + // + // Lock success + // + mMorLockState =3D MorLockStateLocked; + // + // return EFI_ALREADY_STARTED to skip variable set. + // + return EFI_ALREADY_STARTED; + } else { + // + // SetVar fail + // + return Status; + } + } else { + return EFI_INVALID_PARAMETER; + } + } else if (DataSize =3D=3D MOR_LOCK_V2_KEY_SIZE) { + // + // V2 lock and provision the key + // + + // + // Need set here because the data value on flash is different + // + Status =3D SetMorLockVariable (MOR_LOCK_DATA_LOCKED_WITH_KEY); + if (EFI_ERROR (Status)) { + // + // SetVar fail, do not provision the key + // + return Status; + } else { + // + // Lock success, provision the key + // + mMorLockKeyEmpty =3D FALSE; + CopyMem (mMorLockKey, Data, MOR_LOCK_V2_KEY_SIZE); + mMorLockState =3D MorLockStateLocked; + // + // return EFI_ALREADY_STARTED to skip variable set. + // + return EFI_ALREADY_STARTED; + } + } else { + ASSERT (FALSE); + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // In Locked State + // + if (mMorLockKeyEmpty || (DataSize !=3D MOR_LOCK_V2_KEY_SIZE)) { + return EFI_ACCESS_DENIED; + } + + if ((CompareMem (Data, mMorLockKey, MOR_LOCK_V2_KEY_SIZE) =3D=3D 0)) { + // + // Key match - unlock + // + + // + // Need set here because the data value on flash is different + // + Status =3D SetMorLockVariable (MOR_LOCK_DATA_UNLOCKED); + if (EFI_ERROR (Status)) { + // + // SetVar fail + // + return Status; + } else { + // + // Unlock Success + // + mMorLockState =3D MorLockStateUnlocked; + mMorLockKeyEmpty =3D TRUE; + ZeroMem (mMorLockKey, sizeof (mMorLockKey)); + // + // return EFI_ALREADY_STARTED to skip variable set. + // + return EFI_ALREADY_STARTED; + } + } else { + // + // Key mismatch - Prevent Dictionary Attack + // + mMorLockState =3D MorLockStateLocked; + mMorLockKeyEmpty =3D TRUE; + ZeroMem (mMorLockKey, sizeof (mMorLockKey)); + return EFI_ACCESS_DENIED; + } + } +} + +/** + This service is an MOR/MorLock checker handler for the SetVariable(). + + @param[in] VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param[in] VendorGuid Unify identifier for vendor. + @param[in] Attributes Attributes bitmask to set for the variable. + @param[in] DataSize The size in bytes of Data-Buffer. + @param[in] Data Point to the content of the variable. + + @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable + driver can store the variable data. + @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or + attributes is not allowed for MOR variab= le. + @retval EFI_ACCESS_DENIED The MOR/MorLock is locked. + @retval EFI_ALREADY_STARTED The MorLock variable is handled inside t= his + function. Variable driver can just return + EFI_SUCCESS. +**/ +EFI_STATUS +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + // + // do not handle non-MOR variable + // + if (!IsAnyMorVariable (VariableName, VendorGuid)) { + return EFI_SUCCESS; + } + + // Permit deletion when policy is disabled. + if (!IsVariablePolicyEnabled () && ((Attributes =3D=3D 0) || (DataSize = =3D=3D 0))) { + return EFI_SUCCESS; + } + + // + // MorLock variable + // + if (IsMorLockVariable (VariableName, VendorGuid)) { + return SetVariableCheckHandlerMorLock ( + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + ); + } + + // + // Mor Variable + // + + // + // Permit deletion for passthru request. + // + if (((Attributes =3D=3D 0) || (DataSize =3D=3D 0)) && mMorPassThru) { + return EFI_SUCCESS; + } + + // + // Basic Check + // + if ((Attributes !=3D (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVI= CE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)) || + (DataSize !=3D sizeof (UINT8)) || + (Data =3D=3D NULL)) + { + return EFI_INVALID_PARAMETER; + } + + if (mMorLockState =3D=3D MorLockStateLocked) { + // + // If lock, deny access + // + return EFI_ACCESS_DENIED; + } + + // + // grant access + // + return EFI_SUCCESS; +} + +/** + Initialization for MOR Control Lock. + + @retval EFI_SUCCESS MorLock initialization success. + @return Others Some error occurs. +**/ +EFI_STATUS +MorLockInit ( + VOID + ) +{ + mMorLockInitializationRequired =3D TRUE; + return EFI_SUCCESS; +} + +/** + Delayed initialization for MOR Control Lock at EndOfDxe. + + This function performs any operations queued by MorLockInit(). +**/ +VOID +MorLockInitAtEndOfDxe ( + VOID + ) +{ + UINTN MorSize; + EFI_STATUS MorStatus; + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewPolicy; + + if (!mMorLockInitializationRequired) { + // + // The EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL has never been installed,= thus + // the variable write service is unavailable. This should never happen. + // + ASSERT (FALSE); + return; + } + + // + // Check if the MOR variable exists. + // + MorSize =3D 0; + MorStatus =3D VariableServiceGetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, // Attributes + &MorSize, + NULL // Data + ); + // + // We provided a zero-sized buffer, so the above call can never succeed. + // + ASSERT (EFI_ERROR (MorStatus)); + + if (MorStatus =3D=3D EFI_BUFFER_TOO_SMALL) { + // + // The MOR variable exists. + // + // Some OSes don't follow the TCG's Platform Reset Attack Mitigation s= pec + // in that the OS should never create the MOR variable, only read and = write + // it -- these OSes (unintentionally) create MOR if the platform firmw= are + // does not produce it. Whether this is the case (from the last OS boo= t) + // can be deduced from the absence of the TCG / TCG2 protocols, as edk= 2's + // MOR implementation depends on (one of) those protocols. + // + if (VariableHaveTcgProtocols ()) { + // + // The MOR variable originates from the platform firmware; set the M= OR + // Control Lock variable to report the locking capability to the OS. + // + SetMorLockVariable (0); + return; + } + + // + // The MOR variable's origin is inexplicable; delete it. + // + DEBUG (( + DEBUG_WARN, + "%a: deleting unexpected / unsupported variable %g:%s\n", + __FUNCTION__, + &gEfiMemoryOverwriteControlDataGuid, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME + )); + + mMorPassThru =3D TRUE; + VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + 0, // Attributes + 0, // DataSize + NULL // Data + ); + mMorPassThru =3D FALSE; + } + + // + // The MOR variable is absent; the platform firmware does not support it. + // Lock the variable so that no other module may create it. + // + NewPolicy =3D NULL; + Status =3D CreateBasicVariablePolicy ( + &gEfiMemoryOverwriteControlDataGuid, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy + ); + if (!EFI_ERROR (Status)) { + Status =3D RegisterVariablePolicy (NewPolicy); + } + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTI= ON__, MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, Status)); + ASSERT_EFI_ERROR (Status); + } + + if (NewPolicy !=3D NULL) { + FreePool (NewPolicy); + } + + // + // Delete the MOR Control Lock variable too (should it exists for some + // reason) and prevent other modules from creating it. + // + mMorLockPassThru =3D TRUE; + VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + 0, // Attributes + 0, // DataSize + NULL // Data + ); + mMorLockPassThru =3D FALSE; + + NewPolicy =3D NULL; + Status =3D CreateBasicVariablePolicy ( + &gEfiMemoryOverwriteRequestControlLockGuid, + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy + ); + if (!EFI_ERROR (Status)) { + Status =3D RegisterVariablePolicy (NewPolicy); + } + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTI= ON__, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, Status)); + ASSERT_EFI_ERROR (Status); + } + + if (NewPolicy !=3D NULL) { + FreePool (NewPolicy); + } +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.= c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c new file mode 100644 index 000000000000..a94b0b02ec15 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VarCheck.c @@ -0,0 +1,101 @@ +/** @file + Implementation functions and structures for var check protocol + and variable lock protocol based on VarCheckLib. + +Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" + +/** + Register SetVariable check handler. + + @param[in] Handler Pointer to check handler. + + @retval EFI_SUCCESS The SetVariable check handler was register= ed successfully. + @retval EFI_INVALID_PARAMETER Handler is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVa= riable check handler register request. + @retval EFI_UNSUPPORTED This interface is not implemented. + For example, it is unsupported in VarCheck= protocol if both VarCheck and SmmVarCheck protocols are present. + +**/ +EFI_STATUS +EFIAPI +VarCheckRegisterSetVariableCheckHandler ( + IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler + ) +{ + EFI_STATUS Status; + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + Status =3D VarCheckLibRegisterSetVariableCheckHandler (Handler); + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + return Status; +} + +/** + Variable property set. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[in] VariableProperty Pointer to the input variable property. + + @retval EFI_SUCCESS The property of variable specified by the = Name and Guid was set successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or= Name is an empty string, + or the fields of VariableProperty are not = valid. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the varia= ble property set request. + +**/ +EFI_STATUS +EFIAPI +VarCheckVariablePropertySet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ) +{ + EFI_STATUS Status; + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + Status =3D VarCheckLibVariablePropertySet (Name, Guid, VariableProperty); + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + return Status; +} + +/** + Variable property get. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[out] VariableProperty Pointer to the output variable property. + + @retval EFI_SUCCESS The property of variable specified by the = Name and Guid was got successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or= Name is an empty string. + @retval EFI_NOT_FOUND The property of variable specified by the = Name and Guid was not found. + +**/ +EFI_STATUS +EFIAPI +VarCheckVariablePropertyGet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ) +{ + EFI_STATUS Status; + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + Status =3D VarCheckLibVariablePropertyGet (Name, Guid, VariableProperty); + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.= c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c new file mode 100644 index 000000000000..19b432b772d7 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable.c @@ -0,0 +1,4037 @@ +/** @file + The common variable operation routines shared by DXE_RUNTIME variable + module and DXE_SMM variable module. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data. They may be input = in SMM mode. + This external input must be validated carefully to avoid security issue = like + buffer overflow, integer overflow. + + VariableServiceGetNextVariableName () and VariableServiceQueryVariableIn= fo() are external API. + They need check input parameter. + + VariableServiceGetVariable() and VariableServiceSetVariable() are extern= al API + to receive datasize and data buffer. The size should be checked carefull= y. + + VariableServiceSetVariable() should also check authenticate data to avoi= d buffer overflow, + integer overflow. It should also check attribute to avoid authentication= bypass. + +Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+(C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP
+Copyright (c) Microsoft Corporation.
+Copyright (c) 2022, ARM Limited. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" +#include "VariableNonVolatile.h" +#include "VariableParsing.h" +#include "VariableRuntimeCache.h" + +VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal =3D NULL; + +/// +/// Define a memory cache that improves the search performance for a varia= ble. +/// For EmuNvMode =3D=3D TRUE, it will be equal to NonVolatileVariableBase. +/// +VARIABLE_STORE_HEADER *mNvVariableCache =3D NULL; + +/// +/// Memory cache of Fv Header. +/// +EFI_FIRMWARE_VOLUME_HEADER *mNvFvHeaderCache =3D NULL; + +/// +/// The memory entry used for variable statistics data. +/// +VARIABLE_INFO_ENTRY *gVariableInfo =3D NULL; + +/// +/// The flag to indicate whether the platform has left the DXE phase of ex= ecution. +/// +BOOLEAN mEndOfDxe =3D FALSE; + +/// +/// It indicates the var check request source. +/// In the implementation, DXE is regarded as untrusted, and SMM is truste= d. +/// +VAR_CHECK_REQUEST_SOURCE mRequestSource =3D VarCheckFromUntrusted; + +// +// It will record the current boot error flag before EndOfDxe. +// +VAR_ERROR_FLAG mCurrentBootVarErrFlag =3D VAR_ERROR_FLAG_NO_ERROR; + +VARIABLE_ENTRY_PROPERTY mVariableEntryProperty[] =3D { + { + &gEdkiiVarErrorFlagGuid, + VAR_ERROR_FLAG_NAME, + { + VAR_CHECK_VARIABLE_PROPERTY_REVISION, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, + VARIABLE_ATTRIBUTE_NV_BS_RT, + sizeof (VAR_ERROR_FLAG), + sizeof (VAR_ERROR_FLAG) + } + }, +}; + +AUTH_VAR_LIB_CONTEXT_IN mAuthContextIn =3D { + AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION, + // + // StructSize, TO BE FILLED + // + 0, + // + // MaxAuthVariableSize, TO BE FILLED + // + 0, + VariableExLibFindVariable, + VariableExLibFindNextVariable, + VariableExLibUpdateVariable, + VariableExLibGetScratchBuffer, + VariableExLibCheckRemainingSpaceForConsistency, + VariableExLibAtRuntime, +}; + +AUTH_VAR_LIB_CONTEXT_OUT mAuthContextOut; + +/** + + This function writes data to the FWH at the correct LBA even if the LBAs + are fragmented. + + @param Global Pointer to VARAIBLE_GLOBAL structure. + @param Volatile Point out the Variable is Volatile or Non= -Volatile. + @param SetByIndex TRUE if target pointer is given as index. + FALSE if target pointer is absolute. + @param Fvb Pointer to the writable FVB protocol. + @param DataPtrIndex Pointer to the Data from the end of VARIA= BLE_STORE_HEADER + structure. + @param DataSize Size of data to be written. + @param Buffer Pointer to the buffer from which data is = written. + + @retval EFI_INVALID_PARAMETER Parameters not valid. + @retval EFI_UNSUPPORTED Fvb is a NULL for Non-Volatile variable u= pdate. + @retval EFI_OUT_OF_RESOURCES The remaining size is not enough. + @retval EFI_SUCCESS Variable store successfully updated. + +**/ +EFI_STATUS +UpdateVariableStore ( + IN VARIABLE_GLOBAL *Global, + IN BOOLEAN Volatile, + IN BOOLEAN SetByIndex, + IN EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb, + IN UINTN DataPtrIndex, + IN UINT32 DataSize, + IN UINT8 *Buffer + ) +{ + EFI_FV_BLOCK_MAP_ENTRY *PtrBlockMapEntry; + UINTN BlockIndex2; + UINTN LinearOffset; + UINTN CurrWriteSize; + UINTN CurrWritePtr; + UINT8 *CurrBuffer; + EFI_LBA LbaNumber; + UINTN Size; + VARIABLE_STORE_HEADER *VolatileBase; + EFI_PHYSICAL_ADDRESS FvVolHdr; + EFI_PHYSICAL_ADDRESS DataPtr; + EFI_STATUS Status; + + FvVolHdr =3D 0; + DataPtr =3D DataPtrIndex; + + // + // Check if the Data is Volatile. + // + if (!Volatile && !mVariableModuleGlobal->VariableGlobal.EmuNvMode) { + if (Fvb =3D=3D NULL) { + return EFI_UNSUPPORTED; + } + + Status =3D Fvb->GetPhysicalAddress (Fvb, &FvVolHdr); + ASSERT_EFI_ERROR (Status); + + // + // Data Pointer should point to the actual Address where data is to be + // written. + // + if (SetByIndex) { + DataPtr +=3D mVariableModuleGlobal->VariableGlobal.NonVolatileVariab= leBase; + } + + if ((DataPtr + DataSize) > (FvVolHdr + mNvFvHeaderCache->FvLength)) { + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // Data Pointer should point to the actual Address where data is to be + // written. + // + if (Volatile) { + VolatileBase =3D (VARIABLE_STORE_HEADER *)((UINTN)mVariableModuleGlo= bal->VariableGlobal.VolatileVariableBase); + if (SetByIndex) { + DataPtr +=3D mVariableModuleGlobal->VariableGlobal.VolatileVariabl= eBase; + } + + if ((DataPtr + DataSize) > ((UINTN)VolatileBase + VolatileBase->Size= )) { + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // Emulated non-volatile variable mode. + // + if (SetByIndex) { + DataPtr +=3D (UINTN)mNvVariableCache; + } + + if ((DataPtr + DataSize) > ((UINTN)mNvVariableCache + mNvVariableCac= he->Size)) { + return EFI_OUT_OF_RESOURCES; + } + } + + // + // If Volatile/Emulated Non-volatile Variable just do a simple mem cop= y. + // + CopyMem ((UINT8 *)(UINTN)DataPtr, Buffer, DataSize); + return EFI_SUCCESS; + } + + // + // If we are here we are dealing with Non-Volatile Variables. + // + LinearOffset =3D (UINTN)FvVolHdr; + CurrWritePtr =3D (UINTN)DataPtr; + CurrWriteSize =3D DataSize; + CurrBuffer =3D Buffer; + LbaNumber =3D 0; + + if (CurrWritePtr < LinearOffset) { + return EFI_INVALID_PARAMETER; + } + + for (PtrBlockMapEntry =3D mNvFvHeaderCache->BlockMap; PtrBlockMapEntry->= NumBlocks !=3D 0; PtrBlockMapEntry++) { + for (BlockIndex2 =3D 0; BlockIndex2 < PtrBlockMapEntry->NumBlocks; Blo= ckIndex2++) { + // + // Check to see if the Variable Writes are spanning through multiple + // blocks. + // + if ((CurrWritePtr >=3D LinearOffset) && (CurrWritePtr < LinearOffset= + PtrBlockMapEntry->Length)) { + if ((CurrWritePtr + CurrWriteSize) <=3D (LinearOffset + PtrBlockMa= pEntry->Length)) { + Status =3D Fvb->Write ( + Fvb, + LbaNumber, + (UINTN)(CurrWritePtr - LinearOffset), + &CurrWriteSize, + CurrBuffer + ); + return Status; + } else { + Size =3D (UINT32)(LinearOffset + PtrBlockMapEntry->Length - Cu= rrWritePtr); + Status =3D Fvb->Write ( + Fvb, + LbaNumber, + (UINTN)(CurrWritePtr - LinearOffset), + &Size, + CurrBuffer + ); + if (EFI_ERROR (Status)) { + return Status; + } + + CurrWritePtr =3D LinearOffset + PtrBlockMapEntry->Length; + CurrBuffer =3D CurrBuffer + Size; + CurrWriteSize =3D CurrWriteSize - Size; + } + } + + LinearOffset +=3D PtrBlockMapEntry->Length; + LbaNumber++; + } + } + + return EFI_SUCCESS; +} + +/** + Record variable error flag. + + @param[in] Flag Variable error flag to record. + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Attributes Attributes of the variable. + @param[in] VariableSize Size of the variable. + +**/ +VOID +RecordVarErrorFlag ( + IN VAR_ERROR_FLAG Flag, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN VariableSize + ) +{ + EFI_STATUS Status; + VARIABLE_POINTER_TRACK Variable; + VAR_ERROR_FLAG *VarErrFlag; + VAR_ERROR_FLAG TempFlag; + + DEBUG_CODE_BEGIN (); + DEBUG ((DEBUG_ERROR, "RecordVarErrorFlag (0x%02x) %s:%g - 0x%08x - 0x%x\= n", Flag, VariableName, VendorGuid, Attributes, VariableSize)); + if (Flag =3D=3D VAR_ERROR_FLAG_SYSTEM_ERROR) { + if (AtRuntime ()) { + DEBUG ((DEBUG_ERROR, "CommonRuntimeVariableSpace =3D 0x%x - CommonVa= riableTotalSize =3D 0x%x\n", mVariableModuleGlobal->CommonRuntimeVariableSp= ace, mVariableModuleGlobal->CommonVariableTotalSize)); + } else { + DEBUG ((DEBUG_ERROR, "CommonVariableSpace =3D 0x%x - CommonVariableT= otalSize =3D 0x%x\n", mVariableModuleGlobal->CommonVariableSpace, mVariable= ModuleGlobal->CommonVariableTotalSize)); + } + } else { + DEBUG ((DEBUG_ERROR, "CommonMaxUserVariableSpace =3D 0x%x - CommonUser= VariableTotalSize =3D 0x%x\n", mVariableModuleGlobal->CommonMaxUserVariable= Space, mVariableModuleGlobal->CommonUserVariableTotalSize)); + } + + DEBUG_CODE_END (); + + if (!mEndOfDxe) { + // + // Before EndOfDxe, just record the current boot variable error flag t= o local variable, + // and leave the variable error flag in NV flash as the last boot vari= able error flag. + // After EndOfDxe in InitializeVarErrorFlag (), the variable error fla= g in NV flash + // will be initialized to this local current boot variable error flag. + // + mCurrentBootVarErrFlag &=3D Flag; + return; + } + + // + // Record error flag (it should have be initialized). + // + Status =3D FindVariable ( + VAR_ERROR_FLAG_NAME, + &gEdkiiVarErrorFlagGuid, + &Variable, + &mVariableModuleGlobal->VariableGlobal, + FALSE + ); + if (!EFI_ERROR (Status)) { + VarErrFlag =3D (VAR_ERROR_FLAG *)GetVariableDataPtr (Variable.CurrPtr,= mVariableModuleGlobal->VariableGlobal.AuthFormat); + TempFlag =3D *VarErrFlag; + TempFlag &=3D Flag; + if (TempFlag =3D=3D *VarErrFlag) { + return; + } + + Status =3D UpdateVariableStore ( + &mVariableModuleGlobal->VariableGlobal, + FALSE, + FALSE, + mVariableModuleGlobal->FvbInstance, + (UINTN)VarErrFlag - (UINTN)mNvVariableCache + (UINTN)mVaria= bleModuleGlobal->VariableGlobal.NonVolatileVariableBase, + sizeof (TempFlag), + &TempFlag + ); + if (!EFI_ERROR (Status)) { + // + // Update the data in NV cache. + // + *VarErrFlag =3D TempFlag; + Status =3D SynchronizeRuntimeVariableCache ( + &mVariableModuleGlobal->VariableGlobal.VariableRunt= imeCacheContext.VariableRuntimeNvCache, + 0, + mNvVariableCache->Size + ); + ASSERT_EFI_ERROR (Status); + } + } +} + +/** + Initialize variable error flag. + + Before EndOfDxe, the variable indicates the last boot variable error fla= g, + then it means the last boot variable error flag must be got before EndOf= Dxe. + After EndOfDxe, the variable indicates the current boot variable error f= lag, + then it means the current boot variable error flag must be got after End= OfDxe. + +**/ +VOID +InitializeVarErrorFlag ( + VOID + ) +{ + EFI_STATUS Status; + VARIABLE_POINTER_TRACK Variable; + VAR_ERROR_FLAG Flag; + VAR_ERROR_FLAG VarErrFlag; + + if (!mEndOfDxe) { + return; + } + + Flag =3D mCurrentBootVarErrFlag; + DEBUG ((DEBUG_INFO, "Initialize variable error flag (%02x)\n", Flag)); + + Status =3D FindVariable ( + VAR_ERROR_FLAG_NAME, + &gEdkiiVarErrorFlagGuid, + &Variable, + &mVariableModuleGlobal->VariableGlobal, + FALSE + ); + if (!EFI_ERROR (Status)) { + VarErrFlag =3D *((VAR_ERROR_FLAG *)GetVariableDataPtr (Variable.CurrPt= r, mVariableModuleGlobal->VariableGlobal.AuthFormat)); + if (VarErrFlag =3D=3D Flag) { + return; + } + } + + UpdateVariable ( + VAR_ERROR_FLAG_NAME, + &gEdkiiVarErrorFlagGuid, + &Flag, + sizeof (Flag), + VARIABLE_ATTRIBUTE_NV_BS_RT, + 0, + 0, + &Variable, + NULL + ); +} + +/** + Is user variable? + + @param[in] Variable Pointer to variable header. + + @retval TRUE User variable. + @retval FALSE System variable. + +**/ +BOOLEAN +IsUserVariable ( + IN VARIABLE_HEADER *Variable + ) +{ + VAR_CHECK_VARIABLE_PROPERTY Property; + + // + // Only after End Of Dxe, the variables belong to system variable are fi= xed. + // If PcdMaxUserNvStorageVariableSize is 0, it means user variable share= the same NV storage with system variable, + // then no need to check if the variable is user variable or not special= ly. + // + if (mEndOfDxe && (mVariableModuleGlobal->CommonMaxUserVariableSpace !=3D= mVariableModuleGlobal->CommonVariableSpace)) { + if (VarCheckLibVariablePropertyGet ( + GetVariableNamePtr (Variable, mVariableModuleGlobal->VariableGlo= bal.AuthFormat), + GetVendorGuidPtr (Variable, mVariableModuleGlobal->VariableGloba= l.AuthFormat), + &Property + ) =3D=3D EFI_NOT_FOUND) + { + return TRUE; + } + } + + return FALSE; +} + +/** + Calculate common user variable total size. + +**/ +VOID +CalculateCommonUserVariableTotalSize ( + VOID + ) +{ + VARIABLE_HEADER *Variable; + VARIABLE_HEADER *NextVariable; + UINTN VariableSize; + VAR_CHECK_VARIABLE_PROPERTY Property; + + // + // Only after End Of Dxe, the variables belong to system variable are fi= xed. + // If PcdMaxUserNvStorageVariableSize is 0, it means user variable share= the same NV storage with system variable, + // then no need to calculate the common user variable total size special= ly. + // + if (mEndOfDxe && (mVariableModuleGlobal->CommonMaxUserVariableSpace !=3D= mVariableModuleGlobal->CommonVariableSpace)) { + Variable =3D GetStartPointer (mNvVariableCache); + while (IsValidVariableHeader (Variable, GetEndPointer (mNvVariableCach= e), mVariableModuleGlobal->VariableGlobal.AuthFormat)) { + NextVariable =3D GetNextVariablePtr (Variable, mVariableModuleGlobal= ->VariableGlobal.AuthFormat); + VariableSize =3D (UINTN)NextVariable - (UINTN)Variable; + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) !=3D= EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + if (VarCheckLibVariablePropertyGet ( + GetVariableNamePtr (Variable, mVariableModuleGlobal->Variabl= eGlobal.AuthFormat), + GetVendorGuidPtr (Variable, mVariableModuleGlobal->VariableG= lobal.AuthFormat), + &Property + ) =3D=3D EFI_NOT_FOUND) + { + // + // No property, it is user variable. + // + mVariableModuleGlobal->CommonUserVariableTotalSize +=3D Variable= Size; + } + } + + Variable =3D NextVariable; + } + } +} + +/** + Initialize variable quota. + +**/ +VOID +InitializeVariableQuota ( + VOID + ) +{ + if (!mEndOfDxe) { + return; + } + + InitializeVarErrorFlag (); + CalculateCommonUserVariableTotalSize (); +} + +/** + Finds variable in storage blocks of volatile and non-volatile storage ar= eas. + + This code finds variable in storage blocks of volatile and non-volatile = storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS= attribute check + at runtime when searching existing variable, only VariableName and Vendo= rGuid are compared. + Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible= at runtime. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Vendor GUID to be found. + @param[out] PtrTrack VARIABLE_POINTER_TRACK structure for= output, + including the range searched and the= target position. + @param[in] Global Pointer to VARIABLE_GLOBAL structure= , including + base of volatile variable storage ar= ea, base of + NV variable storage area, and a lock. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS a= ttribute + check at runtime when searching vari= able. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty stri= ng, while + VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +FindVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VARIABLE_POINTER_TRACK *PtrTrack, + IN VARIABLE_GLOBAL *Global, + IN BOOLEAN IgnoreRtCheck + ) +{ + EFI_STATUS Status; + VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax]; + VARIABLE_STORE_TYPE Type; + + if ((VariableName[0] !=3D 0) && (VendorGuid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // 0: Volatile, 1: HOB, 2: Non-Volatile. + // The index and attributes mapping must be kept in this order as Runtim= eServiceGetNextVariableName + // make use of this mapping to implement search algorithm. + // + VariableStoreHeader[VariableStoreTypeVolatile] =3D (VARIABLE_STORE_HEADE= R *)(UINTN)Global->VolatileVariableBase; + VariableStoreHeader[VariableStoreTypeHob] =3D (VARIABLE_STORE_HEADE= R *)(UINTN)Global->HobVariableBase; + VariableStoreHeader[VariableStoreTypeNv] =3D mNvVariableCache; + + // + // Find the variable by walk through HOB, volatile and non-volatile vari= able store. + // + for (Type =3D (VARIABLE_STORE_TYPE)0; Type < VariableStoreTypeMax; Type+= +) { + if (VariableStoreHeader[Type] =3D=3D NULL) { + continue; + } + + PtrTrack->StartPtr =3D GetStartPointer (VariableStoreHeader[Type]); + PtrTrack->EndPtr =3D GetEndPointer (VariableStoreHeader[Type]); + PtrTrack->Volatile =3D (BOOLEAN)(Type =3D=3D VariableStoreTypeVolatile= ); + + Status =3D FindVariableEx ( + VariableName, + VendorGuid, + IgnoreRtCheck, + PtrTrack, + mVariableModuleGlobal->VariableGlobal.AuthFormat + ); + if (!EFI_ERROR (Status)) { + return Status; + } + } + + return EFI_NOT_FOUND; +} + +/** + Get index from supported language codes according to language string. + + This code is used to get corresponding index in supported language codes= . It can handle + RFC4646 and ISO639 language tags. + In ISO639 language tags, take 3-characters as a delimitation to find mat= ched string and calculate the index. + In RFC4646 language tags, take semicolon as a delimitation to find match= ed string and calculate the index. + + For example: + SupportedLang =3D "engfraengfra" + Lang =3D "eng" + Iso639Language =3D TRUE + The return value is "0". + Another example: + SupportedLang =3D "en;fr;en-US;fr-FR" + Lang =3D "fr-FR" + Iso639Language =3D FALSE + The return value is "3". + + @param SupportedLang Platform supported language codes. + @param Lang Configured language. + @param Iso639Language A bool value to signify if the handl= er is operated on ISO639 or RFC4646. + + @retval The index of language in the language codes. + +**/ +UINTN +GetIndexFromSupportedLangCodes ( + IN CHAR8 *SupportedLang, + IN CHAR8 *Lang, + IN BOOLEAN Iso639Language + ) +{ + UINTN Index; + UINTN CompareLength; + UINTN LanguageLength; + + if (Iso639Language) { + CompareLength =3D ISO_639_2_ENTRY_SIZE; + for (Index =3D 0; Index < AsciiStrLen (SupportedLang); Index +=3D Comp= areLength) { + if (AsciiStrnCmp (Lang, SupportedLang + Index, CompareLength) =3D=3D= 0) { + // + // Successfully find the index of Lang string in SupportedLang str= ing. + // + Index =3D Index / CompareLength; + return Index; + } + } + + ASSERT (FALSE); + return 0; + } else { + // + // Compare RFC4646 language code + // + Index =3D 0; + for (LanguageLength =3D 0; Lang[LanguageLength] !=3D '\0'; LanguageLen= gth++) { + } + + for (Index =3D 0; *SupportedLang !=3D '\0'; Index++, SupportedLang += =3D CompareLength) { + // + // Skip ';' characters in SupportedLang + // + for ( ; *SupportedLang !=3D '\0' && *SupportedLang =3D=3D ';'; Suppo= rtedLang++) { + } + + // + // Determine the length of the next language code in SupportedLang + // + for (CompareLength =3D 0; SupportedLang[CompareLength] !=3D '\0' && = SupportedLang[CompareLength] !=3D ';'; CompareLength++) { + } + + if ((CompareLength =3D=3D LanguageLength) && + (AsciiStrnCmp (Lang, SupportedLang, CompareLength) =3D=3D 0)) + { + // + // Successfully find the index of Lang string in SupportedLang str= ing. + // + return Index; + } + } + + ASSERT (FALSE); + return 0; + } +} + +/** + Get language string from supported language codes according to index. + + This code is used to get corresponding language strings in supported lan= guage codes. It can handle + RFC4646 and ISO639 language tags. + In ISO639 language tags, take 3-characters as a delimitation. Find langu= age string according to the index. + In RFC4646 language tags, take semicolon as a delimitation. Find languag= e string according to the index. + + For example: + SupportedLang =3D "engfraengfra" + Index =3D "1" + Iso639Language =3D TRUE + The return value is "fra". + Another example: + SupportedLang =3D "en;fr;en-US;fr-FR" + Index =3D "1" + Iso639Language =3D FALSE + The return value is "fr". + + @param SupportedLang Platform supported language codes. + @param Index The index in supported language code= s. + @param Iso639Language A bool value to signify if the handl= er is operated on ISO639 or RFC4646. + + @retval The language string in the language codes. + +**/ +CHAR8 * +GetLangFromSupportedLangCodes ( + IN CHAR8 *SupportedLang, + IN UINTN Index, + IN BOOLEAN Iso639Language + ) +{ + UINTN SubIndex; + UINTN CompareLength; + CHAR8 *Supported; + + SubIndex =3D 0; + Supported =3D SupportedLang; + if (Iso639Language) { + // + // According to the index of Lang string in SupportedLang string to ge= t the language. + // This code will be invoked in RUNTIME, therefore there is not a memo= ry allocate/free operation. + // In driver entry, it pre-allocates a runtime attribute memory to acc= ommodate this string. + // + CompareLength =3D ISO_639_2_ENTRY_SIZE; + mVariableModuleGlobal->Lang[CompareLength] =3D '\0'; + return CopyMem (mVariableModuleGlobal->Lang, SupportedLang + Index * C= ompareLength, CompareLength); + } else { + while (TRUE) { + // + // Take semicolon as delimitation, sequentially traverse supported l= anguage codes. + // + for (CompareLength =3D 0; *Supported !=3D ';' && *Supported !=3D '\0= '; CompareLength++) { + Supported++; + } + + if ((*Supported =3D=3D '\0') && (SubIndex !=3D Index)) { + // + // Have completed the traverse, but not find corrsponding string. + // This case is not allowed to happen. + // + ASSERT (FALSE); + return NULL; + } + + if (SubIndex =3D=3D Index) { + // + // According to the index of Lang string in SupportedLang string t= o get the language. + // As this code will be invoked in RUNTIME, therefore there is not= memory allocate/free operation. + // In driver entry, it pre-allocates a runtime attribute memory to= accommodate this string. + // + mVariableModuleGlobal->PlatformLang[CompareLength] =3D '\0'; + return CopyMem (mVariableModuleGlobal->PlatformLang, Supported - C= ompareLength, CompareLength); + } + + SubIndex++; + + // + // Skip ';' characters in Supported + // + for ( ; *Supported !=3D '\0' && *Supported =3D=3D ';'; Supported++) { + } + } + } +} + +/** + Returns a pointer to an allocated buffer that contains the best matching= language + from a set of supported languages. + + This function supports both ISO 639-2 and RFC 4646 language codes, but l= anguage + code types may not be mixed in a single call to this function. This func= tion + supports a variable argument list that allows the caller to pass in a pr= ioritized + list of language codes to test against all the language codes in Support= edLanguages. + + If SupportedLanguages is NULL, then ASSERT(). + + @param[in] SupportedLanguages A pointer to a Null-terminated ASCII str= ing that + contains a set of language codes in the = format + specified by Iso639Language. + @param[in] Iso639Language If not zero, then all language codes are= assumed to be + in ISO 639-2 format. If zero, then all = language + codes are assumed to be in RFC 4646 lang= uage format + @param[in] ... A variable argument list that contains p= ointers to + Null-terminated ASCII strings that conta= in one or more + language codes in the format specified b= y Iso639Language. + The first language code from each of the= se language + code lists is used to determine if it is= an exact or + close match to any of the language codes= in + SupportedLanguages. Close matches only = apply to RFC 4646 + language codes, and the matching algorit= hm from RFC 4647 + is used to determine if a close match is= present. If + an exact or close match is found, then t= he matching + language code from SupportedLanguages is= returned. If + no matches are found, then the next vari= able argument + parameter is evaluated. The variable ar= gument list + is terminated by a NULL. + + @retval NULL The best matching language could not be found in Supporte= dLanguages. + @retval NULL There are not enough resources available to return the be= st matching + language. + @retval Other A pointer to a Null-terminated ASCII string that is the b= est matching + language in SupportedLanguages. + +**/ +CHAR8 * +EFIAPI +VariableGetBestLanguage ( + IN CONST CHAR8 *SupportedLanguages, + IN UINTN Iso639Language, + ... + ) +{ + VA_LIST Args; + CHAR8 *Language; + UINTN CompareLength; + UINTN LanguageLength; + CONST CHAR8 *Supported; + CHAR8 *Buffer; + + if (SupportedLanguages =3D=3D NULL) { + return NULL; + } + + VA_START (Args, Iso639Language); + while ((Language =3D VA_ARG (Args, CHAR8 *)) !=3D NULL) { + // + // Default to ISO 639-2 mode + // + CompareLength =3D 3; + LanguageLength =3D MIN (3, AsciiStrLen (Language)); + + // + // If in RFC 4646 mode, then determine the length of the first RFC 464= 6 language code in Language + // + if (Iso639Language =3D=3D 0) { + for (LanguageLength =3D 0; Language[LanguageLength] !=3D 0 && Langua= ge[LanguageLength] !=3D ';'; LanguageLength++) { + } + } + + // + // Trim back the length of Language used until it is empty + // + while (LanguageLength > 0) { + // + // Loop through all language codes in SupportedLanguages + // + for (Supported =3D SupportedLanguages; *Supported !=3D '\0'; Support= ed +=3D CompareLength) { + // + // In RFC 4646 mode, then Loop through all language codes in Suppo= rtedLanguages + // + if (Iso639Language =3D=3D 0) { + // + // Skip ';' characters in Supported + // + for ( ; *Supported !=3D '\0' && *Supported =3D=3D ';'; Supported= ++) { + } + + // + // Determine the length of the next language code in Supported + // + for (CompareLength =3D 0; Supported[CompareLength] !=3D 0 && Sup= ported[CompareLength] !=3D ';'; CompareLength++) { + } + + // + // If Language is longer than the Supported, then skip to the ne= xt language + // + if (LanguageLength > CompareLength) { + continue; + } + } + + // + // See if the first LanguageLength characters in Supported match L= anguage + // + if (AsciiStrnCmp (Supported, Language, LanguageLength) =3D=3D 0) { + VA_END (Args); + + Buffer =3D (Iso639Language !=3D 0) ? mVariableMod= uleGlobal->Lang : mVariableModuleGlobal->PlatformLang; + Buffer[CompareLength] =3D '\0'; + return CopyMem (Buffer, Supported, CompareLength); + } + } + + if (Iso639Language !=3D 0) { + // + // If ISO 639 mode, then each language can only be tested once + // + LanguageLength =3D 0; + } else { + // + // If RFC 4646 mode, then trim Language from the right to the next= '-' character + // + for (LanguageLength--; LanguageLength > 0 && Language[LanguageLeng= th] !=3D '-'; LanguageLength--) { + } + } + } + } + + VA_END (Args); + + // + // No matches were found + // + return NULL; +} + +/** + This function is to check if the remaining variable space is enough to s= et + all Variables from argument list successfully. The purpose of the check + is to keep the consistency of the Variables to be in variable storage. + + Note: Variables are assumed to be in same storage. + The set sequence of Variables will be same with the sequence of Variable= Entry from argument list, + so follow the argument sequence to check the Variables. + + @param[in] Attributes Variable attributes for Variable entries. + @param[in] Marker VA_LIST style variable argument list. + The variable argument list with type VARIA= BLE_ENTRY_CONSISTENCY *. + A NULL terminates the list. The VariableSi= ze of + VARIABLE_ENTRY_CONSISTENCY is the variable= data size as input. + It will be changed to variable total size = as output. + + @retval TRUE Have enough variable space to set the Vari= ables successfully. + @retval FALSE No enough variable space to set the Variab= les successfully. + +**/ +BOOLEAN +EFIAPI +CheckRemainingSpaceForConsistencyInternal ( + IN UINT32 Attributes, + IN VA_LIST Marker + ) +{ + EFI_STATUS Status; + VA_LIST Args; + VARIABLE_ENTRY_CONSISTENCY *VariableEntry; + UINT64 MaximumVariableStorageSize; + UINT64 RemainingVariableStorageSize; + UINT64 MaximumVariableSize; + UINTN TotalNeededSize; + UINTN OriginalVarSize; + VARIABLE_STORE_HEADER *VariableStoreHeader; + VARIABLE_POINTER_TRACK VariablePtrTrack; + VARIABLE_HEADER *NextVariable; + UINTN VarNameSize; + UINTN VarDataSize; + + // + // Non-Volatile related. + // + VariableStoreHeader =3D mNvVariableCache; + + Status =3D VariableServiceQueryVariableInfoInternal ( + Attributes, + &MaximumVariableStorageSize, + &RemainingVariableStorageSize, + &MaximumVariableSize + ); + ASSERT_EFI_ERROR (Status); + + TotalNeededSize =3D 0; + VA_COPY (Args, Marker); + VariableEntry =3D VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *); + while (VariableEntry !=3D NULL) { + // + // Calculate variable total size. + // + VarNameSize =3D StrSize (VariableEntry->Name); + VarNameSize +=3D GET_PAD_SIZE (VarNameSize); + VarDataSize =3D VariableEntry->VariableSize; + VarDataSize +=3D GET_PAD_SIZE (VarDataSize); + VariableEntry->VariableSize =3D HEADER_ALIGN ( + GetVariableHeaderSize ( + mVariableModuleGlobal->VariableGloba= l.AuthFormat + ) + VarNameSize + VarDataSize + ); + + TotalNeededSize +=3D VariableEntry->VariableSize; + VariableEntry =3D VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *); + } + + VA_END (Args); + + if (RemainingVariableStorageSize >=3D TotalNeededSize) { + // + // Already have enough space. + // + return TRUE; + } else if (AtRuntime ()) { + // + // At runtime, no reclaim. + // The original variable space of Variables can't be reused. + // + return FALSE; + } + + VA_COPY (Args, Marker); + VariableEntry =3D VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *); + while (VariableEntry !=3D NULL) { + // + // Check if Variable[Index] has been present and get its size. + // + OriginalVarSize =3D 0; + VariablePtrTrack.StartPtr =3D GetStartPointer (VariableStoreHeader); + VariablePtrTrack.EndPtr =3D GetEndPointer (VariableStoreHeader); + Status =3D FindVariableEx ( + VariableEntry->Name, + VariableEntry->Guid, + FALSE, + &VariablePtrTrack, + mVariableModuleGlobal->VariableGlobal.Au= thFormat + ); + if (!EFI_ERROR (Status)) { + // + // Get size of Variable[Index]. + // + NextVariable =3D GetNextVariablePtr (VariablePtrTrack.CurrPtr, mV= ariableModuleGlobal->VariableGlobal.AuthFormat); + OriginalVarSize =3D (UINTN)NextVariable - (UINTN)VariablePtrTrack.Cu= rrPtr; + // + // Add the original size of Variable[Index] to remaining variable st= orage size. + // + RemainingVariableStorageSize +=3D OriginalVarSize; + } + + if (VariableEntry->VariableSize > RemainingVariableStorageSize) { + // + // No enough space for Variable[Index]. + // + VA_END (Args); + return FALSE; + } + + // + // Sub the (new) size of Variable[Index] from remaining variable stora= ge size. + // + RemainingVariableStorageSize -=3D VariableEntry->VariableSize; + VariableEntry =3D VA_ARG (Args, VARIABLE_ENTRY_CONSIST= ENCY *); + } + + VA_END (Args); + + return TRUE; +} + +/** + This function is to check if the remaining variable space is enough to s= et + all Variables from argument list successfully. The purpose of the check + is to keep the consistency of the Variables to be in variable storage. + + Note: Variables are assumed to be in same storage. + The set sequence of Variables will be same with the sequence of Variable= Entry from argument list, + so follow the argument sequence to check the Variables. + + @param[in] Attributes Variable attributes for Variable entries. + @param ... The variable argument list with type VARIA= BLE_ENTRY_CONSISTENCY *. + A NULL terminates the list. The VariableSi= ze of + VARIABLE_ENTRY_CONSISTENCY is the variable= data size as input. + It will be changed to variable total size = as output. + + @retval TRUE Have enough variable space to set the Vari= ables successfully. + @retval FALSE No enough variable space to set the Variab= les successfully. + +**/ +BOOLEAN +EFIAPI +CheckRemainingSpaceForConsistency ( + IN UINT32 Attributes, + ... + ) +{ + VA_LIST Marker; + BOOLEAN Return; + + VA_START (Marker, Attributes); + + Return =3D CheckRemainingSpaceForConsistencyInternal (Attributes, Marker= ); + + VA_END (Marker); + + return Return; +} + +/** + Hook the operations in PlatformLangCodes, LangCodes, PlatformLang and La= ng. + + When setting Lang/LangCodes, simultaneously update PlatformLang/Platform= LangCodes. + + According to UEFI spec, PlatformLangCodes/LangCodes are only set once in= firmware initialization, + and are read-only. Therefore, in variable driver, only store the origina= l value for other use. + + @param[in] VariableName Name of variable. + + @param[in] Data Variable data. + + @param[in] DataSize Size of data. 0 means delete. + + @retval EFI_SUCCESS The update operation is successful or igno= red. + @retval EFI_WRITE_PROTECTED Update PlatformLangCodes/LangCodes at runt= ime. + @retval EFI_OUT_OF_RESOURCES No enough variable space to do the update = operation. + @retval Others Other errors happened during the update op= eration. + +**/ +EFI_STATUS +AutoUpdateLangVariable ( + IN CHAR16 *VariableName, + IN VOID *Data, + IN UINTN DataSize + ) +{ + EFI_STATUS Status; + CHAR8 *BestPlatformLang; + CHAR8 *BestLang; + UINTN Index; + UINT32 Attributes; + VARIABLE_POINTER_TRACK Variable; + BOOLEAN SetLanguageCodes; + VARIABLE_ENTRY_CONSISTENCY VariableEntry[2]; + + // + // Don't do updates for delete operation + // + if (DataSize =3D=3D 0) { + return EFI_SUCCESS; + } + + SetLanguageCodes =3D FALSE; + + if (StrCmp (VariableName, EFI_PLATFORM_LANG_CODES_VARIABLE_NAME) =3D=3D = 0) { + // + // PlatformLangCodes is a volatile variable, so it can not be updated = at runtime. + // + if (AtRuntime ()) { + return EFI_WRITE_PROTECTED; + } + + SetLanguageCodes =3D TRUE; + + // + // According to UEFI spec, PlatformLangCodes is only set once in firmw= are initialization, and is read-only + // Therefore, in variable driver, only store the original value for ot= her use. + // + if (mVariableModuleGlobal->PlatformLangCodes !=3D NULL) { + FreePool (mVariableModuleGlobal->PlatformLangCodes); + } + + mVariableModuleGlobal->PlatformLangCodes =3D AllocateRuntimeCopyPool (= DataSize, Data); + ASSERT (mVariableModuleGlobal->PlatformLangCodes !=3D NULL); + + // + // PlatformLang holds a single language from PlatformLangCodes, + // so the size of PlatformLangCodes is enough for the PlatformLang. + // + if (mVariableModuleGlobal->PlatformLang !=3D NULL) { + FreePool (mVariableModuleGlobal->PlatformLang); + } + + mVariableModuleGlobal->PlatformLang =3D AllocateRuntimePool (DataSize); + ASSERT (mVariableModuleGlobal->PlatformLang !=3D NULL); + } else if (StrCmp (VariableName, EFI_LANG_CODES_VARIABLE_NAME) =3D=3D 0)= { + // + // LangCodes is a volatile variable, so it can not be updated at runti= me. + // + if (AtRuntime ()) { + return EFI_WRITE_PROTECTED; + } + + SetLanguageCodes =3D TRUE; + + // + // According to UEFI spec, LangCodes is only set once in firmware init= ialization, and is read-only + // Therefore, in variable driver, only store the original value for ot= her use. + // + if (mVariableModuleGlobal->LangCodes !=3D NULL) { + FreePool (mVariableModuleGlobal->LangCodes); + } + + mVariableModuleGlobal->LangCodes =3D AllocateRuntimeCopyPool (DataSize= , Data); + ASSERT (mVariableModuleGlobal->LangCodes !=3D NULL); + } + + if ( SetLanguageCodes + && (mVariableModuleGlobal->PlatformLangCodes !=3D NULL) + && (mVariableModuleGlobal->LangCodes !=3D NULL)) + { + // + // Update Lang if PlatformLang is already set + // Update PlatformLang if Lang is already set + // + Status =3D FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalV= ariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + if (!EFI_ERROR (Status)) { + // + // Update Lang + // + VariableName =3D EFI_PLATFORM_LANG_VARIABLE_NAME; + Data =3D GetVariableDataPtr (Variable.CurrPtr, mVariableModu= leGlobal->VariableGlobal.AuthFormat); + DataSize =3D DataSizeOfVariable (Variable.CurrPtr, mVariableModu= leGlobal->VariableGlobal.AuthFormat); + } else { + Status =3D FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariable= Guid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + if (!EFI_ERROR (Status)) { + // + // Update PlatformLang + // + VariableName =3D EFI_LANG_VARIABLE_NAME; + Data =3D GetVariableDataPtr (Variable.CurrPtr, mVariableMo= duleGlobal->VariableGlobal.AuthFormat); + DataSize =3D DataSizeOfVariable (Variable.CurrPtr, mVariableMo= duleGlobal->VariableGlobal.AuthFormat); + } else { + // + // Neither PlatformLang nor Lang is set, directly return + // + return EFI_SUCCESS; + } + } + } + + Status =3D EFI_SUCCESS; + + // + // According to UEFI spec, "Lang" and "PlatformLang" is NV|BS|RT attribu= tions. + // + Attributes =3D EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCE= SS | EFI_VARIABLE_RUNTIME_ACCESS; + + if (StrCmp (VariableName, EFI_PLATFORM_LANG_VARIABLE_NAME) =3D=3D 0) { + // + // Update Lang when PlatformLangCodes/LangCodes were set. + // + if ((mVariableModuleGlobal->PlatformLangCodes !=3D NULL) && (mVariable= ModuleGlobal->LangCodes !=3D NULL)) { + // + // When setting PlatformLang, firstly get most matched language stri= ng from supported language codes. + // + BestPlatformLang =3D VariableGetBestLanguage (mVariableModuleGlobal-= >PlatformLangCodes, FALSE, Data, NULL); + if (BestPlatformLang !=3D NULL) { + // + // Get the corresponding index in language codes. + // + Index =3D GetIndexFromSupportedLangCodes (mVariableModuleGlobal->P= latformLangCodes, BestPlatformLang, FALSE); + + // + // Get the corresponding ISO639 language tag according to RFC4646 = language tag. + // + BestLang =3D GetLangFromSupportedLangCodes (mVariableModuleGlobal-= >LangCodes, Index, TRUE); + + // + // Check the variable space for both Lang and PlatformLang variabl= e. + // + VariableEntry[0].VariableSize =3D ISO_639_2_ENTRY_SIZE + 1; + VariableEntry[0].Guid =3D &gEfiGlobalVariableGuid; + VariableEntry[0].Name =3D EFI_LANG_VARIABLE_NAME; + + VariableEntry[1].VariableSize =3D AsciiStrSize (BestPlatformLang); + VariableEntry[1].Guid =3D &gEfiGlobalVariableGuid; + VariableEntry[1].Name =3D EFI_PLATFORM_LANG_VARIABLE_NAME; + if (!CheckRemainingSpaceForConsistency (VARIABLE_ATTRIBUTE_NV_BS_R= T, &VariableEntry[0], &VariableEntry[1], NULL)) { + // + // No enough variable space to set both Lang and PlatformLang su= ccessfully. + // + Status =3D EFI_OUT_OF_RESOURCES; + } else { + // + // Successfully convert PlatformLang to Lang, and set the BestLa= ng value into Lang variable simultaneously. + // + FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &= Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + + Status =3D UpdateVariable ( + EFI_LANG_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + BestLang, + ISO_639_2_ENTRY_SIZE + 1, + Attributes, + 0, + 0, + &Variable, + NULL + ); + } + + DEBUG ((DEBUG_INFO, "Variable Driver Auto Update PlatformLang, Pla= tformLang:%a, Lang:%a Status: %r\n", BestPlatformLang, BestLang, Status)); + } + } + } else if (StrCmp (VariableName, EFI_LANG_VARIABLE_NAME) =3D=3D 0) { + // + // Update PlatformLang when PlatformLangCodes/LangCodes were set. + // + if ((mVariableModuleGlobal->PlatformLangCodes !=3D NULL) && (mVariable= ModuleGlobal->LangCodes !=3D NULL)) { + // + // When setting Lang, firstly get most matched language string from = supported language codes. + // + BestLang =3D VariableGetBestLanguage (mVariableModuleGlobal->LangCod= es, TRUE, Data, NULL); + if (BestLang !=3D NULL) { + // + // Get the corresponding index in language codes. + // + Index =3D GetIndexFromSupportedLangCodes (mVariableModuleGlobal->L= angCodes, BestLang, TRUE); + + // + // Get the corresponding RFC4646 language tag according to ISO639 = language tag. + // + BestPlatformLang =3D GetLangFromSupportedLangCodes (mVariableModul= eGlobal->PlatformLangCodes, Index, FALSE); + + // + // Check the variable space for both PlatformLang and Lang variabl= e. + // + VariableEntry[0].VariableSize =3D AsciiStrSize (BestPlatformLang); + VariableEntry[0].Guid =3D &gEfiGlobalVariableGuid; + VariableEntry[0].Name =3D EFI_PLATFORM_LANG_VARIABLE_NAME; + + VariableEntry[1].VariableSize =3D ISO_639_2_ENTRY_SIZE + 1; + VariableEntry[1].Guid =3D &gEfiGlobalVariableGuid; + VariableEntry[1].Name =3D EFI_LANG_VARIABLE_NAME; + if (!CheckRemainingSpaceForConsistency (VARIABLE_ATTRIBUTE_NV_BS_R= T, &VariableEntry[0], &VariableEntry[1], NULL)) { + // + // No enough variable space to set both PlatformLang and Lang su= ccessfully. + // + Status =3D EFI_OUT_OF_RESOURCES; + } else { + // + // Successfully convert Lang to PlatformLang, and set the BestPl= atformLang value into PlatformLang variable simultaneously. + // + FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariab= leGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + + Status =3D UpdateVariable ( + EFI_PLATFORM_LANG_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + BestPlatformLang, + AsciiStrSize (BestPlatformLang), + Attributes, + 0, + 0, + &Variable, + NULL + ); + } + + DEBUG ((DEBUG_INFO, "Variable Driver Auto Update Lang, Lang:%a, Pl= atformLang:%a Status: %r\n", BestLang, BestPlatformLang, Status)); + } + } + } + + if (SetLanguageCodes) { + // + // Continue to set PlatformLangCodes or LangCodes. + // + return EFI_SUCCESS; + } else { + return Status; + } +} + +/** + Check if there's enough free space in storage to write the new variable. + + @param[in] NewVariable Pointer to buffer of new variable. + @param[in] VariableSize Size of new variable. + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Attributes Attributes of the variable. + @param[in] VolatileFlag Volatile/non-volatile variable indicator. + + @retval EFI_SUCCESS Enough free space on variable storage. + @retval EFI_BUFFER_TOO_SMALL There's not enough continuous free space. + @retval EFI_OUT_OF_RESOURCES There's not enough free space in total. +**/ +EFI_STATUS +CheckVariableStoreSpace ( + IN VARIABLE_HEADER *NewVariable, + IN UINTN VariableSize, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN BOOLEAN VolatileFlag + ) +{ + BOOLEAN IsCommonVariable; + BOOLEAN IsCommonUserVariable; + UINTN CommonVariableTotalSize; + UINTN CommonUserVariableTotalSize; + UINTN HwErrVariableTotalSize; + VARIABLE_STORE_HEADER *VarStore; + + if ((NewVariable =3D=3D NULL) || (VariableSize =3D=3D 0)) { + return EFI_SUCCESS; + } + + if (VolatileFlag) { + VarStore =3D (VARIABLE_STORE_HEADER *)(UINTN) + mVariableModuleGlobal->VariableGlobal.VolatileVariableBase; + if ((UINT32)(VariableSize + mVariableModuleGlobal->VolatileLastVariabl= eOffset) + > VarStore->Size) + { + return EFI_BUFFER_TOO_SMALL; + } + } else { + if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) =3D=3D 0) { + IsCommonVariable =3D TRUE; + IsCommonUserVariable =3D IsUserVariable (NewVariable); + } else { + IsCommonVariable =3D FALSE; + IsCommonUserVariable =3D FALSE; + } + + CommonVariableTotalSize =3D mVariableModuleGlobal->CommonVariableT= otalSize + VariableSize; + CommonUserVariableTotalSize =3D mVariableModuleGlobal->CommonUserVaria= bleTotalSize + VariableSize; + HwErrVariableTotalSize =3D mVariableModuleGlobal->HwErrVariableTo= talSize + VariableSize; + + if ( (((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) !=3D 0) && + (HwErrVariableTotalSize > PcdGet32 (PcdHwErrStorageSize))) + || (IsCommonVariable && (CommonVariableTotalSize > mVariableModuleG= lobal->CommonVariableSpace)) + || (IsCommonVariable && + AtRuntime () && + (CommonVariableTotalSize > mVariableModuleGlobal->CommonRuntime= VariableSpace)) + || (IsCommonUserVariable && + (CommonUserVariableTotalSize > mVariableModuleGlobal->CommonMax= UserVariableSpace))) + { + if (AtRuntime ()) { + if (IsCommonUserVariable && + ((VariableSize + mVariableModuleGlobal->CommonUserVariableTota= lSize) + > mVariableModuleGlobal->CommonMaxUserVariableSpace)) + { + RecordVarErrorFlag ( + VAR_ERROR_FLAG_USER_ERROR, + VariableName, + VendorGuid, + Attributes, + VariableSize + ); + } + + if (IsCommonVariable && + ((VariableSize + mVariableModuleGlobal->CommonVariableTotalSiz= e) + > mVariableModuleGlobal->CommonRuntimeVariableSpace)) + { + RecordVarErrorFlag ( + VAR_ERROR_FLAG_SYSTEM_ERROR, + VariableName, + VendorGuid, + Attributes, + VariableSize + ); + } + + return EFI_OUT_OF_RESOURCES; + } + + return EFI_BUFFER_TOO_SMALL; + } + } + + return EFI_SUCCESS; +} + +/** + Fill specific data of auth-variable in buffer. + + @param[in,out] NewVariable Pointer to buffer of new variable. + @param[in] OldVariable Pointer to buffer of old copy of the = variable. + @param[in] Attributes Attributes of the variable. + @param[in] KeyIndex Index of associated public key. + @param[in] MonotonicCount Value of associated monotonic count. + @param[in] TimeStamp Value of associated TimeStamp. + +**/ +VOID +SetVariableAuthData ( + IN OUT AUTHENTICATED_VARIABLE_HEADER *NewVariable, + IN AUTHENTICATED_VARIABLE_HEADER *OldVariable, + IN UINT32 Attributes, + IN UINT32 KeyIndex, + IN UINT64 MonotonicCount, + IN EFI_TIME *TimeStamp + ) +{ + NewVariable->PubKeyIndex =3D KeyIndex; + NewVariable->MonotonicCount =3D MonotonicCount; + + if ((TimeStamp !=3D NULL) && + ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != =3D 0)) + { + // + // In the case when the EFI_VARIABLE_APPEND_WRITE attribute is set, on= ly + // when the new TimeStamp value is later than the current timestamp as= sociated + // with the variable, we need associate the new timestamp with the upd= ated value. + // + if (((Attributes & EFI_VARIABLE_APPEND_WRITE) !=3D 0) && + (OldVariable !=3D NULL) && + !VariableCompareTimeStampInternal (&OldVariable->TimeStamp, TimeSt= amp)) + { + TimeStamp =3D &OldVariable->TimeStamp; + } + + CopyMem (&NewVariable->TimeStamp, TimeStamp, sizeof (EFI_TIME)); + } else { + ZeroMem (&NewVariable->TimeStamp, sizeof (EFI_TIME)); + } +} + +/** + Fill the variable data buffer according to variable format on storage. + + @param[in,out] NewVariable Pointer to buffer of new variable. + @param[in] OldVariable Pointer to buffer of old copy of the = variable. + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Variable data. + @param[in] DataSize Size of data. 0 means delete. + @param[in] Attributes Attributes of the variable. + @param[in] KeyIndex Index of associated public key. + @param[in] MonotonicCount Value of associated monotonic count. + @param[in] TimeStamp Value of associated TimeStamp. + + @retval Size of the new variable. + +**/ +UINTN +SetVariableData ( + IN OUT VARIABLE_HEADER *NewVariable, + IN VARIABLE_HEADER *OldVariable, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN UINT32 KeyIndex, + IN UINT64 MonotonicCount, + IN EFI_TIME *TimeStamp + ) +{ + EFI_STATUS Status; + BOOLEAN AuthFormat; + UINT8 *DataPtr; + UINTN NameSize; + UINTN OldDataSize; + + AuthFormat =3D mVariableModuleGlobal->VariableGlobal.AuthFormat; + + if (AuthFormat) { + SetVariableAuthData ( + (AUTHENTICATED_VARIABLE_HEADER *)NewVariable, + (AUTHENTICATED_VARIABLE_HEADER *)OldVariable, + Attributes, + KeyIndex, + MonotonicCount, + TimeStamp + ); + } + + NewVariable->StartId =3D VARIABLE_DATA; + NewVariable->State =3D VAR_ADDED; + NewVariable->Reserved =3D 0; + NewVariable->Attributes =3D Attributes & (~EFI_VARIABLE_APPEND_WRITE); + + CopyMem ( + GetVendorGuidPtr (NewVariable, AuthFormat), + VendorGuid, + sizeof (EFI_GUID) + ); + + NameSize =3D StrSize (VariableName); + SetNameSizeOfVariable (NewVariable, NameSize, AuthFormat); + CopyMem ( + (UINT8 *)GetVariableNamePtr (NewVariable, AuthFormat), + VariableName, + NameSize + ); + + // + // Set data size first otherwise we can't get correct data pointer in the + // buffer of new variable. + // + SetDataSizeOfVariable (NewVariable, DataSize, AuthFormat); + DataPtr =3D GetVariableDataPtr (NewVariable, AuthFormat); + if (((Attributes & EFI_VARIABLE_APPEND_WRITE) !=3D 0) && + (OldVariable !=3D NULL) && + ((OldVariable->State =3D=3D VAR_ADDED) || + (OldVariable->State =3D=3D (VAR_ADDED & VAR_IN_DELETED_TRANSITION))= )) + { + // + // Get old data, which might be encrypted. + // + OldDataSize =3D mVariableModuleGlobal->ScratchBufferSize + - ((UINTN)DataPtr - (UINTN)NewVariable); + Status =3D ProtectedVariableLibGetByBuffer ( + OldVariable, + DataPtr, + (UINT32 *)&OldDataSize, + AuthFormat + ); + if (Status =3D=3D EFI_UNSUPPORTED) { + OldDataSize =3D DataSizeOfVariable (OldVariable, AuthFormat); + CopyMem (DataPtr, GetVariableDataPtr (OldVariable, AuthFormat), OldD= ataSize); + } else if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return 0; + } + + DataPtr +=3D OldDataSize; + // + // Update data size. + // + SetDataSizeOfVariable (NewVariable, DataSize + OldDataSize, AuthFormat= ); + } + + CopyMem (DataPtr, Data, DataSize); + + // + // The actual size of the variable stored in storage should include padd= ing. + // + return ((UINTN)GetNextVariablePtr (NewVariable, AuthFormat) - (UINTN)New= Variable); +} + +/** + Update state of given variable as well as its cached copy. + + @param[in,out] Variable Pointer to the buffer of the variable. + @param[in,out] CacheVariable Cache copy of the variable. + @param[in] NewState New state value. + @param[in] Volatile Volatile/non-volatile variable indicator. + + @retval EFI_SUCCESS Variable state was updated successfully. + @retval Others Failed to update the variable state. + +**/ +EFI_STATUS +UpdateVariableState ( + IN OUT VARIABLE_HEADER *Variable, + IN OUT VARIABLE_HEADER *CacheVariable, + IN UINT8 NewState, + IN BOOLEAN Volatile + ) +{ + EFI_STATUS Status; + + Status =3D UpdateVariableStore ( + &mVariableModuleGlobal->VariableGlobal, + Volatile, + FALSE, + mVariableModuleGlobal->FvbInstance, + (UINTN)&Variable->State, + sizeof (NewState), + &NewState + ); + if (!EFI_ERROR (Status) && (CacheVariable !=3D NULL)) { + CacheVariable->State =3D NewState; + } + + return Status; +} + +/** + Flush variable data to variable storage. + + @param[in] VarStoreBase Base address of variable storage. + @param[in,out] Offset Offset to write the variable from. + Offset from where next variable can be w= ritten. + @param[in,out] NewVariable Pointer to the buffer of new variable. + @param[in] VariableSize Size of new variable. + @param[in] Volatile Volatile/non-volatile variable indicator. + @param[in] AuthFormat Auth-variable indicator. + + @retval EFI_SUCCESS Variable(s) were written successfully. + @retval Others Failed to write the variable data. + +**/ +EFI_STATUS +WriteVariable ( + IN EFI_PHYSICAL_ADDRESS VarStoreBase, + IN OUT UINTN *Offset, + IN OUT VARIABLE_HEADER **NewVariable, + IN UINT32 VariableSize, + IN BOOLEAN Volatile, + IN BOOLEAN AuthFormat + ) +{ + EFI_STATUS Status; + + struct { + UINTN Offset; + UINT8 *Buffer; + UINT32 Size; + UINT8 State; + } WriteSteps[4]; + UINTN Index; + UINTN Steps; + VARIABLE_HEADER *Variable; + + Variable =3D *NewVariable; + if (Volatile) { + // + // For non-volatile variable, one step only : + // + WriteSteps[0].Offset =3D *Offset; + WriteSteps[0].Buffer =3D (UINT8 *)Variable; + WriteSteps[0].Size =3D VariableSize; + + Steps =3D 1; + } else { + // + // Four steps for non-volatile variable: + // + // 1. Write variable header + // 2. Set variable state to header valid + // 3. Write variable name and data + // 4. Set variable state to valid + // + Variable->State =3D 0xff; + WriteSteps[0].Offset =3D *Offset; + WriteSteps[0].Buffer =3D (UINT8 *)Variable; + WriteSteps[0].Size =3D (UINT32)GetVariableHeaderSize (AuthFormat); + + WriteSteps[1].State =3D VAR_HEADER_VALID_ONLY; + WriteSteps[1].Offset =3D *Offset + OFFSET_OF (VARIABLE_HEADER, State); + WriteSteps[1].Buffer =3D &WriteSteps[1].State; + WriteSteps[1].Size =3D sizeof (Variable->State); + + WriteSteps[2].Offset =3D *Offset + GetVariableHeaderSize (AuthFormat); + WriteSteps[2].Buffer =3D (UINT8 *)Variable + GetVariableHeaderSize (Au= thFormat); + WriteSteps[2].Size =3D VariableSize - (UINT32)GetVariableHeaderSize = (AuthFormat); + + WriteSteps[3].State =3D VAR_ADDED; + WriteSteps[3].Offset =3D *Offset + OFFSET_OF (VARIABLE_HEADER, State); + WriteSteps[3].Buffer =3D &WriteSteps[3].State; + WriteSteps[3].Size =3D sizeof (Variable->State); + + Steps =3D ARRAY_SIZE (WriteSteps); + } + + for (Index =3D 0; Index < Steps; ++Index) { + Status =3D UpdateVariableStore ( + &mVariableModuleGlobal->VariableGlobal, + Volatile, + TRUE, + mVariableModuleGlobal->FvbInstance, + WriteSteps[Index].Offset, + WriteSteps[Index].Size, + WriteSteps[Index].Buffer + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + + Variable->State =3D VAR_ADDED; + if (!Volatile) { + CopyMem ((UINT8 *)mNvVariableCache + *Offset, Variable, VariableSize); + } + + *NewVariable =3D (VARIABLE_HEADER *)((UINTN)VarStoreBase + *Offset); + *Offset +=3D HEADER_ALIGN (VariableSize); + + return EFI_SUCCESS; +} + +/** + Rebase the given variable pointer(s) to the equivalent one in given vari= able + storage via VarStore. + + @param[in] InVarTrackPtr Pointer to current variable in cache. + @param[out] OutVarTrackPtr Pointer to rebased variable against Va= rStore. + @param[in] VarStore Start of variable storage to rebase ag= ainst. + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] ByOffset If TRUE, don't do variable search in V= arStore. + + @retval EFI_SUCCESS Variable(s) were deleted successfully. + @retval EFI_INVALID_PARAMETER Invalid parameters passed. + @retval EFI_NOT_FOUND Given variable (VariableName & VendorGuid)= was + not found in VarStore, if ByOffset is FALS= E. + +**/ +EFI_STATUS +RebaseVariablePtr ( + IN VARIABLE_POINTER_TRACK *InVarTrackPtr, + OUT VARIABLE_POINTER_TRACK *OutVarTrackPtr, + IN VARIABLE_STORE_HEADER *VarStore, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN BOOLEAN ByOffset + ) +{ + EFI_STATUS Status; + BOOLEAN AuthFormat; + VARIABLE_HEADER *NewStart; + + if ((InVarTrackPtr =3D=3D NULL) || (OutVarTrackPtr =3D=3D NULL) || (VarS= tore =3D=3D NULL)) { + ASSERT (InVarTrackPtr !=3D NULL); + ASSERT (OutVarTrackPtr !=3D NULL); + ASSERT (VarStore !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + AuthFormat =3D mVariableModuleGlobal->VariableGlobal.AuthFormat; + + if ( (InVarTrackPtr->CurrPtr =3D=3D NULL) + || (InVarTrackPtr->StartPtr =3D=3D GetStartPointer (VarStore))) + { + CopyMem (OutVarTrackPtr, InVarTrackPtr, sizeof (VARIABLE_POINTER_TRACK= )); + return EFI_SUCCESS; + } + + NewStart =3D GetStartPointer (VarStore); + if (ByOffset) { + OutVarTrackPtr->CurrPtr =3D (VARIABLE_HEADER *) + ((UINTN)NewStart + ((UINTN)InVarTrackPtr->Cu= rrPtr - + (UINTN)InVarTrackPtr->St= artPtr)); + + if (InVarTrackPtr->InDeletedTransitionPtr !=3D NULL) { + OutVarTrackPtr->InDeletedTransitionPtr =3D + (VARIABLE_HEADER *)((UINTN)NewStart + + ((UINTN)InVarTrackPtr->InDeletedTransitionPtr - + (UINTN)InVarTrackPtr->StartPtr)); + } else { + OutVarTrackPtr->InDeletedTransitionPtr =3D NULL; + } + + OutVarTrackPtr->StartPtr =3D NewStart; + OutVarTrackPtr->EndPtr =3D GetEndPointer (VarStore); + } else { + OutVarTrackPtr->StartPtr =3D NewStart; + OutVarTrackPtr->EndPtr =3D GetEndPointer (VarStore); + + Status =3D FindVariableEx (VariableName, VendorGuid, FALSE, OutVarTrac= kPtr, AuthFormat); + if ((OutVarTrackPtr->CurrPtr =3D=3D NULL) || EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + } + + if ( (VarStore =3D=3D mNvVariableCache) + || ((UINTN)VarStore =3D=3D (UINTN)mVariableModuleGlobal->VariableGlob= al.NonVolatileVariableBase)) + { + OutVarTrackPtr->Volatile =3D FALSE; + } + + return EFI_SUCCESS; +} + +/** + Check if the given variable is from HOB. + + @param[in] CacheVariable Pointer to current variable in cache. + + @retval TRUE The variable is from HOB. + @retval FALSE The variable is NOT from HOB. + +**/ +BOOLEAN +IsHobVariable ( + IN VARIABLE_POINTER_TRACK *CacheVariable + ) +{ + VARIABLE_STORE_HEADER *HobVarStore; + + HobVarStore =3D (VARIABLE_STORE_HEADER *)(UINTN) + mVariableModuleGlobal->VariableGlobal.HobVariableBase; + return (CacheVariable->CurrPtr !=3D NULL && + HobVarStore !=3D NULL && + CacheVariable->StartPtr =3D=3D GetStartPointer (HobVarStore)); +} + +/** + Get temporary buffer for a new variable data. + + @retval Pointer to the buffer address. + +**/ +VARIABLE_HEADER * +GetNewVariableBuffer ( + VOID + ) +{ + VARIABLE_HEADER *NewVariable; + VARIABLE_STORE_HEADER *VarStore; + + // + // Tricky part: Use scratch data area at the end of volatile variable st= ore + // as a temporary storage. + // + VarStore =3D (VARIABLE_STORE_HEADER *)(UINTN) + mVariableModuleGlobal->VariableGlobal.VolatileVariableBase; + NewVariable =3D GetEndPointer (VarStore); + + SetMem (NewVariable, mVariableModuleGlobal->ScratchBufferSize, 0xff); + + return NewVariable; +} + +/** + Delete old copies of variable completely. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Variable Pointer to current variable on storag= e. + @param[in,out] CacheVariable Pointer to current variable in cache. + @param[in] VolatileFlag Auth-variable indicator. + + @retval EFI_SUCCESS Variable(s) were deleted successfully. + @retval Others Failed to update variable state. + +**/ +EFI_STATUS +DeleteVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VARIABLE_POINTER_TRACK *Variable, + IN OUT VARIABLE_POINTER_TRACK *CacheVariable, + IN BOOLEAN VolatileFlag + ) +{ + EFI_STATUS Status; + + if (Variable->InDeletedTransitionPtr !=3D NULL) { + ASSERT (CacheVariable->InDeletedTransitionPtr !=3D NULL); + // + // Both ADDED and IN_DELETED_TRANSITION variable are present, + // set IN_DELETED_TRANSITION one to DELETED state first. + // + Status =3D UpdateVariableState ( + Variable->InDeletedTransitionPtr, + CacheVariable->InDeletedTransitionPtr, + CacheVariable->InDeletedTransitionPtr->State & VAR_DELETED, + VolatileFlag + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + ASSERT (CacheVariable->CurrPtr !=3D NULL); + Status =3D UpdateVariableState ( + Variable->CurrPtr, + CacheVariable->CurrPtr, + CacheVariable->CurrPtr->State & VAR_DELETED, + VolatileFlag + ); + + if (!EFI_ERROR (Status)) { + UpdateVariableInfo ( + VariableName, + VendorGuid, + Variable->Volatile, + FALSE, + FALSE, + TRUE, + FALSE, + &gVariableInfo + ); + if (!Variable->Volatile) { + FlushHobVariableToFlash (VariableName, VendorGuid); + } + } + + return Status; +} + +/** + Check if it's the right time to update a variable. + + @param[in] Attributes Attributes of a variable. + + @retval TRUE It's ready for variable update. + @retval FALSE It's NOT ready for variable update. + +**/ +BOOLEAN +ReadyForUpdate ( + IN UINT32 Attributes + ) +{ + if ((mVariableModuleGlobal->FvbInstance =3D=3D NULL) && + !mVariableModuleGlobal->VariableGlobal.EmuNvMode) + { + // + // The FVB protocol is not ready, so the EFI_VARIABLE_WRITE_ARCH_PROTO= COL + // is not installed. + // + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) !=3D 0) { + // + // Trying to update NV variable prior to the installation of + // EFI_VARIABLE_WRITE_ARCH_PROTOCOL + // + DEBUG (( + DEBUG_ERROR, + "Update NV variable before EFI_VARIABLE_WRITE_ARCH_PROTOCOL ready = - %r\n", + EFI_NOT_AVAILABLE_YET + )); + return FALSE; + } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) !=3D 0) { + // + // Trying to update volatile authenticated variable prior to the + // installation of EFI_VARIABLE_WRITE_ARCH_PROTOCOL. The authenticat= ed + // variable perhaps is not initialized, just return here. + // + DEBUG (( + DEBUG_ERROR, + "Update AUTH variable before EFI_VARIABLE_WRITE_ARCH_PROTOCOL read= y - %r\n", + EFI_NOT_AVAILABLE_YET + )); + return FALSE; + } + } + + return TRUE; +} + +/** + Check parameters associated with the variable to update. + + @param[in] Variable Pointer to current variable on storage. + @param[in] CacheVariable Pointer to current variable in cache. + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Variable data. + @param[in] DataSize Size of data. 0 means delete. + @param[in] Attributes Attributes of the variable. + @param[in] KeyIndex Index of associated public key. + @param[in] MonotonicCount Value of associated monotonic count. + @param[in] TimeStamp Value of associated TimeStamp. + + @retval EFI_SUCCESS The variable is ok to be updated. + @retval EFI_ALREADY_STARTED No need to update the variable. + @retval EFI_WRITE_PROTECTED The variable cannot be updated. + @retval EFI_INVALID_PARAMETER The variable attributes are not valid. + @retval EFI_NOT_FOUND Trying to delete non-existing variable. + +**/ +EFI_STATUS +ValidateVariableParameters ( + IN VARIABLE_POINTER_TRACK *Variable, + IN VARIABLE_POINTER_TRACK *CacheVariable, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN UINT32 KeyIndex, + IN UINT64 MonotonicCount, + IN EFI_TIME *TimeStamp + ) +{ + BOOLEAN AuthFlag; + + AuthFlag =3D mVariableModuleGlobal->VariableGlobal.AuthFormat; + + if ((DataSize =3D=3D 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != =3D 0)) { + return EFI_ALREADY_STARTED; + } + + if (Variable->CurrPtr !=3D NULL) { + // + // Update/Delete existing variable. + // + if (AtRuntime ()) { + // + // If AtRuntime and the variable is Volatile and Runtime Access, + // the volatile is ReadOnly, and SetVariable should be aborted and + // return EFI_WRITE_PROTECTED. + // + if (Variable->Volatile) { + return EFI_WRITE_PROTECTED; + } + + // + // Only variable that have NV attributes can be updated/deleted in R= untime. + // + if ((CacheVariable->CurrPtr->Attributes & EFI_VARIABLE_NON_VOLATILE)= =3D=3D 0) { + return EFI_INVALID_PARAMETER; + } + + // + // Only variable that have RT attributes can be updated/deleted in R= untime. + // + if ((CacheVariable->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCES= S) =3D=3D 0) { + return EFI_INVALID_PARAMETER; + } + } + + // + // Variable content unchanged and no need to update timestamp, just re= turn. + // + if ( ((Attributes & EFI_VARIABLE_APPEND_WRITE) =3D=3D 0) + && (TimeStamp =3D=3D NULL) + && (DataSizeOfVariable (CacheVariable->CurrPtr, AuthFlag) =3D=3D Da= taSize) + && (CompareMem (Data, GetVariableDataPtr (CacheVariable->CurrPtr, A= uthFlag), DataSize) =3D=3D 0)) + { + UpdateVariableInfo ( + VariableName, + VendorGuid, + Variable->Volatile, + FALSE, + TRUE, + FALSE, + FALSE, + &gVariableInfo + ); + return EFI_ALREADY_STARTED; + } + } else { + // + // Create a new variable. + // + + // + // Make sure we are trying to create a new variable. You cannot delete= a new + // variable. + // + if ((DataSize =3D=3D 0) || + ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS|EFI_VARIABLE_BOOTSERVI= CE_ACCESS)) =3D=3D 0)) + { + return EFI_NOT_FOUND; + } + + // + // Only variable have NV|RT attribute can be created in Runtime. + // + if ( AtRuntime () + && ( ((Attributes & EFI_VARIABLE_RUNTIME_ACCESS) =3D=3D 0) + || ((Attributes & EFI_VARIABLE_NON_VOLATILE) =3D=3D 0))) + { + return EFI_INVALID_PARAMETER; + } + } + + return EFI_SUCCESS; +} + +/** + Update the variable region with Variable information. If EFI_VARIABLE_AU= THENTICATED_WRITE_ACCESS is set, + index of associated public key is needed. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Variable data. + @param[in] DataSize Size of data. 0 means delete. + @param[in] Attributes Attributes of the variable. + @param[in] KeyIndex Index of associated public key. + @param[in] MonotonicCount Value of associated monotonic count. + @param[in,out] CacheVariable The variable information which is used + to keep track of variable usage. + @param[in] TimeStamp Value of associated TimeStamp. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_OUT_OF_RESOURCES Variable region is full, can not write oth= er data into this region. + +**/ +EFI_STATUS +UpdateVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL, + IN UINT32 KeyIndex OPTIONAL, + IN UINT64 MonotonicCount OPTIONAL, + IN OUT VARIABLE_POINTER_TRACK *CacheVariable, + IN EFI_TIME *TimeStamp OPTIONAL + ) +{ + EFI_STATUS Status; + VARIABLE_GLOBAL *VarGlobal; + VARIABLE_HEADER *NewVariable; + VARIABLE_HEADER *NextVariable; + VARIABLE_HEADER *UpdatingVariable; + UINTN VarSize; + UINTN UpdateSize; + UINTN Offset; + VARIABLE_POINTER_TRACK *Variable; + VARIABLE_POINTER_TRACK NvVariable; + VARIABLE_STORE_HEADER *VariableStoreHeader; + VARIABLE_RUNTIME_CACHE *VolatileCacheInstance; + BOOLEAN IsCommonVariable; + BOOLEAN IsCommonUserVariable; + BOOLEAN DeleteFlag; + BOOLEAN VolatileFlag; + BOOLEAN HobVarOnlyFlag; + EFI_PHYSICAL_ADDRESS VarStoreBase; + UINTN *LastVariableOffset; + + if (!ReadyForUpdate (Attributes)) { + return EFI_NOT_AVAILABLE_YET; + } + + VarGlobal =3D &mVariableModuleGlobal->VariableGlobal; + + if ( (((Attributes & EFI_VARIABLE_APPEND_WRITE) =3D=3D 0) && (DataSize = =3D=3D 0)) + || (Attributes =3D=3D 0) + || (AtRuntime () && ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS + |EFI_VARIABLE_BOOTSERVICE_ACCESS)= ) =3D=3D 0))) + { + DeleteFlag =3D TRUE; + } else { + DeleteFlag =3D FALSE; + } + + if ( ((Attributes & EFI_VARIABLE_NON_VOLATILE) !=3D 0) + || ((CacheVariable->CurrPtr !=3D NULL) && + ((CacheVariable->CurrPtr->Attributes & EFI_VARIABLE_NON_VOLATILE)= !=3D 0))) + { + VolatileFlag =3D FALSE; + } else { + VolatileFlag =3D TRUE; + } + + // + // Check if CacheVariable points to the variable in variable HOB. + // If yes, let CacheVariable points to the variable in NV variable cache. + // + HobVarOnlyFlag =3D FALSE; + if (IsHobVariable (CacheVariable)) { + Status =3D RebaseVariablePtr ( + CacheVariable, + CacheVariable, + mNvVariableCache, + VariableName, + VendorGuid, + FALSE + ); + if ((CacheVariable->CurrPtr =3D=3D NULL) || EFI_ERROR (Status)) { + // + // There is no matched variable in NV variable cache. + // + if (DeleteFlag) { + // + // Leave the deletion to FlushHobVariableToFlash() before return. + // + HobVarOnlyFlag =3D TRUE; + Status =3D EFI_SUCCESS; + goto Done; + } + } + } + + // + // Determine the physical position of variable store to update, due to c= ache + // mechanims of variable service. + // + if ((CacheVariable->CurrPtr =3D=3D NULL) || CacheVariable->Volatile) { + // + // - Add new variable (volatile or non-volatile); Or + // - Update/delete volatile variable in place. + // + Variable =3D CacheVariable; + } else { + // + // - Update/Delete existing NV variable. + // CacheVariable points to the variable in the memory copy of Flash= area. + // Now let Variable points to the same variable in Flash area. + // + VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)(UINTN) + VarGlobal->NonVolatileVariableBase; + Variable =3D &NvVariable; + Status =3D RebaseVariablePtr ( + CacheVariable, + Variable, + VariableStoreHeader, + VariableName, + VendorGuid, + TRUE + ); + ASSERT_EFI_ERROR (Status); + } + + // + // Validate variable parameters. + // + Status =3D ValidateVariableParameters ( + Variable, + CacheVariable, + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + KeyIndex, + MonotonicCount, + TimeStamp + ); + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Add or update a variable. Allocate a buffer to hold it temporarily. + // + NewVariable =3D GetNewVariableBuffer (); + + // + // Fill-up variable data first, if necessary. + // + IsCommonVariable =3D FALSE; + IsCommonUserVariable =3D FALSE; + if (DeleteFlag) { + // + // No need to fill up variable buffer when deleting a variable. But the + // buffer is still needed if variable protection is employed. + // + VarSize =3D 0; + } else { + VarSize =3D SetVariableData ( + NewVariable, + CacheVariable->CurrPtr, + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + KeyIndex, + MonotonicCount, + TimeStamp + ); + + if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) =3D=3D 0) { + IsCommonVariable =3D TRUE; + IsCommonUserVariable =3D IsUserVariable (NewVariable); + } + } + + // + // We might need to do protection for non-volatile variable before flush= ing + // the data to storage. A null version (meaning no protection) of follow= ing + // APIs should simply return EFI_SUCCESS or EFI_UNSUPPORTED without any + // changes to original data. + // + if (!VolatileFlag) { + Status =3D ProtectedVariableLibUpdate ( + Variable->CurrPtr, + Variable->InDeletedTransitionPtr, + NewVariable, + &VarSize + ); + if (EFI_ERROR (Status) && (Status !=3D EFI_UNSUPPORTED)) { + return Status; + } + + Status =3D EFI_SUCCESS; + } + + // + // Mark the old variable as in delete transition first. There's no such = need + // for deleting a variable, even if variable protection is employed. + // + if ( !DeleteFlag + && (CacheVariable->CurrPtr !=3D NULL) + && ( (CacheVariable->CurrPtr->State =3D=3D VAR_ADDED) + || (CacheVariable->CurrPtr->State =3D=3D (VAR_ADDED & VAR_IN_DELET= ED_TRANSITION)))) + { + Status =3D UpdateVariableState ( + Variable->CurrPtr, + CacheVariable->CurrPtr, + CacheVariable->CurrPtr->State & VAR_IN_DELETED_TRANSITION, + Variable->Volatile + ); + if (EFI_ERROR (Status)) { + goto Done; + } + } + + // + // Have enough space to store the variable? + // + Status =3D CheckVariableStoreSpace ( + NewVariable, + VarSize, + VariableName, + VendorGuid, + Attributes, + VolatileFlag + ); + if (Status =3D=3D EFI_OUT_OF_RESOURCES) { + // + // Not a chance. + // + goto Done; + } + + // + // Maybe not... + // + VarStoreBase =3D (VolatileFlag) ? VarGlobal->VolatileVariableBase + : VarGlobal->NonVolatileVariableBase; + LastVariableOffset =3D (VolatileFlag) + ? &mVariableModuleGlobal->VolatileLastVariableOffs= et + : &mVariableModuleGlobal->NonVolatileLastVariableO= ffset; + if (!EFI_ERROR (Status)) { + // + // There's enough free space at the tail of variable storage. + // + + // + // If non-volatile variable is protected, a separate variable (MetaDat= aHmacVar) + // is always updated along with current updating variable. The buffer = pointed + // by NewVariable must have two variables. They should be written at t= his + // time orderly. + // + NextVariable =3D NewVariable; + UpdatingVariable =3D NULL; + UpdateSize =3D 0; + while ( !EFI_ERROR (Status) + && ((UINTN)NextVariable - (UINTN)NewVariable) < VarSize) + { + UpdatingVariable =3D NextVariable; + NextVariable =3D GetNextVariablePtr (UpdatingVariable, VarGlobal= ->AuthFormat); + UpdateSize =3D (UINTN)NextVariable - (UINTN)UpdatingVariable; + + Status =3D WriteVariable ( + VarStoreBase, + LastVariableOffset, + &UpdatingVariable, + (UINT32)UpdateSize, + VolatileFlag, + VarGlobal->AuthFormat + ); + } + + // + // UpdatingVariable must point to the last written variable. Restore i= t to + // the first one so that we can calculate the offset in variable stora= ge. + // + UpdatingVariable =3D (VARIABLE_HEADER *)((UINTN)UpdatingVariable + Upd= ateSize + - VarSize); + if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) !=3D 0) { + mVariableModuleGlobal->HwErrVariableTotalSize +=3D VarSize; + } else { + mVariableModuleGlobal->CommonVariableTotalSize +=3D VarSize; + if (IsCommonUserVariable) { + mVariableModuleGlobal->CommonUserVariableTotalSize +=3D VarSize; + } + } + + // + // Mark the old variable(s) as deleted. + // + if (!EFI_ERROR (Status) && (Variable->CurrPtr !=3D NULL)) { + Status =3D DeleteVariable ( + VariableName, + VendorGuid, + Variable, + CacheVariable, + VolatileFlag + ); + } + } else { + // + // There's not enough space at the tail of variable storage but there's + // enough free space holes in the whole storage. Perform garbage colle= ction + // & reclaim operation, and integrate the new variable at the same tim= e. + // + Status =3D Reclaim ( + VarStoreBase, + LastVariableOffset, + VolatileFlag, + Variable, + NewVariable, + VarSize + ); + + if (Variable->CurrPtr !=3D NULL) { + UpdatingVariable =3D Variable->CurrPtr; + } else { + UpdatingVariable =3D (VARIABLE_HEADER *)(((UINTN)VarStoreBase + *Las= tVariableOffset) - VarSize); + } + + if (EFI_ERROR (Status) && + ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) =3D=3D 0)) + { + // + // Out of space. + // + IsCommonUserVariable =3D IsUserVariable (NewVariable); + IsCommonVariable =3D TRUE; + + if (IsCommonUserVariable && + ((VarSize + mVariableModuleGlobal->CommonUserVariableTotalSize) + > mVariableModuleGlobal->CommonMaxUserVariableSpace)) + { + RecordVarErrorFlag ( + VAR_ERROR_FLAG_USER_ERROR, + VariableName, + VendorGuid, + Attributes, + VarSize + ); + } + + if (IsCommonVariable && + ((VarSize + mVariableModuleGlobal->CommonVariableTotalSize) + > mVariableModuleGlobal->CommonVariableSpace)) + { + RecordVarErrorFlag ( + VAR_ERROR_FLAG_SYSTEM_ERROR, + VariableName, + VendorGuid, + Attributes, + VarSize + ); + } + } + } + +Done: + if (!EFI_ERROR (Status)) { + if (!VolatileFlag) { + Offset =3D (UpdatingVariable !=3D NULL) ? (UINTN)UpdatingVariable - = (UINTN)VarStoreBase + : 0; + Status =3D ProtectedVariableLibWriteFinal ( + NewVariable, + VarSize, + Offset + ); + if (EFI_ERROR (Status) && (Status !=3D EFI_UNSUPPORTED)) { + return Status; + } + + Status =3D EFI_SUCCESS; + } + + UpdateVariableInfo ( + VariableName, + VendorGuid, + VolatileFlag, + FALSE, + TRUE, + FALSE, + FALSE, + &gVariableInfo + ); + // + // HOB copy of the same variable is no longer needed, no matter it has + // been deleted, updated or added from/to real variable storage. + // + if (HobVarOnlyFlag || !VolatileFlag) { + FlushHobVariableToFlash (VariableName, VendorGuid); + } + + if (!VolatileFlag) { + VolatileCacheInstance =3D &(VarGlobal->VariableRuntimeCacheContext.V= ariableRuntimeNvCache); + } else { + VolatileCacheInstance =3D &(VarGlobal->VariableRuntimeCacheContext.V= ariableRuntimeVolatileCache); + } + + if (VolatileCacheInstance->Store !=3D NULL) { + Status =3D SynchronizeRuntimeVariableCache ( + VolatileCacheInstance, + 0, + VolatileCacheInstance->Store->Size + ); + ASSERT_EFI_ERROR (Status); + } + } else if (Status =3D=3D EFI_ALREADY_STARTED) { + // + // Meaning nothing needs to be done. Just return success. + // + Status =3D EFI_SUCCESS; + } + + return Status; +} + +/** + + This code finds variable in storage blocks (Volatile or Non-Volatile). + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize is external input. + This function will do basic validation, before parse the data. + + @param VariableName Name of Variable to be found. + @param VendorGuid Variable vendor GUID. + @param Attributes Attribute value of the variable found. + @param DataSize Size of Data found. If size is less th= an the + data, this value contains the required= size. + @param Data The buffer to return the contents of t= he variable. May be NULL + with a zero DataSize in order to deter= mine the size buffer needed. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SUCCESS Find the specified variable. + @return EFI_NOT_FOUND Not found. + @return EFI_BUFFER_TO_SMALL DataSize is too small for the result. + +**/ +EFI_STATUS +EFIAPI +VariableServiceGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + EFI_STATUS Status; + VARIABLE_POINTER_TRACK Variable; + + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (DataSize = =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (VariableName[0] =3D=3D 0) { + return EFI_NOT_FOUND; + } + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + Status =3D FindVariable (VariableName, VendorGuid, &Variable, &mVariable= ModuleGlobal->VariableGlobal, FALSE); + if ((Variable.CurrPtr =3D=3D NULL) || EFI_ERROR (Status)) { + goto Done; + } + + // + // Get data and its size + // + if (!Variable.Volatile) { + // + // Currently only non-volatile variable needs protection. + // + Status =3D ProtectedVariableLibGetByBuffer ( + Variable.CurrPtr, + Data, + (UINT32 *)DataSize, + mVariableModuleGlobal->VariableGlobal.AuthFormat + ); + } + + if (Variable.Volatile || (Status =3D=3D EFI_UNSUPPORTED)) { + Status =3D GetVariableData (Variable.CurrPtr, Data, (UINT32 *)DataSize= , mVariableModuleGlobal->VariableGlobal.AuthFormat); + } + + if (!EFI_ERROR (Status)) { + UpdateVariableInfo (VariableName, VendorGuid, Variable.Volatile, TRUE,= FALSE, FALSE, FALSE, &gVariableInfo); + } + +Done: + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_BUFFER_TOO_SMALL))= { + if ((Attributes !=3D NULL) && (Variable.CurrPtr !=3D NULL)) { + *Attributes =3D Variable.CurrPtr->Attributes; + } + } + + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + return Status; +} + +/** + + This code Finds the Next available variable. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param VariableNameSize The size of the VariableName buffer. T= he size must be large + enough to fit input string supplied in= VariableName buffer. + @param VariableName Pointer to variable name. + @param VendorGuid Variable Vendor Guid. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The next variable was not found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for = the result. + VariableNameSize has been updated with= the size needed to complete the request. + @retval EFI_INVALID_PARAMETER VariableNameSize is NULL. + @retval EFI_INVALID_PARAMETER VariableName is NULL. + @retval EFI_INVALID_PARAMETER VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER The input values of VariableName and V= endorGuid are not a name and + GUID of an existing variable. + @retval EFI_INVALID_PARAMETER Null-terminator is not found in the fi= rst VariableNameSize bytes of + the input VariableName buffer. + +**/ +EFI_STATUS +EFIAPI +VariableServiceGetNextVariableName ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + UINTN MaxLen; + UINTN VarNameSize; + BOOLEAN AuthFormat; + VARIABLE_HEADER *VariablePtr; + VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax]; + + if ((VariableNameSize =3D=3D NULL) || (VariableName =3D=3D NULL) || (Ven= dorGuid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + AuthFormat =3D mVariableModuleGlobal->VariableGlobal.AuthFormat; + + // + // Calculate the possible maximum length of name string, including the N= ull terminator. + // + MaxLen =3D *VariableNameSize / sizeof (CHAR16); + if ((MaxLen =3D=3D 0) || (StrnLenS (VariableName, MaxLen) =3D=3D MaxLen)= ) { + // + // Null-terminator is not found in the first VariableNameSize bytes of= the input VariableName buffer, + // follow spec to return EFI_INVALID_PARAMETER. + // + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + // + // 0: Volatile, 1: HOB, 2: Non-Volatile. + // The index and attributes mapping must be kept in this order as FindVa= riable + // makes use of this mapping to implement search algorithm. + // + VariableStoreHeader[VariableStoreTypeVolatile] =3D (VARIABLE_STORE_HEADE= R *)(UINTN)mVariableModuleGlobal->VariableGlobal.VolatileVariableBase; + VariableStoreHeader[VariableStoreTypeHob] =3D (VARIABLE_STORE_HEADE= R *)(UINTN)mVariableModuleGlobal->VariableGlobal.HobVariableBase; + VariableStoreHeader[VariableStoreTypeNv] =3D mNvVariableCache; + + Status =3D VariableServiceGetNextVariableInternal ( + VariableName, + VendorGuid, + VariableStoreHeader, + &VariablePtr, + AuthFormat + ); + if (!EFI_ERROR (Status)) { + VarNameSize =3D NameSizeOfVariable (VariablePtr, AuthFormat); + ASSERT (VarNameSize !=3D 0); + if (VarNameSize <=3D *VariableNameSize) { + CopyMem ( + VariableName, + GetVariableNamePtr (VariablePtr, AuthFormat), + VarNameSize + ); + CopyMem ( + VendorGuid, + GetVendorGuidPtr (VariablePtr, AuthFormat), + sizeof (EFI_GUID) + ); + Status =3D EFI_SUCCESS; + } else { + Status =3D EFI_BUFFER_TOO_SMALL; + } + + *VariableNameSize =3D VarNameSize; + } + + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + return Status; +} + +/** + + This code sets variable in storage blocks (Volatile or Non-Volatile). + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are exte= rnal input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security = issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication byp= ass. + + @param VariableName Name of Variable to be found. + @param VendorGuid Variable vendor GUID. + @param Attributes Attribute value of the variable = found + @param DataSize Size of Data found. If size is l= ess than the + data, this value contains the re= quired size. + @param Data Data pointer. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SUCCESS Set successfully. + @return EFI_OUT_OF_RESOURCES Resource not enough to set varia= ble. + @return EFI_NOT_FOUND Not found. + @return EFI_WRITE_PROTECTED Variable is read-only. + +**/ +EFI_STATUS +EFIAPI +VariableServiceSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + VARIABLE_POINTER_TRACK Variable; + EFI_STATUS Status; + VARIABLE_HEADER *NextVariable; + EFI_PHYSICAL_ADDRESS Point; + UINTN PayloadSize; + BOOLEAN AuthFormat; + + AuthFormat =3D mVariableModuleGlobal->VariableGlobal.AuthFormat; + + // + // Check input parameters. + // + if ((VariableName =3D=3D NULL) || (VariableName[0] =3D=3D 0) || (VendorG= uid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((DataSize !=3D 0) && (Data =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Check for reserverd bit in variable attribute. + // EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated but we still al= low + // the delete operation of common authenticated variable at user physica= l presence. + // So leave EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute check to A= uthVariableLib + // + if ((Attributes & (~(EFI_VARIABLE_ATTRIBUTES_MASK | EFI_VARIABLE_AUTHENT= ICATED_WRITE_ACCESS))) !=3D 0) { + return EFI_INVALID_PARAMETER; + } + + // + // Check if the combination of attribute bits is valid. + // + if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVIC= E_ACCESS)) =3D=3D EFI_VARIABLE_RUNTIME_ACCESS) { + // + // Make sure if runtime bit is set, boot service bit is set also. + // + if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) !=3D 0) { + return EFI_UNSUPPORTED; + } else { + return EFI_INVALID_PARAMETER; + } + } else if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) =3D=3D EFI_VARIAB= LE_NON_VOLATILE) { + // + // Only EFI_VARIABLE_NON_VOLATILE attribute is invalid + // + return EFI_INVALID_PARAMETER; + } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) !=3D 0) { + if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) { + // + // Not support authenticated variable write. + // + return EFI_INVALID_PARAMETER; + } + } else if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) !=3D 0) { + if (PcdGet32 (PcdHwErrStorageSize) =3D=3D 0) { + // + // Not support harware error record variable variable. + // + return EFI_INVALID_PARAMETER; + } + } + + // + // EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and EFI_VARIABLE_TIME_BASED_A= UTHENTICATED_WRITE_ACCESS attribute + // cannot be set both. + // + if ( ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) =3D=3D EFI= _VARIABLE_AUTHENTICATED_WRITE_ACCESS) + && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)= =3D=3D EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) + { + return EFI_UNSUPPORTED; + } + + if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) =3D=3D EFI_VA= RIABLE_AUTHENTICATED_WRITE_ACCESS) { + // + // If DataSize =3D=3D AUTHINFO_SIZE and then PayloadSize is 0. + // Maybe it's the delete operation of common authenticated variable a= t user physical presence. + // + if (DataSize !=3D AUTHINFO_SIZE) { + return EFI_UNSUPPORTED; + } + + PayloadSize =3D DataSize - AUTHINFO_SIZE; + } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACC= ESS) =3D=3D EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) { + // + // Sanity check for EFI_VARIABLE_AUTHENTICATION_2 descriptor. + // + if ((DataSize < OFFSET_OF_AUTHINFO2_CERT_DATA) || + (((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->AuthInfo.Hdr.dwLength > = DataSize - (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo))) || + (((EFI_VARIABLE_AUTHENTICATION_2 *)Data)->AuthInfo.Hdr.dwLength < = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData))) + { + return EFI_SECURITY_VIOLATION; + } + + // + // The VariableSpeculationBarrier() call here is to ensure the above s= anity + // check for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been com= pleted + // before the execution of subsequent codes. + // + VariableSpeculationBarrier (); + PayloadSize =3D DataSize - AUTHINFO2_SIZE (Data); + } else { + PayloadSize =3D DataSize; + } + + if ((UINTN)(~0) - PayloadSize < StrSize (VariableName)) { + // + // Prevent whole variable size overflow + // + return EFI_INVALID_PARAMETER; + } + + // + // The size of the VariableName, including the Unicode Null in bytes pl= us + // the DataSize is limited to maximum size of PcdGet32 (PcdMaxHardwareE= rrorVariableSize) + // bytes for HwErrRec#### variable. + // + if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) =3D=3D EFI_VARIABL= E_HARDWARE_ERROR_RECORD) { + if (StrSize (VariableName) + PayloadSize > + PcdGet32 (PcdMaxHardwareErrorVariableSize) - GetVariableHeaderSize= (AuthFormat)) + { + return EFI_INVALID_PARAMETER; + } + } else { + // + // The size of the VariableName, including the Unicode Null in bytes = plus + // the DataSize is limited to maximum size of Max(Auth|Volatile)Varia= bleSize bytes. + // + if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) !=3D 0) { + if (StrSize (VariableName) + PayloadSize > + mVariableModuleGlobal->MaxAuthVariableSize - + GetVariableHeaderSize (AuthFormat)) + { + DEBUG (( + DEBUG_ERROR, + "%a: Failed to set variable '%s' with Guid %g\n", + __FUNCTION__, + VariableName, + VendorGuid + )); + DEBUG (( + DEBUG_ERROR, + "NameSize(0x%x) + PayloadSize(0x%x) > " + "MaxAuthVariableSize(0x%x) - HeaderSize(0x%x)\n", + StrSize (VariableName), + PayloadSize, + mVariableModuleGlobal->MaxAuthVariableSize, + GetVariableHeaderSize (AuthFormat) + )); + return EFI_INVALID_PARAMETER; + } + } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) !=3D 0) { + if (StrSize (VariableName) + PayloadSize > + mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize (= AuthFormat)) + { + DEBUG (( + DEBUG_ERROR, + "%a: Failed to set variable '%s' with Guid %g\n", + __FUNCTION__, + VariableName, + VendorGuid + )); + DEBUG (( + DEBUG_ERROR, + "NameSize(0x%x) + PayloadSize(0x%x) > " + "MaxVariableSize(0x%x) - HeaderSize(0x%x)\n", + StrSize (VariableName), + PayloadSize, + mVariableModuleGlobal->MaxVariableSize, + GetVariableHeaderSize (AuthFormat) + )); + return EFI_INVALID_PARAMETER; + } + } else { + if (StrSize (VariableName) + PayloadSize > + mVariableModuleGlobal->MaxVolatileVariableSize - GetVariableHead= erSize (AuthFormat)) + { + DEBUG (( + DEBUG_ERROR, + "%a: Failed to set variable '%s' with Guid %g\n", + __FUNCTION__, + VariableName, + VendorGuid + )); + DEBUG (( + DEBUG_ERROR, + "NameSize(0x%x) + PayloadSize(0x%x) > " + "MaxVolatileVariableSize(0x%x) - HeaderSize(0x%x)\n", + StrSize (VariableName), + PayloadSize, + mVariableModuleGlobal->MaxVolatileVariableSize, + GetVariableHeaderSize (AuthFormat) + )); + return EFI_INVALID_PARAMETER; + } + } + } + + // + // Special Handling for MOR Lock variable. + // + Status =3D SetVariableCheckHandlerMor (VariableName, VendorGuid, Attribu= tes, PayloadSize, (VOID *)((UINTN)Data + DataSize - PayloadSize)); + if (Status =3D=3D EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled insid= e of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; + } + + if (EFI_ERROR (Status)) { + return Status; + } + + Status =3D VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attrib= utes, PayloadSize, (VOID *)((UINTN)Data + DataSize - PayloadSize), mRequest= Source); + if (EFI_ERROR (Status)) { + return Status; + } + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + // + // Consider reentrant in MCA/INIT/NMI. It needs be reupdated. + // + if (1 < InterlockedIncrement (&mVariableModuleGlobal->VariableGlobal.Ree= ntrantState)) { + Point =3D mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBas= e; + // + // Parse non-volatile variable data and get last variable offset. + // + NextVariable =3D GetStartPointer ((VARIABLE_STORE_HEADER *)(UINTN)Poin= t); + while (IsValidVariableHeader (NextVariable, GetEndPointer ((VARIABLE_S= TORE_HEADER *)(UINTN)Point), AuthFormat)) { + NextVariable =3D GetNextVariablePtr (NextVariable, AuthFormat); + } + + mVariableModuleGlobal->NonVolatileLastVariableOffset =3D (UINTN)NextVa= riable - (UINTN)Point; + } + + // + // Check whether the input variable is already existed. + // + Status =3D FindVariable (VariableName, VendorGuid, &Variable, &mVariable= ModuleGlobal->VariableGlobal, TRUE); + if (!EFI_ERROR (Status)) { + if (((Variable.CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) =3D= =3D 0) && AtRuntime ()) { + Status =3D EFI_WRITE_PROTECTED; + goto Done; + } + + if ((Attributes !=3D 0) && ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)= ) !=3D Variable.CurrPtr->Attributes)) { + // + // If a preexisting variable is rewritten with different attributes,= SetVariable() shall not + // modify the variable and shall return EFI_INVALID_PARAMETER. Two e= xceptions to this rule: + // 1. No access attributes specified + // 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE + // + Status =3D EFI_INVALID_PARAMETER; + DEBUG ((DEBUG_INFO, "[Variable]: Rewritten a preexisting variable(0x= %08x) with different attributes(0x%08x) - %g:%s\n", Variable.CurrPtr->Attri= butes, Attributes, VendorGuid, VariableName)); + goto Done; + } + } + + if (!FeaturePcdGet (PcdUefiVariableDefaultLangDeprecate)) { + // + // Hook the operation of setting PlatformLangCodes/PlatformLang and La= ngCodes/Lang. + // + Status =3D AutoUpdateLangVariable (VariableName, Data, DataSize); + if (EFI_ERROR (Status)) { + // + // The auto update operation failed, directly return to avoid incons= istency between PlatformLang and Lang. + // + goto Done; + } + } + + if (mVariableModuleGlobal->VariableGlobal.AuthSupport) { + Status =3D AuthVariableLibProcessVariable (VariableName, VendorGuid, D= ata, DataSize, Attributes); + } else { + Status =3D UpdateVariable (VariableName, VendorGuid, Data, DataSize, A= ttributes, 0, 0, &Variable, NULL); + } + +Done: + InterlockedDecrement (&mVariableModuleGlobal->VariableGlobal.ReentrantSt= ate); + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + if (!AtRuntime ()) { + if (!EFI_ERROR (Status)) { + SecureBootHook ( + VariableName, + VendorGuid + ); + } + } + + return Status; +} + +/** + + This code returns information about the EFI variables. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param Attributes Attributes bitmask to specify the = type of variables + on which to return information. + @param MaximumVariableStorageSize Pointer to the maximum size of the= storage space available + for the EFI variables associated w= ith the attributes specified. + @param RemainingVariableStorageSize Pointer to the remaining size of t= he storage space available + for EFI variables associated with = the attributes specified. + @param MaximumVariableSize Pointer to the maximum size of an = individual EFI variables + associated with the attributes spe= cified. + + @return EFI_SUCCESS Query successfully. + +**/ +EFI_STATUS +EFIAPI +VariableServiceQueryVariableInfoInternal ( + IN UINT32 Attributes, + OUT UINT64 *MaximumVariableStorageSize, + OUT UINT64 *RemainingVariableStorageSize, + OUT UINT64 *MaximumVariableSize + ) +{ + VARIABLE_HEADER *Variable; + VARIABLE_HEADER *NextVariable; + UINT64 VariableSize; + VARIABLE_STORE_HEADER *VariableStoreHeader; + UINT64 CommonVariableTotalSize; + UINT64 HwErrVariableTotalSize; + EFI_STATUS Status; + VARIABLE_POINTER_TRACK VariablePtrTrack; + + CommonVariableTotalSize =3D 0; + HwErrVariableTotalSize =3D 0; + + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) =3D=3D 0) { + // + // Query is Volatile related. + // + VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)((UINTN)mVariableModu= leGlobal->VariableGlobal.VolatileVariableBase); + } else { + // + // Query is Non-Volatile related. + // + VariableStoreHeader =3D mNvVariableCache; + } + + // + // Now let's fill *MaximumVariableStorageSize *RemainingVariableStorageS= ize + // with the storage size (excluding the storage header size). + // + *MaximumVariableStorageSize =3D VariableStoreHeader->Size - sizeof (VARI= ABLE_STORE_HEADER); + + // + // Harware error record variable needs larger size. + // + if ((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERR= OR_RECORD)) =3D=3D (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR= _RECORD)) { + *MaximumVariableStorageSize =3D PcdGet32 (PcdHwErrStorageSize); + *MaximumVariableSize =3D PcdGet32 (PcdMaxHardwareErrorVariable= Size) - + GetVariableHeaderSize (mVariableModuleGl= obal->VariableGlobal.AuthFormat); + } else { + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) !=3D 0) { + if (AtRuntime ()) { + *MaximumVariableStorageSize =3D mVariableModuleGlobal->CommonRunti= meVariableSpace; + } else { + *MaximumVariableStorageSize =3D mVariableModuleGlobal->CommonVaria= bleSpace; + } + } + + // + // Let *MaximumVariableSize be Max(Auth|Volatile)VariableSize with the= exception of the variable header size. + // + if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) !=3D 0) { + *MaximumVariableSize =3D mVariableModuleGlobal->MaxAuthVariableSize= - + GetVariableHeaderSize (mVariableModuleGlobal-= >VariableGlobal.AuthFormat); + } else if ((Attributes & EFI_VARIABLE_NON_VOLATILE) !=3D 0) { + *MaximumVariableSize =3D mVariableModuleGlobal->MaxVariableSize - + GetVariableHeaderSize (mVariableModuleGlobal-= >VariableGlobal.AuthFormat); + } else { + *MaximumVariableSize =3D mVariableModuleGlobal->MaxVolatileVariabl= eSize - + GetVariableHeaderSize (mVariableModuleGlobal-= >VariableGlobal.AuthFormat); + } + } + + // + // Point to the starting address of the variables. + // + Variable =3D GetStartPointer (VariableStoreHeader); + + // + // Now walk through the related variable store. + // + while (IsValidVariableHeader ( + Variable, + GetEndPointer (VariableStoreHeader), + mVariableModuleGlobal->VariableGlobal.AuthFormat + )) + { + NextVariable =3D GetNextVariablePtr (Variable, mVariableModuleGlobal->= VariableGlobal.AuthFormat); + VariableSize =3D (UINT64)(UINTN)NextVariable - (UINT64)(UINTN)Variable; + + if (AtRuntime ()) { + // + // We don't take the state of the variables in mind + // when calculating RemainingVariableStorageSize, + // since the space occupied by variables not marked with + // VAR_ADDED is not allowed to be reclaimed in Runtime. + // + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) =3D= =3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + HwErrVariableTotalSize +=3D VariableSize; + } else { + CommonVariableTotalSize +=3D VariableSize; + } + } else { + // + // Only care about Variables with State VAR_ADDED, because + // the space not marked as VAR_ADDED is reclaimable now. + // + if (Variable->State =3D=3D VAR_ADDED) { + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) = =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + HwErrVariableTotalSize +=3D VariableSize; + } else { + CommonVariableTotalSize +=3D VariableSize; + } + } else if (Variable->State =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_A= DDED)) { + // + // If it is a IN_DELETED_TRANSITION variable, + // and there is not also a same ADDED one at the same time, + // this IN_DELETED_TRANSITION variable is valid. + // + VariablePtrTrack.StartPtr =3D GetStartPointer (VariableStoreHeader= ); + VariablePtrTrack.EndPtr =3D GetEndPointer (VariableStoreHeader); + Status =3D FindVariableEx ( + GetVariableNamePtr (Variable, mVaria= bleModuleGlobal->VariableGlobal.AuthFormat), + GetVendorGuidPtr (Variable, mVariabl= eModuleGlobal->VariableGlobal.AuthFormat), + FALSE, + &VariablePtrTrack, + mVariableModuleGlobal->VariableGloba= l.AuthFormat + ); + if (!EFI_ERROR (Status) && (VariablePtrTrack.CurrPtr->State !=3D V= AR_ADDED)) { + if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) = =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + HwErrVariableTotalSize +=3D VariableSize; + } else { + CommonVariableTotalSize +=3D VariableSize; + } + } + } + } + + // + // Go to the next one. + // + Variable =3D NextVariable; + } + + if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) =3D=3D EFI_VARIAB= LE_HARDWARE_ERROR_RECORD) { + *RemainingVariableStorageSize =3D *MaximumVariableStorageSize - HwErrV= ariableTotalSize; + } else { + if (*MaximumVariableStorageSize < CommonVariableTotalSize) { + *RemainingVariableStorageSize =3D 0; + } else { + *RemainingVariableStorageSize =3D *MaximumVariableStorageSize - Comm= onVariableTotalSize; + } + } + + if (*RemainingVariableStorageSize < GetVariableHeaderSize (mVariableModu= leGlobal->VariableGlobal.AuthFormat)) { + *MaximumVariableSize =3D 0; + } else if ((*RemainingVariableStorageSize - GetVariableHeaderSize (mVari= ableModuleGlobal->VariableGlobal.AuthFormat)) < + *MaximumVariableSize + ) + { + *MaximumVariableSize =3D *RemainingVariableStorageSize - + GetVariableHeaderSize (mVariableModuleGlobal->V= ariableGlobal.AuthFormat); + } + + return EFI_SUCCESS; +} + +/** + + This code returns information about the EFI variables. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param Attributes Attributes bitmask to specify the = type of variables + on which to return information. + @param MaximumVariableStorageSize Pointer to the maximum size of the= storage space available + for the EFI variables associated w= ith the attributes specified. + @param RemainingVariableStorageSize Pointer to the remaining size of t= he storage space available + for EFI variables associated with = the attributes specified. + @param MaximumVariableSize Pointer to the maximum size of an = individual EFI variables + associated with the attributes spe= cified. + + @return EFI_INVALID_PARAMETER An invalid combination of attribut= e bits was supplied. + @return EFI_SUCCESS Query successfully. + @return EFI_UNSUPPORTED The attribute is not supported on = this platform. + +**/ +EFI_STATUS +EFIAPI +VariableServiceQueryVariableInfo ( + IN UINT32 Attributes, + OUT UINT64 *MaximumVariableStorageSize, + OUT UINT64 *RemainingVariableStorageSize, + OUT UINT64 *MaximumVariableSize + ) +{ + EFI_STATUS Status; + + if ((MaximumVariableStorageSize =3D=3D NULL) || (RemainingVariableStorag= eSize =3D=3D NULL) || (MaximumVariableSize =3D=3D NULL) || (Attributes =3D= =3D 0)) { + return EFI_INVALID_PARAMETER; + } + + if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) !=3D 0) { + // + // Deprecated attribute, make this check as highest priority. + // + return EFI_UNSUPPORTED; + } + + if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) =3D=3D 0) { + // + // Make sure the Attributes combination is supported by the platform. + // + return EFI_UNSUPPORTED; + } else if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) =3D=3D EFI_VARIAB= LE_NON_VOLATILE) { + // + // Only EFI_VARIABLE_NON_VOLATILE attribute is invalid + // + return EFI_INVALID_PARAMETER; + } else if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOO= TSERVICE_ACCESS)) =3D=3D EFI_VARIABLE_RUNTIME_ACCESS) { + // + // Make sure if runtime bit is set, boot service bit is set also. + // + return EFI_INVALID_PARAMETER; + } else if (AtRuntime () && ((Attributes & EFI_VARIABLE_RUNTIME_ACCESS) = =3D=3D 0)) { + // + // Make sure RT Attribute is set if we are in Runtime phase. + // + return EFI_INVALID_PARAMETER; + } else if ((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDW= ARE_ERROR_RECORD)) =3D=3D EFI_VARIABLE_HARDWARE_ERROR_RECORD) { + // + // Make sure Hw Attribute is set with NV. + // + return EFI_INVALID_PARAMETER; + } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) !=3D 0) { + if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) { + // + // Not support authenticated variable write. + // + return EFI_UNSUPPORTED; + } + } else if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) !=3D 0) { + if (PcdGet32 (PcdHwErrStorageSize) =3D=3D 0) { + // + // Not support harware error record variable variable. + // + return EFI_UNSUPPORTED; + } + } + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + Status =3D VariableServiceQueryVariableInfoInternal ( + Attributes, + MaximumVariableStorageSize, + RemainingVariableStorageSize, + MaximumVariableSize + ); + + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + return Status; +} + +/** + This function reclaims variable storage if free size is below the thresh= old. + + Caution: This function may be invoked at SMM mode. + Care must be taken to make sure not security issue. + +**/ +VOID +ReclaimForOS ( + VOID + ) +{ + EFI_STATUS Status; + UINTN RemainingCommonRuntimeVariableSpace; + UINTN RemainingHwErrVariableSpace; + STATIC BOOLEAN Reclaimed; + + // + // This function will be called only once at EndOfDxe or ReadyToBoot eve= nt. + // + if (Reclaimed) { + return; + } + + Reclaimed =3D TRUE; + + Status =3D EFI_SUCCESS; + + if (mVariableModuleGlobal->CommonRuntimeVariableSpace < mVariableModuleG= lobal->CommonVariableTotalSize) { + RemainingCommonRuntimeVariableSpace =3D 0; + } else { + RemainingCommonRuntimeVariableSpace =3D mVariableModuleGlobal->CommonR= untimeVariableSpace - mVariableModuleGlobal->CommonVariableTotalSize; + } + + RemainingHwErrVariableSpace =3D PcdGet32 (PcdHwErrStorageSize) - mVariab= leModuleGlobal->HwErrVariableTotalSize; + + // + // Check if the free area is below a threshold. + // + if (((RemainingCommonRuntimeVariableSpace < mVariableModuleGlobal->MaxVa= riableSize) || + (RemainingCommonRuntimeVariableSpace < mVariableModuleGlobal->MaxAu= thVariableSize)) || + ((PcdGet32 (PcdHwErrStorageSize) !=3D 0) && + (RemainingHwErrVariableSpace < PcdGet32 (PcdMaxHardwareErrorVariabl= eSize)))) + { + Status =3D Reclaim ( + mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBa= se, + &mVariableModuleGlobal->NonVolatileLastVariableOffset, + FALSE, + NULL, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + } +} + +/** + Get maximum variable size, covering both non-volatile and volatile varia= bles. + + @return Maximum variable size. + +**/ +UINTN +GetMaxVariableSize ( + VOID + ) +{ + UINTN MaxVariableSize; + + MaxVariableSize =3D GetNonVolatileMaxVariableSize (); + // + // The condition below fails implicitly if PcdMaxVolatileVariableSize eq= uals + // the default zero value. + // + if (MaxVariableSize < PcdGet32 (PcdMaxVolatileVariableSize)) { + MaxVariableSize =3D PcdGet32 (PcdMaxVolatileVariableSize); + } + + return MaxVariableSize; +} + +/** + Flush the HOB variable to flash. + + @param[in] VariableName Name of variable has been updated or delet= ed. + @param[in] VendorGuid Guid of variable has been updated or delet= ed. + +**/ +VOID +FlushHobVariableToFlash ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + VARIABLE_STORE_HEADER *VariableStoreHeader; + VARIABLE_HEADER *Variable; + VOID *VariableData; + VARIABLE_POINTER_TRACK VariablePtrTrack; + BOOLEAN ErrorFlag; + BOOLEAN AuthFormat; + + ErrorFlag =3D FALSE; + AuthFormat =3D mVariableModuleGlobal->VariableGlobal.AuthFormat; + + // + // Flush the HOB variable to flash. + // + if (mVariableModuleGlobal->VariableGlobal.HobVariableBase !=3D 0) { + VariableStoreHeader =3D (VARIABLE_STORE_HEADER *)(UINTN)mVariableModul= eGlobal->VariableGlobal.HobVariableBase; + // + // Set HobVariableBase to 0, it can avoid SetVariable to call back. + // + mVariableModuleGlobal->VariableGlobal.HobVariableBase =3D 0; + for ( Variable =3D GetStartPointer (VariableStoreHeader) + ; IsValidVariableHeader (Variable, GetEndPointer (VariableStoreH= eader), AuthFormat) + ; Variable =3D GetNextVariablePtr (Variable, AuthFormat) + ) + { + if (Variable->State !=3D VAR_ADDED) { + // + // The HOB variable has been set to DELETED state in local. + // + continue; + } + + ASSERT ((Variable->Attributes & EFI_VARIABLE_NON_VOLATILE) !=3D 0); + if ((VendorGuid =3D=3D NULL) || (VariableName =3D=3D NULL) || + !CompareGuid (VendorGuid, GetVendorGuidPtr (Variable, AuthFormat= )) || + (StrCmp (VariableName, GetVariableNamePtr (Variable, AuthFormat)= ) !=3D 0)) + { + VariableData =3D GetVariableDataPtr (Variable, AuthFormat); + FindVariable ( + GetVariableNamePtr (Variable, AuthFormat), + GetVendorGuidPtr (Variable, AuthFormat), + &VariablePtrTrack, + &mVariableModuleGlobal->VariableGlobal, + FALSE + ); + Status =3D UpdateVariable ( + GetVariableNamePtr (Variable, AuthFormat), + GetVendorGuidPtr (Variable, AuthFormat), + VariableData, + DataSizeOfVariable (Variable, AuthFormat), + Variable->Attributes, + 0, + 0, + &VariablePtrTrack, + NULL + ); + DEBUG (( + DEBUG_INFO, + "Variable driver flush the HOB variable to flash: %g %s %r\n", + GetVendorGuidPtr (Variable, AuthFormat), + GetVariableNamePtr (Variable, AuthFormat), + Status + )); + } else { + // + // The updated or deleted variable is matched with this HOB variab= le. + // Don't break here because we will try to set other HOB variables + // since this variable could be set successfully. + // + Status =3D EFI_SUCCESS; + } + + if (!EFI_ERROR (Status)) { + // + // If set variable successful, or the updated or deleted variable = is matched with the HOB variable, + // set the HOB variable to DELETED state in local. + // + DEBUG (( + DEBUG_INFO, + "Variable driver set the HOB variable to DELETED state in local:= %g %s\n", + GetVendorGuidPtr (Variable, AuthFormat), + GetVariableNamePtr (Variable, AuthFormat) + )); + Variable->State &=3D VAR_DELETED; + } else { + ErrorFlag =3D TRUE; + } + } + + if (mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext.= VariableRuntimeHobCache.Store !=3D NULL) { + Status =3D SynchronizeRuntimeVariableCache ( + &mVariableModuleGlobal->VariableGlobal.VariableRuntimeCa= cheContext.VariableRuntimeHobCache, + 0, + mVariableModuleGlobal->VariableGlobal.VariableRuntimeCac= heContext.VariableRuntimeHobCache.Store->Size + ); + ASSERT_EFI_ERROR (Status); + } + + if (ErrorFlag) { + // + // We still have HOB variable(s) not flushed in flash. + // + mVariableModuleGlobal->VariableGlobal.HobVariableBase =3D (EFI_PHYSI= CAL_ADDRESS)(UINTN)VariableStoreHeader; + } else { + // + // All HOB variables have been flushed in flash. + // + DEBUG ((DEBUG_INFO, "Variable driver: all HOB variables have been fl= ushed in flash.\n")); + if (mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContex= t.HobFlushComplete !=3D NULL) { + *(mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContex= t.HobFlushComplete) =3D TRUE; + } + + if (!AtRuntime ()) { + FreePool ((VOID *)VariableStoreHeader); + } + } + } +} + +/** + Initializes variable write service. + + @retval EFI_SUCCESS Function successfully executed. + @retval Others Fail to initialize the variable service. + +**/ +EFI_STATUS +VariableWriteServiceInitialize ( + VOID + ) +{ + EFI_STATUS Status; + UINTN Index; + UINT8 Data; + VARIABLE_ENTRY_PROPERTY *VariableEntry; + + AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + // + // Check if the free area is really free. + // + for (Index =3D mVariableModuleGlobal->NonVolatileLastVariableOffset; Ind= ex < mNvVariableCache->Size; Index++) { + Data =3D ((UINT8 *)mNvVariableCache)[Index]; + if (Data !=3D 0xff) { + // + // There must be something wrong in variable store, do reclaim opera= tion. + // + Status =3D Reclaim ( + mVariableModuleGlobal->VariableGlobal.NonVolatileVariable= Base, + &mVariableModuleGlobal->NonVolatileLastVariableOffset, + FALSE, + NULL, + NULL, + 0 + ); + if (EFI_ERROR (Status)) { + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.= VariableServicesLock); + return Status; + } + + break; + } + } + + FlushHobVariableToFlash (NULL, NULL); + + Status =3D EFI_SUCCESS; + ZeroMem (&mAuthContextOut, sizeof (mAuthContextOut)); + if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { + // + // Authenticated variable initialize. + // + mAuthContextIn.StructSize =3D sizeof (AUTH_VAR_LIB_CONTEXT_IN= ); + mAuthContextIn.MaxAuthVariableSize =3D mVariableModuleGlobal->MaxAuth= VariableSize - + GetVariableHeaderSize (mVariableM= oduleGlobal->VariableGlobal.AuthFormat); + Status =3D AuthVariableLibInitialize (&mAuthContextIn, &mAuthContextOu= t); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "Variable driver will work with auth variable su= pport!\n")); + mVariableModuleGlobal->VariableGlobal.AuthSupport =3D TRUE; + if (mAuthContextOut.AuthVarEntry !=3D NULL) { + for (Index =3D 0; Index < mAuthContextOut.AuthVarEntryCount; Index= ++) { + VariableEntry =3D &mAuthContextOut.AuthVarEntry[Index]; + Status =3D VarCheckLibVariablePropertySet ( + VariableEntry->Name, + VariableEntry->Guid, + &VariableEntry->VariableProperty + ); + ASSERT_EFI_ERROR (Status); + } + } + } else if (Status =3D=3D EFI_UNSUPPORTED) { + DEBUG ((DEBUG_INFO, "NOTICE - AuthVariableLibInitialize() returns %r= !\n", Status)); + DEBUG ((DEBUG_INFO, "Variable driver will continue to work without a= uth variable support!\n")); + mVariableModuleGlobal->VariableGlobal.AuthSupport =3D FALSE; + Status =3D EFI_SUCCESS; + } + } + + if (!EFI_ERROR (Status)) { + for (Index =3D 0; Index < ARRAY_SIZE (mVariableEntryProperty); Index++= ) { + VariableEntry =3D &mVariableEntryProperty[Index]; + Status =3D VarCheckLibVariablePropertySet (VariableEntry->Nam= e, VariableEntry->Guid, &VariableEntry->VariableProperty); + ASSERT_EFI_ERROR (Status); + } + } + + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.Variab= leServicesLock); + + // + // Initialize MOR Lock variable. + // + MorLockInit (); + + return Status; +} + +/** + Convert normal variable storage to the allocated auth variable storage. + + @param[in] NormalVarStorage Pointer to the normal variable storage hea= der + + @retval the allocated auth variable storage +**/ +VOID * +ConvertNormalVarStorageToAuthVarStorage ( + VARIABLE_STORE_HEADER *NormalVarStorage + ) +{ + VARIABLE_HEADER *StartPtr; + UINT8 *NextPtr; + VARIABLE_HEADER *EndPtr; + UINTN AuthVarStorageSize; + AUTHENTICATED_VARIABLE_HEADER *AuthStartPtr; + VARIABLE_STORE_HEADER *AuthVarStorage; + + AuthVarStorageSize =3D sizeof (VARIABLE_STORE_HEADER); + // + // Set AuthFormat as FALSE for normal variable storage + // + mVariableModuleGlobal->VariableGlobal.AuthFormat =3D FALSE; + + // + // Calculate Auth Variable Storage Size + // + StartPtr =3D GetStartPointer (NormalVarStorage); + EndPtr =3D GetEndPointer (NormalVarStorage); + while (StartPtr < EndPtr) { + if (StartPtr->State =3D=3D VAR_ADDED) { + AuthVarStorageSize =3D HEADER_ALIGN (AuthVarStorageSize); + AuthVarStorageSize +=3D sizeof (AUTHENTICATED_VARIABLE_HEADER); + AuthVarStorageSize +=3D StartPtr->NameSize + GET_PAD_SIZE (StartPtr-= >NameSize); + AuthVarStorageSize +=3D StartPtr->DataSize + GET_PAD_SIZE (StartPtr-= >DataSize); + } + + StartPtr =3D GetNextVariablePtr (StartPtr, mVariableModuleGlobal->Vari= ableGlobal.AuthFormat); + } + + // + // Allocate Runtime memory for Auth Variable Storage + // + AuthVarStorage =3D AllocateRuntimeZeroPool (AuthVarStorageSize); + ASSERT (AuthVarStorage !=3D NULL); + if (AuthVarStorage =3D=3D NULL) { + return NULL; + } + + // + // Copy Variable from Normal storage to Auth storage + // + StartPtr =3D GetStartPointer (NormalVarStorage); + EndPtr =3D GetEndPointer (NormalVarStorage); + AuthStartPtr =3D (AUTHENTICATED_VARIABLE_HEADER *)GetStartPointer (AuthV= arStorage); + while (StartPtr < EndPtr) { + if (StartPtr->State =3D=3D VAR_ADDED) { + AuthStartPtr =3D (AUTHENTICATED_VARIABLE_HEADER *)HEADER_ALIGN (Auth= StartPtr); + // + // Copy Variable Header + // + AuthStartPtr->StartId =3D StartPtr->StartId; + AuthStartPtr->State =3D StartPtr->State; + AuthStartPtr->Attributes =3D StartPtr->Attributes; + AuthStartPtr->NameSize =3D StartPtr->NameSize; + AuthStartPtr->DataSize =3D StartPtr->DataSize; + CopyGuid (&AuthStartPtr->VendorGuid, &StartPtr->VendorGuid); + // + // Copy Variable Name + // + NextPtr =3D (UINT8 *)(AuthStartPtr + 1); + CopyMem ( + NextPtr, + GetVariableNamePtr (StartPtr, mVariableModuleGlobal->VariableGloba= l.AuthFormat), + AuthStartPtr->NameSize + ); + // + // Copy Variable Data + // + NextPtr =3D NextPtr + AuthStartPtr->NameSize + GET_PAD_SIZE (AuthSta= rtPtr->NameSize); + CopyMem (NextPtr, GetVariableDataPtr (StartPtr, mVariableModuleGloba= l->VariableGlobal.AuthFormat), AuthStartPtr->DataSize); + // + // Go to next variable + // + AuthStartPtr =3D (AUTHENTICATED_VARIABLE_HEADER *)(NextPtr + AuthSta= rtPtr->DataSize + GET_PAD_SIZE (AuthStartPtr->DataSize)); + } + + StartPtr =3D GetNextVariablePtr (StartPtr, mVariableModuleGlobal->Vari= ableGlobal.AuthFormat); + } + + // + // Update Auth Storage Header + // + AuthVarStorage->Format =3D NormalVarStorage->Format; + AuthVarStorage->State =3D NormalVarStorage->State; + AuthVarStorage->Size =3D (UINT32)((UINTN)AuthStartPtr - (UINTN)AuthVar= Storage); + CopyGuid (&AuthVarStorage->Signature, &gEfiAuthenticatedVariableGuid); + ASSERT (AuthVarStorage->Size <=3D AuthVarStorageSize); + + // + // Restore AuthFormat + // + mVariableModuleGlobal->VariableGlobal.AuthFormat =3D TRUE; + return AuthVarStorage; +} + +/** + Get HOB variable store. + + @param[in] VariableGuid NV variable store signature. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + +**/ +EFI_STATUS +GetHobVariableStore ( + IN EFI_GUID *VariableGuid + ) +{ + VARIABLE_STORE_HEADER *VariableStoreHeader; + UINT64 VariableStoreLength; + EFI_HOB_GUID_TYPE *GuidHob; + BOOLEAN NeedConvertNormalToAuth; + + // + // Make sure there is no more than one Variable HOB. + // + DEBUG_CODE_BEGIN (); + GuidHob =3D GetFirstGuidHob (&gEfiAuthenticatedVariableGuid); + if (GuidHob !=3D NULL) { + if ((GetNextGuidHob (&gEfiAuthenticatedVariableGuid, GET_NEXT_HOB (Gui= dHob)) !=3D NULL)) { + DEBUG ((DEBUG_ERROR, "ERROR: Found two Auth Variable HOBs\n")); + ASSERT (FALSE); + } else if (GetFirstGuidHob (&gEfiVariableGuid) !=3D NULL) { + DEBUG ((DEBUG_ERROR, "ERROR: Found one Auth + one Normal Variable HO= Bs\n")); + ASSERT (FALSE); + } + } else { + GuidHob =3D GetFirstGuidHob (&gEfiVariableGuid); + if (GuidHob !=3D NULL) { + if ((GetNextGuidHob (&gEfiVariableGuid, GET_NEXT_HOB (GuidHob)) !=3D= NULL)) { + DEBUG ((DEBUG_ERROR, "ERROR: Found two Normal Variable HOBs\n")); + ASSERT (FALSE); + } + } + } + + DEBUG_CODE_END (); + + // + // Combinations supported: + // 1. Normal NV variable store + + // Normal HOB variable store + // 2. Auth NV variable store + + // Auth HOB variable store + // 3. Auth NV variable store + + // Normal HOB variable store (code will convert it to Auth Format) + // + NeedConvertNormalToAuth =3D FALSE; + GuidHob =3D GetFirstGuidHob (VariableGuid); + if ((GuidHob =3D=3D NULL) && (VariableGuid =3D=3D &gEfiAuthenticatedVari= ableGuid)) { + // + // Try getting it from normal variable HOB + // + GuidHob =3D GetFirstGuidHob (&gEfiVariableGuid); + NeedConvertNormalToAuth =3D TRUE; + } + + if (GuidHob !=3D NULL) { + VariableStoreHeader =3D GET_GUID_HOB_DATA (GuidHob); + VariableStoreLength =3D GuidHob->Header.HobLength - sizeof (EFI_HOB_GU= ID_TYPE); + if (GetVariableStoreStatus (VariableStoreHeader) =3D=3D EfiValid) { + if (!NeedConvertNormalToAuth) { + mVariableModuleGlobal->VariableGlobal.HobVariableBase =3D (EFI_PHY= SICAL_ADDRESS)(UINTN)AllocateRuntimeCopyPool ((UINTN)VariableStoreLength, (= VOID *)VariableStoreHeader); + } else { + mVariableModuleGlobal->VariableGlobal.HobVariableBase =3D (EFI_PHY= SICAL_ADDRESS)(UINTN)ConvertNormalVarStorageToAuthVarStorage ((VOID *)Varia= bleStoreHeader); + } + + if (mVariableModuleGlobal->VariableGlobal.HobVariableBase =3D=3D 0) { + return EFI_OUT_OF_RESOURCES; + } + } else { + DEBUG ((DEBUG_ERROR, "HOB Variable Store header is corrupted!\n")); + } + } + + return EFI_SUCCESS; +} + +/** + Initializes variable store area for non-volatile and volatile variable. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + +**/ +EFI_STATUS +VariableCommonInitialize ( + VOID + ) +{ + EFI_STATUS Status; + VARIABLE_STORE_HEADER *VolatileVariableStore; + UINTN ScratchSize; + EFI_GUID *VariableGuid; + + // + // Allocate runtime memory for variable driver global structure. + // + mVariableModuleGlobal =3D AllocateRuntimeZeroPool (sizeof (VARIABLE_MODU= LE_GLOBAL)); + if (mVariableModuleGlobal =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + InitializeLock (&mVariableModuleGlobal->VariableGlobal.VariableServicesL= ock, TPL_NOTIFY); + + // + // Init non-volatile variable store. + // + Status =3D InitNonVolatileVariableStore (); + if (EFI_ERROR (Status)) { + FreePool (mVariableModuleGlobal); + return Status; + } + + // + // mVariableModuleGlobal->VariableGlobal.AuthFormat + // has been initialized in InitNonVolatileVariableStore(). + // + if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { + DEBUG ((DEBUG_INFO, "Variable driver will work with auth variable form= at!\n")); + // + // Set AuthSupport to FALSE first, VariableWriteServiceInitialize() wi= ll initialize it. + // + mVariableModuleGlobal->VariableGlobal.AuthSupport =3D FALSE; + VariableGuid =3D &gEfiAuthenticat= edVariableGuid; + } else { + DEBUG ((DEBUG_INFO, "Variable driver will work without auth variable s= upport!\n")); + mVariableModuleGlobal->VariableGlobal.AuthSupport =3D FALSE; + VariableGuid =3D &gEfiVariableGui= d; + } + + // + // Get HOB variable store. + // + Status =3D GetHobVariableStore (VariableGuid); + if (EFI_ERROR (Status)) { + if (mNvFvHeaderCache !=3D NULL) { + FreePool (mNvFvHeaderCache); + } + + FreePool (mVariableModuleGlobal); + return Status; + } + + mVariableModuleGlobal->MaxVolatileVariableSize =3D ((PcdGet32 (PcdMaxVol= atileVariableSize) !=3D 0) ? + PcdGet32 (PcdMaxVolati= leVariableSize) : + mVariableModuleGlobal-= >MaxVariableSize + ); + // + // Allocate memory for volatile variable store, note that there is a scr= atch space to store scratch data. + // + ScratchSize =3D GetMaxVariableSize () * 2; + mVariableModuleGlobal->ScratchBufferSize =3D ScratchSize; + VolatileVariableStore =3D AllocateRuntimePool (PcdGet= 32 (PcdVariableStoreSize) + ScratchSize); + if (VolatileVariableStore =3D=3D NULL) { + if (mVariableModuleGlobal->VariableGlobal.HobVariableBase !=3D 0) { + FreePool ((VOID *)(UINTN)mVariableModuleGlobal->VariableGlobal.HobVa= riableBase); + } + + if (mNvFvHeaderCache !=3D NULL) { + FreePool (mNvFvHeaderCache); + } + + FreePool (mVariableModuleGlobal); + return EFI_OUT_OF_RESOURCES; + } + + SetMem (VolatileVariableStore, PcdGet32 (PcdVariableStoreSize) + Scratch= Size, 0xff); + + // + // Initialize Variable Specific Data. + // + mVariableModuleGlobal->VariableGlobal.VolatileVariableBase =3D (EFI_PHYS= ICAL_ADDRESS)(UINTN)VolatileVariableStore; + mVariableModuleGlobal->VolatileLastVariableOffset =3D (UINTN)Ge= tStartPointer (VolatileVariableStore) - (UINTN)VolatileVariableStore; + + CopyGuid (&VolatileVariableStore->Signature, VariableGuid); + VolatileVariableStore->Size =3D PcdGet32 (PcdVariableStoreSize); + VolatileVariableStore->Format =3D VARIABLE_STORE_FORMATTED; + VolatileVariableStore->State =3D VARIABLE_STORE_HEALTHY; + VolatileVariableStore->Reserved =3D 0; + VolatileVariableStore->Reserved1 =3D 0; + + return EFI_SUCCESS; +} + +/** + Get the proper fvb handle and/or fvb protocol by the given Flash address. + + @param[in] Address The Flash address. + @param[out] FvbHandle In output, if it is not NULL, it points to the= proper FVB handle. + @param[out] FvbProtocol In output, if it is not NULL, it points to the= proper FVB protocol. + +**/ +EFI_STATUS +GetFvbInfoByAddress ( + IN EFI_PHYSICAL_ADDRESS Address, + OUT EFI_HANDLE *FvbHandle OPTIONAL, + OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvbProtocol OPTIONAL + ) +{ + EFI_STATUS Status; + EFI_HANDLE *HandleBuffer; + UINTN HandleCount; + UINTN Index; + EFI_PHYSICAL_ADDRESS FvbBaseAddress; + EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *Fvb; + EFI_FVB_ATTRIBUTES_2 Attributes; + UINTN BlockSize; + UINTN NumberOfBlocks; + + HandleBuffer =3D NULL; + // + // Get all FVB handles. + // + Status =3D GetFvbCountAndBuffer (&HandleCount, &HandleBuffer); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + + // + // Get the FVB to access variable store. + // + Fvb =3D NULL; + for (Index =3D 0; Index < HandleCount; Index +=3D 1, Status =3D EFI_NOT_= FOUND, Fvb =3D NULL) { + Status =3D GetFvbByHandle (HandleBuffer[Index], &Fvb); + if (EFI_ERROR (Status)) { + Status =3D EFI_NOT_FOUND; + break; + } + + // + // Ensure this FVB protocol supported Write operation. + // + Status =3D Fvb->GetAttributes (Fvb, &Attributes); + if (EFI_ERROR (Status) || ((Attributes & EFI_FVB2_WRITE_STATUS) =3D=3D= 0)) { + continue; + } + + // + // Compare the address and select the right one. + // + Status =3D Fvb->GetPhysicalAddress (Fvb, &FvbBaseAddress); + if (EFI_ERROR (Status)) { + continue; + } + + // + // Assume one FVB has one type of BlockSize. + // + Status =3D Fvb->GetBlockSize (Fvb, 0, &BlockSize, &NumberOfBlocks); + if (EFI_ERROR (Status)) { + continue; + } + + if ((Address >=3D FvbBaseAddress) && (Address < (FvbBaseAddress + Bloc= kSize * NumberOfBlocks))) { + if (FvbHandle !=3D NULL) { + *FvbHandle =3D HandleBuffer[Index]; + } + + if (FvbProtocol !=3D NULL) { + *FvbProtocol =3D Fvb; + } + + Status =3D EFI_SUCCESS; + break; + } + } + + FreePool (HandleBuffer); + + if (Fvb =3D=3D NULL) { + Status =3D EFI_NOT_FOUND; + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableD= xe.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c new file mode 100644 index 000000000000..4595bf8c9d02 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableDxe.c @@ -0,0 +1,670 @@ +/** @file + Implement all four UEFI Runtime Variable services for the nonvolatile + and volatile storage space and install variable architecture protocol. + +Copyright (C) 2013, Red Hat, Inc. +Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP
+Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" + +#include +#include +#include "VariableParsing.h" + +EFI_STATUS +EFIAPI +ProtocolIsVariablePolicyEnabled ( + OUT BOOLEAN *State + ); + +EFI_HANDLE mHandle =3D NULL; +EFI_EVENT mVirtualAddressChangeEvent =3D NULL; +VOID *mFtwRegistration =3D NULL; +VOID ***mVarCheckAddressPointer =3D NULL; +UINTN mVarCheckAddressPointerCount =3D 0; +EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock =3D { Variabl= eLockRequestToLock }; +EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol =3D { + EDKII_VARIABLE_POLICY_PROTOCOL_REVISION, + DisableVariablePolicy, + ProtocolIsVariablePolicyEnabled, + RegisterVariablePolicy, + DumpVariablePolicy, + LockVariablePolicy +}; +EDKII_VAR_CHECK_PROTOCOL mVarCheck =3D { + VarCheckRegisterSetVariableCheckHandler, + VarCheckVariablePropertySet, + VarCheckVariablePropertyGet +}; + +/** + Some Secure Boot Policy Variable may update following other variable cha= nges(SecureBoot follows PK change, etc). + Record their initial State when variable write service is ready. + +**/ +VOID +EFIAPI +RecordSecureBootPolicyVarData ( + VOID + ); + +/** + Return TRUE if ExitBootServices () has been called. + + @retval TRUE If ExitBootServices () has been called. +**/ +BOOLEAN +AtRuntime ( + VOID + ) +{ + return EfiAtRuntime (); +} + +/** + Initializes a basic mutual exclusion lock. + + This function initializes a basic mutual exclusion lock to the released = state + and returns the lock. Each lock provides mutual exclusion access at its= task + priority level. Since there is no preemption or multiprocessor support = in EFI, + acquiring the lock only consists of raising to the locks TPL. + If Lock is NULL, then ASSERT(). + If Priority is not a valid TPL value, then ASSERT(). + + @param Lock A pointer to the lock data structure to initialize. + @param Priority EFI TPL is associated with the lock. + + @return The lock. + +**/ +EFI_LOCK * +InitializeLock ( + IN OUT EFI_LOCK *Lock, + IN EFI_TPL Priority + ) +{ + return EfiInitializeLock (Lock, Priority); +} + +/** + Acquires lock only at boot time. Simply returns at runtime. + + This is a temperary function that will be removed when + EfiAcquireLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiAcquireLock() at boot time, and simply returns + at runtime. + + @param Lock A pointer to the lock to acquire. + +**/ +VOID +AcquireLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ) +{ + if (!AtRuntime ()) { + EfiAcquireLock (Lock); + } +} + +/** + Releases lock only at boot time. Simply returns at runtime. + + This is a temperary function which will be removed when + EfiReleaseLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiReleaseLock() at boot time and simply returns + at runtime. + + @param Lock A pointer to the lock to release. + +**/ +VOID +ReleaseLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ) +{ + if (!AtRuntime ()) { + EfiReleaseLock (Lock); + } +} + +/** + Retrieve the Fault Tolerent Write protocol interface. + + @param[out] FtwProtocol The interface of Ftw protocol + + @retval EFI_SUCCESS The FTW protocol instance was found and re= turned in FtwProtocol. + @retval EFI_NOT_FOUND The FTW protocol instance was not found. + @retval EFI_INVALID_PARAMETER SarProtocol is NULL. + +**/ +EFI_STATUS +GetFtwProtocol ( + OUT VOID **FtwProtocol + ) +{ + EFI_STATUS Status; + + // + // Locate Fault Tolerent Write protocol + // + Status =3D gBS->LocateProtocol ( + &gEfiFaultTolerantWriteProtocolGuid, + NULL, + FtwProtocol + ); + return Status; +} + +/** + Retrieve the FVB protocol interface by HANDLE. + + @param[in] FvBlockHandle The handle of FVB protocol that provides s= ervices for + reading, writing, and erasing the target b= lock. + @param[out] FvBlock The interface of FVB protocol + + @retval EFI_SUCCESS The interface information for the specifie= d protocol was returned. + @retval EFI_UNSUPPORTED The device does not support the FVB protoc= ol. + @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or= FvBlock is NULL. + +**/ +EFI_STATUS +GetFvbByHandle ( + IN EFI_HANDLE FvBlockHandle, + OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock + ) +{ + // + // To get the FVB protocol interface on the handle + // + return gBS->HandleProtocol ( + FvBlockHandle, + &gEfiFirmwareVolumeBlockProtocolGuid, + (VOID **)FvBlock + ); +} + +/** + Function returns an array of handles that support the FVB protocol + in a buffer allocated from pool. + + @param[out] NumberHandles The number of handles returned in Buffer. + @param[out] Buffer A pointer to the buffer to return the requ= ested + array of handles that support FVB protoco= l. + + @retval EFI_SUCCESS The array of handles was returned in Buffe= r, and the number of + handles in Buffer was returned in NumberHa= ndles. + @retval EFI_NOT_FOUND No FVB handle was found. + @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store t= he matching results. + @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL. + +**/ +EFI_STATUS +GetFvbCountAndBuffer ( + OUT UINTN *NumberHandles, + OUT EFI_HANDLE **Buffer + ) +{ + EFI_STATUS Status; + + // + // Locate all handles of Fvb protocol + // + Status =3D gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiFirmwareVolumeBlockProtocolGuid, + NULL, + NumberHandles, + Buffer + ); + return Status; +} + +/** + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE. + + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS= _CHANGE event. + It convers pointer to new virtual address. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +VariableClassAddressChangeEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + UINTN Index; + + if (mVariableModuleGlobal->FvbInstance !=3D NULL) { + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= GetBlockSize); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= GetPhysicalAddress); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= GetAttributes); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= SetAttributes); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= Read); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= Write); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance->= EraseBlocks); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->FvbInstance); + } + + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->PlatformLangCod= es); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->LangCodes); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->PlatformLang); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->VariableGlobal.= NonVolatileVariableBase); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->VariableGlobal.= VolatileVariableBase); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal->VariableGlobal.= HobVariableBase); + EfiConvertPointer (0x0, (VOID **)&mVariableModuleGlobal); + EfiConvertPointer (0x0, (VOID **)&mNvVariableCache); + EfiConvertPointer (0x0, (VOID **)&mNvFvHeaderCache); + + if (mAuthContextOut.AddressPointer !=3D NULL) { + for (Index =3D 0; Index < mAuthContextOut.AddressPointerCount; Index++= ) { + EfiConvertPointer (0x0, (VOID **)mAuthContextOut.AddressPointer[Inde= x]); + } + } + + if (mVarCheckAddressPointer !=3D NULL) { + for (Index =3D 0; Index < mVarCheckAddressPointerCount; Index++) { + EfiConvertPointer (0x0, (VOID **)mVarCheckAddressPointer[Index]); + } + } +} + +/** + Notification function of EVT_GROUP_READY_TO_BOOT event group. + + This is a notification function registered on EVT_GROUP_READY_TO_BOOT ev= ent group. + When the Boot Manager is about to load and execute a boot option, it rec= laims variable + storage if free size is below the threshold. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +OnReadyToBoot ( + EFI_EVENT Event, + VOID *Context + ) +{ + EFI_STATUS Status; + + if (!mEndOfDxe) { + MorLockInitAtEndOfDxe (); + + Status =3D LockVariablePolicy (); + ASSERT_EFI_ERROR (Status); + // + // Set the End Of DXE bit in case the EFI_END_OF_DXE_EVENT_GROUP_GUID = event is not signaled. + // + mEndOfDxe =3D TRUE; + mVarCheckAddressPointer =3D VarCheckLibInitializeAtEndOfDxe (&mVarChec= kAddressPointerCount); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + } + + ReclaimForOS (); + if (FeaturePcdGet (PcdVariableCollectStatistics)) { + if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { + gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, gVar= iableInfo); + } else { + gBS->InstallConfigurationTable (&gEfiVariableGuid, gVariableInfo); + } + } + + gBS->CloseEvent (Event); +} + +/** + Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group. + + This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP= _GUID event group. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +OnEndOfDxe ( + EFI_EVENT Event, + VOID *Context + ) +{ + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "[Variable]END_OF_DXE is signaled\n")); + MorLockInitAtEndOfDxe (); + Status =3D LockVariablePolicy (); + ASSERT_EFI_ERROR (Status); + mEndOfDxe =3D TRUE; + mVarCheckAddressPointer =3D VarCheckLibInitializeAtEndOfDxe (&mVarCheckA= ddressPointerCount); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) { + ReclaimForOS (); + } + + gBS->CloseEvent (Event); +} + +/** + Initializes variable write service for DXE. + +**/ +VOID +VariableWriteServiceInitializeDxe ( + VOID + ) +{ + EFI_STATUS Status; + + Status =3D VariableWriteServiceInitialize (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. St= atus =3D %r\n", Status)); + } + + // + // Some Secure Boot Policy Var (SecureBoot, etc) updates following other + // Secure Boot Policy Variable change. Record their initial value. + // + RecordSecureBootPolicyVarData (); + + // + // Install the Variable Write Architectural protocol. + // + Status =3D gBS->InstallProtocolInterface ( + &mHandle, + &gEfiVariableWriteArchProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + +/** + Fault Tolerant Write protocol notification event handler. + + Non-Volatile variable write may needs FTW protocol to reclaim when + writting variable. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +FtwNotificationEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol; + EFI_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol; + EFI_PHYSICAL_ADDRESS NvStorageVariableBase; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; + EFI_PHYSICAL_ADDRESS BaseAddress; + UINT64 Length; + EFI_PHYSICAL_ADDRESS VariableStoreBase; + UINT64 VariableStoreLength; + UINTN FtwMaxBlockSize; + UINT32 NvStorageVariableSize; + UINT64 NvStorageVariableSize64; + + // + // Ensure FTW protocol is installed. + // + Status =3D GetFtwProtocol ((VOID **)&FtwProtocol); + if (EFI_ERROR (Status)) { + return; + } + + Status =3D GetVariableFlashNvStorageInfo (&NvStorageVariableBase, &NvSto= rageVariableSize64); + ASSERT_EFI_ERROR (Status); + + Status =3D SafeUint64ToUint32 (NvStorageVariableSize64, &NvStorageVariab= leSize); + // This driver currently assumes the size will be UINT32 so assert the v= alue is safe for now. + ASSERT_EFI_ERROR (Status); + + VariableStoreBase =3D NvStorageVariableBase + mNvFvHeaderCache->HeaderLe= ngth; + + Status =3D FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize); + if (!EFI_ERROR (Status)) { + ASSERT (NvStorageVariableSize <=3D FtwMaxBlockSize); + } + + // + // Let NonVolatileVariableBase point to flash variable store base direct= ly after FTW ready. + // + mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase =3D Variab= leStoreBase; + + // + // Find the proper FVB protocol for variable. + // + Status =3D GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtoco= l); + if (EFI_ERROR (Status)) { + return; + } + + mVariableModuleGlobal->FvbInstance =3D FvbProtocol; + + // + // Mark the variable storage region of the FLASH as RUNTIME. + // + VariableStoreLength =3D mNvVariableCache->Size; + BaseAddress =3D VariableStoreBase & (~EFI_PAGE_MASK); + Length =3D VariableStoreLength + (VariableStoreBase - BaseA= ddress); + Length =3D (Length + EFI_PAGE_SIZE - 1) & (~EFI_PAGE_MASK); + + Status =3D gDS->GetMemorySpaceDescriptor (BaseAddress, &GcdDescriptor); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_WARN, "Variable driver failed to get flash memory attrib= ute.\n")); + } else { + if ((GcdDescriptor.Attributes & EFI_MEMORY_RUNTIME) =3D=3D 0) { + Status =3D gDS->SetMemorySpaceAttributes ( + BaseAddress, + Length, + GcdDescriptor.Attributes | EFI_MEMORY_RUNTIME + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_WARN, "Variable driver failed to add EFI_MEMORY_RUNT= IME attribute to Flash.\n")); + } + } + } + + // + // Initializes variable write service after FTW was ready. + // + VariableWriteServiceInitializeDxe (); + + // + // Close the notify event to avoid install gEfiVariableWriteArchProtocol= Guid again. + // + gBS->CloseEvent (Event); +} + +/** + This API function returns whether or not the policy engine is + currently being enforced. + + @param[out] State Pointer to a return value for whether the poli= cy enforcement + is currently enabled. + + @retval EFI_SUCCESS + @retval Others An error has prevented this command from compl= eting. + +**/ +EFI_STATUS +EFIAPI +ProtocolIsVariablePolicyEnabled ( + OUT BOOLEAN *State + ) +{ + *State =3D IsVariablePolicyEnabled (); + return EFI_SUCCESS; +} + +/** + Variable Driver main entry point. The Variable driver places the 4 EFI + runtime services in the EFI System Table and installs arch protocols + for variable read and write services being available. It also registers + a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. + + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS Variable service successfully initialized. + +**/ +EFI_STATUS +EFIAPI +VariableServiceInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_EVENT ReadyToBootEvent; + EFI_EVENT EndOfDxeEvent; + + PROTECTED_VARIABLE_CONTEXT_IN ContextIn; + + // + // Initialze protected variable service, if enabled. + // + ContextIn.StructSize =3D sizeof (ContextIn); + ContextIn.StructVersion =3D PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION; + + ContextIn.FindVariableSmm =3D NULL; + ContextIn.GetVariableInfo =3D GetVariableInfo; + ContextIn.GetNextVariableInfo =3D GetNextVariableInfo; + ContextIn.UpdateVariableStore =3D VariableExLibUpdateNvVariable; + ContextIn.UpdateVariable =3D VariableExLibUpdateVariable; + + ContextIn.MaxVariableSize =3D (UINT32)GetMaxVariableSize (); + ContextIn.VariableServiceUser =3D FromSmmModule; + + Status =3D ProtectedVariableLibInitialize (&ContextIn); + if (EFI_ERROR (Status) && (Status !=3D EFI_UNSUPPORTED)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Status =3D VariableCommonInitialize (); + ASSERT_EFI_ERROR (Status); + + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &mHandle, + &gEdkiiVariableLockProtocolGuid, + &mVariableLock, + NULL + ); + ASSERT_EFI_ERROR (Status); + + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &mHandle, + &gEdkiiVarCheckProtocolGuid, + &mVarCheck, + NULL + ); + ASSERT_EFI_ERROR (Status); + + SystemTable->RuntimeServices->GetVariable =3D VariableServiceGet= Variable; + SystemTable->RuntimeServices->GetNextVariableName =3D VariableServiceGet= NextVariableName; + SystemTable->RuntimeServices->SetVariable =3D VariableServiceSet= Variable; + SystemTable->RuntimeServices->QueryVariableInfo =3D VariableServiceQue= ryVariableInfo; + + // + // Now install the Variable Runtime Architectural protocol on a new hand= le. + // + Status =3D gBS->InstallProtocolInterface ( + &mHandle, + &gEfiVariableArchProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + + if (!PcdGetBool (PcdEmuVariableNvModeEnable)) { + // + // Register FtwNotificationEvent () notify function. + // + EfiCreateProtocolNotifyEvent ( + &gEfiFaultTolerantWriteProtocolGuid, + TPL_CALLBACK, + FtwNotificationEvent, + (VOID *)SystemTable, + &mFtwRegistration + ); + } else { + // + // Emulated non-volatile variable mode does not depend on FVB and FTW. + // + VariableWriteServiceInitializeDxe (); + } + + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + VariableClassAddressChangeEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mVirtualAddressChangeEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Register the event handling function to reclaim variable for OS usage. + // + Status =3D EfiCreateEventReadyToBootEx ( + TPL_NOTIFY, + OnReadyToBoot, + NULL, + &ReadyToBootEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Register the event handling function to set the End Of DXE flag. + // + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + OnEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + ASSERT_EFI_ERROR (Status); + + // Register and initialize the VariablePolicy engine. + Status =3D InitVariablePolicyLib (VariableServiceGetVariable); + ASSERT_EFI_ERROR (Status); + Status =3D VarCheckRegisterSetVariableCheckHandler (ValidateSetVariable); + ASSERT_EFI_ERROR (Status); + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &mHandle, + &gEdkiiVariablePolicyProtocolGuid, + &mVariablePolicyProtocol, + NULL + ); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableE= xLib.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib= .c new file mode 100644 index 000000000000..5904bcbff78a --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableExLib.c @@ -0,0 +1,417 @@ +/** @file + Provides variable driver extended services. + +Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" +#include "VariableParsing.h" +#include "VariableRuntimeCache.h" + +/** + Finds variable in storage blocks of volatile and non-volatile storage ar= eas. + + This code finds variable in storage blocks of volatile and non-volatile = storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Variable vendor GUID to be found. + @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structur= e for + output of the variable found. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, + while VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +EFIAPI +VariableExLibFindVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT AUTH_VARIABLE_INFO *AuthVariableInfo + ) +{ + EFI_STATUS Status; + VARIABLE_POINTER_TRACK Variable; + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + PROTECTED_VARIABLE_INFO VarInfo; + + Status =3D FindVariable ( + VariableName, + VendorGuid, + &Variable, + &mVariableModuleGlobal->VariableGlobal, + FALSE + ); + if (EFI_ERROR (Status)) { + AuthVariableInfo->Data =3D NULL; + AuthVariableInfo->DataSize =3D 0; + AuthVariableInfo->Attributes =3D 0; + AuthVariableInfo->PubKeyIndex =3D 0; + AuthVariableInfo->MonotonicCount =3D 0; + AuthVariableInfo->TimeStamp =3D NULL; + return Status; + } + + AuthVariableInfo->NameSize =3D NameSizeOfVariable (Variable.CurrPtr,= mVariableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->VariableName =3D GetVariableNamePtr (Variable.CurrPtr,= mVariableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->VendorGuid =3D GetVendorGuidPtr (Variable.CurrPtr, m= VariableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->DataSize =3D DataSizeOfVariable (Variable.CurrPtr,= mVariableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->Data =3D GetVariableDataPtr (Variable.CurrPtr,= mVariableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->Attributes =3D Variable.CurrPtr->Attributes; + if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)= Variable.CurrPtr; + AuthVariableInfo->PubKeyIndex =3D AuthVariable->PubKeyIndex; + AuthVariableInfo->MonotonicCount =3D ReadUnaligned64 (&(AuthVariable->= MonotonicCount)); + AuthVariableInfo->TimeStamp =3D &AuthVariable->TimeStamp; + } + + CopyMem (&VarInfo.Header, AuthVariableInfo, sizeof (VarInfo.Header)); + + VarInfo.Buffer =3D Variable.CurrPtr; + VarInfo.PlainData =3D NULL; + VarInfo.PlainDataSize =3D 0; + VarInfo.Flags.Auth =3D mVariableModuleGlobal->VariableGlobal.AuthForm= at; + + // + // In case the variable is encrypted. + // + Status =3D ProtectedVariableLibGetByInfo (&VarInfo); + if (!EFI_ERROR (Status)) { + if (VarInfo.PlainData !=3D NULL) { + AuthVariableInfo->Data =3D VarInfo.PlainData; + AuthVariableInfo->DataSize =3D VarInfo.PlainDataSize; + } + } + + return EFI_SUCCESS; +} + +/** + Finds next variable in storage blocks of volatile and non-volatile stora= ge areas. + + This code finds next variable in storage blocks of volatile and non-vola= tile storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Variable vendor GUID to be found. + @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structur= e for + output of the next variable. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, + while VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +EFIAPI +VariableExLibFindNextVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT AUTH_VARIABLE_INFO *AuthVariableInfo + ) +{ + EFI_STATUS Status; + VARIABLE_HEADER *VariablePtr; + AUTHENTICATED_VARIABLE_HEADER *AuthVariablePtr; + VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax= ]; + PROTECTED_VARIABLE_INFO VarInfo; + + VariableStoreHeader[VariableStoreTypeVolatile] =3D (VARIABLE_STORE_HEADE= R *)(UINTN)mVariableModuleGlobal->VariableGlobal.VolatileVariableBase; + VariableStoreHeader[VariableStoreTypeHob] =3D (VARIABLE_STORE_HEADE= R *)(UINTN)mVariableModuleGlobal->VariableGlobal.HobVariableBase; + VariableStoreHeader[VariableStoreTypeNv] =3D mNvVariableCache; + + Status =3D VariableServiceGetNextVariableInternal ( + VariableName, + VendorGuid, + VariableStoreHeader, + &VariablePtr, + mVariableModuleGlobal->VariableGlobal.AuthFormat + ); + if (EFI_ERROR (Status)) { + AuthVariableInfo->VariableName =3D NULL; + AuthVariableInfo->VendorGuid =3D NULL; + AuthVariableInfo->Data =3D NULL; + AuthVariableInfo->DataSize =3D 0; + AuthVariableInfo->Attributes =3D 0; + AuthVariableInfo->PubKeyIndex =3D 0; + AuthVariableInfo->MonotonicCount =3D 0; + AuthVariableInfo->TimeStamp =3D NULL; + return Status; + } + + AuthVariableInfo->NameSize =3D NameSizeOfVariable (VariablePtr, mVar= iableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->VariableName =3D GetVariableNamePtr (VariablePtr, mVar= iableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->VendorGuid =3D GetVendorGuidPtr (VariablePtr, mVaria= bleModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->DataSize =3D DataSizeOfVariable (VariablePtr, mVar= iableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->Data =3D GetVariableDataPtr (VariablePtr, mVar= iableModuleGlobal->VariableGlobal.AuthFormat); + AuthVariableInfo->Attributes =3D VariablePtr->Attributes; + if (mVariableModuleGlobal->VariableGlobal.AuthFormat) { + AuthVariablePtr =3D (AUTHENTICATED_VARIABLE_HEADER *)= VariablePtr; + AuthVariableInfo->PubKeyIndex =3D AuthVariablePtr->PubKeyIndex; + AuthVariableInfo->MonotonicCount =3D ReadUnaligned64 (&(AuthVariablePt= r->MonotonicCount)); + AuthVariableInfo->TimeStamp =3D &AuthVariablePtr->TimeStamp; + } + + CopyMem (&VarInfo.Header, AuthVariableInfo, sizeof (VarInfo.Header)); + + VarInfo.Buffer =3D VariablePtr; + VarInfo.PlainData =3D NULL; + VarInfo.PlainDataSize =3D 0; + + Status =3D ProtectedVariableLibGetByInfo (&VarInfo); + if (!EFI_ERROR (Status)) { + if (VarInfo.PlainData !=3D NULL) { + AuthVariableInfo->Data =3D VarInfo.PlainData; + AuthVariableInfo->DataSize =3D VarInfo.PlainDataSize; + } + } + + return EFI_SUCCESS; +} + +/** + Update the variable region with Variable information. + + @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure f= or + input of the variable. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +EFI_STATUS +EFIAPI +VariableExLibUpdateVariable ( + IN AUTH_VARIABLE_INFO *AuthVariableInfo + ) +{ + VARIABLE_POINTER_TRACK Variable; + + FindVariable (AuthVariableInfo->VariableName, AuthVariableInfo->VendorGu= id, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE); + return UpdateVariable ( + AuthVariableInfo->VariableName, + AuthVariableInfo->VendorGuid, + AuthVariableInfo->Data, + AuthVariableInfo->DataSize, + AuthVariableInfo->Attributes, + AuthVariableInfo->PubKeyIndex, + AuthVariableInfo->MonotonicCount, + &Variable, + AuthVariableInfo->TimeStamp + ); +} + +/** + Get scratch buffer. + + @param[in, out] ScratchBufferSize Scratch buffer size. If input size is = greater than + the maximum supported buffer size, thi= s value contains + the maximum supported buffer size as o= utput. + @param[out] ScratchBuffer Pointer to scratch buffer address. + + @retval EFI_SUCCESS Get scratch buffer successfully. + @retval EFI_UNSUPPORTED If input size is greater than the maximum supp= orted buffer size. + +**/ +EFI_STATUS +EFIAPI +VariableExLibGetScratchBuffer ( + IN OUT UINTN *ScratchBufferSize, + OUT VOID **ScratchBuffer + ) +{ + UINTN MaxBufferSize; + + MaxBufferSize =3D mVariableModuleGlobal->ScratchBufferSize; + if (*ScratchBufferSize > MaxBufferSize) { + *ScratchBufferSize =3D MaxBufferSize; + return EFI_UNSUPPORTED; + } + + *ScratchBuffer =3D GetEndPointer ((VARIABLE_STORE_HEADER *)((UINTN)mVari= ableModuleGlobal->VariableGlobal.VolatileVariableBase)); + return EFI_SUCCESS; +} + +/** + This function is to check if the remaining variable space is enough to s= et + all Variables from argument list successfully. The purpose of the check + is to keep the consistency of the Variables to be in variable storage. + + Note: Variables are assumed to be in same storage. + The set sequence of Variables will be same with the sequence of Variable= Entry from argument list, + so follow the argument sequence to check the Variables. + + @param[in] Attributes Variable attributes for Variable entries. + @param ... The variable argument list with type VARIA= BLE_ENTRY_CONSISTENCY *. + A NULL terminates the list. The VariableSi= ze of + VARIABLE_ENTRY_CONSISTENCY is the variable= data size as input. + It will be changed to variable total size = as output. + + @retval TRUE Have enough variable space to set the Vari= ables successfully. + @retval FALSE No enough variable space to set the Variab= les successfully. + +**/ +BOOLEAN +EFIAPI +VariableExLibCheckRemainingSpaceForConsistency ( + IN UINT32 Attributes, + ... + ) +{ + VA_LIST Marker; + BOOLEAN Return; + + VA_START (Marker, Attributes); + + Return =3D CheckRemainingSpaceForConsistencyInternal (Attributes, Marker= ); + + VA_END (Marker); + + return Return; +} + +/** + Return TRUE if at OS runtime. + + @retval TRUE If at OS runtime. + @retval FALSE If at boot time. + +**/ +BOOLEAN +EFIAPI +VariableExLibAtRuntime ( + VOID + ) +{ + return AtRuntime (); +} + +/** + Update partial data of a variable on NV storage and/or cached copy. + + @param[in] VariableInfo Pointer to a variable with detailed informatio= n. + @param[in] Offset Offset to write from. + @param[in] Size Size of data Buffer to update. + @param[in] Buffer Pointer to data buffer to update. + + @retval EFI_SUCCESS The variable data was updated successful= ly. + @retval EFI_UNSUPPORTED If this function is called directly in r= untime. + @retval EFI_INVALID_PARAMETER If VariableInfo, Buffer or Size are not = valid. + @retval Others Failed to update NV storage or variable = cache. + +**/ +EFI_STATUS +EFIAPI +VariableExLibUpdateNvVariable ( + IN PROTECTED_VARIABLE_INFO *VariableInfo, + IN UINTN Offset, + IN UINT32 Size, + IN UINT8 *Buffer + ) +{ + EFI_STATUS Status; + VARIABLE_GLOBAL *Global; + VARIABLE_RUNTIME_CACHE *CacheInstance; + VARIABLE_HEADER *VariableCache; + + if ((mVariableModuleGlobal =3D=3D NULL) || (mNvVariableCache =3D=3D NULL= )) { + return EFI_UNSUPPORTED; + } + + // + // Flush the cache to store. + // + if (Size =3D=3D (UINT32)-1) { + Status =3D FtwVariableSpace ( + mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBa= se, + mNvVariableCache + ); + if ( !EFI_ERROR (Status) + && (mVariableModuleGlobal->VariableGlobal.HobVariableBase !=3D 0)) + { + FlushHobVariableToFlash (NULL, NULL); + if (mVariableModuleGlobal->VariableGlobal.HobVariableBase !=3D 0) { + FreePool ((VOID *)(UINTN)mVariableModuleGlobal->VariableGlobal.Hob= VariableBase); + mVariableModuleGlobal->VariableGlobal.HobVariableBase =3D 0; + } + } + + return Status; + } + + if ( (VariableInfo =3D=3D NULL) + || (VariableInfo->StoreIndex =3D=3D VAR_INDEX_INVALID) + || (Buffer =3D=3D NULL) + || (Size =3D=3D 0)) + { + ASSERT (VariableInfo !=3D NULL); + ASSERT (VariableInfo->StoreIndex !=3D VAR_INDEX_INVALID); + ASSERT (Buffer !=3D NULL); + ASSERT (Size !=3D 0); + return EFI_INVALID_PARAMETER; + } + + Global =3D &mVariableModuleGlobal->VariableGlobal; + + VariableCache =3D (VARIABLE_HEADER *)((UINTN)mNvVariableCache + (UINTN)V= ariableInfo->StoreIndex); + + ASSERT ( + StrCmp ( + VariableInfo->Header.VariableName, + GetVariableNamePtr (VariableCache, Global->AuthFormat) + ) =3D=3D 0 + ); + ASSERT ( + CompareGuid ( + VariableInfo->Header.VendorGuid, + GetVendorGuidPtr (VariableCache, Global->AuthFormat) + ) + ); + + // + // Forcibly update part data of flash copy of the variable ... + // + Status =3D UpdateVariableStore ( + Global, + FALSE, + FALSE, + mVariableModuleGlobal->FvbInstance, + (UINTN)(Global->NonVolatileVariableBase + VariableInfo->Stor= eIndex + Offset), + Size, + Buffer + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + // + // ... as well as the local cached copy. + // + CopyMem ((VOID *)((UINTN)VariableCache + Offset), Buffer, Size); + + // + // Sync remote cached copy. + // + CacheInstance =3D &Global->VariableRuntimeCacheContext.VariableRuntimeNv= Cache; + if (CacheInstance->Store !=3D NULL) { + Status =3D SynchronizeRuntimeVariableCache ( + CacheInstance, + (UINTN)VariableInfo->StoreIndex + Offset, + Size + ); + ASSERT_EFI_ERROR (Status); + } + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableL= ockRequestToLock.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/V= ariableLockRequestToLock.c new file mode 100644 index 000000000000..d849ee9ce292 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableLockRequ= estToLock.c @@ -0,0 +1,96 @@ +/** @file + Temporary location of the RequestToLock shim code while projects + are moved to VariablePolicy. Should be removed when deprecated. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +/** + DEPRECATED. THIS IS ONLY HERE AS A CONVENIENCE WHILE PORTING. + Mark a variable that will become read-only after leaving the DXE phase of + execution. Write request coming from SMM environment through + EFI_SMM_VARIABLE_PROTOCOL is allowed. + + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be made + read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made + read-only subsequently. + + @retval EFI_SUCCESS The variable specified by the VariableName= and + the VendorGuid was marked as pending to be + read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or + EFI_EVENT_GROUP_READY_TO_BOOT has already = been + signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the l= ock + request. +**/ +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + VARIABLE_POLICY_ENTRY *NewPolicy; + + DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! %a() will go away soon= !\n", __FUNCTION__)); + DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Please move to use Var= iable Policy!\n")); + DEBUG ((DEBUG_WARN, "!!! DEPRECATED INTERFACE !!! Variable: %g %s\n", Ve= ndorGuid, VariableName)); + + NewPolicy =3D NULL; + Status =3D CreateBasicVariablePolicy ( + VendorGuid, + VariableName, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW, + &NewPolicy + ); + if (!EFI_ERROR (Status)) { + Status =3D RegisterVariablePolicy (NewPolicy); + + // + // If the error returned is EFI_ALREADY_STARTED, we need to check the + // current database for the variable and see whether it's locked. If i= t's + // locked, we're still fine, but also generate a DEBUG_WARN message so= the + // duplicate lock can be removed. + // + if (Status =3D=3D EFI_ALREADY_STARTED) { + Status =3D ValidateSetVariable (VariableName, VendorGuid, 0, 0, NULL= ); + if (Status =3D=3D EFI_WRITE_PROTECTED) { + DEBUG ((DEBUG_WARN, " Variable: %g %s is already locked!\n", Vend= orGuid, VariableName)); + Status =3D EFI_SUCCESS; + } else { + DEBUG ((DEBUG_ERROR, " Variable: %g %s can not be locked!\n", Ven= dorGuid, VariableName)); + Status =3D EFI_ACCESS_DENIED; + } + } + } + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to lock variable %s! %r\n", __FUNCTI= ON__, VariableName, Status)); + } + + if (NewPolicy !=3D NULL) { + FreePool (NewPolicy); + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableN= onVolatile.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variabl= eNonVolatile.c new file mode 100644 index 000000000000..32dd9901b260 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableNonVolat= ile.c @@ -0,0 +1,537 @@ +/** @file + Common variable non-volatile store routines. + +Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "VariableNonVolatile.h" +#include "VariableParsing.h" + +extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal; + +/** + Get non-volatile maximum variable size. + + @return Non-volatile maximum variable size. + +**/ +UINTN +GetNonVolatileMaxVariableSize ( + VOID + ) +{ + if (PcdGet32 (PcdHwErrStorageSize) !=3D 0) { + return MAX ( + MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxAuthVaria= bleSize)), + PcdGet32 (PcdMaxHardwareErrorVariableSize) + ); + } else { + return MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxAuthVariabl= eSize)); + } +} + +/** + Init emulated non-volatile variable store. + + @param[out] VariableStoreBase Output pointer to emulated non-volatile va= riable store base. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + +**/ +EFI_STATUS +InitEmuNonVolatileVariableStore ( + OUT EFI_PHYSICAL_ADDRESS *VariableStoreBase + ) +{ + VARIABLE_STORE_HEADER *VariableStore; + UINT32 VariableStoreLength; + BOOLEAN FullyInitializeStore; + UINT32 HwErrStorageSize; + + FullyInitializeStore =3D TRUE; + + VariableStoreLength =3D PcdGet32 (PcdVariableStoreSize); + ASSERT (sizeof (VARIABLE_STORE_HEADER) <=3D VariableStoreLength); + + // + // Allocate memory for variable store. + // + if (PcdGet64 (PcdEmuVariableNvStoreReserved) =3D=3D 0) { + VariableStore =3D (VARIABLE_STORE_HEADER *)AllocateRuntimePool (Variab= leStoreLength); + if (VariableStore =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // A memory location has been reserved for the NV variable store. Cer= tain + // platforms may be able to preserve a memory range across system rese= ts, + // thereby providing better NV variable emulation. + // + VariableStore =3D + (VARIABLE_STORE_HEADER *)(VOID *)(UINTN) + PcdGet64 (PcdEmuVariableNvStoreReserved); + if ((VariableStore->Size =3D=3D VariableStoreLength) && + (CompareGuid (&VariableStore->Signature, &gEfiAuthenticatedVariabl= eGuid) || + CompareGuid (&VariableStore->Signature, &gEfiVariableGuid)) && + (VariableStore->Format =3D=3D VARIABLE_STORE_FORMATTED) && + (VariableStore->State =3D=3D VARIABLE_STORE_HEALTHY)) + { + DEBUG (( + DEBUG_INFO, + "Variable Store reserved at %p appears to be valid\n", + VariableStore + )); + FullyInitializeStore =3D FALSE; + } + } + + if (FullyInitializeStore) { + SetMem (VariableStore, VariableStoreLength, 0xff); + // + // Use gEfiAuthenticatedVariableGuid for potential auth variable suppo= rt. + // + CopyGuid (&VariableStore->Signature, &gEfiAuthenticatedVariableGuid); + VariableStore->Size =3D VariableStoreLength; + VariableStore->Format =3D VARIABLE_STORE_FORMATTED; + VariableStore->State =3D VARIABLE_STORE_HEALTHY; + VariableStore->Reserved =3D 0; + VariableStore->Reserved1 =3D 0; + } + + *VariableStoreBase =3D (EFI_PHYSICAL_ADDRESS)(UINTN)VariableStore; + + HwErrStorageSize =3D PcdGet32 (PcdHwErrStorageSize); + + // + // Note that in EdkII variable driver implementation, Hardware Error Rec= ord type variable + // is stored with common variable in the same NV region. So the platform= integrator should + // ensure that the value of PcdHwErrStorageSize is less than the value of + // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)). + // + ASSERT (HwErrStorageSize < (VariableStoreLength - sizeof (VARIABLE_STORE= _HEADER))); + + mVariableModuleGlobal->CommonVariableSpace =3D ((UINTN)VariableSt= oreLength - sizeof (VARIABLE_STORE_HEADER) - HwErrStorageSize); + mVariableModuleGlobal->CommonMaxUserVariableSpace =3D mVariableModuleGlo= bal->CommonVariableSpace; + mVariableModuleGlobal->CommonRuntimeVariableSpace =3D mVariableModuleGlo= bal->CommonVariableSpace; + + return EFI_SUCCESS; +} + +/** + + Create a dummy variable used to fill the gap in NV variable storage caus= ed by + the invalid variables found in HMAC verification phase. + + @param[out] Variable Variable buffer. + @param[in] Name Variable Name. + @param[in] Guid Vendor GUID of the variable. + @param[in] Size Whole size of the variable requested. + @param[in] AuthFlag Variable format flag. + +**/ +STATIC +VOID +CreateDummyVariable ( + OUT VARIABLE_HEADER *Variable, + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN UINT32 Size, + IN BOOLEAN AuthFlag + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + ASSERT (Variable !=3D NULL); + + if (Name =3D=3D NULL) { + Name =3D L"Dummy"; + } + + if (AuthFlag) { + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + + AuthVariable->StartId =3D VARIABLE_DATA; + AuthVariable->State =3D VAR_ADDED & VAR_DELETED; + AuthVariable->Attributes =3D EFI_VARIABLE_NON_VOLATILE; + AuthVariable->NameSize =3D (UINT32)StrSize (Name); + AuthVariable->DataSize =3D Size - sizeof (AUTHENTICATED_VARIABLE_HEA= DER) + - AuthVariable->NameSize; + if (Guid !=3D NULL) { + CopyMem ((VOID *)&AuthVariable->VendorGuid, (VOID *)Guid, sizeof (EF= I_GUID)); + } + + CopyMem (GetVariableNamePtr (Variable, AuthFlag), (VOID *)Name, AuthVa= riable->NameSize); + } else { + Variable->StartId =3D VARIABLE_DATA; + Variable->State =3D VAR_ADDED & VAR_DELETED; + Variable->Attributes =3D EFI_VARIABLE_NON_VOLATILE; + Variable->NameSize =3D (UINT32)StrSize (Name); + Variable->DataSize =3D Size - sizeof (VARIABLE_HEADER) - Variable->N= ameSize; + if (Guid !=3D NULL) { + CopyMem ((VOID *)&Variable->VendorGuid, (VOID *)Guid, sizeof (EFI_GU= ID)); + } + + CopyMem (GetVariableNamePtr (Variable, AuthFlag), (VOID *)Name, Variab= le->NameSize); + } +} + +/** + + Init protected variable store. + + @param[in, out] VariableStore Pointer to real protected variable store= base. + +**/ +EFI_STATUS +InitProtectedVariableStore ( + IN OUT VARIABLE_STORE_HEADER *VariableStore + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO VarInfo; + UINTN Size; + UINTN Index; + BOOLEAN AuthFlag; + EFI_PHYSICAL_ADDRESS NextVariableStore; + EFI_PHYSICAL_ADDRESS *VarList; + UINTN NumVars; + UINTN CurrVar; + + SetMem ( + (UINT8 *)VariableStore + sizeof (VARIABLE_STORE_HEADER), + VariableStore->Size - sizeof (VARIABLE_STORE_HEADER), + 0xFF + ); + Index =3D sizeof (VARIABLE_STORE_HEADER); + + VarList =3D NULL; + NumVars =3D 0; + ProtectedVariableLibGetSortedList (&VarList, &NumVars); + + // + // Search variable in the order of StoreIndex + // + ZeroMem (&VarInfo, sizeof (VarInfo)); + + for (CurrVar =3D 0; CurrVar < NumVars; CurrVar++) { + VarInfo.Buffer =3D NULL; + VarInfo.StoreIndex =3D VarList[CurrVar]; + if (VarInfo.StoreIndex =3D=3D VAR_INDEX_INVALID) { + break; + } + + Status =3D ProtectedVariableLibFind (&VarInfo); + if (EFI_ERROR (Status)) { + break; + } + + ASSERT (VarInfo.Buffer !=3D NULL); + + AuthFlag =3D VarInfo.Flags.Auth; + if (VarInfo.StoreIndex =3D=3D VAR_INDEX_INVALID) { + continue; + } else { + ASSERT (VarInfo.StoreIndex =3D=3D HEADER_ALIGN (VarInfo.StoreIndex)); + ASSERT (VarInfo.StoreIndex < (VariableStore->Size - sizeof (VARIABLE= _STORE_HEADER))); + ASSERT ((VariableStore->Size - VarInfo.StoreIndex) > GetVariableHead= erSize (AuthFlag)); + } + + // + // Fill gap caused by invalid variable. + // + if (VarInfo.StoreIndex > Index) { + Size =3D (UINTN)VarInfo.StoreIndex - Index; + CreateDummyVariable ( + (VARIABLE_HEADER *)((UINT8 *)VariableStore + Index), + NULL, + NULL, + (UINT32)Size, + AuthFlag + ); + Index +=3D Size; + } + + Size =3D (UINTN)GetNextVariablePtr (VarInfo.Buffer, AuthFlag) + - (UINTN)VarInfo.Buffer; + CopyMem ((UINT8 *)VariableStore + VarInfo.StoreIndex, VarInfo.Buffer, = Size); + + Index +=3D Size; + Index =3D HEADER_ALIGN (Index); + + NextVariableStore =3D (EFI_PHYSICAL_ADDRESS)((UINTN)VariableStore + Va= rInfo.StoreIndex + Size); + } + + // + // Search variable in the order of StoreIndex + // + ZeroMem (&VarInfo, sizeof (VarInfo)); + for ( ; CurrVar < NumVars; CurrVar++) { + VarInfo.Buffer =3D NULL; + VarInfo.StoreIndex =3D VarList[CurrVar]; + Status =3D ProtectedVariableLibFind (&VarInfo); + if (EFI_ERROR (Status)) { + break; + } + + ASSERT (VarInfo.Buffer !=3D NULL); + + AuthFlag =3D VarInfo.Flags.Auth; + if (VarInfo.StoreIndex =3D=3D VAR_INDEX_INVALID) { + Size =3D (UINTN)GetNextVariablePtr (VarInfo.Buffer, AuthFlag) + - (UINTN)VarInfo.Buffer; + CopyMem ((VOID *)(UINTN)NextVariableStore, VarInfo.Buffer, Size); + Status =3D ProtectedVariableLibRefresh (VarInfo.Buffer, 0= , NextVariableStore - (UINTN)VariableStore, FALSE); + NextVariableStore =3D NextVariableStore + Size; + } + } + + if (Status =3D=3D EFI_UNSUPPORTED) { + return Status; + } + + return EFI_SUCCESS; +} + +/** + Init real non-volatile variable store. + + @param[out] VariableStoreBase Output pointer to real non-volatile variab= le store base. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + @retval EFI_VOLUME_CORRUPTED Variable Store or Firmware Volume for Vari= able Store is corrupted. + +**/ +EFI_STATUS +InitRealNonVolatileVariableStore ( + OUT EFI_PHYSICAL_ADDRESS *VariableStoreBase + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + VARIABLE_STORE_HEADER *VariableStore; + UINT32 VariableStoreLength; + EFI_HOB_GUID_TYPE *GuidHob; + EFI_PHYSICAL_ADDRESS NvStorageBase; + UINT8 *NvStorageData; + UINT32 NvStorageSize; + UINT64 NvStorageSize64; + FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *FtwLastWriteData; + UINT32 BackUpOffset; + UINT32 BackUpSize; + UINT32 HwErrStorageSize; + UINT32 MaxUserNvVariableSpaceSize; + UINT32 BoottimeReservedNvVariableSpaceSiz= e; + EFI_STATUS Status; + VOID *FtwProtocol; + + mVariableModuleGlobal->FvbInstance =3D NULL; + + Status =3D GetVariableFlashNvStorageInfo (&NvStorageBase, &NvStorageSize= 64); + ASSERT_EFI_ERROR (Status); + + Status =3D SafeUint64ToUint32 (NvStorageSize64, &NvStorageSize); + // This driver currently assumes the size will be UINT32 so assert the v= alue is safe for now. + ASSERT_EFI_ERROR (Status); + + ASSERT (NvStorageBase !=3D 0); + + // + // Allocate runtime memory used for a memory copy of the FLASH region. + // Keep the memory and the FLASH in sync as updates occur. + // + NvStorageData =3D AllocateRuntimeZeroPool (NvStorageSize); + if (NvStorageData =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Copy NV storage data to the memory buffer. + // + CopyMem (NvStorageData, (UINT8 *)(UINTN)NvStorageBase, NvStorageSize); + + Status =3D GetFtwProtocol ((VOID **)&FtwProtocol); + // + // If FTW protocol has been installed, no need to check FTW last write d= ata hob. + // + if (EFI_ERROR (Status)) { + // + // Check the FTW last write data hob. + // + GuidHob =3D GetFirstGuidHob (&gEdkiiFaultTolerantWriteGuid); + if (GuidHob !=3D NULL) { + FtwLastWriteData =3D (FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *)GET_GUI= D_HOB_DATA (GuidHob); + if (FtwLastWriteData->TargetAddress =3D=3D NvStorageBase) { + DEBUG ((DEBUG_INFO, "Variable: NV storage is backed up in spare bl= ock: 0x%x\n", (UINTN)FtwLastWriteData->SpareAddress)); + // + // Copy the backed up NV storage data to the memory buffer from sp= are block. + // + CopyMem (NvStorageData, (UINT8 *)(UINTN)(FtwLastWriteData->SpareAd= dress), NvStorageSize); + } else if ((FtwLastWriteData->TargetAddress > NvStorageBase) && + (FtwLastWriteData->TargetAddress < (NvStorageBase + NvSto= rageSize))) + { + // + // Flash NV storage from the Offset is backed up in spare block. + // + BackUpOffset =3D (UINT32)(FtwLastWriteData->TargetAddress - NvStor= ageBase); + BackUpSize =3D NvStorageSize - BackUpOffset; + DEBUG ((DEBUG_INFO, "Variable: High partial NV storage from offset= : %x is backed up in spare block: 0x%x\n", BackUpOffset, (UINTN)FtwLastWrit= eData->SpareAddress)); + // + // Copy the partial backed up NV storage data to the memory buffer= from spare block. + // + CopyMem (NvStorageData + BackUpOffset, (UINT8 *)(UINTN)FtwLastWrit= eData->SpareAddress, BackUpSize); + } + } + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)NvStorageData; + + // + // Check if the Firmware Volume is not corrupted + // + if ((FvHeader->Signature !=3D EFI_FVH_SIGNATURE) || (!CompareGuid (&gEfi= SystemNvDataFvGuid, &FvHeader->FileSystemGuid))) { + FreePool (NvStorageData); + DEBUG ((DEBUG_ERROR, "Firmware Volume for Variable Store is corrupted\= n")); + return EFI_VOLUME_CORRUPTED; + } + + VariableStore =3D (VARIABLE_STORE_HEADER *)((UINTN)FvHeader + FvHe= ader->HeaderLength); + VariableStoreLength =3D NvStorageSize - FvHeader->HeaderLength; + ASSERT (sizeof (VARIABLE_STORE_HEADER) <=3D VariableStoreLength); + ASSERT (VariableStore->Size =3D=3D VariableStoreLength); + + // + // Check if the Variable Store header is not corrupted + // + if (GetVariableStoreStatus (VariableStore) !=3D EfiValid) { + FreePool (NvStorageData); + DEBUG ((DEBUG_ERROR, "Variable Store header is corrupted\n")); + return EFI_VOLUME_CORRUPTED; + } + + // + // Overwrite the store with verified copy of protected variables, if ena= bled. + // + Status =3D InitProtectedVariableStore (VariableStore); + if ((Status !=3D EFI_SUCCESS) && (Status !=3D EFI_UNSUPPORTED)) { + FreePool (NvStorageData); + DEBUG ((DEBUG_ERROR, "Variable integrity might have been compromised\n= ")); + return Status; + } + + mNvFvHeaderCache =3D FvHeader; + + *VariableStoreBase =3D (EFI_PHYSICAL_ADDRESS)(UINTN)VariableStore; + + HwErrStorageSize =3D PcdGet32 (PcdHwErrStorageSize); + MaxUserNvVariableSpaceSize =3D PcdGet32 (PcdMaxUserNvVariableSp= aceSize); + BoottimeReservedNvVariableSpaceSize =3D PcdGet32 (PcdBoottimeReservedNvV= ariableSpaceSize); + + // + // Note that in EdkII variable driver implementation, Hardware Error Rec= ord type variable + // is stored with common variable in the same NV region. So the platform= integrator should + // ensure that the value of PcdHwErrStorageSize is less than the value of + // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)). + // + ASSERT (HwErrStorageSize < (VariableStoreLength - sizeof (VARIABLE_STORE= _HEADER))); + // + // Ensure that the value of PcdMaxUserNvVariableSpaceSize is less than t= he value of + // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) - PcdGet32 (Pc= dHwErrStorageSize). + // + ASSERT (MaxUserNvVariableSpaceSize < (VariableStoreLength - sizeof (VARI= ABLE_STORE_HEADER) - HwErrStorageSize)); + // + // Ensure that the value of PcdBoottimeReservedNvVariableSpaceSize is le= ss than the value of + // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) - PcdGet32 (Pc= dHwErrStorageSize). + // + ASSERT (BoottimeReservedNvVariableSpaceSize < (VariableStoreLength - siz= eof (VARIABLE_STORE_HEADER) - HwErrStorageSize)); + + mVariableModuleGlobal->CommonVariableSpace =3D ((UINTN)VariableSt= oreLength - sizeof (VARIABLE_STORE_HEADER) - HwErrStorageSize); + mVariableModuleGlobal->CommonMaxUserVariableSpace =3D ((MaxUserNvVariabl= eSpaceSize !=3D 0) ? MaxUserNvVariableSpaceSize : mVariableModuleGlobal->Co= mmonVariableSpace); + mVariableModuleGlobal->CommonRuntimeVariableSpace =3D mVariableModuleGlo= bal->CommonVariableSpace - BoottimeReservedNvVariableSpaceSize; + + DEBUG (( + DEBUG_INFO, + "Variable driver common space: 0x%x 0x%x 0x%x\n", + mVariableModuleGlobal->CommonVariableSpace, + mVariableModuleGlobal->CommonMaxUserVariableSpace, + mVariableModuleGlobal->CommonRuntimeVariableSpace + )); + + // + // The max NV variable size should be < (VariableStoreLength - sizeof (V= ARIABLE_STORE_HEADER)). + // + ASSERT (GetNonVolatileMaxVariableSize () < (VariableStoreLength - sizeof= (VARIABLE_STORE_HEADER))); + + return EFI_SUCCESS; +} + +/** + Init non-volatile variable store. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource. + @retval EFI_VOLUME_CORRUPTED Variable Store or Firmware Volume for Vari= able Store is corrupted. + +**/ +EFI_STATUS +InitNonVolatileVariableStore ( + VOID + ) +{ + VARIABLE_HEADER *Variable; + VARIABLE_HEADER *NextVariable; + EFI_PHYSICAL_ADDRESS VariableStoreBase; + UINTN VariableSize; + EFI_STATUS Status; + + if (PcdGetBool (PcdEmuVariableNvModeEnable)) { + Status =3D InitEmuNonVolatileVariableStore (&VariableStoreBase); + if (EFI_ERROR (Status)) { + return Status; + } + + mVariableModuleGlobal->VariableGlobal.EmuNvMode =3D TRUE; + DEBUG ((DEBUG_INFO, "Variable driver will work at emulated non-volatil= e variable mode!\n")); + } else { + Status =3D InitRealNonVolatileVariableStore (&VariableStoreBase); + if (EFI_ERROR (Status)) { + return Status; + } + + mVariableModuleGlobal->VariableGlobal.EmuNvMode =3D FALSE; + } + + mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase =3D Variab= leStoreBase; + mNvVariableCache =3D (VARIA= BLE_STORE_HEADER *)(UINTN)VariableStoreBase; + mVariableModuleGlobal->VariableGlobal.AuthFormat =3D (BOOLE= AN)(CompareGuid (&mNvVariableCache->Signature, &gEfiAuthenticatedVariableGu= id)); + + mVariableModuleGlobal->MaxVariableSize =3D PcdGet32 (PcdMaxVariableS= ize); + mVariableModuleGlobal->MaxAuthVariableSize =3D ((PcdGet32 (PcdMaxAuthVar= iableSize) !=3D 0) ? PcdGet32 (PcdMaxAuthVariableSize) : mVariableModuleGlo= bal->MaxVariableSize); + + // + // Parse non-volatile variable data and get last variable offset. + // + Variable =3D GetStartPointer (mNvVariableCache); + while (IsValidVariableHeader ( + Variable, + GetEndPointer (mNvVariableCache), + mVariableModuleGlobal->VariableGlobal.AuthFormat + )) + { + NextVariable =3D GetNextVariablePtr (Variable, mVariableModuleGlobal->= VariableGlobal.AuthFormat); + VariableSize =3D (UINTN)NextVariable - (UINTN)Variable; + if ((Variable->Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_= HARDWARE_ERROR_RECORD)) =3D=3D (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HA= RDWARE_ERROR_RECORD)) { + mVariableModuleGlobal->HwErrVariableTotalSize +=3D VariableSize; + } else { + mVariableModuleGlobal->CommonVariableTotalSize +=3D VariableSize; + } + + Variable =3D NextVariable; + } + + mVariableModuleGlobal->NonVolatileLastVariableOffset =3D (UINTN)Variable= - (UINTN)mNvVariableCache; + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableP= arsing.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePar= sing.c new file mode 100644 index 000000000000..be3f59341c1e --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableParsing.c @@ -0,0 +1,1110 @@ +/** @file + Functions in this module are associated with variable parsing operations= and + are intended to be usable across variable driver source files. + +Copyright (c) 2019 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" +#include "VariableParsing.h" + +/** + + This code checks if variable header is valid or not. + + @param[in] Variable Pointer to the Variable Header. + @param[in] VariableStoreEnd Pointer to the Variable Store End. + @param[in] AuthFormat TRUE indicates authenticated variables are= used. + FALSE indicates authenticated variables ar= e not used. + + @retval TRUE Variable header is valid. + @retval FALSE Variable header is not valid. + +**/ +BOOLEAN +IsValidVariableHeader ( + IN VARIABLE_HEADER *Variable, + IN VARIABLE_HEADER *VariableStoreEnd, + IN BOOLEAN AuthFormat + ) +{ + if ( (Variable =3D=3D NULL) + || (((UINTN)Variable + GetVariableHeaderSize (AuthFormat)) >=3D (UINT= N)VariableStoreEnd) + || (Variable->StartId !=3D VARIABLE_DATA)) + { + // + // Variable is NULL or has reached the end of variable store, + // or the StartId is not correct. + // + return FALSE; + } + + return TRUE; +} + +/** + + This code gets the current status of Variable Store. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @retval EfiRaw Variable store status is raw. + @retval EfiValid Variable store status is valid. + @retval EfiInvalid Variable store status is invalid. + +**/ +VARIABLE_STORE_STATUS +GetVariableStoreStatus ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ) +{ + if ((CompareGuid (&VarStoreHeader->Signature, &gEfiAuthenticatedVariable= Guid) || + CompareGuid (&VarStoreHeader->Signature, &gEfiVariableGuid)) && + (VarStoreHeader->Format =3D=3D VARIABLE_STORE_FORMATTED) && + (VarStoreHeader->State =3D=3D VARIABLE_STORE_HEALTHY) + ) + { + return EfiValid; + } else if ((((UINT32 *)(&VarStoreHeader->Signature))[0] =3D=3D 0xfffffff= f) && + (((UINT32 *)(&VarStoreHeader->Signature))[1] =3D=3D 0xfffffff= f) && + (((UINT32 *)(&VarStoreHeader->Signature))[2] =3D=3D 0xfffffff= f) && + (((UINT32 *)(&VarStoreHeader->Signature))[3] =3D=3D 0xfffffff= f) && + (VarStoreHeader->Size =3D=3D 0xffffffff) && + (VarStoreHeader->Format =3D=3D 0xff) && + (VarStoreHeader->State =3D=3D 0xff) + ) + { + return EfiRaw; + } else { + return EfiInvalid; + } +} + +/** + This code gets the size of variable header. + + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + + @return Size of variable header in bytes in type UINTN. + +**/ +UINTN +GetVariableHeaderSize ( + IN BOOLEAN AuthFormat + ) +{ + UINTN Value; + + if (AuthFormat) { + Value =3D sizeof (AUTHENTICATED_VARIABLE_HEADER); + } else { + Value =3D sizeof (VARIABLE_HEADER); + } + + return Value; +} + +/** + + This code gets the size of name of variable. + + @param[in] Variable Pointer to the variable header. + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + + @return UINTN Size of variable in bytes. + +**/ +UINTN +NameSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFormat) { + if ((AuthVariable->State =3D=3D (UINT8)(-1)) || + (AuthVariable->DataSize =3D=3D (UINT32)(-1)) || + (AuthVariable->NameSize =3D=3D (UINT32)(-1)) || + (AuthVariable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)AuthVariable->NameSize; + } else { + if ((Variable->State =3D=3D (UINT8)(-1)) || + (Variable->DataSize =3D=3D (UINT32)(-1)) || + (Variable->NameSize =3D=3D (UINT32)(-1)) || + (Variable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)Variable->NameSize; + } +} + +/** + This code sets the size of name of variable. + + @param[in] Variable Pointer to the Variable Header. + @param[in] NameSize Name size to set. + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + +**/ +VOID +SetNameSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN UINTN NameSize, + IN BOOLEAN AuthFormat + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFormat) { + AuthVariable->NameSize =3D (UINT32)NameSize; + } else { + Variable->NameSize =3D (UINT32)NameSize; + } +} + +/** + + This code gets the size of variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are use= d. + FALSE indicates authenticated variables are no= t used. + + @return Size of variable in bytes. + +**/ +UINTN +DataSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFormat) { + if ((AuthVariable->State =3D=3D (UINT8)(-1)) || + (AuthVariable->DataSize =3D=3D (UINT32)(-1)) || + (AuthVariable->NameSize =3D=3D (UINT32)(-1)) || + (AuthVariable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)AuthVariable->DataSize; + } else { + if ((Variable->State =3D=3D (UINT8)(-1)) || + (Variable->DataSize =3D=3D (UINT32)(-1)) || + (Variable->NameSize =3D=3D (UINT32)(-1)) || + (Variable->Attributes =3D=3D (UINT32)(-1))) + { + return 0; + } + + return (UINTN)Variable->DataSize; + } +} + +/** + This code sets the size of variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] DataSize Data size to set. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not us= ed. + +**/ +VOID +SetDataSizeOfVariable ( + IN VARIABLE_HEADER *Variable, + IN UINTN DataSize, + IN BOOLEAN AuthFormat + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFormat) { + AuthVariable->DataSize =3D (UINT32)DataSize; + } else { + Variable->DataSize =3D (UINT32)DataSize; + } +} + +/** + + This code gets the pointer to the variable name. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Pointer to Variable Name which is Unicode encoding. + +**/ +CHAR16 * +GetVariableNamePtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + return (CHAR16 *)((UINTN)Variable + GetVariableHeaderSize (AuthFormat)); +} + +/** + This code gets the pointer to the variable guid. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return A EFI_GUID* pointer to Vendor Guid. + +**/ +EFI_GUID * +GetVendorGuidPtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + if (AuthFormat) { + return &AuthVariable->VendorGuid; + } else { + return &Variable->VendorGuid; + } +} + +/** + + This code gets the pointer to the variable data. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Pointer to Variable Data. + +**/ +UINT8 * +GetVariableDataPtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + UINTN Value; + + // + // Be careful about pad size for alignment. + // + Value =3D (UINTN)GetVariableNamePtr (Variable, AuthFormat); + Value +=3D NameSizeOfVariable (Variable, AuthFormat); + Value +=3D GET_PAD_SIZE (NameSizeOfVariable (Variable, AuthFormat)); + + return (UINT8 *)Value; +} + +/** + This code gets the variable data offset related to variable header. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Variable Data offset. + +**/ +UINTN +GetVariableDataOffset ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + UINTN Value; + + // + // Be careful about pad size for alignment + // + Value =3D GetVariableHeaderSize (AuthFormat); + Value +=3D NameSizeOfVariable (Variable, AuthFormat); + Value +=3D GET_PAD_SIZE (NameSizeOfVariable (Variable, AuthFormat)); + + return Value; +} + +/** + Get variable data payload. + + @param[in] Variable Pointer to the Variable Header. + @param[in,out] Data Pointer to buffer used to store the variabl= e data. + @param[in,out] DataSize Size of buffer passed by Data. + Size of data copied into Data buffer. + @param[in] AuthFlag Auth-variable indicator. + + @return EFI_SUCCESS Data was fetched. + @return EFI_INVALID_PARAMETER DataSize is NULL. + @return EFI_BUFFER_TOO_SMALL DataSize is smaller than size of variabl= e data. + +**/ +EFI_STATUS +GetVariableData ( + IN VARIABLE_HEADER *Variable, + IN OUT VOID *Data, + IN OUT UINT32 *DataSize, + IN BOOLEAN AuthFlag + ) +{ + UINT32 Size; + + if (DataSize =3D=3D NULL) { + ASSERT (DataSize !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Size =3D (UINT32)DataSizeOfVariable (Variable, AuthFlag); + if (*DataSize < Size) { + *DataSize =3D Size; + return EFI_BUFFER_TOO_SMALL; + } + + if (Data =3D=3D NULL) { + ASSERT (Data !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + CopyMem (Data, GetVariableDataPtr (Variable, AuthFlag), Size); + *DataSize =3D Size; + + return EFI_SUCCESS; +} + +/** + + This code gets the pointer to the next variable header. + + @param[in] Variable Pointer to the Variable Header. + @param[in] AuthFormat TRUE indicates authenticated variables are used. + FALSE indicates authenticated variables are not = used. + + @return Pointer to next variable header. + +**/ +VARIABLE_HEADER * +GetNextVariablePtr ( + IN VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFormat + ) +{ + UINTN Value; + + Value =3D (UINTN)GetVariableDataPtr (Variable, AuthFormat); + Value +=3D DataSizeOfVariable (Variable, AuthFormat); + Value +=3D GET_PAD_SIZE (DataSizeOfVariable (Variable, AuthFormat)); + + // + // Be careful about pad size for alignment. + // + return (VARIABLE_HEADER *)HEADER_ALIGN (Value); +} + +/** + + Gets the pointer to the first variable header in given variable store ar= ea. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the first variable header. + +**/ +VARIABLE_HEADER * +GetStartPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ) +{ + // + // The start of variable store. + // + return (VARIABLE_HEADER *)HEADER_ALIGN (VarStoreHeader + 1); +} + +/** + + Gets the pointer to the end of the variable storage area. + + This function gets pointer to the end of the variable storage + area, according to the input variable store header. + + @param[in] VarStoreHeader Pointer to the Variable Store Header. + + @return Pointer to the end of the variable storage area. + +**/ +VARIABLE_HEADER * +GetEndPointer ( + IN VARIABLE_STORE_HEADER *VarStoreHeader + ) +{ + // + // The end of variable store + // + return (VARIABLE_HEADER *)HEADER_ALIGN ((UINTN)VarStoreHeader + VarStore= Header->Size); +} + +/** + Compare two EFI_TIME data. + + + @param[in] FirstTime A pointer to the first EFI_TIME data. + @param[in] SecondTime A pointer to the second EFI_TIME data. + + @retval TRUE The FirstTime is not later than the SecondTim= e. + @retval FALSE The FirstTime is later than the SecondTime. + +**/ +BOOLEAN +VariableCompareTimeStampInternal ( + IN EFI_TIME *FirstTime, + IN EFI_TIME *SecondTime + ) +{ + if (FirstTime->Year !=3D SecondTime->Year) { + return (BOOLEAN)(FirstTime->Year < SecondTime->Year); + } else if (FirstTime->Month !=3D SecondTime->Month) { + return (BOOLEAN)(FirstTime->Month < SecondTime->Month); + } else if (FirstTime->Day !=3D SecondTime->Day) { + return (BOOLEAN)(FirstTime->Day < SecondTime->Day); + } else if (FirstTime->Hour !=3D SecondTime->Hour) { + return (BOOLEAN)(FirstTime->Hour < SecondTime->Hour); + } else if (FirstTime->Minute !=3D SecondTime->Minute) { + return (BOOLEAN)(FirstTime->Minute < SecondTime->Minute); + } + + return (BOOLEAN)(FirstTime->Second <=3D SecondTime->Second); +} + +/** + Find the variable in the specified variable store. + + @param[in] VariableName Name of the variable to be found + @param[in] VendorGuid Vendor GUID to be found. + @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS = attribute + check at runtime when searching var= iable. + @param[in, out] PtrTrack Variable Track Pointer structure th= at contains Variable Information. + @param[in] AuthFormat TRUE indicates authenticated variab= les are used. + FALSE indicates authenticated varia= bles are not used. + + @retval EFI_SUCCESS Variable found successfully + @retval EFI_NOT_FOUND Variable not found +**/ +EFI_STATUS +FindVariableEx ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN BOOLEAN IgnoreRtCheck, + IN OUT VARIABLE_POINTER_TRACK *PtrTrack, + IN BOOLEAN AuthFormat + ) +{ + VARIABLE_HEADER *InDeletedVariable; + VOID *Point; + + PtrTrack->InDeletedTransitionPtr =3D NULL; + + // + // Find the variable by walk through HOB, volatile and non-volatile vari= able store. + // + InDeletedVariable =3D NULL; + + for ( PtrTrack->CurrPtr =3D PtrTrack->StartPtr + ; IsValidVariableHeader (PtrTrack->CurrPtr, PtrTrack->EndPtr, Auth= Format) + ; PtrTrack->CurrPtr =3D GetNextVariablePtr (PtrTrack->CurrPtr, Aut= hFormat) + ) + { + if ((PtrTrack->CurrPtr->State =3D=3D VAR_ADDED) || + (PtrTrack->CurrPtr->State =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_= ADDED)) + ) + { + if (IgnoreRtCheck || !AtRuntime () || ((PtrTrack->CurrPtr->Attribute= s & EFI_VARIABLE_RUNTIME_ACCESS) !=3D 0)) { + if (VariableName[0] =3D=3D 0) { + if (PtrTrack->CurrPtr->State =3D=3D (VAR_IN_DELETED_TRANSITION &= VAR_ADDED)) { + InDeletedVariable =3D PtrTrack->CurrPtr; + } else { + PtrTrack->InDeletedTransitionPtr =3D InDeletedVariable; + return EFI_SUCCESS; + } + } else { + if (CompareGuid (VendorGuid, GetVendorGuidPtr (PtrTrack->CurrPtr= , AuthFormat))) { + Point =3D (VOID *)GetVariableNamePtr (PtrTrack->CurrPtr, AuthF= ormat); + + ASSERT (NameSizeOfVariable (PtrTrack->CurrPtr, AuthFormat) != =3D 0); + if (CompareMem (VariableName, Point, NameSizeOfVariable (PtrTr= ack->CurrPtr, AuthFormat)) =3D=3D 0) { + if (PtrTrack->CurrPtr->State =3D=3D (VAR_IN_DELETED_TRANSITI= ON & VAR_ADDED)) { + InDeletedVariable =3D PtrTrack->CurrPtr; + } else { + PtrTrack->InDeletedTransitionPtr =3D InDeletedVariable; + return EFI_SUCCESS; + } + } + } + } + } + } + } + + PtrTrack->CurrPtr =3D InDeletedVariable; + return (PtrTrack->CurrPtr =3D=3D NULL) ? EFI_NOT_FOUND : EFI_SUCCESS; +} + +/** + This code finds the next available variable. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode. This function will do basic va= lidation, before parse the data. + + @param[in] VariableName Pointer to variable name. + @param[in] VendorGuid Variable Vendor Guid. + @param[in] VariableStoreList A list of variable stores that should be u= sed to get the next variable. + The maximum number of entries is the max v= alue of VARIABLE_STORE_TYPE. + @param[out] VariablePtr Pointer to variable header address. + @param[in] AuthFormat TRUE indicates authenticated variables are= used. + FALSE indicates authenticated variables ar= e not used. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The next variable was not found. + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, wh= ile VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER The input values of VariableName and Vendo= rGuid are not a name and + GUID of an existing variable. + +**/ +EFI_STATUS +EFIAPI +VariableServiceGetNextVariableInternal ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VARIABLE_STORE_HEADER **VariableStoreList, + OUT VARIABLE_HEADER **VariablePtr, + IN BOOLEAN AuthFormat + ) +{ + EFI_STATUS Status; + VARIABLE_STORE_TYPE StoreType; + VARIABLE_POINTER_TRACK Variable; + VARIABLE_POINTER_TRACK VariableInHob; + VARIABLE_POINTER_TRACK VariablePtrTrack; + + Status =3D EFI_NOT_FOUND; + + if (VariableStoreList =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + ZeroMem (&Variable, sizeof (Variable)); + + // Check if the variable exists in the given variable store list + for (StoreType =3D (VARIABLE_STORE_TYPE)0; StoreType < VariableStoreType= Max; StoreType++) { + if (VariableStoreList[StoreType] =3D=3D NULL) { + continue; + } + + Variable.StartPtr =3D GetStartPointer (VariableStoreList[StoreType]); + Variable.EndPtr =3D GetEndPointer (VariableStoreList[StoreType]); + Variable.Volatile =3D (BOOLEAN)(StoreType =3D=3D VariableStoreTypeVola= tile); + + Status =3D FindVariableEx (VariableName, VendorGuid, FALSE, &Variable,= AuthFormat); + if (!EFI_ERROR (Status)) { + break; + } + } + + if ((Variable.CurrPtr =3D=3D NULL) || EFI_ERROR (Status)) { + // + // For VariableName is an empty string, FindVariableEx() will try to f= ind and return + // the first qualified variable, and if FindVariableEx() returns error= (EFI_NOT_FOUND) + // as no any variable is found, still go to return the error (EFI_NOT_= FOUND). + // + if (VariableName[0] !=3D 0) { + // + // For VariableName is not an empty string, and FindVariableEx() ret= urns error as + // VariableName and VendorGuid are not a name and GUID of an existin= g variable, + // there is no way to get next variable, follow spec to return EFI_I= NVALID_PARAMETER. + // + Status =3D EFI_INVALID_PARAMETER; + } + + goto Done; + } + + if (VariableName[0] !=3D 0) { + // + // If variable name is not empty, get next variable. + // + Variable.CurrPtr =3D GetNextVariablePtr (Variable.CurrPtr, AuthFormat); + } + + while (TRUE) { + // + // Switch to the next variable store if needed + // + while (!IsValidVariableHeader (Variable.CurrPtr, Variable.EndPtr, Auth= Format)) { + // + // Find current storage index + // + for (StoreType =3D (VARIABLE_STORE_TYPE)0; StoreType < VariableStore= TypeMax; StoreType++) { + if ((VariableStoreList[StoreType] !=3D NULL) && (Variable.StartPtr= =3D=3D GetStartPointer (VariableStoreList[StoreType]))) { + break; + } + } + + ASSERT (StoreType < VariableStoreTypeMax); + // + // Switch to next storage + // + for (StoreType++; StoreType < VariableStoreTypeMax; StoreType++) { + if (VariableStoreList[StoreType] !=3D NULL) { + break; + } + } + + // + // Capture the case that + // 1. current storage is the last one, or + // 2. no further storage + // + if (StoreType =3D=3D VariableStoreTypeMax) { + Status =3D EFI_NOT_FOUND; + goto Done; + } + + Variable.StartPtr =3D GetStartPointer (VariableStoreList[StoreType]); + Variable.EndPtr =3D GetEndPointer (VariableStoreList[StoreType]); + Variable.CurrPtr =3D Variable.StartPtr; + } + + // + // Variable is found + // + if ((Variable.CurrPtr->State =3D=3D VAR_ADDED) || (Variable.CurrPtr->S= tate =3D=3D (VAR_IN_DELETED_TRANSITION & VAR_ADDED))) { + if (!AtRuntime () || ((Variable.CurrPtr->Attributes & EFI_VARIABLE_R= UNTIME_ACCESS) !=3D 0)) { + if (Variable.CurrPtr->State =3D=3D (VAR_IN_DELETED_TRANSITION & VA= R_ADDED)) { + // + // If it is a IN_DELETED_TRANSITION variable, + // and there is also a same ADDED one at the same time, + // don't return it. + // + VariablePtrTrack.StartPtr =3D Variable.StartPtr; + VariablePtrTrack.EndPtr =3D Variable.EndPtr; + Status =3D FindVariableEx ( + GetVariableNamePtr (Variable.CurrP= tr, AuthFormat), + GetVendorGuidPtr (Variable.CurrPtr= , AuthFormat), + FALSE, + &VariablePtrTrack, + AuthFormat + ); + if (!EFI_ERROR (Status) && (VariablePtrTrack.CurrPtr->State =3D= =3D VAR_ADDED)) { + Variable.CurrPtr =3D GetNextVariablePtr (Variable.CurrPtr, Aut= hFormat); + continue; + } + } + + // + // Don't return NV variable when HOB overrides it + // + if ((VariableStoreList[VariableStoreTypeHob] !=3D NULL) && (Variab= leStoreList[VariableStoreTypeNv] !=3D NULL) && + (Variable.StartPtr =3D=3D GetStartPointer (VariableStoreList[V= ariableStoreTypeNv])) + ) + { + VariableInHob.StartPtr =3D GetStartPointer (VariableStoreList[Va= riableStoreTypeHob]); + VariableInHob.EndPtr =3D GetEndPointer (VariableStoreList[Vari= ableStoreTypeHob]); + Status =3D FindVariableEx ( + GetVariableNamePtr (Variable.CurrPtr,= AuthFormat), + GetVendorGuidPtr (Variable.CurrPtr, A= uthFormat), + FALSE, + &VariableInHob, + AuthFormat + ); + if (!EFI_ERROR (Status)) { + Variable.CurrPtr =3D GetNextVariablePtr (Variable.CurrPtr, Aut= hFormat); + continue; + } + } + + *VariablePtr =3D Variable.CurrPtr; + Status =3D EFI_SUCCESS; + goto Done; + } + } + + Variable.CurrPtr =3D GetNextVariablePtr (Variable.CurrPtr, AuthFormat); + } + +Done: + return Status; +} + +/** + Routine used to track statistical information about variable usage. + The data is stored in the EFI system table so it can be accessed later. + VariableInfo.efi can dump out the table. Only Boot Services variable + accesses are tracked by this code. The PcdVariableCollectStatistics + build flag controls if this feature is enabled. + + A read that hits in the cache will have Read and Cache true for + the transaction. Data is allocated by this routine, but never + freed. + + @param[in] VariableName Name of the Variable to track. + @param[in] VendorGuid Guid of the Variable to track. + @param[in] Volatile TRUE if volatile FALSE if non-volatile. + @param[in] Read TRUE if GetVariable() was called. + @param[in] Write TRUE if SetVariable() was called. + @param[in] Delete TRUE if deleted via SetVariable(). + @param[in] Cache TRUE for a cache hit. + @param[in,out] VariableInfo Pointer to a pointer of VARIABLE_INFO_ENT= RY structures. + +**/ +VOID +UpdateVariableInfo ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN BOOLEAN Volatile, + IN BOOLEAN Read, + IN BOOLEAN Write, + IN BOOLEAN Delete, + IN BOOLEAN Cache, + IN OUT VARIABLE_INFO_ENTRY **VariableInfo + ) +{ + VARIABLE_INFO_ENTRY *Entry; + + if (FeaturePcdGet (PcdVariableCollectStatistics)) { + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (Variabl= eInfo =3D=3D NULL)) { + return; + } + + if (AtRuntime ()) { + // Don't collect statistics at runtime. + return; + } + + if (*VariableInfo =3D=3D NULL) { + // + // On the first call allocate a entry and place a pointer to it in + // the EFI System Table. + // + *VariableInfo =3D AllocateZeroPool (sizeof (VARIABLE_INFO_ENTRY)); + ASSERT (*VariableInfo !=3D NULL); + + CopyGuid (&(*VariableInfo)->VendorGuid, VendorGuid); + (*VariableInfo)->Name =3D AllocateZeroPool (StrSize (VariableName)); + ASSERT ((*VariableInfo)->Name !=3D NULL); + StrCpyS ((*VariableInfo)->Name, StrSize (VariableName)/sizeof (CHAR1= 6), VariableName); + (*VariableInfo)->Volatile =3D Volatile; + } + + for (Entry =3D (*VariableInfo); Entry !=3D NULL; Entry =3D Entry->Next= ) { + if (CompareGuid (VendorGuid, &Entry->VendorGuid)) { + if (StrCmp (VariableName, Entry->Name) =3D=3D 0) { + if (Read) { + Entry->ReadCount++; + } + + if (Write) { + Entry->WriteCount++; + } + + if (Delete) { + Entry->DeleteCount++; + } + + if (Cache) { + Entry->CacheCount++; + } + + return; + } + } + + if (Entry->Next =3D=3D NULL) { + // + // If the entry is not in the table add it. + // Next iteration of the loop will fill in the data. + // + Entry->Next =3D AllocateZeroPool (sizeof (VARIABLE_INFO_ENTRY)); + ASSERT (Entry->Next !=3D NULL); + + CopyGuid (&Entry->Next->VendorGuid, VendorGuid); + Entry->Next->Name =3D AllocateZeroPool (StrSize (VariableName)); + ASSERT (Entry->Next->Name !=3D NULL); + StrCpyS (Entry->Next->Name, StrSize (VariableName)/sizeof (CHAR16)= , VariableName); + Entry->Next->Volatile =3D Volatile; + } + } + } +} + +/** + + Retrieve details about a variable and return them in VariableInfo->Heade= r. + + If VariableInfo->Buffer is given, this function will calculate its offset + relative to given variable storage via VariableStore; Otherwise, it will= try + other internal variable storages or cached copies. It's assumed that, fo= r all + copies of NV variable storage, all variables are stored in the same rela= tive + position. If VariableInfo->Buffer is found in the range of any storage c= opies, + its offset relative to that storage should be the same in other copies. + + If VariableInfo->Offset is given (non-zero) but not VariableInfo->Buffer, + this function will return the variable memory address inside VariableSto= re, + if given, via VariableInfo->Address; Otherwise, the address of other sto= rage + copies will be returned, if any. + + For a new variable whose offset has not been determined, a value of -1 as + VariableInfo->Offset should be passed to skip the offset calculation. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo is NULL or both VariableInfo= ->Address + and VariableInfo->Offset are NULL (0). + @retval EFI_NOT_FOUND If given Address or Offset is out of rang= e of + any given or internal storage copies. + @retval EFI_SUCCESS Variable details are retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ) +{ + VARIABLE_STORE_HEADER *Stores[2]; + UINTN Index; + VARIABLE_HEADER *VariablePtr; + VARIABLE_HEADER *VariableBuffer; + AUTHENTICATED_VARIABLE_HEADER *AuthVariablePtr; + BOOLEAN AuthFlag; + UINTN NameSize; + UINTN DataSize; + UINTN VariableSize; + + if ((VariableInfo =3D=3D NULL) || ( (VariableInfo->Buffer =3D=3D NULL) + && (VariableInfo->StoreIndex =3D=3D VAR_IN= DEX_INVALID))) + { + ASSERT (VariableInfo !=3D NULL); + ASSERT (VariableInfo->Buffer !=3D NULL || VariableInfo->StoreIndex != =3D VAR_INDEX_INVALID); + return EFI_INVALID_PARAMETER; + } + + Stores[0] =3D mNvVariableCache; + Stores[1] =3D (mVariableModuleGlobal !=3D NULL) + ? (VARIABLE_STORE_HEADER *)(UINTN)mVariableModuleGlobal->Var= iableGlobal.NonVolatileVariableBase + : NULL; + + VariableBuffer =3D VariableInfo->Buffer; + VariablePtr =3D NULL; + if (VariableInfo->StoreIndex !=3D VAR_INDEX_INVALID) { + for (Index =3D 0; Index < ARRAY_SIZE (Stores); ++Index) { + if (Stores[Index] =3D=3D NULL) { + continue; + } + + if ((UINTN)VariableInfo->StoreIndex + < ((UINTN)GetEndPointer (Stores[Index]) - (UINTN)Stores[Index])) + { + VariablePtr =3D (VARIABLE_HEADER *)((UINTN)Stores[Index] = + (UINTN)VariableInfo->StoreIndex); + VariableInfo->Buffer =3D VariablePtr; + break; + } + } + } else { + VariablePtr =3D VariableInfo->Buffer; + } + + if (VariablePtr =3D=3D NULL) { + return EFI_NOT_FOUND; + } + + AuthFlag =3D VariableInfo->Flags.Auth; + ASSERT (AuthFlag =3D=3D TRUE || AuthFlag =3D=3D FALSE); + + // + // Make a copy of the whole variable if a buffer is passed in. + // + if ((VariableBuffer !=3D NULL) && (VariableBuffer !=3D VariablePtr)) { + VariableSize =3D (UINTN)GetNextVariablePtr (VariablePtr, AuthFlag) + - (UINTN)VariablePtr; + CopyMem (VariableBuffer, VariablePtr, VariableSize); + } + + // + // AuthVariable header + // + if (AuthFlag) { + AuthVariablePtr =3D (AUTHENTICATED_VARIABLE_HEADER *)VariablePtr; + + VariableInfo->Header.State =3D AuthVariablePtr->State; + VariableInfo->Header.Attributes =3D AuthVariablePtr->Attributes; + VariableInfo->Header.PubKeyIndex =3D AuthVariablePtr->PubKeyIndex; + VariableInfo->Header.MonotonicCount =3D ReadUnaligned64 ( + &(AuthVariablePtr->MonotonicCo= unt) + ); + if (VariableInfo->Header.TimeStamp !=3D NULL) { + CopyMem ( + VariableInfo->Header.TimeStamp, + &AuthVariablePtr->TimeStamp, + sizeof (EFI_TIME) + ); + } else if (VariableBuffer !=3D NULL) { + AuthVariablePtr =3D (AUTHENTICATED_VARIABLE_HEADER *)= VariableBuffer; + VariableInfo->Header.TimeStamp =3D &AuthVariablePtr->TimeStamp; + } + } else { + VariableInfo->Header.State =3D VariablePtr->State; + VariableInfo->Header.Attributes =3D VariablePtr->Attributes; + VariableInfo->Header.PubKeyIndex =3D 0; + VariableInfo->Header.MonotonicCount =3D 0; + VariableInfo->Header.TimeStamp =3D NULL; + } + + // + // VendorGuid + // + if (VariableInfo->Header.VendorGuid !=3D NULL) { + CopyGuid ( + VariableInfo->Header.VendorGuid, + GetVendorGuidPtr (VariablePtr, AuthFlag) + ); + } else { + VariableInfo->Header.VendorGuid =3D GetVendorGuidPtr (VariablePtr, Aut= hFlag); + } + + // + // VariableName + // + NameSize =3D NameSizeOfVariable (VariablePtr, AuthFlag); + if ( (VariableInfo->Header.VariableName !=3D NULL) + && (VariableInfo->Header.NameSize >=3D NameSize)) + { + CopyMem ( + VariableInfo->Header.VariableName, + GetVariableNamePtr (VariablePtr, AuthFlag), + NameSize + ); + } else if (VariableInfo->Header.VariableName !=3D NULL) { + return EFI_BUFFER_TOO_SMALL; + } else { + VariableInfo->Header.VariableName =3D GetVariableNamePtr (VariablePtr,= AuthFlag); + } + + // + // Data + // + DataSize =3D DataSizeOfVariable (VariablePtr, AuthFlag); + if ( (VariableInfo->Header.Data !=3D NULL) + && (VariableInfo->Header.DataSize >=3D DataSize)) + { + CopyMem ( + VariableInfo->Header.Data, + GetVariableDataPtr (VariablePtr, AuthFlag), + NameSize + ); + } else if (VariableInfo->Header.Data !=3D NULL) { + return EFI_BUFFER_TOO_SMALL; + } else { + VariableInfo->Header.Data =3D GetVariableDataPtr (VariablePtr, AuthFla= g); + } + + // + // Update size information about name & data. + // + VariableInfo->Header.NameSize =3D NameSize; + VariableInfo->Header.DataSize =3D DataSize; + + return EFI_SUCCESS; +} + +/** + + Retrieve details of the variable next to given variable within VariableS= tore. + + If VariableInfo->StoreIndex is invalid, the first one in VariableStore i= s returned. + + @param[in,out] VariableInfo Pointer to variable information. + + @retval EFI_INVALID_PARAMETER VariableInfo or VariableStore is NULL. + @retval EFI_NOT_FOUND If the end of VariableStore is reached. + @retval EFI_SUCCESS The next variable is retrieved successful= ly. + +**/ +EFI_STATUS +EFIAPI +GetNextVariableInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VariableInfo + ) +{ + VARIABLE_STORE_HEADER *VarStore; + VARIABLE_HEADER *VariablePtr; + VARIABLE_HEADER *VariableStart; + VARIABLE_HEADER *VariableEnd; + BOOLEAN AuthFlag; + + if (VariableInfo =3D=3D NULL) { + ASSERT (VariableInfo !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + if (mNvVariableCache !=3D NULL) { + VarStore =3D mNvVariableCache; + } else if (mVariableModuleGlobal !=3D NULL) { + VarStore =3D (VARIABLE_STORE_HEADER *)(UINTN) + mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBa= se; + } else { + return EFI_NOT_FOUND; + } + + VariableStart =3D GetStartPointer (VarStore); + VariableEnd =3D GetEndPointer (VarStore); + + if ((VariableInfo->Flags.Auth !=3D TRUE) && (VariableInfo->Flags.Auth != =3D FALSE)) { + VariableInfo->Flags.Auth =3D CompareGuid ( + &VarStore->Signature, + &gEfiAuthenticatedVariableGuid + ); + } + + AuthFlag =3D VariableInfo->Flags.Auth; + + if (VariableInfo->StoreIndex =3D=3D VAR_INDEX_INVALID) { + VariablePtr =3D VariableStart; + } else { + VariablePtr =3D (VARIABLE_HEADER *) + ((UINTN)VarStore + (UINTN)VariableInfo->StoreIndex); + if (VariablePtr >=3D VariableEnd) { + return EFI_NOT_FOUND; + } + + VariablePtr =3D GetNextVariablePtr (VariablePtr, AuthFlag); + } + + if (!IsValidVariableHeader (VariablePtr, VariableEnd, AuthFlag)) { + return EFI_NOT_FOUND; + } + + VariableInfo->StoreIndex =3D (UINTN)VariablePtr - (UINTN)VarStore; + return GetVariableInfo (VariableInfo); +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableP= olicySmmDxe.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variab= lePolicySmmDxe.c new file mode 100644 index 000000000000..b2094fbcd6ea --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariablePolicySm= mDxe.c @@ -0,0 +1,575 @@ +/** @file -- VariablePolicySmmDxe.c +This protocol allows communication with Variable Policy Engine. + +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "Variable.h" + +EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol; +EFI_MM_COMMUNICATION2_PROTOCOL *mMmCommunication; + +VOID *mMmCommunicationBuffer; +UINTN mMmCommunicationBufferSize; +EFI_LOCK mMmCommunicationLock; + +/** + Internal helper function to consolidate communication method. + + @param[in,out] CommBuffer + @param[in,out] CommSize Size of the CommBuffer. + + @retval EFI_STATUS Result from communication method. + +**/ +STATIC +EFI_STATUS +InternalMmCommunicate ( + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommSize + ) +{ + EFI_STATUS Status; + + if ((CommBuffer =3D=3D NULL) || (CommSize =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status =3D mMmCommunication->Communicate (mMmCommunication, CommBuffer, = CommBuffer, CommSize); + return Status; +} + +/** + This API function disables the variable policy enforcement. If it's + already been called once, will return EFI_ALREADY_STARTED. + + @retval EFI_SUCCESS + @retval EFI_ALREADY_STARTED Has already been called once this boot. + @retval EFI_WRITE_PROTECTED Interface has been locked until reboot. + @retval EFI_WRITE_PROTECTED Interface option is disabled by platfo= rm PCD. + +**/ +STATIC +EFI_STATUS +EFIAPI +ProtocolDisableVariablePolicy ( + VOID + ) +{ + EFI_STATUS Status; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader; + UINTN BufferSize; + + // Check the PCD for convenience. + // This would also be rejected by the lib, but why go to MM if we don't = have to? + if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) { + return EFI_WRITE_PROTECTED; + } + + AcquireLockOnlyAtBootTime (&mMmCommunicationLock); + + // Set up the MM communication. + BufferSize =3D mMmCommunicationBufferSize; + CommHeader =3D mMmCommunicationBuffer; + PolicyHeader =3D (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data; + CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid); + CommHeader->MessageLength =3D BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE= _HEADER, Data); + PolicyHeader->Signature =3D VAR_CHECK_POLICY_COMM_SIG; + PolicyHeader->Revision =3D VAR_CHECK_POLICY_COMM_REVISION; + PolicyHeader->Command =3D VAR_CHECK_POLICY_COMMAND_DISABLE; + + Status =3D InternalMmCommunicate (CommHeader, &BufferSize); + DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION= __, Status)); + + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); + + return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result; +} + +/** + This API function returns whether or not the policy engine is + currently being enforced. + + @param[out] State Pointer to a return value for whether the poli= cy enforcement + is currently enabled. + + @retval EFI_SUCCESS + @retval Others An error has prevented this command from compl= eting. + +**/ +STATIC +EFI_STATUS +EFIAPI +ProtocolIsVariablePolicyEnabled ( + OUT BOOLEAN *State + ) +{ + EFI_STATUS Status; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader; + VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *CommandParams; + UINTN BufferSize; + + if (State =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mMmCommunicationLock); + + // Set up the MM communication. + BufferSize =3D mMmCommunicationBufferSize; + CommHeader =3D mMmCommunicationBuffer; + PolicyHeader =3D (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data; + CommandParams =3D (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *)(PolicyHead= er + 1); + CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid); + CommHeader->MessageLength =3D BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE= _HEADER, Data); + PolicyHeader->Signature =3D VAR_CHECK_POLICY_COMM_SIG; + PolicyHeader->Revision =3D VAR_CHECK_POLICY_COMM_REVISION; + PolicyHeader->Command =3D VAR_CHECK_POLICY_COMMAND_IS_ENABLED; + + Status =3D InternalMmCommunicate (CommHeader, &BufferSize); + DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION= __, Status)); + + if (!EFI_ERROR (Status)) { + Status =3D PolicyHeader->Result; + *State =3D CommandParams->State; + } + + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); + + return Status; +} + +/** + This API function validates and registers a new policy with + the policy enforcement engine. + + @param[in] NewPolicy Pointer to the incoming policy structure. + + @retval EFI_SUCCESS + @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally i= nconsistent. + @retval EFI_ALREADY_STARTED An identical matching policy already= exists. + @retval EFI_WRITE_PROTECTED The interface has been locked until = the next reboot. + @retval EFI_UNSUPPORTED Policy enforcement has been disabled= . No reason to add more policies. + @retval EFI_ABORTED A calculation error has prevented th= is function from completing. + @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any mo= re policies. + +**/ +STATIC +EFI_STATUS +EFIAPI +ProtocolRegisterVariablePolicy ( + IN CONST VARIABLE_POLICY_ENTRY *NewPolicy + ) +{ + EFI_STATUS Status; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader; + VOID *PolicyBuffer; + UINTN BufferSize; + UINTN RequiredSize; + + if (NewPolicy =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + // First, make sure that the required size does not exceed the capabilit= ies + // of the MmCommunication buffer. + RequiredSize =3D OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data) + sizeof (V= AR_CHECK_POLICY_COMM_HEADER); + Status =3D SafeUintnAdd (RequiredSize, NewPolicy->Size, &RequiredS= ize); + if (EFI_ERROR (Status) || (RequiredSize > mMmCommunicationBufferSize)) { + DEBUG (( + DEBUG_ERROR, + "%a - Policy too large for buffer! %r, %d > %d \n", + __FUNCTION__, + Status, + RequiredSize, + mMmCommunicationBufferSize + )); + return EFI_OUT_OF_RESOURCES; + } + + AcquireLockOnlyAtBootTime (&mMmCommunicationLock); + + // Set up the MM communication. + BufferSize =3D mMmCommunicationBufferSize; + CommHeader =3D mMmCommunicationBuffer; + PolicyHeader =3D (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data; + PolicyBuffer =3D (VOID *)(PolicyHeader + 1); + CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid); + CommHeader->MessageLength =3D BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE= _HEADER, Data); + PolicyHeader->Signature =3D VAR_CHECK_POLICY_COMM_SIG; + PolicyHeader->Revision =3D VAR_CHECK_POLICY_COMM_REVISION; + PolicyHeader->Command =3D VAR_CHECK_POLICY_COMMAND_REGISTER; + + // Copy the policy into place. This copy is safe because we've already t= ested above. + CopyMem (PolicyBuffer, NewPolicy, NewPolicy->Size); + + Status =3D InternalMmCommunicate (CommHeader, &BufferSize); + DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION= __, Status)); + + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); + + return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result; +} + +/** + This helper function takes care of the overhead of formatting, sending, = and interpreting + the results for a single DumpVariablePolicy request. + + @param[in] PageRequested The page of the paginated results from M= M. 0 for metadata. + @param[out] TotalSize The total size of the entire buffer. Ret= urned as part of metadata. + @param[out] PageSize The size of the current page being retur= ned. Not valid as part of metadata. + @param[out] HasMore A flag indicating whether there are more= pages after this one. + @param[out] Buffer The start of the current page from MM. + + @retval EFI_SUCCESS Output params have been updated (eit= her metadata or dump page). + @retval EFI_INVALID_PARAMETER One of the output params is NULL. + @retval Others Response from MM handler. + +**/ +STATIC +EFI_STATUS +DumpVariablePolicyHelper ( + IN UINT32 PageRequested, + OUT UINT32 *TotalSize, + OUT UINT32 *PageSize, + OUT BOOLEAN *HasMore, + OUT UINT8 **Buffer + ) +{ + EFI_STATUS Status; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader; + VAR_CHECK_POLICY_COMM_DUMP_PARAMS *CommandParams; + UINTN BufferSize; + + if ((TotalSize =3D=3D NULL) || (PageSize =3D=3D NULL) || (HasMore =3D=3D= NULL) || (Buffer =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // Set up the MM communication. + BufferSize =3D mMmCommunicationBufferSize; + CommHeader =3D mMmCommunicationBuffer; + PolicyHeader =3D (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data; + CommandParams =3D (VAR_CHECK_POLICY_COMM_DUMP_PARAMS *)(PolicyHeader + 1= ); + CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid); + CommHeader->MessageLength =3D BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE= _HEADER, Data); + PolicyHeader->Signature =3D VAR_CHECK_POLICY_COMM_SIG; + PolicyHeader->Revision =3D VAR_CHECK_POLICY_COMM_REVISION; + PolicyHeader->Command =3D VAR_CHECK_POLICY_COMMAND_DUMP; + + CommandParams->PageRequested =3D PageRequested; + + Status =3D InternalMmCommunicate (CommHeader, &BufferSize); + DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION= __, Status)); + + if (!EFI_ERROR (Status)) { + Status =3D PolicyHeader->Result; + *TotalSize =3D CommandParams->TotalSize; + *PageSize =3D CommandParams->PageSize; + *HasMore =3D CommandParams->HasMore; + *Buffer =3D (UINT8 *)(CommandParams + 1); + } + + return Status; +} + +/** + This API function will dump the entire contents of the variable policy t= able. + + Similar to GetVariable, the first call can be made with a 0 size and it = will return + the size of the buffer required to hold the entire table. + + @param[out] Policy Pointer to the policy buffer. Can be NULL if Siz= e is 0. + @param[in,out] Size On input, the size of the output buffer. On outp= ut, the size + of the data returned. + + @retval EFI_SUCCESS Policy data is in the output buffer = and Size has been updated. + @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero an= d Policy is NULL. + @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy.= Size updated with required size. + +**/ +STATIC +EFI_STATUS +EFIAPI +ProtocolDumpVariablePolicy ( + OUT UINT8 *Policy OPTIONAL, + IN OUT UINT32 *Size + ) +{ + EFI_STATUS Status; + UINT8 *Source; + UINT8 *Destination; + UINT32 PolicySize; + UINT32 PageSize; + BOOLEAN HasMore; + UINT32 PageIndex; + + if ((Size =3D=3D NULL) || ((*Size > 0) && (Policy =3D=3D NULL))) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mMmCommunicationLock); + + // Repeat this whole process until we either have a failure case or get = the entire buffer. + do { + // First, we must check the zero page to determine the buffer size and + // reset the internal state. + PolicySize =3D 0; + PageSize =3D 0; + HasMore =3D FALSE; + Status =3D DumpVariablePolicyHelper (0, &PolicySize, &PageSize, &H= asMore, &Source); + if (EFI_ERROR (Status)) { + break; + } + + // If we're good, we can at least check the required size now. + if (*Size < PolicySize) { + *Size =3D PolicySize; + Status =3D EFI_BUFFER_TOO_SMALL; + break; + } + + // On further thought, let's update the size either way. + *Size =3D PolicySize; + // And get ready to ROCK. + Destination =3D Policy; + + // Keep looping and copying until we're either done or freak out. + for (PageIndex =3D 1; !EFI_ERROR (Status) && HasMore && PageIndex < MA= X_UINT32; PageIndex++) { + Status =3D DumpVariablePolicyHelper (PageIndex, &PolicySize, &PageSi= ze, &HasMore, &Source); + if (!EFI_ERROR (Status)) { + CopyMem (Destination, Source, PageSize); + Destination +=3D PageSize; + } + } + + // Next, we check to see whether + } while (Status =3D=3D EFI_TIMEOUT); + + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); + + // There's currently no use for this, but it shouldn't be hard to implem= ent. + return Status; +} + +/** + This API function locks the interface so that no more policy updates + can be performed or changes made to the enforcement until the next boot. + + @retval EFI_SUCCESS + @retval Others An error has prevented this command from compl= eting. + +**/ +STATIC +EFI_STATUS +EFIAPI +ProtocolLockVariablePolicy ( + VOID + ) +{ + EFI_STATUS Status; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader; + UINTN BufferSize; + + AcquireLockOnlyAtBootTime (&mMmCommunicationLock); + + // Set up the MM communication. + BufferSize =3D mMmCommunicationBufferSize; + CommHeader =3D mMmCommunicationBuffer; + PolicyHeader =3D (VAR_CHECK_POLICY_COMM_HEADER *)&CommHeader->Data; + CopyGuid (&CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid); + CommHeader->MessageLength =3D BufferSize - OFFSET_OF (EFI_MM_COMMUNICATE= _HEADER, Data); + PolicyHeader->Signature =3D VAR_CHECK_POLICY_COMM_SIG; + PolicyHeader->Revision =3D VAR_CHECK_POLICY_COMM_REVISION; + PolicyHeader->Command =3D VAR_CHECK_POLICY_COMMAND_LOCK; + + Status =3D InternalMmCommunicate (CommHeader, &BufferSize); + DEBUG ((DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION= __, Status)); + + ReleaseLockOnlyAtBootTime (&mMmCommunicationLock); + + return (EFI_ERROR (Status)) ? Status : PolicyHeader->Result; +} + +/** + This helper function locates the shared comm buffer and assigns it to in= put pointers. + + @param[in,out] BufferSize On input, the minimum buffer size requir= ed INCLUDING the MM communicate header. + On output, the size of the matching buff= er found. + @param[out] LocatedBuffer A pointer to the matching buffer. + + @retval EFI_SUCCESS + @retval EFI_INVALID_PARAMETER One of the output pointers was NULL. + @retval EFI_OUT_OF_RESOURCES Not enough memory to allocate a comm= buffer. + +**/ +STATIC +EFI_STATUS +InitMmCommonCommBuffer ( + IN OUT UINTN *BufferSize, + OUT VOID **LocatedBuffer + ) +{ + EFI_STATUS Status; + + Status =3D EFI_SUCCESS; + + // Make sure that we're working with good pointers. + if ((BufferSize =3D=3D NULL) || (LocatedBuffer =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // Allocate the runtime memory for the comm buffer. + *LocatedBuffer =3D AllocateRuntimePool (*BufferSize); + if (*LocatedBuffer =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + *BufferSize =3D 0; + } + + EfiInitializeLock (&mMmCommunicationLock, TPL_NOTIFY); + + return Status; +} + +/** + Convert internal pointer addresses to virtual addresses. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context The pointer to the notification function's context= , which + is implementation-dependent. +**/ +STATIC +VOID +EFIAPI +VariablePolicyVirtualAddressCallback ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EfiConvertPointer (0, (VOID **)&mMmCommunication); + EfiConvertPointer (0, (VOID **)&mMmCommunicationBuffer); +} + +/** + The driver's entry point. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point executed successfully. + @retval other Some error occured when executing this entry poi= nt. + +**/ +EFI_STATUS +EFIAPI +VariablePolicySmmDxeMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + BOOLEAN ProtocolInstalled; + BOOLEAN VirtualAddressChangeRegistered; + EFI_EVENT VirtualAddressChangeEvent; + + Status =3D EFI_SUCCESS; + ProtocolInstalled =3D FALSE; + VirtualAddressChangeRegistered =3D FALSE; + + // Update the minimum buffer size. + mMmCommunicationBufferSize =3D VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE; + // Locate the shared comm buffer to use for sending MM commands. + Status =3D InitMmCommonCommBuffer (&mMmCommunicationBufferSize, &mMmComm= unicationBuffer); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to locate a viable MM comm buffer! %= r\n", __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + return Status; + } + + // Locate the MmCommunication protocol. + Status =3D gBS->LocateProtocol (&gEfiMmCommunication2ProtocolGuid, NULL,= (VOID **)&mMmCommunication); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol! = %r\n", __FUNCTION__, Status)); + ASSERT_EFI_ERROR (Status); + return Status; + } + + // Configure the VariablePolicy protocol structure. + mVariablePolicyProtocol.Revision =3D EDKII_VARIABLE_POLIC= Y_PROTOCOL_REVISION; + mVariablePolicyProtocol.DisableVariablePolicy =3D ProtocolDisableVaria= blePolicy; + mVariablePolicyProtocol.IsVariablePolicyEnabled =3D ProtocolIsVariablePo= licyEnabled; + mVariablePolicyProtocol.RegisterVariablePolicy =3D ProtocolRegisterVari= ablePolicy; + mVariablePolicyProtocol.DumpVariablePolicy =3D ProtocolDumpVariable= Policy; + mVariablePolicyProtocol.LockVariablePolicy =3D ProtocolLockVariable= Policy; + + // Register all the protocols and return the status. + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEdkiiVariablePolicyProtocolGuid, + &mVariablePolicyProtocol, + NULL + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to install protocol! %r\n", __FUNCTI= ON__, Status)); + goto Exit; + } else { + ProtocolInstalled =3D TRUE; + } + + // Normally, we might want to register a callback + // to lock the interface, but this is integrated + // into the existing callbacks in VaraiableSmm.c + // and VariableDxe.c. + + // + // Register a VirtualAddressChange callback for the MmComm protocol and = Comm buffer. + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + VariablePolicyVirtualAddressCallback, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &VirtualAddressChangeEvent + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to create VirtualAddressChange event= ! %r\n", __FUNCTION__, Status)); + goto Exit; + } else { + VirtualAddressChangeRegistered =3D TRUE; + } + +Exit: + // + // If we're about to return a failed status (and unload this driver), we= must first undo anything that + // has been successfully done. + if (EFI_ERROR (Status)) { + if (ProtocolInstalled) { + gBS->UninstallProtocolInterface (&ImageHandle, &gEdkiiVariablePolicy= ProtocolGuid, &mVariablePolicyProtocol); + } + + if (VirtualAddressChangeRegistered) { + gBS->CloseEvent (VirtualAddressChangeEvent); + } + } + + return Status; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableR= untimeCache.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variab= leRuntimeCache.c new file mode 100644 index 000000000000..9bb30bc1e804 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeC= ache.c @@ -0,0 +1,158 @@ +/** @file + Functions related to managing the UEFI variable runtime cache. This file= should only include functions + used by the SMM UEFI variable driver. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data. They may be input = in SMM mode. + This external input must be validated carefully to avoid security issue = like + buffer overflow, integer overflow. + +Copyright (c) 2019, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "VariableParsing.h" +#include "VariableRuntimeCache.h" + +extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal; +extern VARIABLE_STORE_HEADER *mNvVariableCache; + +/** + Copies any pending updates to runtime variable caches. + + @retval EFI_UNSUPPORTED The volatile store to be updated is not = initialized properly. + @retval EFI_SUCCESS The volatile store was updated successfu= lly. + +**/ +EFI_STATUS +FlushPendingRuntimeVariableCacheUpdates ( + VOID + ) +{ + VARIABLE_RUNTIME_CACHE_CONTEXT *VariableRuntimeCacheContext; + + VariableRuntimeCacheContext =3D &mVariableModuleGlobal->VariableGlobal.V= ariableRuntimeCacheContext; + + if ((VariableRuntimeCacheContext->VariableRuntimeNvCache.Store =3D=3D NU= LL) || + (VariableRuntimeCacheContext->VariableRuntimeVolatileCache.Store =3D= =3D NULL) || + (VariableRuntimeCacheContext->PendingUpdate =3D=3D NULL)) + { + return EFI_UNSUPPORTED; + } + + if (*(VariableRuntimeCacheContext->PendingUpdate)) { + if ((VariableRuntimeCacheContext->VariableRuntimeHobCache.Store !=3D N= ULL) && + (mVariableModuleGlobal->VariableGlobal.HobVariableBase > 0)) + { + CopyMem ( + (VOID *)( + ((UINT8 *)(UINTN)VariableRuntimeCacheContext->VariableRun= timeHobCache.Store) + + VariableRuntimeCacheContext->VariableRuntimeHobCache.Pend= ingUpdateOffset + ), + (VOID *)( + ((UINT8 *)(UINTN)mVariableModuleGlobal->VariableGlobal.Ho= bVariableBase) + + VariableRuntimeCacheContext->VariableRuntimeHobCache.Pend= ingUpdateOffset + ), + VariableRuntimeCacheContext->VariableRuntimeHobCache.PendingUpdate= Length + ); + VariableRuntimeCacheContext->VariableRuntimeHobCache.PendingUpdateLe= ngth =3D 0; + VariableRuntimeCacheContext->VariableRuntimeHobCache.PendingUpdateOf= fset =3D 0; + } + + CopyMem ( + (VOID *)( + ((UINT8 *)(UINTN)VariableRuntimeCacheContext->VariableRunti= meNvCache.Store) + + VariableRuntimeCacheContext->VariableRuntimeNvCache.Pending= UpdateOffset + ), + (VOID *)( + ((UINT8 *)(UINTN)mNvVariableCache) + + VariableRuntimeCacheContext->VariableRuntimeNvCache.Pending= UpdateOffset + ), + VariableRuntimeCacheContext->VariableRuntimeNvCache.PendingUpdateLen= gth + ); + VariableRuntimeCacheContext->VariableRuntimeNvCache.PendingUpdateLengt= h =3D 0; + VariableRuntimeCacheContext->VariableRuntimeNvCache.PendingUpdateOffse= t =3D 0; + + CopyMem ( + (VOID *)( + ((UINT8 *)(UINTN)VariableRuntimeCacheContext->VariableRunti= meVolatileCache.Store) + + VariableRuntimeCacheContext->VariableRuntimeVolatileCache.P= endingUpdateOffset + ), + (VOID *)( + ((UINT8 *)(UINTN)mVariableModuleGlobal->VariableGlobal.Vola= tileVariableBase) + + VariableRuntimeCacheContext->VariableRuntimeVolatileCache.P= endingUpdateOffset + ), + VariableRuntimeCacheContext->VariableRuntimeVolatileCache.PendingUpd= ateLength + ); + VariableRuntimeCacheContext->VariableRuntimeVolatileCache.PendingUpdat= eLength =3D 0; + VariableRuntimeCacheContext->VariableRuntimeVolatileCache.PendingUpdat= eOffset =3D 0; + *(VariableRuntimeCacheContext->PendingUpdate) = =3D FALSE; + } + + return EFI_SUCCESS; +} + +/** + Synchronizes the runtime variable caches with all pending updates outsid= e runtime. + + Ensures all conditions are met to maintain coherency for runtime cache u= pdates. This function will attempt + to write the given update (and any other pending updates) if the ReadLoc= k is available. Otherwise, the + update is added as a pending update for the given variable store and it = will be flushed to the runtime cache + at the next opportunity the ReadLock is available. + + @param[in] VariableRuntimeCache Variable runtime cache structure for the= runtime cache being synchronized. + @param[in] Offset Offset in bytes to apply the update. + @param[in] Length Length of data in bytes of the update. + + @retval EFI_SUCCESS The update was added as a pending update= successfully. If the variable runtime + cache ReadLock was available, the runtim= e cache was updated successfully. + @retval EFI_UNSUPPORTED The volatile store to be updated is not = initialized properly. + +**/ +EFI_STATUS +SynchronizeRuntimeVariableCache ( + IN VARIABLE_RUNTIME_CACHE *VariableRuntimeCache, + IN UINTN Offset, + IN UINTN Length + ) +{ + if (VariableRuntimeCache =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } else if (VariableRuntimeCache->Store =3D=3D NULL) { + // The runtime cache may not be active or allocated yet. + // In either case, return EFI_SUCCESS instead of EFI_NOT_AVAILABLE_YET. + return EFI_SUCCESS; + } + + if ((mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext.P= endingUpdate =3D=3D NULL) || + (mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext.R= eadLock =3D=3D NULL)) + { + return EFI_UNSUPPORTED; + } + + if (*(mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext.= PendingUpdate) && + (VariableRuntimeCache->PendingUpdateLength > 0)) + { + VariableRuntimeCache->PendingUpdateLength =3D + (UINT32)( + MAX ( + (UINTN)(VariableRuntimeCache->PendingUpdateOffset + Varia= bleRuntimeCache->PendingUpdateLength), + Offset + Length + ) - MIN ((UINTN)VariableRuntimeCache->PendingUpdateOffset= , Offset) + ); + VariableRuntimeCache->PendingUpdateOffset =3D + (UINT32)MIN ((UINTN)VariableRuntimeCache->PendingUpdateOffset, Offse= t); + } else { + VariableRuntimeCache->PendingUpdateLength =3D (UINT32)Length; + VariableRuntimeCache->PendingUpdateOffset =3D (UINT32)Offset; + } + + *(mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext.Pend= ingUpdate) =3D TRUE; + + if (*(mVariableModuleGlobal->VariableGlobal.VariableRuntimeCacheContext.= ReadLock) =3D=3D FALSE) { + return FlushPendingRuntimeVariableCacheUpdates (); + } + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mm.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c new file mode 100644 index 000000000000..f7bac0227577 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.c @@ -0,0 +1,1268 @@ +/** @file + The sample implementation for SMM variable protocol. And this driver + implements an SMI handler to communicate with the DXE runtime driver + to provide variable services. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data and communicate buf= fer in SMM mode. + This external input must be validated carefully to avoid security issue = like + buffer overflow, integer overflow. + + SmmVariableHandler() will receive untrusted input and do basic validatio= n. + + Each sub function VariableServiceGetVariable(), VariableServiceGetNextVa= riableName(), + VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), Reclai= mForOS(), + SmmVariableGetStatistics() should also do validation based on its own kn= owledge. + +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
+Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include "Variable.h" +#include "VariableParsing.h" +#include "VariableRuntimeCache.h" + +extern VARIABLE_STORE_HEADER *mNvVariableCache; + +BOOLEAN mAtRuntime =3D FALSE; +UINT8 *mVariableBufferPayload =3D NULL; +UINTN mVariableBufferPayloadSize; + +/** + SecureBoot Hook for SetVariable. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + +**/ +VOID +EFIAPI +SecureBootHook ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + return; +} + +/** + + This code sets variable in storage blocks (Volatile or Non-Volatile). + + @param VariableName Name of Variable to be found. + @param VendorGuid Variable vendor GUID. + @param Attributes Attribute value of the variable = found + @param DataSize Size of Data found. If size is l= ess than the + data, this value contains the re= quired size. + @param Data Data pointer. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SUCCESS Set successfully. + @return EFI_OUT_OF_RESOURCES Resource not enough to set varia= ble. + @return EFI_NOT_FOUND Not found. + @return EFI_WRITE_PROTECTED Variable is read-only. + +**/ +EFI_STATUS +EFIAPI +SmmVariableSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + EFI_STATUS Status; + + // + // Disable write protection when the calling SetVariable() through EFI_S= MM_VARIABLE_PROTOCOL. + // + mRequestSource =3D VarCheckFromTrusted; + Status =3D VariableServiceSetVariable ( + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + ); + mRequestSource =3D VarCheckFromUntrusted; + return Status; +} + +EFI_SMM_VARIABLE_PROTOCOL gSmmVariable =3D { + VariableServiceGetVariable, + VariableServiceGetNextVariableName, + SmmVariableSetVariable, + VariableServiceQueryVariableInfo +}; + +EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck =3D { + VarCheckRegisterSetVariableCheckHandler, + VarCheckVariablePropertySet, + VarCheckVariablePropertyGet +}; + +/** + Return TRUE if ExitBootServices () has been called. + + @retval TRUE If ExitBootServices () has been called. +**/ +BOOLEAN +AtRuntime ( + VOID + ) +{ + return mAtRuntime; +} + +/** + Initializes a basic mutual exclusion lock. + + This function initializes a basic mutual exclusion lock to the released = state + and returns the lock. Each lock provides mutual exclusion access at its= task + priority level. Since there is no preemption or multiprocessor support = in EFI, + acquiring the lock only consists of raising to the locks TPL. + If Lock is NULL, then ASSERT(). + If Priority is not a valid TPL value, then ASSERT(). + + @param Lock A pointer to the lock data structure to initialize. + @param Priority EFI TPL is associated with the lock. + + @return The lock. + +**/ +EFI_LOCK * +InitializeLock ( + IN OUT EFI_LOCK *Lock, + IN EFI_TPL Priority + ) +{ + return Lock; +} + +/** + Acquires lock only at boot time. Simply returns at runtime. + + This is a temperary function that will be removed when + EfiAcquireLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiAcquireLock() at boot time, and simply returns + at runtime. + + @param Lock A pointer to the lock to acquire. + +**/ +VOID +AcquireLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ) +{ +} + +/** + Releases lock only at boot time. Simply returns at runtime. + + This is a temperary function which will be removed when + EfiReleaseLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiReleaseLock() at boot time and simply returns + at runtime. + + @param Lock A pointer to the lock to release. + +**/ +VOID +ReleaseLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ) +{ +} + +/** + Retrieve the SMM Fault Tolerent Write protocol interface. + + @param[out] FtwProtocol The interface of SMM Ftw protocol + + @retval EFI_SUCCESS The SMM FTW protocol instance was found an= d returned in FtwProtocol. + @retval EFI_NOT_FOUND The SMM FTW protocol instance was not foun= d. + @retval EFI_INVALID_PARAMETER SarProtocol is NULL. + +**/ +EFI_STATUS +GetFtwProtocol ( + OUT VOID **FtwProtocol + ) +{ + EFI_STATUS Status; + + // + // Locate Smm Fault Tolerent Write protocol + // + Status =3D gMmst->MmLocateProtocol ( + &gEfiSmmFaultTolerantWriteProtocolGuid, + NULL, + FtwProtocol + ); + return Status; +} + +/** + Retrieve the SMM FVB protocol interface by HANDLE. + + @param[in] FvBlockHandle The handle of SMM FVB protocol that provid= es services for + reading, writing, and erasing the target b= lock. + @param[out] FvBlock The interface of SMM FVB protocol + + @retval EFI_SUCCESS The interface information for the specifie= d protocol was returned. + @retval EFI_UNSUPPORTED The device does not support the SMM FVB pr= otocol. + @retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or= FvBlock is NULL. + +**/ +EFI_STATUS +GetFvbByHandle ( + IN EFI_HANDLE FvBlockHandle, + OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock + ) +{ + // + // To get the SMM FVB protocol interface on the handle + // + return gMmst->MmHandleProtocol ( + FvBlockHandle, + &gEfiSmmFirmwareVolumeBlockProtocolGuid, + (VOID **)FvBlock + ); +} + +/** + Function returns an array of handles that support the SMM FVB protocol + in a buffer allocated from pool. + + @param[out] NumberHandles The number of handles returned in Buffer. + @param[out] Buffer A pointer to the buffer to return the requ= ested + array of handles that support SMM FVB pro= tocol. + + @retval EFI_SUCCESS The array of handles was returned in Buffe= r, and the number of + handles in Buffer was returned in NumberHa= ndles. + @retval EFI_NOT_FOUND No SMM FVB handle was found. + @retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store t= he matching results. + @retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL. + +**/ +EFI_STATUS +GetFvbCountAndBuffer ( + OUT UINTN *NumberHandles, + OUT EFI_HANDLE **Buffer + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + + if ((NumberHandles =3D=3D NULL) || (Buffer =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + BufferSize =3D 0; + *NumberHandles =3D 0; + *Buffer =3D NULL; + Status =3D gMmst->MmLocateHandle ( + ByProtocol, + &gEfiSmmFirmwareVolumeBlockProtocolGuid, + NULL, + &BufferSize, + *Buffer + ); + if (EFI_ERROR (Status) && (Status !=3D EFI_BUFFER_TOO_SMALL)) { + return EFI_NOT_FOUND; + } + + *Buffer =3D AllocatePool (BufferSize); + if (*Buffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status =3D gMmst->MmLocateHandle ( + ByProtocol, + &gEfiSmmFirmwareVolumeBlockProtocolGuid, + NULL, + &BufferSize, + *Buffer + ); + + *NumberHandles =3D BufferSize / sizeof (EFI_HANDLE); + if (EFI_ERROR (Status)) { + *NumberHandles =3D 0; + FreePool (*Buffer); + *Buffer =3D NULL; + } + + return Status; +} + +/** + Get the variable statistics information from the information buffer poin= ted by gVariableInfo. + + Caution: This function may be invoked at SMM runtime. + InfoEntry and InfoSize are external input. Care must be taken to make su= re not security issue at runtime. + + @param[in, out] InfoEntry A pointer to the buffer of variable inform= ation entry. + On input, point to the variable informatio= n returned last time. if + InfoEntry->VendorGuid is zero, return the = first information. + On output, point to the next variable info= rmation. + @param[in, out] InfoSize On input, the size of the variable informa= tion buffer. + On output, the returned variable informati= on size. + + @retval EFI_SUCCESS The variable information is found and retu= rned successfully. + @retval EFI_UNSUPPORTED No variable inoformation exists in variabl= e driver. The + PcdVariableCollectStatistics should be set= TRUE to support it. + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next v= ariable information. + @retval EFI_INVALID_PARAMETER Input parameter is invalid. + +**/ +EFI_STATUS +SmmVariableGetStatistics ( + IN OUT VARIABLE_INFO_ENTRY *InfoEntry, + IN OUT UINTN *InfoSize + ) +{ + VARIABLE_INFO_ENTRY *VariableInfo; + UINTN NameSize; + UINTN StatisticsInfoSize; + CHAR16 *InfoName; + UINTN InfoNameMaxSize; + EFI_GUID VendorGuid; + + if (InfoEntry =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + VariableInfo =3D gVariableInfo; + if (VariableInfo =3D=3D NULL) { + return EFI_UNSUPPORTED; + } + + StatisticsInfoSize =3D sizeof (VARIABLE_INFO_ENTRY); + if (*InfoSize < StatisticsInfoSize) { + *InfoSize =3D StatisticsInfoSize; + return EFI_BUFFER_TOO_SMALL; + } + + InfoName =3D (CHAR16 *)(InfoEntry + 1); + InfoNameMaxSize =3D (*InfoSize - sizeof (VARIABLE_INFO_ENTRY)); + + CopyGuid (&VendorGuid, &InfoEntry->VendorGuid); + + if (IsZeroGuid (&VendorGuid)) { + // + // Return the first variable info + // + NameSize =3D StrSize (VariableInfo->Name); + StatisticsInfoSize =3D sizeof (VARIABLE_INFO_ENTRY) + NameSize; + if (*InfoSize < StatisticsInfoSize) { + *InfoSize =3D StatisticsInfoSize; + return EFI_BUFFER_TOO_SMALL; + } + + CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY)); + CopyMem (InfoName, VariableInfo->Name, NameSize); + *InfoSize =3D StatisticsInfoSize; + return EFI_SUCCESS; + } + + // + // Get the next variable info + // + while (VariableInfo !=3D NULL) { + if (CompareGuid (&VariableInfo->VendorGuid, &VendorGuid)) { + NameSize =3D StrSize (VariableInfo->Name); + if (NameSize <=3D InfoNameMaxSize) { + if (CompareMem (VariableInfo->Name, InfoName, NameSize) =3D=3D 0) { + // + // Find the match one + // + VariableInfo =3D VariableInfo->Next; + break; + } + } + } + + VariableInfo =3D VariableInfo->Next; + } + + if (VariableInfo =3D=3D NULL) { + *InfoSize =3D 0; + return EFI_SUCCESS; + } + + // + // Output the new variable info + // + NameSize =3D StrSize (VariableInfo->Name); + StatisticsInfoSize =3D sizeof (VARIABLE_INFO_ENTRY) + NameSize; + if (*InfoSize < StatisticsInfoSize) { + *InfoSize =3D StatisticsInfoSize; + return EFI_BUFFER_TOO_SMALL; + } + + CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY)); + CopyMem (InfoName, VariableInfo->Name, NameSize); + *InfoSize =3D StatisticsInfoSize; + + return EFI_SUCCESS; +} + +/** + Communication service SMI Handler entry. + + This SMI handler provides services for the variable wrapper driver. + + Caution: This function may receive untrusted input. + This variable data and communicate buffer are external input, so this fu= nction will do basic validation. + Each sub function VariableServiceGetVariable(), VariableServiceGetNextVa= riableName(), + VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), Reclai= mForOS(), + SmmVariableGetStatistics() should also do validation based on its own kn= owledge. + + @param[in] DispatchHandle The unique handle assigned to this handle= r by SmiHandlerRegister(). + @param[in] RegisterContext Points to an optional handler context whi= ch was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memo= ry that will + be conveyed from a non-SMM environment in= to an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled an= d quiesced. No other handlers + should still be called. + @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quies= ced but other handlers should + still be called. + @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pendi= ng and other handlers should still + be called. + @retval EFI_INTERRUPT_PENDING The interrupt could not be q= uiesced. +**/ +EFI_STATUS +EFIAPI +SmmVariableHandler ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *RegisterContext, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status; + SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFun= ctionHeader; + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHea= der; + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariabl= eName; + SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableI= nfo; + SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *GetPayloadSize; + SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT *RuntimeVariabl= eCacheContext; + SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO *GetRuntimeCach= eInfo; + SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock; + SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariablePr= operty; + VARIABLE_INFO_ENTRY *VariableInfo; + VARIABLE_RUNTIME_CACHE_CONTEXT *VariableCacheC= ontext; + VARIABLE_STORE_HEADER *VariableCache; + UINTN InfoSize; + UINTN NameBufferSize; + UINTN CommBufferPaylo= adSize; + UINTN TempCommBufferS= ize; + + // + // If input is invalid, stop processing this SMI + // + if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) { + return EFI_SUCCESS; + } + + TempCommBufferSize =3D *CommBufferSize; + + if (TempCommBufferSize < SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) { + DEBUG ((DEBUG_ERROR, "SmmVariableHandler: SMM communication buffer siz= e invalid!\n")); + return EFI_SUCCESS; + } + + CommBufferPayloadSize =3D TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_= HEADER_SIZE; + if (CommBufferPayloadSize > mVariableBufferPayloadSize) { + DEBUG ((DEBUG_ERROR, "SmmVariableHandler: SMM communication buffer pay= load size invalid!\n")); + return EFI_SUCCESS; + } + + if (!VariableSmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBuff= erSize)) { + DEBUG ((DEBUG_ERROR, "SmmVariableHandler: SMM communication buffer in = SMRAM or overflow!\n")); + return EFI_SUCCESS; + } + + SmmVariableFunctionHeader =3D (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuf= fer; + switch (SmmVariableFunctionHeader->Function) { + case SMM_VARIABLE_FUNCTION_GET_VARIABLE: + if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCE= SS_VARIABLE, Name)) { + DEBUG ((DEBUG_ERROR, "GetVariable: SMM communication buffer size i= nvalid!\n")); + return EFI_SUCCESS; + } + + // + // Copy the input communicate buffer payload to pre-allocated SMM va= riable buffer payload. + // + CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, Co= mmBufferPayloadSize); + SmmVariableHeader =3D (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)mV= ariableBufferPayload; + if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF (SMM_VARI= ABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) || + ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF (SMM_VARI= ABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) + { + // + // Prevent InfoSize overflow happen + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + InfoSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Na= me) + + SmmVariableHeader->DataSize + SmmVariableHeader->NameSi= ze; + + // + // SMRAM range check already covered before + // + if (InfoSize > CommBufferPayloadSize) { + DEBUG ((DEBUG_ERROR, "GetVariable: Data size exceed communication = buffer size limit!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + // + // The VariableSpeculationBarrier() call here is to ensure the previ= ous + // range/content checks for the CommBuffer have been completed befor= e the + // subsequent consumption of the CommBuffer content. + // + VariableSpeculationBarrier (); + if ((SmmVariableHeader->NameSize < sizeof (CHAR16)) || (SmmVariableH= eader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] !=3D L'\0')) { + // + // Make sure VariableName is A Null-terminated string. + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + Status =3D VariableServiceGetVariable ( + SmmVariableHeader->Name, + &SmmVariableHeader->Guid, + &SmmVariableHeader->Attributes, + &SmmVariableHeader->DataSize, + (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->Nam= eSize + ); + CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, Co= mmBufferPayloadSize); + break; + + case SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME: + if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_= NEXT_VARIABLE_NAME, Name)) { + DEBUG ((DEBUG_ERROR, "GetNextVariableName: SMM communication buffe= r size invalid!\n")); + return EFI_SUCCESS; + } + + // + // Copy the input communicate buffer payload to pre-allocated SMM va= riable buffer payload. + // + CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, Co= mmBufferPayloadSize); + GetNextVariableName =3D (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_= NAME *)mVariableBufferPayload; + if ((UINTN)(~0) - GetNextVariableName->NameSize < OFFSET_OF (SMM_VAR= IABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) { + // + // Prevent InfoSize overflow happen + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + InfoSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_N= AME, Name) + GetNextVariableName->NameSize; + + // + // SMRAM range check already covered before + // + if (InfoSize > CommBufferPayloadSize) { + DEBUG ((DEBUG_ERROR, "GetNextVariableName: Data size exceed commun= ication buffer size limit!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + NameBufferSize =3D CommBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_C= OMMUNICATE_GET_NEXT_VARIABLE_NAME, Name); + if ((NameBufferSize < sizeof (CHAR16)) || (GetNextVariableName->Name= [NameBufferSize/sizeof (CHAR16) - 1] !=3D L'\0')) { + // + // Make sure input VariableName is A Null-terminated string. + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + Status =3D VariableServiceGetNextVariableName ( + &GetNextVariableName->NameSize, + GetNextVariableName->Name, + &GetNextVariableName->Guid + ); + CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, Co= mmBufferPayloadSize); + break; + + case SMM_VARIABLE_FUNCTION_SET_VARIABLE: + if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCE= SS_VARIABLE, Name)) { + DEBUG ((DEBUG_ERROR, "SetVariable: SMM communication buffer size i= nvalid!\n")); + return EFI_SUCCESS; + } + + // + // Copy the input communicate buffer payload to pre-allocated SMM va= riable buffer payload. + // + CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, Co= mmBufferPayloadSize); + SmmVariableHeader =3D (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *)mV= ariableBufferPayload; + if (((UINTN)(~0) - SmmVariableHeader->DataSize < OFFSET_OF (SMM_VARI= ABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) || + ((UINTN)(~0) - SmmVariableHeader->NameSize < OFFSET_OF (SMM_VARI= ABLE_COMMUNICATE_ACCESS_VARIABLE, Name) + SmmVariableHeader->DataSize)) + { + // + // Prevent InfoSize overflow happen + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + InfoSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Na= me) + + SmmVariableHeader->DataSize + SmmVariableHeader->NameSi= ze; + + // + // SMRAM range check already covered before + // Data buffer should not contain SMM range + // + if (InfoSize > CommBufferPayloadSize) { + DEBUG ((DEBUG_ERROR, "SetVariable: Data size exceed communication = buffer size limit!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + // + // The VariableSpeculationBarrier() call here is to ensure the previ= ous + // range/content checks for the CommBuffer have been completed befor= e the + // subsequent consumption of the CommBuffer content. + // + VariableSpeculationBarrier (); + if ((SmmVariableHeader->NameSize < sizeof (CHAR16)) || (SmmVariableH= eader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] !=3D L'\0')) { + // + // Make sure VariableName is A Null-terminated string. + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + Status =3D VariableServiceSetVariable ( + SmmVariableHeader->Name, + &SmmVariableHeader->Guid, + SmmVariableHeader->Attributes, + SmmVariableHeader->DataSize, + (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->Nam= eSize + ); + break; + + case SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO: + if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_V= ARIABLE_INFO)) { + DEBUG ((DEBUG_ERROR, "QueryVariableInfo: SMM communication buffer = size invalid!\n")); + return EFI_SUCCESS; + } + + QueryVariableInfo =3D (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO = *)SmmVariableFunctionHeader->Data; + + Status =3D VariableServiceQueryVariableInfo ( + QueryVariableInfo->Attributes, + &QueryVariableInfo->MaximumVariableStorageSize, + &QueryVariableInfo->RemainingVariableStorageSize, + &QueryVariableInfo->MaximumVariableSize + ); + break; + + case SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE: + if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAY= LOAD_SIZE)) { + DEBUG ((DEBUG_ERROR, "GetPayloadSize: SMM communication buffer siz= e invalid!\n")); + return EFI_SUCCESS; + } + + GetPayloadSize =3D (SMM_VARIABLE_COMMUNICATE_GE= T_PAYLOAD_SIZE *)SmmVariableFunctionHeader->Data; + GetPayloadSize->VariablePayloadSize =3D mVariableBufferPayloadSize; + Status =3D EFI_SUCCESS; + break; + + case SMM_VARIABLE_FUNCTION_READY_TO_BOOT: + if (AtRuntime ()) { + Status =3D EFI_UNSUPPORTED; + break; + } + + if (!mEndOfDxe) { + MorLockInitAtEndOfDxe (); + Status =3D LockVariablePolicy (); + ASSERT_EFI_ERROR (Status); + mEndOfDxe =3D TRUE; + VarCheckLibInitializeAtEndOfDxe (NULL); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + } + + ReclaimForOS (); + Status =3D EFI_SUCCESS; + break; + + case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE: + mAtRuntime =3D TRUE; + Status =3D EFI_SUCCESS; + break; + + case SMM_VARIABLE_FUNCTION_GET_STATISTICS: + VariableInfo =3D (VARIABLE_INFO_ENTRY *)SmmVariableFunctionHeader->D= ata; + InfoSize =3D TempCommBufferSize - SMM_VARIABLE_COMMUNICATE_HEADE= R_SIZE; + + // + // Do not need to check SmmVariableFunctionHeader->Data in SMRAM her= e. + // It is covered by previous CommBuffer check + // + + // + // Do not need to check CommBufferSize buffer as it should point to = SMRAM + // that was used by SMM core to cache CommSize from SmmCommunication= protocol. + // + + Status =3D SmmVariableGetStatistics (VariableInfo, &InfoSiz= e); + *CommBufferSize =3D InfoSize + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE; + break; + + case SMM_VARIABLE_FUNCTION_LOCK_VARIABLE: + if (mEndOfDxe) { + Status =3D EFI_ACCESS_DENIED; + } else { + VariableToLock =3D (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *)SmmVa= riableFunctionHeader->Data; + Status =3D VariableLockRequestToLock ( + NULL, + VariableToLock->Name, + &VariableToLock->Guid + ); + } + + break; + case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET: + if (mEndOfDxe) { + Status =3D EFI_ACCESS_DENIED; + } else { + CommVariableProperty =3D (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIA= BLE_PROPERTY *)SmmVariableFunctionHeader->Data; + Status =3D VarCheckVariablePropertySet ( + CommVariableProperty->Name, + &CommVariableProperty->Guid, + &CommVariableProperty->VariableProperty + ); + } + + break; + case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET: + if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_= CHECK_VARIABLE_PROPERTY, Name)) { + DEBUG ((DEBUG_ERROR, "VarCheckVariablePropertyGet: SMM communicati= on buffer size invalid!\n")); + return EFI_SUCCESS; + } + + // + // Copy the input communicate buffer payload to pre-allocated SMM va= riable buffer payload. + // + CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, Co= mmBufferPayloadSize); + CommVariableProperty =3D (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABL= E_PROPERTY *)mVariableBufferPayload; + if ((UINTN)(~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VA= RIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) { + // + // Prevent InfoSize overflow happen + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + InfoSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_= PROPERTY, Name) + CommVariableProperty->NameSize; + + // + // SMRAM range check already covered before + // + if (InfoSize > CommBufferPayloadSize) { + DEBUG ((DEBUG_ERROR, "VarCheckVariablePropertyGet: Data size excee= d communication buffer size limit!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + // + // The VariableSpeculationBarrier() call here is to ensure the previ= ous + // range/content checks for the CommBuffer have been completed befor= e the + // subsequent consumption of the CommBuffer content. + // + VariableSpeculationBarrier (); + if ((CommVariableProperty->NameSize < sizeof (CHAR16)) || (CommVaria= bleProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] !=3D = L'\0')) { + // + // Make sure VariableName is A Null-terminated string. + // + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + Status =3D VarCheckVariablePropertyGet ( + CommVariableProperty->Name, + &CommVariableProperty->Guid, + &CommVariableProperty->VariableProperty + ); + CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, Co= mmBufferPayloadSize); + break; + case SMM_VARIABLE_FUNCTION_INIT_RUNTIME_VARIABLE_CACHE_CONTEXT: + if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_RUNTIME= _VARIABLE_CACHE_CONTEXT)) { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: SMM communi= cation buffer size invalid!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + if (mEndOfDxe) { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Cannot init= context after end of DXE!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + // + // Copy the input communicate buffer payload to the pre-allocated SM= M variable payload buffer. + // + CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, Co= mmBufferPayloadSize); + RuntimeVariableCacheContext =3D (SMM_VARIABLE_COMMUNICATE_RUNTIME_VA= RIABLE_CACHE_CONTEXT *)mVariableBufferPayload; + + // + // Verify required runtime cache buffers are provided. + // + if ((RuntimeVariableCacheContext->RuntimeVolatileCache =3D=3D NULL) = || + (RuntimeVariableCacheContext->RuntimeNvCache =3D=3D NULL) || + (RuntimeVariableCacheContext->PendingUpdate =3D=3D NULL) || + (RuntimeVariableCacheContext->ReadLock =3D=3D NULL) || + (RuntimeVariableCacheContext->HobFlushComplete =3D=3D NULL)) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Required ru= ntime cache buffer is NULL!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + // + // Verify minimum size requirements for the runtime variable store b= uffers. + // + if (((RuntimeVariableCacheContext->RuntimeHobCache !=3D NULL) && + (RuntimeVariableCacheContext->RuntimeHobCache->Size < sizeof (V= ARIABLE_STORE_HEADER))) || + (RuntimeVariableCacheContext->RuntimeVolatileCache->Size < sizeo= f (VARIABLE_STORE_HEADER)) || + (RuntimeVariableCacheContext->RuntimeNvCache->Size < sizeof (VAR= IABLE_STORE_HEADER))) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: A runtime c= ache buffer size is invalid!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + // + // Verify runtime buffers do not overlap with SMRAM ranges. + // + if ((RuntimeVariableCacheContext->RuntimeHobCache !=3D NULL) && + !VariableSmmIsBufferOutsideSmmValid ( + (UINTN)RuntimeVariableCacheContext->RuntimeHobCache, + (UINTN)RuntimeVariableCacheContext->RuntimeHobCache->Size + )) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Runtime HOB= cache buffer in SMRAM or overflow!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + if (!VariableSmmIsBufferOutsideSmmValid ( + (UINTN)RuntimeVariableCacheContext->RuntimeVolatileCache, + (UINTN)RuntimeVariableCacheContext->RuntimeVolatileCache->Size + )) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Runtime vol= atile cache buffer in SMRAM or overflow!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + if (!VariableSmmIsBufferOutsideSmmValid ( + (UINTN)RuntimeVariableCacheContext->RuntimeNvCache, + (UINTN)RuntimeVariableCacheContext->RuntimeNvCache->Size + )) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Runtime non= -volatile cache buffer in SMRAM or overflow!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + if (!VariableSmmIsBufferOutsideSmmValid ( + (UINTN)RuntimeVariableCacheContext->PendingUpdate, + sizeof (*(RuntimeVariableCacheContext->PendingUpdate)) + )) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Runtime cac= he pending update buffer in SMRAM or overflow!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + if (!VariableSmmIsBufferOutsideSmmValid ( + (UINTN)RuntimeVariableCacheContext->ReadLock, + sizeof (*(RuntimeVariableCacheContext->ReadLock)) + )) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Runtime cac= he read lock buffer in SMRAM or overflow!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + if (!VariableSmmIsBufferOutsideSmmValid ( + (UINTN)RuntimeVariableCacheContext->HobFlushComplete, + sizeof (*(RuntimeVariableCacheContext->HobFlushComplete)) + )) + { + DEBUG ((DEBUG_ERROR, "InitRuntimeVariableCacheContext: Runtime cac= he HOB flush complete buffer in SMRAM or overflow!\n")); + Status =3D EFI_ACCESS_DENIED; + goto EXIT; + } + + VariableCacheContext =3D &mVaria= bleModuleGlobal->VariableGlobal.VariableRuntimeCacheContext; + VariableCacheContext->VariableRuntimeHobCache.Store =3D Runtime= VariableCacheContext->RuntimeHobCache; + VariableCacheContext->VariableRuntimeVolatileCache.Store =3D Runtime= VariableCacheContext->RuntimeVolatileCache; + VariableCacheContext->VariableRuntimeNvCache.Store =3D Runtime= VariableCacheContext->RuntimeNvCache; + VariableCacheContext->PendingUpdate =3D Runtime= VariableCacheContext->PendingUpdate; + VariableCacheContext->ReadLock =3D Runtime= VariableCacheContext->ReadLock; + VariableCacheContext->HobFlushComplete =3D Runtime= VariableCacheContext->HobFlushComplete; + + // Set up the intial pending request since the RT cache needs to be = in sync with SMM cache + VariableCacheContext->VariableRuntimeHobCache.PendingUpdateOffset = =3D 0; + VariableCacheContext->VariableRuntimeHobCache.PendingUpdateLength = =3D 0; + if ((mVariableModuleGlobal->VariableGlobal.HobVariableBase > 0) && + (VariableCacheContext->VariableRuntimeHobCache.Store !=3D NULL)) + { + VariableCache = =3D (VARIABLE_STORE_HEADER *)(UINTN)mVariableModuleGlobal->VariableGlobal.H= obVariableBase; + VariableCacheContext->VariableRuntimeHobCache.PendingUpdateLength = =3D (UINT32)((UINTN)GetEndPointer (VariableCache) - (UINTN)VariableCache); + CopyGuid (&(VariableCacheContext->VariableRuntimeHobCache.Store->S= ignature), &(VariableCache->Signature)); + } + + VariableCache = =3D (VARIABLE_STORE_HEADER *)(UINTN)mVariableModuleGlobal->VariableGlob= al.VolatileVariableBase; + VariableCacheContext->VariableRuntimeVolatileCache.PendingUpdateOffs= et =3D 0; + VariableCacheContext->VariableRuntimeVolatileCache.PendingUpdateLeng= th =3D (UINT32)((UINTN)GetEndPointer (VariableCache) - (UINTN)VariableCache= ); + CopyGuid (&(VariableCacheContext->VariableRuntimeVolatileCache.Store= ->Signature), &(VariableCache->Signature)); + + VariableCache =3D= (VARIABLE_STORE_HEADER *)(UINTN)mNvVariableCache; + VariableCacheContext->VariableRuntimeNvCache.PendingUpdateOffset =3D= 0; + VariableCacheContext->VariableRuntimeNvCache.PendingUpdateLength =3D= (UINT32)((UINTN)GetEndPointer (VariableCache) - (UINTN)VariableCache); + CopyGuid (&(VariableCacheContext->VariableRuntimeNvCache.Store->Sign= ature), &(VariableCache->Signature)); + + *(VariableCacheContext->PendingUpdate) =3D TRUE; + *(VariableCacheContext->ReadLock) =3D FALSE; + *(VariableCacheContext->HobFlushComplete) =3D FALSE; + + Status =3D EFI_SUCCESS; + break; + case SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE: + Status =3D FlushPendingRuntimeVariableCacheUpdates (); + break; + case SMM_VARIABLE_FUNCTION_GET_RUNTIME_CACHE_INFO: + if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_GET_RUN= TIME_CACHE_INFO)) { + DEBUG ((DEBUG_ERROR, "GetRuntimeCacheInfo: SMM communication buffe= r size invalid!\n")); + return EFI_SUCCESS; + } + + GetRuntimeCacheInfo =3D (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_= INFO *)SmmVariableFunctionHeader->Data; + + if (mVariableModuleGlobal->VariableGlobal.HobVariableBase > 0) { + VariableCache =3D (VARIABLE_STORE_HEADE= R *)(UINTN)mVariableModuleGlobal->VariableGlobal.HobVariableBase; + GetRuntimeCacheInfo->TotalHobStorageSize =3D VariableCache->Size; + } else { + GetRuntimeCacheInfo->TotalHobStorageSize =3D 0; + } + + VariableCache =3D (VARIABLE_STORE_= HEADER *)(UINTN)mVariableModuleGlobal->VariableGlobal.VolatileVariableBase; + GetRuntimeCacheInfo->TotalVolatileStorageSize =3D VariableCache->S= ize; + VariableCache =3D (VARIABLE_STORE_= HEADER *)(UINTN)mNvVariableCache; + GetRuntimeCacheInfo->TotalNvStorageSize =3D (UINTN)VariableC= ache->Size; + GetRuntimeCacheInfo->AuthenticatedVariableUsage =3D mVariableModuleG= lobal->VariableGlobal.AuthFormat; + + Status =3D EFI_SUCCESS; + break; + + default: + Status =3D EFI_UNSUPPORTED; + } + +EXIT: + + SmmVariableFunctionHeader->ReturnStatus =3D Status; + + return EFI_SUCCESS; +} + +/** + SMM END_OF_DXE protocol notification event handler. + + @param Protocol Points to the protocol's unique identifier + @param Interface Points to the interface instance + @param Handle The handle on which the interface was installed + + @retval EFI_SUCCESS SmmEndOfDxeCallback runs successfully + +**/ +EFI_STATUS +EFIAPI +SmmEndOfDxeCallback ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "[Variable]SMM_END_OF_DXE is signaled\n")); + MorLockInitAtEndOfDxe (); + Status =3D LockVariablePolicy (); + ASSERT_EFI_ERROR (Status); + mEndOfDxe =3D TRUE; + VarCheckLibInitializeAtEndOfDxe (NULL); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) { + ReclaimForOS (); + } + + return EFI_SUCCESS; +} + +/** + Initializes variable write service for SMM. + +**/ +VOID +VariableWriteServiceInitializeSmm ( + VOID + ) +{ + EFI_STATUS Status; + + Status =3D ProtectedVariableLibWriteInit (); + if (EFI_ERROR (Status) && (Status !=3D EFI_UNSUPPORTED)) { + DEBUG ((DEBUG_ERROR, "Variable protection service: write-init failed. = Status =3D %r\n", Status)); + ASSERT_EFI_ERROR (Status); + return; + } + + Status =3D VariableWriteServiceInitialize (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. St= atus =3D %r\n", Status)); + } + + // + // Notify the variable wrapper driver the variable write service is ready + // + VariableNotifySmmWriteReady (); +} + +/** + SMM Fault Tolerant Write protocol notification event handler. + + Non-Volatile variable write may needs FTW protocol to reclaim when + writting variable. + + @param Protocol Points to the protocol's unique identifier + @param Interface Points to the interface instance + @param Handle The handle on which the interface was installed + + @retval EFI_SUCCESS SmmEventCallback runs successfully + @retval EFI_NOT_FOUND The Fvb protocol for variable is not found. + + **/ +EFI_STATUS +EFIAPI +SmmFtwNotificationEvent ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS VariableStoreBase; + EFI_SMM_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol; + EFI_SMM_FAULT_TOLERANT_WRITE_PROTOCOL *FtwProtocol; + EFI_PHYSICAL_ADDRESS NvStorageVariableBase; + UINTN FtwMaxBlockSize; + UINT32 NvStorageVariableSize; + UINT64 NvStorageVariableSize64; + + if (mVariableModuleGlobal->FvbInstance !=3D NULL) { + return EFI_SUCCESS; + } + + // + // Ensure SMM FTW protocol is installed. + // + Status =3D GetFtwProtocol ((VOID **)&FtwProtocol); + if (EFI_ERROR (Status)) { + return Status; + } + + Status =3D GetVariableFlashNvStorageInfo (&NvStorageVariableBase, &NvSto= rageVariableSize64); + ASSERT_EFI_ERROR (Status); + + Status =3D SafeUint64ToUint32 (NvStorageVariableSize64, &NvStorageVariab= leSize); + // This driver currently assumes the size will be UINT32 so assert the v= alue is safe for now. + ASSERT_EFI_ERROR (Status); + + ASSERT (NvStorageVariableBase !=3D 0); + VariableStoreBase =3D NvStorageVariableBase + mNvFvHeaderCache->HeaderLe= ngth; + + Status =3D FtwProtocol->GetMaxBlockSize (FtwProtocol, &FtwMaxBlockSize); + if (!EFI_ERROR (Status)) { + ASSERT (NvStorageVariableSize <=3D FtwMaxBlockSize); + } + + // + // Let NonVolatileVariableBase point to flash variable store base direct= ly after FTW ready. + // + mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase =3D Variab= leStoreBase; + + // + // Find the proper FVB protocol for variable. + // + Status =3D GetFvbInfoByAddress (NvStorageVariableBase, NULL, &FvbProtoco= l); + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + + mVariableModuleGlobal->FvbInstance =3D FvbProtocol; + + // + // Initializes variable write service after FTW was ready. + // + VariableWriteServiceInitializeSmm (); + + return EFI_SUCCESS; +} + +/** + Variable Driver main entry point. The Variable driver places the 4 EFI + runtime services in the EFI System Table and installs arch protocols + for variable read and write services being available. It also registers + a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. + + @retval EFI_SUCCESS Variable service successfully initialized. + +**/ +EFI_STATUS +EFIAPI +MmVariableServiceInitialize ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE VariableHandle; + VOID *SmmFtwRegistration; + VOID *SmmEndOfDxeRegistration; + PROTECTED_VARIABLE_CONTEXT_IN ContextIn; + + // + // Initialize protected variable service, if enabled. + // + ContextIn.StructSize =3D sizeof (ContextIn); + ContextIn.StructVersion =3D PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION; + + ContextIn.FindVariableSmm =3D NULL; + ContextIn.GetVariableInfo =3D GetVariableInfo; + ContextIn.GetNextVariableInfo =3D GetNextVariableInfo; + ContextIn.UpdateVariableStore =3D VariableExLibUpdateNvVariable; + ContextIn.UpdateVariable =3D VariableExLibUpdateVariable; + + ContextIn.MaxVariableSize =3D (UINT32)GetMaxVariableSize (); + ContextIn.VariableServiceUser =3D FromSmmModule; + + Status =3D ProtectedVariableLibInitialize (&ContextIn); + if (EFI_ERROR (Status) && (Status !=3D EFI_UNSUPPORTED)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + // + // Variable initialize. + // + Status =3D VariableCommonInitialize (); + ASSERT_EFI_ERROR (Status); + + // + // Install the Smm Variable Protocol on a new handle. + // + VariableHandle =3D NULL; + Status =3D gMmst->MmInstallProtocolInterface ( + &VariableHandle, + &gEfiSmmVariableProtocolGuid, + EFI_NATIVE_INTERFACE, + &gSmmVariable + ); + ASSERT_EFI_ERROR (Status); + + Status =3D gMmst->MmInstallProtocolInterface ( + &VariableHandle, + &gEdkiiSmmVarCheckProtocolGuid, + EFI_NATIVE_INTERFACE, + &mSmmVarCheck + ); + ASSERT_EFI_ERROR (Status); + + mVariableBufferPayloadSize =3D GetMaxVariableSize () + + OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHE= CK_VARIABLE_PROPERTY, Name) - + GetVariableHeaderSize (mVariableModuleGloba= l->VariableGlobal.AuthFormat); + + Status =3D gMmst->MmAllocatePool ( + EfiRuntimeServicesData, + mVariableBufferPayloadSize, + (VOID **)&mVariableBufferPayload + ); + ASSERT_EFI_ERROR (Status); + + /// + /// Register SMM variable SMI handler + /// + VariableHandle =3D NULL; + Status =3D gMmst->MmiHandlerRegister (SmmVariableHandler, &gEfiS= mmVariableProtocolGuid, &VariableHandle); + ASSERT_EFI_ERROR (Status); + + // + // Notify the variable wrapper driver the variable service is ready + // + VariableNotifySmmReady (); + + // + // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function. + // + Status =3D gMmst->MmRegisterProtocolNotify ( + &gEfiMmEndOfDxeProtocolGuid, + SmmEndOfDxeCallback, + &SmmEndOfDxeRegistration + ); + ASSERT_EFI_ERROR (Status); + + if (!PcdGetBool (PcdEmuVariableNvModeEnable)) { + // + // Register FtwNotificationEvent () notify function. + // + Status =3D gMmst->MmRegisterProtocolNotify ( + &gEfiSmmFaultTolerantWriteProtocolGuid, + SmmFtwNotificationEvent, + &SmmFtwRegistration + ); + ASSERT_EFI_ERROR (Status); + + SmmFtwNotificationEvent (NULL, NULL, NULL); + } else { + // + // Emulated non-volatile variable mode does not depend on FVB and FTW. + // + VariableWriteServiceInitializeSmm (); + } + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Varia= bleSmmRuntimeDxe.c new file mode 100644 index 000000000000..b88f75370ad8 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRunti= meDxe.c @@ -0,0 +1,1895 @@ +/** @file + Implement all four UEFI Runtime Variable services for the nonvolatile + and volatile storage space and install variable architecture protocol + based on SMM variable module. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data. + This external input must be validated carefully to avoid security issue = like + buffer overflow, integer overflow. + + RuntimeServiceGetVariable() and RuntimeServiceSetVariable() are external= API + to receive data buffer. The size should be checked carefully. + + InitCommunicateBuffer() is really function to check the variable data si= ze. + +Copyright (c) 2010 - 2022, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "PrivilegePolymorphic.h" +#include "Variable.h" +#include "VariableParsing.h" + +EFI_HANDLE mHandle =3D N= ULL; +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable =3D N= ULL; +EFI_EVENT mVirtualAddressChangeEvent =3D N= ULL; +EFI_MM_COMMUNICATION2_PROTOCOL *mMmCommunication2 =3D N= ULL; +UINT8 *mVariableBuffer =3D N= ULL; +UINT8 *mVariableBufferPhysical =3D N= ULL; +VARIABLE_INFO_ENTRY *mVariableInfo =3D N= ULL; +VARIABLE_STORE_HEADER *mVariableRuntimeHobCacheBuffer =3D N= ULL; +VARIABLE_STORE_HEADER *mVariableRuntimeNvCacheBuffer =3D N= ULL; +VARIABLE_STORE_HEADER *mVariableRuntimeVolatileCacheBuffer =3D N= ULL; +VARIABLE_STORE_HEADER *mNvVariableCache =3D N= ULL; +VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal =3D N= ULL; +UINTN mVariableBufferSize; +UINTN mVariableRuntimeHobCacheBufferSize; +UINTN mVariableRuntimeNvCacheBufferSize; +UINTN mVariableRuntimeVolatileCacheBufferSize; +UINTN mVariableBufferPayloadSize; +BOOLEAN mVariableRuntimeCachePendingUpdate; +BOOLEAN mVariableRuntimeCacheReadLock; +BOOLEAN mVariableAuthFormat; +BOOLEAN mHobFlushComplete; +EFI_LOCK mVariableServicesLock; +EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock; +EDKII_VAR_CHECK_PROTOCOL mVarCheck; + +/** + The logic to initialize the VariablePolicy engine is in its own file. + +**/ +EFI_STATUS +EFIAPI +VariablePolicySmmDxeMain ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ); + +/** + Some Secure Boot Policy Variable may update following other variable cha= nges(SecureBoot follows PK change, etc). + Record their initial State when variable write service is ready. + +**/ +VOID +EFIAPI +RecordSecureBootPolicyVarData ( + VOID + ); + +/** + Acquires lock only at boot time. Simply returns at runtime. + + This is a temperary function that will be removed when + EfiAcquireLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiAcquireLock() at boot time, and simply returns + at runtime. + + @param Lock A pointer to the lock to acquire. + +**/ +VOID +AcquireLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ) +{ + if (!EfiAtRuntime ()) { + EfiAcquireLock (Lock); + } +} + +/** + Releases lock only at boot time. Simply returns at runtime. + + This is a temperary function which will be removed when + EfiReleaseLock() in UefiLib can handle the call in UEFI + Runtimer driver in RT phase. + It calls EfiReleaseLock() at boot time and simply returns + at runtime. + + @param Lock A pointer to the lock to release. + +**/ +VOID +ReleaseLockOnlyAtBootTime ( + IN EFI_LOCK *Lock + ) +{ + if (!EfiAtRuntime ()) { + EfiReleaseLock (Lock); + } +} + +/** + Return TRUE if ExitBootServices () has been called. + + @retval TRUE If ExitBootServices () has been called. FALSE if ExitBootSe= rvices () has not been called. +**/ +BOOLEAN +AtRuntime ( + VOID + ) +{ + return EfiAtRuntime (); +} + +/** + Initialize the variable cache buffer as an empty variable store. + + @param[out] VariableCacheBuffer A pointer to pointer of a cache = variable store. + @param[in,out] TotalVariableCacheSize On input, the minimum size neede= d for the UEFI variable store cache + buffer that is allocated. On out= put, the actual size of the buffer allocated. + If TotalVariableCacheSize is zer= o, a buffer will not be allocated and the + function will return with EFI_SU= CCESS. + + @retval EFI_SUCCESS The variable cache was allocated and ini= tialized successfully. + @retval EFI_INVALID_PARAMETER A given pointer is NULL or an invalid va= riable store size was specified. + @retval EFI_OUT_OF_RESOURCES Insufficient resources are available to = allocate the variable store cache buffer. + +**/ +EFI_STATUS +InitVariableCache ( + OUT VARIABLE_STORE_HEADER **VariableCacheBuffer, + IN OUT UINTN *TotalVariableCacheSize + ) +{ + VARIABLE_STORE_HEADER *VariableCacheStorePtr; + EFI_STATUS Status; + + if (TotalVariableCacheSize =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + if (*TotalVariableCacheSize =3D=3D 0) { + return EFI_SUCCESS; + } + + if ((VariableCacheBuffer =3D=3D NULL) || (*TotalVariableCacheSize < size= of (VARIABLE_STORE_HEADER))) { + return EFI_INVALID_PARAMETER; + } + + *TotalVariableCacheSize =3D ALIGN_VALUE (*TotalVariableCacheSize, sizeof= (UINT32)); + + // + // Allocate NV Storage Cache and initialize it to all 1's (like an erase= d FV) + // + *VariableCacheBuffer =3D (VARIABLE_STORE_HEADER *)AllocateRuntimePages ( + EFI_SIZE_TO_PAGES (*T= otalVariableCacheSize) + ); + if (*VariableCacheBuffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Request to unblock the newly allocated cache region to be accessible = from inside MM + // + Status =3D MmUnblockMemoryRequest ( + (EFI_PHYSICAL_ADDRESS)(UINTN)*VariableCacheBuffer, + EFI_SIZE_TO_PAGES (*TotalVariableCacheSize) + ); + if ((Status !=3D EFI_UNSUPPORTED) && EFI_ERROR (Status)) { + return Status; + } + + VariableCacheStorePtr =3D *VariableCacheBuffer; + SetMem32 ((VOID *)VariableCacheStorePtr, *TotalVariableCacheSize, (UINT3= 2)0xFFFFFFFF); + + ZeroMem ((VOID *)VariableCacheStorePtr, sizeof (VARIABLE_STORE_HEADER)); + VariableCacheStorePtr->Size =3D (UINT32)*TotalVariableCacheSize; + VariableCacheStorePtr->Format =3D VARIABLE_STORE_FORMATTED; + VariableCacheStorePtr->State =3D VARIABLE_STORE_HEALTHY; + + return EFI_SUCCESS; +} + +/** + Initialize the communicate buffer using DataSize and Function. + + The communicate size is: SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMM= UNICATE_HEADER_SIZE + + DataSize. + + Caution: This function may receive untrusted input. + The data size external input, so this function will validate it carefull= y to avoid buffer overflow. + + @param[out] DataPtr Points to the data in the communicate = buffer. + @param[in] DataSize The data size to send to SMM. + @param[in] Function The function number to initialize the = communicate header. + + @retval EFI_INVALID_PARAMETER The data size is too big. + @retval EFI_SUCCESS Find the specified variable. + +**/ +EFI_STATUS +InitCommunicateBuffer ( + OUT VOID **DataPtr OPTIONAL, + IN UINTN DataSize, + IN UINTN Function + ) +{ + EFI_MM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; + + if (DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HE= ADER_SIZE > mVariableBufferSize) { + return EFI_INVALID_PARAMETER; + } + + SmmCommunicateHeader =3D (EFI_MM_COMMUNICATE_HEADER *)mVariableBuffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGui= d); + SmmCommunicateHeader->MessageLength =3D DataSize + SMM_VARIABLE_COMMUNIC= ATE_HEADER_SIZE; + + SmmVariableFunctionHeader =3D (SMM_VARIABLE_COMMUNICATE_HEADER= *)SmmCommunicateHeader->Data; + SmmVariableFunctionHeader->Function =3D Function; + if (DataPtr !=3D NULL) { + *DataPtr =3D SmmVariableFunctionHeader->Data; + } + + return EFI_SUCCESS; +} + +/** + Send the data in communicate buffer to SMM. + + @param[in] DataSize This size of the function header and= the data. + + @retval EFI_SUCCESS Success is returned from the functin= in SMM. + @retval Others Failure is returned from the functio= n in SMM. + +**/ +EFI_STATUS +SendCommunicateBuffer ( + IN UINTN DataSize + ) +{ + EFI_STATUS Status; + UINTN CommSize; + EFI_MM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; + + CommSize =3D DataSize + SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMU= NICATE_HEADER_SIZE; + Status =3D mMmCommunication2->Communicate ( + mMmCommunication2, + mVariableBufferPhysical, + mVariableBuffer, + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + SmmCommunicateHeader =3D (EFI_MM_COMMUNICATE_HEADER *)mVariableBuff= er; + SmmVariableFunctionHeader =3D (SMM_VARIABLE_COMMUNICATE_HEADER *)SmmComm= unicateHeader->Data; + return SmmVariableFunctionHeader->ReturnStatus; +} + +/** + Mark a variable that will become read-only after leaving the DXE phase o= f execution. + + @param[in] This The VARIABLE_LOCK_PROTOCOL instance. + @param[in] VariableName A pointer to the variable name that will be mad= e read-only subsequently. + @param[in] VendorGuid A pointer to the vendor GUID that will be made = read-only subsequently. + + @retval EFI_SUCCESS The variable specified by the VariableName= and the VendorGuid was marked + as pending to be read-only. + @retval EFI_INVALID_PARAMETER VariableName or VendorGuid is NULL. + Or VariableName is an empty string. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource to hold the l= ock request. +**/ +EFI_STATUS +EFIAPI +VariableLockRequestToLock ( + IN CONST EDKII_VARIABLE_LOCK_PROTOCOL *This, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + UINTN VariableNameSize; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock; + + if ((VariableName =3D=3D NULL) || (VariableName[0] =3D=3D 0) || (VendorG= uid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + VariableNameSize =3D StrSize (VariableName); + VariableToLock =3D NULL; + + // + // If VariableName exceeds SMM payload limit. Return failure + // + if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIA= BLE_COMMUNICATE_LOCK_VARIABLE, Name)) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize. + // + PayloadSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE, Name)= + VariableNameSize; + Status =3D InitCommunicateBuffer ((VOID **)&VariableToLock, Payload= Size, SMM_VARIABLE_FUNCTION_LOCK_VARIABLE); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (VariableToLock !=3D NULL); + + CopyGuid (&VariableToLock->Guid, VendorGuid); + VariableToLock->NameSize =3D VariableNameSize; + CopyMem (VariableToLock->Name, VariableName, VariableToLock->NameSize); + + // + // Send data to SMM. + // + Status =3D SendCommunicateBuffer (PayloadSize); + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + Register SetVariable check handler. + + @param[in] Handler Pointer to check handler. + + @retval EFI_SUCCESS The SetVariable check handler was register= ed successfully. + @retval EFI_INVALID_PARAMETER Handler is NULL. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVa= riable check handler register request. + @retval EFI_UNSUPPORTED This interface is not implemented. + For example, it is unsupported in VarCheck= protocol if both VarCheck and SmmVarCheck protocols are present. + +**/ +EFI_STATUS +EFIAPI +VarCheckRegisterSetVariableCheckHandler ( + IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler + ) +{ + return EFI_UNSUPPORTED; +} + +/** + Variable property set. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[in] VariableProperty Pointer to the input variable property. + + @retval EFI_SUCCESS The property of variable specified by the = Name and Guid was set successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or= Name is an empty string, + or the fields of VariableProperty are not = valid. + @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE= NT_GROUP_READY_TO_BOOT has + already been signaled. + @retval EFI_OUT_OF_RESOURCES There is not enough resource for the varia= ble property set request. + +**/ +EFI_STATUS +EFIAPI +VarCheckVariablePropertySet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ) +{ + EFI_STATUS Status; + UINTN VariableNameSize; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariablePrope= rty; + + if ((Name =3D=3D NULL) || (Name[0] =3D=3D 0) || (Guid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (VariableProperty =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + if (VariableProperty->Revision !=3D VAR_CHECK_VARIABLE_PROPERTY_REVISION= ) { + return EFI_INVALID_PARAMETER; + } + + VariableNameSize =3D StrSize (Name); + CommVariableProperty =3D NULL; + + // + // If VariableName exceeds SMM payload limit. Return failure + // + if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIA= BLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize. + // + PayloadSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_P= ROPERTY, Name) + VariableNameSize; + Status =3D InitCommunicateBuffer ((VOID **)&CommVariableProperty, P= ayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (CommVariableProperty !=3D NULL); + + CopyGuid (&CommVariableProperty->Guid, Guid); + CopyMem (&CommVariableProperty->VariableProperty, VariableProperty, size= of (*VariableProperty)); + CommVariableProperty->NameSize =3D VariableNameSize; + CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSiz= e); + + // + // Send data to SMM. + // + Status =3D SendCommunicateBuffer (PayloadSize); + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + Variable property get. + + @param[in] Name Pointer to the variable name. + @param[in] Guid Pointer to the vendor GUID. + @param[out] VariableProperty Pointer to the output variable property. + + @retval EFI_SUCCESS The property of variable specified by the = Name and Guid was got successfully. + @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or= Name is an empty string. + @retval EFI_NOT_FOUND The property of variable specified by the = Name and Guid was not found. + +**/ +EFI_STATUS +EFIAPI +VarCheckVariablePropertyGet ( + IN CHAR16 *Name, + IN EFI_GUID *Guid, + OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty + ) +{ + EFI_STATUS Status; + UINTN VariableNameSize; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariablePrope= rty; + + if ((Name =3D=3D NULL) || (Name[0] =3D=3D 0) || (Guid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (VariableProperty =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + VariableNameSize =3D StrSize (Name); + CommVariableProperty =3D NULL; + + // + // If VariableName exceeds SMM payload limit. Return failure + // + if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIA= BLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize. + // + PayloadSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_P= ROPERTY, Name) + VariableNameSize; + Status =3D InitCommunicateBuffer ((VOID **)&CommVariableProperty, P= ayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (CommVariableProperty !=3D NULL); + + CopyGuid (&CommVariableProperty->Guid, Guid); + CommVariableProperty->NameSize =3D VariableNameSize; + CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSiz= e); + + // + // Send data to SMM. + // + Status =3D SendCommunicateBuffer (PayloadSize); + if (Status =3D=3D EFI_SUCCESS) { + CopyMem (VariableProperty, &CommVariableProperty->VariableProperty, si= zeof (*VariableProperty)); + } + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + Signals SMM to synchronize any pending variable updates with the runtime= cache(s). + +**/ +VOID +SyncRuntimeCache ( + VOID + ) +{ + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE. + // + InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_SYNC_RUNTIME_CACHE= ); + + // + // Send data to SMM. + // + SendCommunicateBuffer (0); +} + +/** + Check whether a SMI must be triggered to retrieve pending cache updates. + + If the variable HOB was finished being flushed since the last check for = a runtime cache update, this function + will prevent the HOB cache from being used for future runtime cache hits. + +**/ +VOID +CheckForRuntimeCacheSync ( + VOID + ) +{ + if (mVariableRuntimeCachePendingUpdate) { + SyncRuntimeCache (); + } + + ASSERT (!mVariableRuntimeCachePendingUpdate); + + // + // The HOB variable data may have finished being flushed in the runtime = cache sync update + // + if (mHobFlushComplete && (mVariableRuntimeHobCacheBuffer !=3D NULL)) { + if (!EfiAtRuntime ()) { + FreePages (mVariableRuntimeHobCacheBuffer, EFI_SIZE_TO_PAGES (mVaria= bleRuntimeHobCacheBufferSize)); + } + + mVariableRuntimeHobCacheBuffer =3D NULL; + } +} + +/** + Finds the given variable in a runtime cache variable store. + + Caution: This function may receive untrusted input. + The data size is external input, so this function will validate it caref= ully to avoid buffer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[out] Attributes Attribute value of the variable found. + @param[in, out] DataSize Size of Data found. If size is less t= han the + data, this value contains the require= d size. + @param[out] Data Data pointer. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_NOT_FOUND The specified variable could not be f= ound. + +**/ +EFI_STATUS +FindVariableInRuntimeCache ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + EFI_STATUS Status; + VARIABLE_POINTER_TRACK RtPtrTrack; + VARIABLE_STORE_TYPE StoreType; + VARIABLE_STORE_HEADER *VariableStoreList[VariableStoreTypeMax]; + + Status =3D EFI_NOT_FOUND; + + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (DataSize = =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + ZeroMem (&RtPtrTrack, sizeof (RtPtrTrack)); + + // + // The UEFI specification restricts Runtime Services callers from invoki= ng the same or certain other Runtime Service + // functions prior to completion and return from a previous Runtime Serv= ice call. These restrictions prevent + // a GetVariable () or GetNextVariable () call from being issued until a= prior call has returned. The runtime + // cache read lock should always be free when entering this function. + // + ASSERT (!mVariableRuntimeCacheReadLock); + + mVariableRuntimeCacheReadLock =3D TRUE; + CheckForRuntimeCacheSync (); + + if (!mVariableRuntimeCachePendingUpdate) { + // + // 0: Volatile, 1: HOB, 2: Non-Volatile. + // The index and attributes mapping must be kept in this order as Find= Variable + // makes use of this mapping to implement search algorithm. + // + VariableStoreList[VariableStoreTypeVolatile] =3D mVariableRuntimeVolat= ileCacheBuffer; + VariableStoreList[VariableStoreTypeHob] =3D mVariableRuntimeHobCa= cheBuffer; + VariableStoreList[VariableStoreTypeNv] =3D mVariableRuntimeNvCac= heBuffer; + + for (StoreType =3D (VARIABLE_STORE_TYPE)0; StoreType < VariableStoreTy= peMax; StoreType++) { + if (VariableStoreList[StoreType] =3D=3D NULL) { + continue; + } + + RtPtrTrack.StartPtr =3D GetStartPointer (VariableStoreList[StoreType= ]); + RtPtrTrack.EndPtr =3D GetEndPointer (VariableStoreList[StoreType]); + RtPtrTrack.Volatile =3D (BOOLEAN)(StoreType =3D=3D VariableStoreType= Volatile); + + Status =3D FindVariableEx (VariableName, VendorGuid, FALSE, &RtPtrTr= ack, mVariableAuthFormat); + if (!EFI_ERROR (Status)) { + break; + } + } + + if (!EFI_ERROR (Status)) { + // + // Get data size + // + if (!RtPtrTrack.Volatile) { + // + // Currently only non-volatile variable needs protection. + // + Status =3D ProtectedVariableLibGetByBuffer (RtPtrTrack.CurrPtr, Da= ta, (UINT32 *)DataSize, mVariableAuthFormat); + } + + if (RtPtrTrack.Volatile || (Status =3D=3D EFI_UNSUPPORTED)) { + Status =3D GetVariableData (RtPtrTrack.CurrPtr, Data, (UINT32 *)Da= taSize, mVariableAuthFormat); + } + + if (!EFI_ERROR (Status)) { + UpdateVariableInfo (VariableName, VendorGuid, RtPtrTrack.Volatile,= TRUE, FALSE, FALSE, FALSE, &mVariableInfo); + } + } + } + + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_BUFFER_TOO_SMALL))= { + if ((Attributes !=3D NULL) && (RtPtrTrack.CurrPtr !=3D NULL)) { + *Attributes =3D RtPtrTrack.CurrPtr->Attributes; + } + } + + mVariableRuntimeCacheReadLock =3D FALSE; + + return Status; +} + +/** + Finds the given variable in a variable store in SMM. + + Caution: This function may receive untrusted input. + The data size is external input, so this function will validate it caref= ully to avoid buffer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[out] Attributes Attribute value of the variable found. + @param[in, out] DataSize Size of Data found. If size is less t= han the + data, this value contains the require= d size. + @param[out] Data Data pointer. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_NOT_FOUND The specified variable could not be f= ound. + +**/ +EFI_STATUS +EFIAPI +FindVariableInSmm ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + EFI_STATUS Status; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader; + UINTN TempDataSize; + UINTN VariableNameSize; + + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (DataSize = =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + TempDataSize =3D *DataSize; + VariableNameSize =3D StrSize (VariableName); + SmmVariableHeader =3D NULL; + + // + // If VariableName exceeds SMM payload limit. Return failure + // + if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIA= BLE_COMMUNICATE_ACCESS_VARIABLE, Name)) { + return EFI_INVALID_PARAMETER; + } + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize. + // + if (TempDataSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_= COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize) { + // + // If output data buffer exceed SMM payload limit. Trim output buffer = to SMM payload size + // + TempDataSize =3D mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_= COMMUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize; + } + + PayloadSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Nam= e) + VariableNameSize + TempDataSize; + + Status =3D InitCommunicateBuffer ((VOID **)&SmmVariableHeader, PayloadSi= ze, SMM_VARIABLE_FUNCTION_GET_VARIABLE); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (SmmVariableHeader !=3D NULL); + + CopyGuid (&SmmVariableHeader->Guid, VendorGuid); + SmmVariableHeader->DataSize =3D TempDataSize; + SmmVariableHeader->NameSize =3D VariableNameSize; + if (Attributes =3D=3D NULL) { + SmmVariableHeader->Attributes =3D 0; + } else { + SmmVariableHeader->Attributes =3D *Attributes; + } + + CopyMem (SmmVariableHeader->Name, VariableName, SmmVariableHeader->NameS= ize); + + // + // Send data to SMM. + // + Status =3D SendCommunicateBuffer (PayloadSize); + + // + // Get data from SMM. + // + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_BUFFER_TOO_SMALL))= { + // + // SMM CommBuffer DataSize can be a trimed value + // Only update DataSize when needed + // + *DataSize =3D SmmVariableHeader->DataSize; + } + + if (Attributes !=3D NULL) { + *Attributes =3D SmmVariableHeader->Attributes; + } + + if (EFI_ERROR (Status)) { + goto Done; + } + + if (Data !=3D NULL) { + CopyMem (Data, (UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->N= ameSize, SmmVariableHeader->DataSize); + } else { + Status =3D EFI_INVALID_PARAMETER; + } + +Done: + return Status; +} + +/** + This code finds variable in storage blocks (Volatile or Non-Volatile). + + Caution: This function may receive untrusted input. + The data size is external input, so this function will validate it caref= ully to avoid buffer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[out] Attributes Attribute value of the variable found. + @param[in, out] DataSize Size of Data found. If size is less t= han the + data, this value contains the require= d size. + @param[out] Data Data pointer. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SUCCESS Find the specified variable. + @retval EFI_NOT_FOUND Not found. + @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result. + +**/ +EFI_STATUS +EFIAPI +RuntimeServiceGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data + ) +{ + EFI_STATUS Status; + + if ((VariableName =3D=3D NULL) || (VendorGuid =3D=3D NULL) || (DataSize = =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (VariableName[0] =3D=3D 0) { + return EFI_NOT_FOUND; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + if (FeaturePcdGet (PcdEnableVariableRuntimeCache)) { + Status =3D FindVariableInRuntimeCache (VariableName, VendorGuid, Attri= butes, DataSize, Data); + } else { + Status =3D FindVariableInSmm (VariableName, VendorGuid, Attributes, Da= taSize, Data); + } + + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + + return Status; +} + +/** + Finds the next available variable in a runtime cache variable store. + + @param[in, out] VariableNameSize Size of the variable name. + @param[in, out] VariableName Pointer to variable name. + @param[in, out] VendorGuid Variable Vendor Guid. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SUCCESS Find the specified variable. + @retval EFI_NOT_FOUND Not found. + @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result. + +**/ +EFI_STATUS +GetNextVariableNameInRuntimeCache ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + UINTN VarNameSize; + VARIABLE_HEADER *VariablePtr; + VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax]; + + Status =3D EFI_NOT_FOUND; + + // + // The UEFI specification restricts Runtime Services callers from invoki= ng the same or certain other Runtime Service + // functions prior to completion and return from a previous Runtime Serv= ice call. These restrictions prevent + // a GetVariable () or GetNextVariable () call from being issued until a= prior call has returned. The runtime + // cache read lock should always be free when entering this function. + // + ASSERT (!mVariableRuntimeCacheReadLock); + + CheckForRuntimeCacheSync (); + + mVariableRuntimeCacheReadLock =3D TRUE; + if (!mVariableRuntimeCachePendingUpdate) { + // + // 0: Volatile, 1: HOB, 2: Non-Volatile. + // The index and attributes mapping must be kept in this order as Find= Variable + // makes use of this mapping to implement search algorithm. + // + VariableStoreHeader[VariableStoreTypeVolatile] =3D mVariableRuntimeVol= atileCacheBuffer; + VariableStoreHeader[VariableStoreTypeHob] =3D mVariableRuntimeHob= CacheBuffer; + VariableStoreHeader[VariableStoreTypeNv] =3D mVariableRuntimeNvC= acheBuffer; + + Status =3D VariableServiceGetNextVariableInternal ( + VariableName, + VendorGuid, + VariableStoreHeader, + &VariablePtr, + mVariableAuthFormat + ); + if (!EFI_ERROR (Status)) { + VarNameSize =3D NameSizeOfVariable (VariablePtr, mVariableAuthFormat= ); + ASSERT (VarNameSize !=3D 0); + if (VarNameSize <=3D *VariableNameSize) { + CopyMem (VariableName, GetVariableNamePtr (VariablePtr, mVariableA= uthFormat), VarNameSize); + CopyMem (VendorGuid, GetVendorGuidPtr (VariablePtr, mVariableAuthF= ormat), sizeof (EFI_GUID)); + Status =3D EFI_SUCCESS; + } else { + Status =3D EFI_BUFFER_TOO_SMALL; + } + + *VariableNameSize =3D VarNameSize; + } + } + + mVariableRuntimeCacheReadLock =3D FALSE; + + return Status; +} + +/** + Finds the next available variable in a SMM variable store. + + @param[in, out] VariableNameSize Size of the variable name. + @param[in, out] VariableName Pointer to variable name. + @param[in, out] VendorGuid Variable Vendor Guid. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SUCCESS Find the specified variable. + @retval EFI_NOT_FOUND Not found. + @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result. + +**/ +EFI_STATUS +GetNextVariableNameInSmm ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *SmmGetNextVariableName; + UINTN OutVariableNameSize; + UINTN InVariableNameSize; + + OutVariableNameSize =3D *VariableNameSize; + InVariableNameSize =3D StrSize (VariableName); + SmmGetNextVariableName =3D NULL; + + // + // If input string exceeds SMM payload limit. Return failure + // + if (InVariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VAR= IABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) { + return EFI_INVALID_PARAMETER; + } + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize. + // + if (OutVariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VA= RIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name)) { + // + // If output buffer exceed SMM payload limit. Trim output buffer to SM= M payload size + // + OutVariableNameSize =3D mVariableBufferPayloadSize - OFFSET_OF (SMM_VA= RIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name); + } + + // + // Payload should be Guid + NameSize + MAX of Input & Output buffer + // + PayloadSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NA= ME, Name) + MAX (OutVariableNameSize, InVariableNameSize); + + Status =3D InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName, Payl= oadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (SmmGetNextVariableName !=3D NULL); + + // + // SMM comm buffer->NameSize is buffer size for return string + // + SmmGetNextVariableName->NameSize =3D OutVariableNameSize; + + CopyGuid (&SmmGetNextVariableName->Guid, VendorGuid); + // + // Copy whole string + // + CopyMem (SmmGetNextVariableName->Name, VariableName, InVariableNameSize); + if (OutVariableNameSize > InVariableNameSize) { + ZeroMem ((UINT8 *)SmmGetNextVariableName->Name + InVariableNameSize, O= utVariableNameSize - InVariableNameSize); + } + + // + // Send data to SMM + // + Status =3D SendCommunicateBuffer (PayloadSize); + + // + // Get data from SMM. + // + if ((Status =3D=3D EFI_SUCCESS) || (Status =3D=3D EFI_BUFFER_TOO_SMALL))= { + // + // SMM CommBuffer NameSize can be a trimed value + // Only update VariableNameSize when needed + // + *VariableNameSize =3D SmmGetNextVariableName->NameSize; + } + + if (EFI_ERROR (Status)) { + goto Done; + } + + CopyGuid (VendorGuid, &SmmGetNextVariableName->Guid); + CopyMem (VariableName, SmmGetNextVariableName->Name, SmmGetNextVariableN= ame->NameSize); + +Done: + return Status; +} + +/** + This code Finds the Next available variable. + + @param[in, out] VariableNameSize Size of the variable name. + @param[in, out] VariableName Pointer to variable name. + @param[in, out] VendorGuid Variable Vendor Guid. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SUCCESS Find the specified variable. + @retval EFI_NOT_FOUND Not found. + @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result. + +**/ +EFI_STATUS +EFIAPI +RuntimeServiceGetNextVariableName ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + UINTN MaxLen; + + Status =3D EFI_NOT_FOUND; + + if ((VariableNameSize =3D=3D NULL) || (VariableName =3D=3D NULL) || (Ven= dorGuid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Calculate the possible maximum length of name string, including the N= ull terminator. + // + MaxLen =3D *VariableNameSize / sizeof (CHAR16); + if ((MaxLen =3D=3D 0) || (StrnLenS (VariableName, MaxLen) =3D=3D MaxLen)= ) { + // + // Null-terminator is not found in the first VariableNameSize bytes of= the input VariableName buffer, + // follow spec to return EFI_INVALID_PARAMETER. + // + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + if (FeaturePcdGet (PcdEnableVariableRuntimeCache)) { + Status =3D GetNextVariableNameInRuntimeCache (VariableNameSize, Variab= leName, VendorGuid); + } else { + Status =3D GetNextVariableNameInSmm (VariableNameSize, VariableName, V= endorGuid); + } + + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + + return Status; +} + +/** + This code sets variable in storage blocks (Volatile or Non-Volatile). + + Caution: This function may receive untrusted input. + The data size and data are external input, so this function will validat= e it carefully to avoid buffer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Attributes Attribute value of the variable = found + @param[in] DataSize Size of Data found. If size is l= ess than the + data, this value contains the re= quired size. + @param[in] Data Data pointer. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SUCCESS Set successfully. + @retval EFI_OUT_OF_RESOURCES Resource not enough to set varia= ble. + @retval EFI_NOT_FOUND Not found. + @retval EFI_WRITE_PROTECTED Variable is read-only. + +**/ +EFI_STATUS +EFIAPI +RuntimeServiceSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + EFI_STATUS Status; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader; + UINTN VariableNameSize; + + // + // Check input parameters. + // + if ((VariableName =3D=3D NULL) || (VariableName[0] =3D=3D 0) || (VendorG= uid =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((DataSize !=3D 0) && (Data =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + VariableNameSize =3D StrSize (VariableName); + SmmVariableHeader =3D NULL; + + // + // If VariableName or DataSize exceeds SMM payload limit. Return failure + // + if ((VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARI= ABLE_COMMUNICATE_ACCESS_VARIABLE, Name)) || + (DataSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COM= MUNICATE_ACCESS_VARIABLE, Name) - VariableNameSize)) + { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize. + // + PayloadSize =3D OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Nam= e) + VariableNameSize + DataSize; + Status =3D InitCommunicateBuffer ((VOID **)&SmmVariableHeader, Payl= oadSize, SMM_VARIABLE_FUNCTION_SET_VARIABLE); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (SmmVariableHeader !=3D NULL); + + CopyGuid ((EFI_GUID *)&SmmVariableHeader->Guid, VendorGuid); + SmmVariableHeader->DataSize =3D DataSize; + SmmVariableHeader->NameSize =3D VariableNameSize; + SmmVariableHeader->Attributes =3D Attributes; + CopyMem (SmmVariableHeader->Name, VariableName, SmmVariableHeader->NameS= ize); + CopyMem ((UINT8 *)SmmVariableHeader->Name + SmmVariableHeader->NameSize,= Data, DataSize); + + // + // Send data to SMM. + // + Status =3D SendCommunicateBuffer (PayloadSize); + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + + if (!EfiAtRuntime ()) { + if (!EFI_ERROR (Status)) { + SecureBootHook ( + VariableName, + VendorGuid + ); + } + } + + return Status; +} + +/** + This code returns information about the EFI variables. + + @param[in] Attributes Attributes bitmask to specify t= he type of variables + on which to return information. + @param[out] MaximumVariableStorageSize Pointer to the maximum size of = the storage space available + for the EFI variables associate= d with the attributes specified. + @param[out] RemainingVariableStorageSize Pointer to the remaining size o= f the storage space available + for EFI variables associated wi= th the attributes specified. + @param[out] MaximumVariableSize Pointer to the maximum size of = an individual EFI variables + associated with the attributes = specified. + + @retval EFI_INVALID_PARAMETER An invalid combination of attri= bute bits was supplied. + @retval EFI_SUCCESS Query successfully. + @retval EFI_UNSUPPORTED The attribute is not supported = on this platform. + +**/ +EFI_STATUS +EFIAPI +RuntimeServiceQueryVariableInfo ( + IN UINT32 Attributes, + OUT UINT64 *MaximumVariableStorageSize, + OUT UINT64 *RemainingVariableStorageSize, + OUT UINT64 *MaximumVariableSize + ) +{ + EFI_STATUS Status; + UINTN PayloadSize; + SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *SmmQueryVariableInfo; + + SmmQueryVariableInfo =3D NULL; + + if ((MaximumVariableStorageSize =3D=3D NULL) || (RemainingVariableStorag= eSize =3D=3D NULL) || (MaximumVariableSize =3D=3D NULL) || (Attributes =3D= =3D 0)) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = PayloadSize; + // + PayloadSize =3D sizeof (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); + Status =3D InitCommunicateBuffer ((VOID **)&SmmQueryVariableInfo, P= ayloadSize, SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO); + if (EFI_ERROR (Status)) { + goto Done; + } + + ASSERT (SmmQueryVariableInfo !=3D NULL); + + SmmQueryVariableInfo->Attributes =3D Attributes; + + // + // Send data to SMM. + // + Status =3D SendCommunicateBuffer (PayloadSize); + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Get data from SMM. + // + *MaximumVariableSize =3D SmmQueryVariableInfo->MaximumVariableS= ize; + *MaximumVariableStorageSize =3D SmmQueryVariableInfo->MaximumVariableS= torageSize; + *RemainingVariableStorageSize =3D SmmQueryVariableInfo->RemainingVariabl= eStorageSize; + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + Exit Boot Services Event notification handler. + + Notify SMM variable driver about the event. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +OnExitBootServices ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE. + // + InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE); + + // + // Send data to SMM. + // + SendCommunicateBuffer (0); +} + +/** + On Ready To Boot Services Event notification handler. + + Notify SMM variable driver about the event. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnReadyToBoot ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE. + // + InitCommunicateBuffer (NULL, 0, SMM_VARIABLE_FUNCTION_READY_TO_BOOT); + + // + // Send data to SMM. + // + SendCommunicateBuffer (0); + + // + // Install the system configuration table for variable info data captured + // + if (FeaturePcdGet (PcdEnableVariableRuntimeCache) && FeaturePcdGet (PcdV= ariableCollectStatistics)) { + if (mVariableAuthFormat) { + gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, mVar= iableInfo); + } else { + gBS->InstallConfigurationTable (&gEfiVariableGuid, mVariableInfo); + } + } + + gBS->CloseEvent (Event); +} + +/** + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE. + + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS= _CHANGE event. + It convers pointer to new virtual address. + + @param[in] Event Event whose notification function is being invo= ked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +VariableAddressChangeEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EfiConvertPointer (0x0, (VOID **)&mVariableBuffer); + EfiConvertPointer (0x0, (VOID **)&mMmCommunication2); + EfiConvertPointer (EFI_OPTIONAL_PTR, (VOID **)&mVariableRuntimeHobCacheB= uffer); + EfiConvertPointer (EFI_OPTIONAL_PTR, (VOID **)&mVariableRuntimeNvCacheBu= ffer); + EfiConvertPointer (EFI_OPTIONAL_PTR, (VOID **)&mVariableRuntimeVolatileC= acheBuffer); +} + +/** + This code gets variable payload size. + + @param[out] VariablePayloadSize Output pointer to variable payload siz= e. + + @retval EFI_SUCCESS Get successfully. + @retval Others Get unsuccessfully. + +**/ +EFI_STATUS +EFIAPI +GetVariablePayloadSize ( + OUT UINTN *VariablePayloadSize + ) +{ + EFI_STATUS Status; + SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *SmmGetPayloadSize; + EFI_MM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader; + UINTN CommSize; + UINT8 *CommBuffer; + + SmmGetPayloadSize =3D NULL; + CommBuffer =3D NULL; + + if (VariablePayloadSize =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE); + // + CommSize =3D SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HE= ADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE); + CommBuffer =3D AllocateZeroPool (CommSize); + if (CommBuffer =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + + SmmCommunicateHeader =3D (EFI_MM_COMMUNICATE_HEADER *)CommBuffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGui= d); + SmmCommunicateHeader->MessageLength =3D SMM_VARIABLE_COMMUNICATE_HEADER_= SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE); + + SmmVariableFunctionHeader =3D (SMM_VARIABLE_COMMUNICATE_HEADER= *)SmmCommunicateHeader->Data; + SmmVariableFunctionHeader->Function =3D SMM_VARIABLE_FUNCTION_GET_PAYLOA= D_SIZE; + SmmGetPayloadSize =3D (SMM_VARIABLE_COMMUNICATE_GET_PA= YLOAD_SIZE *)SmmVariableFunctionHeader->Data; + + // + // Send data to SMM. + // + Status =3D mMmCommunication2->Communicate (mMmCommunication2, CommBuffer= , CommBuffer, &CommSize); + ASSERT_EFI_ERROR (Status); + + Status =3D SmmVariableFunctionHeader->ReturnStatus; + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Get data from SMM. + // + *VariablePayloadSize =3D SmmGetPayloadSize->VariablePayloadSize; + +Done: + if (CommBuffer !=3D NULL) { + FreePool (CommBuffer); + } + + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + This code gets information needed from SMM for runtime cache initializat= ion. + + @param[out] TotalHobStorageSize Output pointer for the total HOB= storage size in bytes. + @param[out] TotalNvStorageSize Output pointer for the total non= -volatile storage size in bytes. + @param[out] TotalVolatileStorageSize Output pointer for the total vol= atile storage size in bytes. + @param[out] AuthenticatedVariableUsage Output pointer that indicates if= authenticated variables are to be used. + + @retval EFI_SUCCESS Retrieved the size successfully. + @retval EFI_INVALID_PARAMETER TotalNvStorageSize parameter is = NULL. + @retval EFI_OUT_OF_RESOURCES The memory resources needed for = a CommBuffer are not available. + @retval Others Could not retrieve the size succ= essfully. + +**/ +EFI_STATUS +GetRuntimeCacheInfo ( + OUT UINTN *TotalHobStorageSize, + OUT UINTN *TotalNvStorageSize, + OUT UINTN *TotalVolatileStorageSize, + OUT BOOLEAN *AuthenticatedVariableUsage + ) +{ + EFI_STATUS Status; + SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO *SmmGetRuntimeCacheInfo; + EFI_MM_COMMUNICATE_HEADER *SmmCommunicateHeader; + SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHea= der; + UINTN CommSize; + UINT8 *CommBuffer; + + SmmGetRuntimeCacheInfo =3D NULL; + CommBuffer =3D mVariableBuffer; + + if ((TotalHobStorageSize =3D=3D NULL) || (TotalNvStorageSize =3D=3D NULL= ) || (TotalVolatileStorageSize =3D=3D NULL) || (AuthenticatedVariableUsage = =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (CommBuffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + CommSize =3D SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEAD= ER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO); + ZeroMem (CommBuffer, CommSize); + + SmmCommunicateHeader =3D (EFI_MM_COMMUNICATE_HEADER *)CommBuffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGui= d); + SmmCommunicateHeader->MessageLength =3D SMM_VARIABLE_COMMUNICATE_HEADER_= SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_RUNTIME_CACHE_INFO); + + SmmVariableFunctionHeader =3D (SMM_VARIABLE_COMMUNICATE_HEADER= *)SmmCommunicateHeader->Data; + SmmVariableFunctionHeader->Function =3D SMM_VARIABLE_FUNCTION_GET_RUNTIM= E_CACHE_INFO; + SmmGetRuntimeCacheInfo =3D (SMM_VARIABLE_COMMUNICATE_GET_RU= NTIME_CACHE_INFO *)SmmVariableFunctionHeader->Data; + + // + // Send data to SMM. + // + Status =3D mMmCommunication2->Communicate (mMmCommunication2, CommBuffer= , CommBuffer, &CommSize); + ASSERT_EFI_ERROR (Status); + if (CommSize <=3D SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) { + Status =3D EFI_BAD_BUFFER_SIZE; + goto Done; + } + + Status =3D SmmVariableFunctionHeader->ReturnStatus; + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Get data from SMM. + // + *TotalHobStorageSize =3D SmmGetRuntimeCacheInfo->TotalHobStorageS= ize; + *TotalNvStorageSize =3D SmmGetRuntimeCacheInfo->TotalNvStorageSi= ze; + *TotalVolatileStorageSize =3D SmmGetRuntimeCacheInfo->TotalVolatileSto= rageSize; + *AuthenticatedVariableUsage =3D SmmGetRuntimeCacheInfo->AuthenticatedVar= iableUsage; + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + Sends the runtime variable cache context information to SMM. + + @retval EFI_SUCCESS Retrieved the size successfully. + @retval EFI_INVALID_PARAMETER TotalNvStorageSize parameter is NULL. + @retval EFI_OUT_OF_RESOURCES The memory resources needed for a Comm= Buffer are not available. + @retval Others Could not retrieve the size successful= ly.; + +**/ +EFI_STATUS +SendRuntimeVariableCacheContextToSmm ( + VOID + ) +{ + EFI_STATUS Status; + SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT *SmmRuntimeVarC= acheContext; + EFI_MM_COMMUNICATE_HEADER *SmmCommunicate= Header; + SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFun= ctionHeader; + UINTN CommSize; + UINT8 *CommBuffer; + + SmmRuntimeVarCacheContext =3D NULL; + CommBuffer =3D mVariableBuffer; + + if (CommBuffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + AcquireLockOnlyAtBootTime (&mVariableServicesLock); + + // + // Init the communicate buffer. The buffer data size is: + // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + = sizeof (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT); + // + CommSize =3D SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEAD= ER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT); + ZeroMem (CommBuffer, CommSize); + + SmmCommunicateHeader =3D (EFI_MM_COMMUNICATE_HEADER *)CommBuffer; + CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGui= d); + SmmCommunicateHeader->MessageLength =3D SMM_VARIABLE_COMMUNICATE_HEADER_= SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_RUNTIME_VARIABLE_CACHE_CONTEXT); + + SmmVariableFunctionHeader =3D (SMM_VARIABLE_COMMUNICATE_HEADER= *)SmmCommunicateHeader->Data; + SmmVariableFunctionHeader->Function =3D SMM_VARIABLE_FUNCTION_INIT_RUNTI= ME_VARIABLE_CACHE_CONTEXT; + SmmRuntimeVarCacheContext =3D (SMM_VARIABLE_COMMUNICATE_RUNTIM= E_VARIABLE_CACHE_CONTEXT *)SmmVariableFunctionHeader->Data; + + SmmRuntimeVarCacheContext->RuntimeHobCache =3D mVariableRuntimeHobC= acheBuffer; + SmmRuntimeVarCacheContext->RuntimeVolatileCache =3D mVariableRuntimeVola= tileCacheBuffer; + SmmRuntimeVarCacheContext->RuntimeNvCache =3D mVariableRuntimeNvCa= cheBuffer; + SmmRuntimeVarCacheContext->PendingUpdate =3D &mVariableRuntimeCac= hePendingUpdate; + SmmRuntimeVarCacheContext->ReadLock =3D &mVariableRuntimeCac= heReadLock; + SmmRuntimeVarCacheContext->HobFlushComplete =3D &mHobFlushComplete; + + // + // Request to unblock this region to be accessible from inside MM enviro= nment + // These fields "should" be all on the same page, but just to be on the = safe side... + // + Status =3D MmUnblockMemoryRequest ( + (EFI_PHYSICAL_ADDRESS)ALIGN_VALUE ((UINTN)SmmRuntimeVarCacheC= ontext->PendingUpdate - EFI_PAGE_SIZE + 1, EFI_PAGE_SIZE), + EFI_SIZE_TO_PAGES (sizeof (mVariableRuntimeCachePendingUpdate= )) + ); + if ((Status !=3D EFI_UNSUPPORTED) && EFI_ERROR (Status)) { + goto Done; + } + + Status =3D MmUnblockMemoryRequest ( + (EFI_PHYSICAL_ADDRESS)ALIGN_VALUE ((UINTN)SmmRuntimeVarCacheC= ontext->ReadLock - EFI_PAGE_SIZE + 1, EFI_PAGE_SIZE), + EFI_SIZE_TO_PAGES (sizeof (mVariableRuntimeCacheReadLock)) + ); + if ((Status !=3D EFI_UNSUPPORTED) && EFI_ERROR (Status)) { + goto Done; + } + + Status =3D MmUnblockMemoryRequest ( + (EFI_PHYSICAL_ADDRESS)ALIGN_VALUE ((UINTN)SmmRuntimeVarCacheC= ontext->HobFlushComplete - EFI_PAGE_SIZE + 1, EFI_PAGE_SIZE), + EFI_SIZE_TO_PAGES (sizeof (mHobFlushComplete)) + ); + if ((Status !=3D EFI_UNSUPPORTED) && EFI_ERROR (Status)) { + goto Done; + } + + // + // Send data to SMM. + // + Status =3D mMmCommunication2->Communicate (mMmCommunication2, CommBuffer= , CommBuffer, &CommSize); + ASSERT_EFI_ERROR (Status); + if (CommSize <=3D SMM_VARIABLE_COMMUNICATE_HEADER_SIZE) { + Status =3D EFI_BAD_BUFFER_SIZE; + goto Done; + } + + Status =3D SmmVariableFunctionHeader->ReturnStatus; + if (EFI_ERROR (Status)) { + goto Done; + } + +Done: + ReleaseLockOnlyAtBootTime (&mVariableServicesLock); + return Status; +} + +/** + Initialize variable service and install Variable Architectural protocol. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +SmmVariableReady ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN ContextIn; + + Status =3D gBS->LocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOI= D **)&mSmmVariable); + if (EFI_ERROR (Status)) { + return; + } + + Status =3D gBS->LocateProtocol (&gEfiMmCommunication2ProtocolGuid, NULL,= (VOID **)&mMmCommunication2); + ASSERT_EFI_ERROR (Status); + + // + // Allocate memory for variable communicate buffer. + // + Status =3D GetVariablePayloadSize (&mVariableBufferPayloadSize); + ASSERT_EFI_ERROR (Status); + mVariableBufferSize =3D SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMU= NICATE_HEADER_SIZE + mVariableBufferPayloadSize; + mVariableBuffer =3D AllocateRuntimePool (mVariableBufferSize); + ASSERT (mVariableBuffer !=3D NULL); + + // + // Save the buffer physical address used for SMM conmunication. + // + mVariableBufferPhysical =3D mVariableBuffer; + + if (FeaturePcdGet (PcdEnableVariableRuntimeCache)) { + DEBUG ((DEBUG_INFO, "Variable driver runtime cache is enabled.\n")); + // + // Allocate runtime variable cache memory buffers. + // + Status =3D GetRuntimeCacheInfo ( + &mVariableRuntimeHobCacheBufferSize, + &mVariableRuntimeNvCacheBufferSize, + &mVariableRuntimeVolatileCacheBufferSize, + &mVariableAuthFormat + ); + if (!EFI_ERROR (Status)) { + Status =3D InitVariableCache (&mVariableRuntimeHobCacheBuffer, &mVar= iableRuntimeHobCacheBufferSize); + if (!EFI_ERROR (Status)) { + Status =3D InitVariableCache (&mVariableRuntimeNvCacheBuffer, &mVa= riableRuntimeNvCacheBufferSize); + if (!EFI_ERROR (Status)) { + Status =3D InitVariableCache (&mVariableRuntimeVolatileCacheBuff= er, &mVariableRuntimeVolatileCacheBufferSize); + if (!EFI_ERROR (Status)) { + Status =3D SendRuntimeVariableCacheContextToSmm (); + if (!EFI_ERROR (Status)) { + SyncRuntimeCache (); + } + } + } + } + + if (EFI_ERROR (Status)) { + mVariableRuntimeHobCacheBuffer =3D NULL; + mVariableRuntimeNvCacheBuffer =3D NULL; + mVariableRuntimeVolatileCacheBuffer =3D NULL; + } + } + + ASSERT_EFI_ERROR (Status); + } else { + DEBUG ((DEBUG_INFO, "Variable driver runtime cache is disabled.\n")); + } + + gRT->GetVariable =3D RuntimeServiceGetVariable; + gRT->GetNextVariableName =3D RuntimeServiceGetNextVariableName; + gRT->SetVariable =3D RuntimeServiceSetVariable; + gRT->QueryVariableInfo =3D RuntimeServiceQueryVariableInfo; + + // + // Install the Variable Architectural Protocol on a new handle. + // + Status =3D gBS->InstallProtocolInterface ( + &mHandle, + &gEfiVariableArchProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + + mVariableLock.RequestToLock =3D VariableLockRequestToLock; + Status =3D gBS->InstallMultipleProtocolInterfaces ( + &mHandle, + &gEdkiiVariableLockProtocolGuid, + &mVariableLock, + NULL + ); + ASSERT_EFI_ERROR (Status); + + mVarCheck.RegisterSetVariableCheckHandler =3D VarCheckRegisterSetVariabl= eCheckHandler; + mVarCheck.VariablePropertySet =3D VarCheckVariablePropertySe= t; + mVarCheck.VariablePropertyGet =3D VarCheckVariablePropertyGe= t; + Status =3D gBS->InstallMultipleProtoc= olInterfaces ( + &mHandle, + &gEdkiiVarCheckProtoc= olGuid, + &mVarCheck, + NULL + ); + ASSERT_EFI_ERROR (Status); + + ContextIn.StructSize =3D sizeof (ContextIn); + ContextIn.StructVersion =3D PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION; + + ContextIn.FindVariableSmm =3D FindVariableInSmm; + ContextIn.GetVariableInfo =3D GetVariableInfo; + ContextIn.GetNextVariableInfo =3D GetNextVariableInfo; + ContextIn.VariableServiceUser =3D FromRuntimeModule; + ContextIn.MaxVariableSize =3D 0; + ContextIn.UpdateVariableStore =3D NULL; + ContextIn.UpdateVariable =3D NULL; + + Status =3D ProtectedVariableLibInitialize (&ContextIn); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "%a: %d ProtectedVariableLibInitialize() return status: %r\n", + __FUNCTION__, + __LINE__, + Status + )); + } + + gBS->CloseEvent (Event); +} + +/** + SMM Non-Volatile variable write service is ready notify event handler. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +SmmVariableWriteReady ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + VOID *ProtocolOps; + + // + // Check whether the protocol is installed or not. + // + Status =3D gBS->LocateProtocol (&gSmmVariableWriteGuid, NULL, (VOID **)&= ProtocolOps); + if (EFI_ERROR (Status)) { + return; + } + + // + // Some Secure Boot Policy Var (SecureBoot, etc) updates following other + // Secure Boot Policy Variable change. Record their initial value. + // + RecordSecureBootPolicyVarData (); + + Status =3D gBS->InstallProtocolInterface ( + &mHandle, + &gEfiVariableWriteArchProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + + gBS->CloseEvent (Event); +} + +/** + Variable Driver main entry point. The Variable driver places the 4 EFI + runtime services in the EFI System Table and installs arch protocols + for variable read and write services being available. It also registers + a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. + + @param[in] ImageHandle The firmware allocated handle for the EFI imag= e. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS Variable service successfully initialized. + +**/ +EFI_STATUS +EFIAPI +VariableSmmRuntimeInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + VOID *SmmVariableRegistration; + VOID *SmmVariableWriteRegistration; + EFI_EVENT OnReadyToBootEvent; + EFI_EVENT ExitBootServiceEvent; + EFI_EVENT LegacyBootEvent; + + EfiInitializeLock (&mVariableServicesLock, TPL_NOTIFY); + + // + // Smm variable service is ready + // + EfiCreateProtocolNotifyEvent ( + &gEfiSmmVariableProtocolGuid, + TPL_CALLBACK, + SmmVariableReady, + NULL, + &SmmVariableRegistration + ); + + // + // Smm Non-Volatile variable write service is ready + // + EfiCreateProtocolNotifyEvent ( + &gSmmVariableWriteGuid, + TPL_CALLBACK, + SmmVariableWriteReady, + NULL, + &SmmVariableWriteRegistration + ); + + // + // Register the event to reclaim variable for OS usage. + // + EfiCreateEventReadyToBootEx ( + TPL_NOTIFY, + OnReadyToBoot, + NULL, + &OnReadyToBootEvent + ); + + // + // Register the event to inform SMM variable that it is at runtime. + // + gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + OnExitBootServices, + NULL, + &gEfiEventExitBootServicesGuid, + &ExitBootServiceEvent + ); + + // + // Register the event to inform SMM variable that it is at runtime for l= egacy boot. + // Reuse OnExitBootServices() here. + // + EfiCreateEventLegacyBootEx ( + TPL_NOTIFY, + OnExitBootServices, + NULL, + &LegacyBootEvent + ); + + // + // Register the event to convert the pointer for runtime. + // + gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + VariableAddressChangeEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mVirtualAddressChangeEvent + ); + + // Initialize the VariablePolicy protocol and engine. + VariablePolicySmmDxeMain (ImageHandle, SystemTable); + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= tandaloneMm.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variab= leStandaloneMm.c new file mode 100644 index 000000000000..943993eb6738 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandalo= neMm.c @@ -0,0 +1,89 @@ +/** @file + + Parts of the SMM/MM implementation that are specific to standalone MM + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Variable.h" + +/** + This function checks if the buffer is valid per processor architecture a= nd + does not overlap with SMRAM. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and does n= ot + overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlaps + with SMRAM. +**/ +BOOLEAN +VariableSmmIsBufferOutsideSmmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return TRUE; +} + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +VariableNotifySmmReady ( + VOID + ) +{ +} + +/** + Notify the system that the SMM variable write driver is ready. +**/ +VOID +VariableNotifySmmWriteReady ( + VOID + ) +{ +} + +/** + Variable service MM driver entry point. + + @param[in] ImageHandle A handle for the image that is initializing th= is + driver + @param[in] MmSystemTable A pointer to the MM system table + + @retval EFI_SUCCESS Variable service successfully initialized. +**/ +EFI_STATUS +EFIAPI +VariableServiceInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *MmSystemTable + ) +{ + return MmVariableServiceInitialize (); +} + +/** + Whether the TCG or TCG2 protocols are installed in the UEFI protocol dat= abase. + This information is used by the MorLock code to infer whether an existing + MOR variable is legitimate or not. + + @retval TRUE Either the TCG or TCG2 protocol is installed in the UEFI + protocol database + @retval FALSE Neither the TCG nor the TCG2 protocol is installed in the = UEFI + protocol database +**/ +BOOLEAN +VariableHaveTcgProtocols ( + VOID + ) +{ + return FALSE; +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableT= raditionalMm.c b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Varia= bleTraditionalMm.c new file mode 100644 index 000000000000..0369c3cd01b1 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableTraditio= nalMm.c @@ -0,0 +1,130 @@ +/** @file + + Parts of the SMM/MM implementation that are specific to traditional MM + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include "Variable.h" + +/** + This function checks if the buffer is valid per processor architecture a= nd + does not overlap with SMRAM. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and does n= ot + overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlaps + with SMRAM. +**/ +BOOLEAN +VariableSmmIsBufferOutsideSmmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return SmmIsBufferOutsideSmmValid (Buffer, Length); +} + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +VariableNotifySmmReady ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle =3D NULL; + Status =3D gBS->InstallProtocolInterface ( + &Handle, + &gEfiSmmVariableProtocolGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + +/** + Notify the system that the SMM variable write driver is ready. +**/ +VOID +VariableNotifySmmWriteReady ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle =3D NULL; + Status =3D gBS->InstallProtocolInterface ( + &Handle, + &gSmmVariableWriteGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + +/** + Variable service MM driver entry point + + @param[in] ImageHandle A handle for the image that is initializing th= is + driver + @param[in] SystemTable A pointer to the EFI system table + + @retval EFI_SUCCESS Variable service successfully initialized. +**/ +EFI_STATUS +EFIAPI +VariableServiceInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return MmVariableServiceInitialize (); +} + +/** + Whether the TCG or TCG2 protocols are installed in the UEFI protocol dat= abase. + This information is used by the MorLock code to infer whether an existing + MOR variable is legitimate or not. + + @retval TRUE Either the TCG or TCG2 protocol is installed in the UEFI + protocol database + @retval FALSE Neither the TCG nor the TCG2 protocol is installed in the = UEFI + protocol database +**/ +BOOLEAN +VariableHaveTcgProtocols ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Interface; + + Status =3D gBS->LocateProtocol ( + &gEfiTcg2ProtocolGuid, + NULL, // Registration + &Interface + ); + if (!EFI_ERROR (Status)) { + return TRUE; + } + + Status =3D gBS->LocateProtocol ( + &gEfiTcgProtocolGuid, + NULL, // Registration + &Interface + ); + return !EFI_ERROR (Status); +} diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableR= untimeDxe.uni b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variab= leRuntimeDxe.uni new file mode 100644 index 000000000000..227b8c6fad24 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeD= xe.uni @@ -0,0 +1,22 @@ +// /** @file +// Provides variable service. +// +// This module installs variable arch protocol and variable write arch pro= tocol to provide +// variable services: SetVariable, GetVariable, GetNextVariableName and Qu= eryVariableInfo. +// +// Caution: This module requires additional review when modified. +// This driver will have external input - variable data. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides variable= service" + +#string STR_MODULE_DESCRIPTION #language en-US "This module insta= lls variable arch protocol and variable write arch protocol to provide vari= able services: SetVariable, GetVariable, GetNextVariableName and QueryVaria= bleInfo. Caution: This module requires additional review when modified. Thi= s driver will have external input - variable data. This external input must= be validated carefully to avoid security issues such as buffer overflow or= integer overflow." + diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableR= untimeDxeExtra.uni b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/V= ariableRuntimeDxeExtra.uni new file mode 100644 index 000000000000..f0976418ff81 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeD= xeExtra.uni @@ -0,0 +1,14 @@ +// /** @file +// VariableRuntimeDxe Localized Strings and Content +// +// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"VariableRuntimeDxe module" + + diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mm.uni b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.u= ni new file mode 100644 index 000000000000..414c7cdc7c05 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.uni @@ -0,0 +1,27 @@ +// /** @file +// Provides SMM variable service. +// +// This module installs SMM variable protocol into SMM protocol database, +// which can be used by SMM driver, and installs SMM variable protocol +// into BS protocol database, which can be used to notify the SMM Runtime +// Dxe driver that the SMM variable service is ready. +// This module should be used with SMM Runtime DXE module together. The +// SMM Runtime DXE module would install variable arch protocol and variable +// write arch protocol based on SMM variable module. +// +// Caution: This module requires additional review when modified. +// This driver will have external input - variable data and communicate bu= ffer in SMM mode. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides SMM vari= able service" + +#string STR_MODULE_DESCRIPTION #language en-US "This module insta= lls SMM variable protocol into SMM protocol database, which can be used by = SMM driver, and installs SMM variable protocol into BS protocol database, w= hich can be used to notify the SMM Runtime DXE driver that the SMM variable= service is ready. This module should be used with SMM Runtime DXE module t= ogether. The SMM Runtime DXE module would install variable arch protocol an= d variable write arch protocol based on SMM variable module. Caution: This = module requires additional review when modified. This driver will have exte= rnal input - variable data and communicate buffer in SMM mode. This externa= l input must be validated carefully to avoid security issues such as buffer= overflow or integer overflow." + diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mmExtra.uni b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Variable= SmmExtra.uni new file mode 100644 index 000000000000..f724209f3dc2 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmExtra= .uni @@ -0,0 +1,14 @@ +// /** @file +// VariableSmm Localized Strings and Content +// +// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"VariableSmm module" + + diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mmRuntimeDxe.uni b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/Var= iableSmmRuntimeDxe.uni new file mode 100644 index 000000000000..9639f00077a0 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRunti= meDxe.uni @@ -0,0 +1,23 @@ +// /** @file +// This module is the Runtime DXE part correspond to SMM variable module. +// +// It installs variable arch protocol and variable write arch protocol to = provide +// four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableNam= e and QueryVariableInfo +// and works with SMM variable module together. +// +// Caution: This module requires additional review when modified. +// This driver will have external input - variable data. +// This external input must be validated carefully to avoid security issue= s such as +// buffer overflow or integer overflow. +// +// Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "The Runtime DXE p= art corresponding to the SMM variable module" + +#string STR_MODULE_DESCRIPTION #language en-US "It installs varia= ble arch protocol and variable write arch protocol to provide four EFI_RUNT= IME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariab= leInfo and works with SMM variable module together." + diff --git a/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableS= mmRuntimeDxeExtra.uni b/MdeModulePkg/Universal/Variable/Protected/RuntimeDx= e/VariableSmmRuntimeDxeExtra.uni new file mode 100644 index 000000000000..bbabdf82736b --- /dev/null +++ b/MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRunti= meDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file +// VariableSmmRuntimeDxe Localized Strings and Content +// +// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"VariableSmmRuntimeDxe module" + + --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95989): https://edk2.groups.io/g/devel/message/95989 Mute This Topic: https://groups.io/mt/94840825/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95980+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95980+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720131; cv=none; d=zohomail.com; s=zohoarc; b=n05MgYeAlaFy26i+WRu8Beu1gEXRWwv64tDd+KAASfkTQX1pvAWh/IQYW2qdW1f4E2G5T4p7wGCxk8fz8LGU+v0dwyleCVN+sv5tERugBR1QnIlEAY6dXt49QSfP+tikjidSnXsh5yLawzHHaErZo/gQU+t+nUTYbv49SK82jYg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720131; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/8YQ4LMWrd6Y8gttzFsXr7AsBWCHKi3YkMhqYKff/GA=; b=UHAv5A6mF8dwq3doOwIT9MD8mgnTWhh2TXsSEdcUh9GltI6AqjxNxlOchSoDa5eSLvS8bKNXbTL+jzc/t5+NKObFlLR36oq5jh7I82KMmcrawHKaWjpzCX14UeUwtdi8ABdAzBppZRiHNPDDblysc/dmAJul4/IJmc46dt2nCQQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95980+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720131620298.9224419038302; Sun, 6 Nov 2022 00:35:31 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 31E9YY1788612xATNUOkhyFG; Sun, 06 Nov 2022 00:35:31 -0700 X-Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.14305.1667720130144610892 for ; Sun, 06 Nov 2022 00:35:30 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="374479445" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="374479445" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:29 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513458" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513458" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:29 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Liming Gao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 09/19] MdeModulePkg: Reference Null ProtectedVariableLib Date: Sun, 6 Nov 2022 00:34:59 -0700 Message-Id: <20221106073509.3071-10-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: KelySLsCRNK34eWWYmeJF9dyx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720131; bh=KFAd4vWYyyN0zS5YZg2gthUDW82DrVSyCEYvobQpzgU=; h=Cc:Date:From:Reply-To:Subject:To; b=eEjs+6F4PmXiaOJuHUTAZ0t/oGPVeoGe1PsbZ4EqTYahPOOgMETOxShp0Clp2oe2ODW QheTRyYFcT0+nFtSDcatEliYZUzvvS9MZfweWWLyPixQswVV6+pA1ipffEw5LTDWEeNrN +HiUaCGZ7jHFRszWihgDHMVkUBbP/nIpj2w= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720132927100002 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V5: Add reference to new Protected Variable libs. V1: Make reference to new Null ProtectVariableLib. The null ProtectedVariableLib is used by default. Cc: Jian J Wang Cc: Liming Gao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- MdeModulePkg/MdeModulePkg.dsc | 20 +++++++++++++++++++- MdeModulePkg/Test/MdeModulePkgHostTest.dsc | 8 ++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 659482ab737f..65ec6d1e0918 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -2,7 +2,7 @@ # EFI/PI Reference Module Package for All Architectures # # (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
-# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.
# Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent @@ -104,6 +104,7 @@ [LibraryClasses] VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/Var= iablePolicyHelperLib.inf MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibN= ull.inf VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseV= ariableFlashInfoLib.inf + ProtectedVariableLib|MdeModulePkg/Library/ProtectedVariableLibNull/Prote= ctedVariableLibNull.inf =20 [LibraryClasses.EBC.PEIM] IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf @@ -318,6 +319,7 @@ [Components] MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNu= ll.inf MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + MdeModulePkg/Library/ProtectedVariableLibNull/ProtectedVariableLibNull.i= nf MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf @@ -397,6 +399,7 @@ [Components] MdeModulePkg/Application/VariableInfo/VariableInfo.inf MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf MdeModulePkg/Universal/Variable/Pei/VariablePei.inf + MdeModulePkg/Universal/Variable/Protected/Pei/VariablePei.inf MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf MdeModulePkg/Universal/TimestampDxe/TimestampDxe.inf MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf @@ -461,6 +464,7 @@ [Components.IA32, Components.X64, Components.ARM, Compo= nents.AARCH64] !if $(TOOL_CHAIN_TAG) !=3D "XCODE5" MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteStandalon= eMm.inf MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableStandaloneM= m.inf !endif =20 [Components.IA32, Components.X64] @@ -475,13 +479,27 @@ [Components.IA32, Components.X64] NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf } + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmm.inf { + + NULL|MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf + NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf + } MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf { NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf } + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableRuntimeDxe.= inf { + + NULL|MdeModulePkg/Library/VarCheckUefiLib/VarCheckUefiLib.inf + NULL|MdeModulePkg/Library/VarCheckHiiLib/VarCheckHiiLib.inf + NULL|MdeModulePkg/Library/VarCheckPcdLib/VarCheckPcdLib.inf + } MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/VariableSmmRuntimeD= xe.inf MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf MdeModulePkg/Library/SmmReportStatusCodeLib/StandaloneMmReportStatusCode= Lib.inf MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf diff --git a/MdeModulePkg/Test/MdeModulePkgHostTest.dsc b/MdeModulePkg/Test= /MdeModulePkgHostTest.dsc index c9ec835df65d..c0ca9be71e8c 100644 --- a/MdeModulePkg/Test/MdeModulePkgHostTest.dsc +++ b/MdeModulePkg/Test/MdeModulePkgHostTest.dsc @@ -42,6 +42,14 @@ [Components] gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisa= ble|TRUE } =20 + MdeModulePkg/Universal/Variable/Protected/RuntimeDxe/RuntimeDxeUnitTest/= VariableLockRequestToLockUnitTest.inf { + + VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePol= icyLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib= /VariablePolicyHelperLib.inf + + gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisa= ble|TRUE + } + MdeModulePkg/Library/UefiSortLib/UnitTest/UefiSortLibUnitTest.inf { UefiSortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95980): https://edk2.groups.io/g/devel/message/95980 Mute This Topic: https://groups.io/mt/94840816/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95990+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95990+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720146; cv=none; d=zohomail.com; s=zohoarc; b=kiDXFhDyadYS2ObP8tk96yQwAU0x3RhRGYIY5oFlkdIFNSHH+m3e+VoJrBP0+bDnhSLS+fz6upvVXvgbP8/hJFpo/pUBQiayFRvDZ44xrnji8kw859dlOh70AM/zTU4TA4c6jOI4qNAaPendpyGXwk/+oXz8dmldqmP46WGwHX0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720146; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ECEgqUkAbdBZDSsaZj9vaqnCfD9CdTEBkhn/BtERKXk=; b=BtMIC52LgzODKyP+a4LSKeHT2H/6sX12lOKvDVFA8P3wB0Myci+5CkHcVSWI2pD85AFuVH40105pR8KcKAFnAyyD1z3huH4BGjgYlljzpAUkuTd/nG5ssm0FmkCkVTey74kX/ozXpR6klkROJIu33Qzk95yA2r8m7Q+b55gyBnk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95990+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720146238337.07803605133574; Sun, 6 Nov 2022 00:35:46 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EMQzYY1788612xXxwtEnHWIb; Sun, 06 Nov 2022 00:35:45 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126 for ; Sun, 06 Nov 2022 00:35:43 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534273" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534273" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:30 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513461" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513461" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:29 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 10/19] SecurityPkg: Add new GUIDs for Date: Sun, 6 Nov 2022 00:35:00 -0700 Message-Id: <20221106073509.3071-11-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: G1Zh5Q8rBSopiQaeEMt6zVxwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720145; bh=6HhRwb1wQXn9gTK8u/yHaKiJ8j4nlNzB+Jq4s66iEoc=; h=Cc:Date:From:Reply-To:Subject:To; b=D6+uUz6mb0We7B6TTUGii2/IPDTG30uc+b6r3SeD63TmL5NCQCUJi+rIKy2qtmwj3zA N7woSb+HfXFCtyUdd8adBpaBE5yJpKnAJbdLP62PKDmYUJg+3DBxH8e/koaKsCFfskPLq c2p/qs9/HnJy7Cy2/xyMBhp+5uzuCJ2+8wY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720146876100025 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 The gEdkiiProtectedVariableGlobalGuid HOB contains the global configuration data structure which is verified in PEI Phase. The gEdkiiMetaDataHmacVariableGuid is used for saving the meta data HMAC variable. The gEdkiiProtectedVariableContextGuid contains the Protected Variable context saved in PEI phase to be used later. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- SecurityPkg/SecurityPkg.dec | 43 +++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 7ecf9565d98c..5e20111cceb7 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and lib= rary classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent @@ -226,6 +226,18 @@ [Guids] ## GUID used to specify section with default dbt content gDefaultdbtFileGuid =3D { 0x36c513ee, 0xa338, 0x4976, { 0= xa0, 0xfb, 0x6d, 0xdb, 0xa3, 0xda, 0xfe, 0x87 } } =20 + ## Include/Guid/ProtectedVariable.h + # {8EBF379A-F18E-4728-A410-00CF9A65BE91} + gEdkiiProtectedVariableGlobalGuid =3D { 0x8ebf379a, 0xf18e, 0x4728, { 0x= a4, 0x10, 0x0, 0xcf, 0x9a, 0x65, 0xbe, 0x91 } } + + ## Include/Guid/ProtectedVariable.h + # {e3e890ad-5b67-466e-904f-94ca7e9376bb} + gEdkiiMetaDataHmacVariableGuid =3D {0xe3e890ad, 0x5b67, 0x466e, {0x90, 0= x4f, 0x94, 0xca, 0x7e, 0x93, 0x76, 0xbb}} + + ## Include/Guid/ProtectedVariable.h + # {a11a3652-875b-495a-b097-200917580b98} + gEdkiiProtectedVariableContextGuid =3D {0xa11a3652, 0x875b, 0x495a, {0xb= 0, 0x97, 0x20, 0x09, 0x17, 0x58, 0x0b, 0x98} } + [Ppis] ## The PPI GUID for that TPM physical presence should be locked. # Include/Ppi/LockPhysicalPresence.h @@ -251,6 +263,10 @@ [Ppis] ## Include/Ppi/Tcg.h gEdkiiTcgPpiGuid =3D {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0x= ca, 0xc7, 0x17, 0x6c, 0xf1 } } =20 + ## Key Service Ppi + # Include/Ppi/KeyServicePpi.h + gKeyServicePpiGuid =3D {0x583592f6, 0xEC34, 0x4CED, {0x8E, 0x81, 0xC8, 0= xD1, 0x36, 0x93, 0x04, 0x27}} + # # [Error.gEfiSecurityPkgTokenSpaceGuid] # 0x80000001 | Invalid value provided. @@ -334,6 +350,31 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] =20 gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0= 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0= x00010032 =20 + ## Progress Code for variable integrity check result.

+ # DEFAULT: (EFI_PERIPHERAL_FIXED_MEDIA | [EFI_STATUS&0xFF]) + # @Prompt Status Code for variable integiry check result + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity|0x01070000|= UINT32|0x00010033 + + ## Null-terminated Unicode string of the Platform Variable Name + # @Prompt known unprotected variable name + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName|L""|VOID*|0x000100= 34 + + ## Guid name to identify Platform Variable Guid + # @Prompt known unprotected variable guid + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid|{ 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0= x00 }|VOID*|0x00010035 + + ## Defines Protected Variable Integrity support. + # TRUE - Enable Protected Variable Integrity.
+ # FALSE - Disable Protected Variable Integrity.
+ # @Prompt Protected Variable Integrity support. + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity|FALSE|BOOLEA= N|0x00010036 + + ## Defines Protected Variable Confidentiality support. + # TRUE - Enable Protected Variable Confidentiality.
+ # FALSE - Disable Protected Variable Confidentiality.
+ # @Prompt Protected Variable Integrity support. + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality|FALSE|= BOOLEAN|0x00010037 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Image verification policy for OptionRom. Only following values are va= lid:

# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification= and has been removed.
--=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95990): https://edk2.groups.io/g/devel/message/95990 Mute This Topic: https://groups.io/mt/94840826/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95991+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95991+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720146; cv=none; d=zohomail.com; s=zohoarc; b=kyC7YEu+maz+Q0nv0h1+g/9VHdGnlBuhC2Wv+lyTIhaJkPZhNtRrufm/ucCIiQm7NxOFvwMYdo10IFOe6vQqefXx3IGcid4+5g5xQzSjmbuQDjm3GGwHrNyuOcdmghkEi4/H1yv5anYJyiFuAazO1wlBRW4Ap8uzfaQNYJzDQlM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720146; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2eT3Ln4aUqXVaAt6NCJ15+SbI/2x/mrZ4zfMUoniF0Q=; b=TLV75f4/w79FBM8HrAL7ckdqFCKn5Gnm1DrcuR5e2A4L/H0v/ko2CZlOop6tv0jrJCBlbLgneYako9YGP4uBlEl4cO6pbhOMz+n9U2XfU30ELtc3xtUmSoUThAlc4EtDrHdqcnjeGhHunCaQ72Y0R+8sM5/Ey29TD+q7OmGBAjY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95991+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720146474313.26805865068957; Sun, 6 Nov 2022 00:35:46 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id VZDdYY1788612x621QTi1YaZ; Sun, 06 Nov 2022 00:35:46 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126 for ; Sun, 06 Nov 2022 00:35:43 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534274" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534274" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:30 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513466" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513466" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:29 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 11/19] SecurityPkg: Add new KeyService types and defines Date: Sun, 6 Nov 2022 00:35:01 -0700 Message-Id: <20221106073509.3071-12-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: VPuRQzJSykeNAn6KAXHr4qyOx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720146; bh=fbWPIiyZ6ZeK6cDZ0DmHw5fOZB+qQuhuuo46u9PS7K4=; h=Cc:Date:From:Reply-To:Subject:To; b=UmacS1cztqDyofBYtLUcwu6PeE/uZSbXD6N2re1jCVMbAmpiP2PNS+qo341xeV5vG9G O0/qVgnE2j0ubVLF2zKOE1j0nZ03wdG3FB+LTQVd4hWMtoDAiUOZsLlOzLqjGjZlNkmyA SWxv4jeMsTLAdnklw+K2rhcIlHFXY/aiulw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720146863100023 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V4: revert copyright date change. V1: Add new KeyService types and defines. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- SecurityPkg/Include/Ppi/KeyServicePpi.h | 57 ++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/SecurityPkg/Include/Ppi/KeyServicePpi.h b/SecurityPkg/Include/= Ppi/KeyServicePpi.h new file mode 100644 index 000000000000..8cfec04f96e5 --- /dev/null +++ b/SecurityPkg/Include/Ppi/KeyServicePpi.h @@ -0,0 +1,57 @@ +/** @file + Provides Key Services. + +Copyright (c) 2008 - 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +@par Specification Reference: +**/ + +#ifndef PEI_KEY_SERVICE_PPI_H_ +#define PEI_KEY_SERVICE_PPI_H_ +/// +/// KEY SERVICE PPI GUID +/// +extern EFI_GUID gKeyServicePpiGuid; + +/** + Generate a new key from root key. + + @param[in] Salt Pointer to the salt(non-secret) va= lue. + @param[in] SaltSize Salt size in bytes. + @param[out] NewKey Pointer to buffer to receive new k= ey. + @param[in] NewKeySize Size of new key bytes to generate. + + @retval EFI_SUCCESS The function completed successfully + @retval OTHER The function completed with failur= e. +**/ +typedef +EFI_STATUS +(EFIAPI *KEY_SERVICE_GEN_KEY)( + IN UINT8 *Salt, + IN UINTN SaltSize, + OUT UINT8 *NewKey, + IN UINTN NewKeySize + ); + +#define KEY_SERVICE_PPI_REVISION 1 +#define ROOT_KEY_LEN 64 +#define SALT_SIZE_MIN_LEN 64 +#define KEY_SERVICE_KEY_NAME L"KEY_SERVICE_KEY" + +typedef struct { + UINT8 RootKey[ROOT_KEY_LEN]; + UINT8 PreviousRootKey[ROOT_KEY_LEN]; +} KEY_SERVICE_DATA; + +typedef struct _KEY_SERVICE_PPI KEY_SERVICE_PPI; + +/// +/// KEY SERVICE PPI +/// The interface functions are for Key Service in PEI Phase +/// +struct _KEY_SERVICE_PPI { + KEY_SERVICE_GEN_KEY GenerateKey; /// Generate Key +}; + +#endif --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95991): https://edk2.groups.io/g/devel/message/95991 Mute This Topic: https://groups.io/mt/94840827/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95992+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95992+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720147; cv=none; d=zohomail.com; s=zohoarc; b=D3lk6meTqoL/cjQNTUlxZoxV+UzXe4cSiAa+2Bc4tiLrBqBYhJm4dmZCf5lVTeyqwPjkopnPAnyhMlFPiLM493ZFo6XPRvv4gCPVfKSPmdYzDGLHECDfOLk+WyPMtdle+tabe+j+SjBa73RRRXfKGhE1D6HCqe4oVVMjSZvXTIw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720147; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2Sk/kDzxdfNFX5+ZiJRRNX2BWh0N2UT8uPF46n/bFuA=; b=JKwEkDwOgWTGVzjYf0WAQG/4vWL51rGq/zNWoqoogGwGuvslMmgUP1M69+sd3lfFITRfsypfHIGiyGjJ2VnxIGIGU9d6jZhDmWA3f6Ltbkf81Cn6qzeiOAnHB02LfkwpuPhpR5sEHPAwF7HhBZs5jebbdInHaV4iuBd2Oy1aIeQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95992+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720147297512.2663828150702; Sun, 6 Nov 2022 00:35:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id idpGYY1788612xDHfufFSqOn; Sun, 06 Nov 2022 00:35:47 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.14307.1667720143790244062 for ; Sun, 06 Nov 2022 00:35:43 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534275" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534275" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:30 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513469" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513469" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:30 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 12/19] SecurityPkg: Add new variable types and functions Date: Sun, 6 Nov 2022 00:35:02 -0700 Message-Id: <20221106073509.3071-13-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: 3vthxoCu80oFx4Azy9kvBl9yx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720147; bh=7kuG0EpEk47HgK3Z53OCunsgqMpwSwMdH5NhXyb5bCo=; h=Cc:Date:From:Reply-To:Subject:To; b=WK+PrXDbkk2Xd6LTx985R2zSDfMYj2S8sEu8jmgwVEC7aen1ZcTYOKNj8IadUdUMn0K iF6zf5SLxfJ2+ZeR9USWG5HkUTSGQiFXWaq94gpjYrA0ud0M3nGLwvls+1XgB18k0CDlf ravmzgsgN3VNqY/aPHv94roDRWHC2oK+/kA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720148884100045 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Add new variable encryption/decryption function prototypes. Add new variable digest structure. Add new Protected variable function prototypes. Update RPMC APIs to Add an index because there is could more than one counter. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- SecurityPkg/Include/Library/RpmcLib.h | 15 +++++--- SecurityPkg/Include/Library/VariableKeyLib.h | 37 +++----------------- 2 files changed, 16 insertions(+), 36 deletions(-) diff --git a/SecurityPkg/Include/Library/RpmcLib.h b/SecurityPkg/Include/Li= brary/RpmcLib.h index df4ba34ba8cf..cb71dfcd7e4d 100644 --- a/SecurityPkg/Include/Library/RpmcLib.h +++ b/SecurityPkg/Include/Library/RpmcLib.h @@ -1,19 +1,23 @@ /** @file Public definitions for the Replay Protected Monotonic Counter (RPMC) Lib= rary. =20 -Copyright (c) 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#ifndef _RPMC_LIB_H_ -#define _RPMC_LIB_H_ +#ifndef RPMC_LIB_H_ +#define RPMC_LIB_H_ =20 #include =20 +#define RPMC_COUNTER_1 0 +#define RPMC_COUNTER_2 1 + /** Requests the monotonic counter from the designated RPMC counter. =20 + @param[in] CounterIndex The RPMC index @param[out] CounterValue A pointer to a buffer to store the= RPMC value. =20 @retval EFI_SUCCESS The operation completed successful= ly. @@ -23,12 +27,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI RequestMonotonicCounter ( + IN UINT8 CounterIndex, OUT UINT32 *CounterValue ); =20 /** Increments the monotonic counter in the SPI flash device by 1. =20 + @param[in] CounterIndex The RPMC index + @retval EFI_SUCCESS The operation completed successful= ly. @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. @retval EFI_UNSUPPORTED The operation is un-supported. @@ -36,7 +43,7 @@ RequestMonotonicCounter ( EFI_STATUS EFIAPI IncrementMonotonicCounter ( - VOID + IN UINT8 CounterIndex ); =20 #endif diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h b/SecurityPkg/Inc= lude/Library/VariableKeyLib.h index 561ebad09da2..6076c4d4731b 100644 --- a/SecurityPkg/Include/Library/VariableKeyLib.h +++ b/SecurityPkg/Include/Library/VariableKeyLib.h @@ -1,13 +1,13 @@ /** @file Public definitions for Variable Key Library. =20 -Copyright (c) 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#ifndef _VARIABLE_KEY_LIB_H_ -#define _VARIABLE_KEY_LIB_H_ +#ifndef VARIABLE_KEY_LIB_H_ +#define VARIABLE_KEY_LIB_H_ =20 #include =20 @@ -25,35 +25,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize - ); - -/** - Regenerates the variable key. - - @retval EFI_SUCCESS The variable key was regenerated s= uccessfully. - @retval EFI_DEVICE_ERROR An error occurred while attempting= to regenerate the key. - @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. - @retval EFI_UNSUPPORTED Key regeneration is not supported = in the current boot configuration. -**/ -EFI_STATUS -EFIAPI -RegenerateVariableKey ( - VOID - ); - -/** - Locks the regenerate key interface. - - @retval EFI_SUCCESS The key interface was locked succe= ssfully. - @retval EFI_UNSUPPORTED Locking the key interface is not s= upported in the current boot configuration. - @retval Others An error occurred while attempting= to lock the key interface. -**/ -EFI_STATUS -EFIAPI -LockVariableKeyInterface ( - VOID + OUT VOID *VariableKey, + IN UINTN VariableKeySize ); =20 #endif --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95992): https://edk2.groups.io/g/devel/message/95992 Mute This Topic: https://groups.io/mt/94840828/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95993+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95993+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720146; cv=none; d=zohomail.com; s=zohoarc; b=h2Jr5uO9kg6sGYoeCYG7m0+ydRpv4Z7sOgEf1pzG1SKOCz67MXkPdfFjhLYRU6ZQ2cJR8CSAR0fmFrZw8btsI2WI4kbQsh6HCWtLS0zII0GU2VA5x8M1E6qpxOSwkLNbDZJ44cxlp9pYokglX1f+L+hXgdSFJnb41yKSX/DhKHs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720146; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=2qc5vWrX7QpsGeTGDarOV2KE2OQ/QpH2oUB442w6RPk=; b=SNGC1A/Iw+RuAidOHyZSwxenUIk7brBEBB7ExkKNJrTsauYTrMvc/6o/UBDSrRlCq0nwRUG9+hQukIaomKhzWRuRey9XYxK9xGqm1mvREt72RKKHMlSwX6tT9j+UkKPUnkGnUbeLmnGgqtVZIaSV9l2JUERGZxsHFg6HqbV+Hdc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95993+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720146811339.0836504242578; Sun, 6 Nov 2022 00:35:46 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id YjerYY1788612xS7T8gPH5vn; Sun, 06 Nov 2022 00:35:46 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126 for ; Sun, 06 Nov 2022 00:35:43 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534276" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534276" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:31 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513473" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513473" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:30 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 13/19] SecurityPkg: Update RPMC APIs with index Date: Sun, 6 Nov 2022 00:35:03 -0700 Message-Id: <20221106073509.3071-14-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: cnm0AZUake6g09MpHSNoLmCKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720146; bh=jIEc54ChUA9+mUe1xEXfJBn5RNncVuu0xun/eEeKJ0w=; h=Cc:Date:From:Reply-To:Subject:To; b=JVswjPf6jLYj1D1d/viOoRprNuuw5h5dqABvHqKgvNqznCRzRR4OsuUTuSGSDODLMCA cIawM9wlU6O+qSEuoOah8gdfQ1RcrNiXqLz8Rtd1jV+uJFUHcaILgUafM39R0P3H+Hfyq nlHCxCo49FZLTi4O2wHUfa+2JaWqac3LfSU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720148883100044 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Update RPMC APIs with index parameter because sometimes there are more than 1 RPMC counter on the platform. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/SecurityPkg/Li= brary/RpmcLibNull/RpmcLibNull.c index 792e48250e5d..557aeb6abf09 100644 --- a/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c +++ b/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c @@ -1,7 +1,7 @@ /** @file NULL RpmcLib instance for build purpose. =20 -Copyright (c) 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent /** Requests the monotonic counter from the designated RPMC counter. =20 + @param[in] CounterIndex The RPMC index @param[out] CounterValue A pointer to a buffer to store the= RPMC value. =20 @retval EFI_SUCCESS The operation completed successful= ly. @@ -21,6 +22,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI RequestMonotonicCounter ( + IN UINT8 CounterIndex, OUT UINT32 *CounterValue ) { @@ -31,6 +33,8 @@ RequestMonotonicCounter ( /** Increments the monotonic counter in the SPI flash device by 1. =20 + @param[in] CounterIndex The RPMC index + @retval EFI_SUCCESS The operation completed successful= ly. @retval EFI_DEVICE_ERROR A device error occurred while atte= mpting to update the counter. @retval EFI_UNSUPPORTED The operation is un-supported. @@ -38,7 +42,7 @@ RequestMonotonicCounter ( EFI_STATUS EFIAPI IncrementMonotonicCounter ( - VOID + IN UINT8 CounterIndex ) { ASSERT (FALSE); --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95993): https://edk2.groups.io/g/devel/message/95993 Mute This Topic: https://groups.io/mt/94840829/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95994+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95994+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720148; cv=none; d=zohomail.com; s=zohoarc; b=Nktd9Rsm2H8ulafsXunkoPZDG73agNR0V0DsSiV3cT97/GSxUrpt/1Mah5hzecRb4jv7KnM2oTOwrYXLqOIxhCR7k/pkMtMUjEX8FGsFeHLo2SB6X39f3F6RBYraJT4XtfqlCsjJUJgsaWtmtiLGYbfNIp54/SBuMk8NXW1PrDA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720148; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=uvPRhbsbct3AMgnN14SHkPTlu4apTJS56vTUsD/diR8=; b=I2emyDnw04A9vAMWxXDTdkblusRk6+OiuyvIuC+SydEpb3u7sByFIbS8zSNYxC3+/mq0JKOz0SHOFVhUR9J56UQS3lAJ8Z4RIHJvRAhmOnWaeHcL6j2qc61IgM8R/3lsvQW8Wwz4HdqeHgiNS49pxi91+oxKr4BwXT/QG4qjr/w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95994+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720148491174.08480799020572; Sun, 6 Nov 2022 00:35:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id egypYY1788612xZ3Wc1ek5wL; Sun, 06 Nov 2022 00:35:47 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.14307.1667720143790244062 for ; Sun, 06 Nov 2022 00:35:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534277" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534277" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:31 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513476" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513476" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:31 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 14/19] SecurityPkg: Fix GetVariableKey API Date: Sun, 6 Nov 2022 00:35:04 -0700 Message-Id: <20221106073509.3071-15-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: I7ZEkkp45l1yxbKRQhjJtJ6cx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720147; bh=bpjzz4jw7YJIoIHnqnR/wfrH6fcOln4pB+Mq2Tjt30A=; h=Cc:Date:From:Reply-To:Subject:To; b=dnPTbkN1lCWyHSpJt1JHZ6rdQKcb6Pe2xIVGkQz8CcbOMCC1TX0Gl424AWvwnCaUgGN wIEHZx2qNnOPTarpe0wrf+d8n9xPAR+e6UmiqWI+Ablo73/Cc6iv5B2VRbEgZc2NJifHW uO1fBnoA2sQB2K5csPlrYDF2bLA4Z5zPQC4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720148863100040 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V4: Applied code review - function comments need to match function prototype. V1: Fix GetVariableKey API to match changes in header files. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c b/= SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c index a08def767b5f..2cf4b3cbf9f6 100644 --- a/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c +++ b/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c @@ -1,7 +1,7 @@ /** @file Null version of VariableKeyLib for build purpose. Don't use it in real p= roduct. =20 -Copyright (c) 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -12,7 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent Retrieves the key for integrity and/or confidentiality of variables. =20 @param[out] VariableKey A pointer to pointer for the variabl= e key buffer. - @param[in,out] VariableKeySize The size in bytes of the variable ke= y. + @param[in] VariableKeySize The size in bytes of the variable ke= y. =20 @retval EFI_SUCCESS The variable key was returned. @retval EFI_DEVICE_ERROR An error occurred while attempting= to get the variable key. @@ -22,8 +22,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent EFI_STATUS EFIAPI GetVariableKey ( - OUT VOID **VariableKey, - IN OUT UINTN *VariableKeySize + OUT VOID *VariableKey, + IN UINTN VariableKeySize ) { ASSERT (FALSE); --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95994): https://edk2.groups.io/g/devel/message/95994 Mute This Topic: https://groups.io/mt/94840830/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95995+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95995+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720147; cv=none; d=zohomail.com; s=zohoarc; b=YBi0H1eU7p+XwU3j4jrJ6udFuXB8i1emok+k9RMJXsdqoogCyWS4Am7in2K8sVrvZoc00GUSrK/LVJoD0C69Rckk6qB40Ao7GwYYYRiqw820qzsbDVsDQQ4WuUiurtsD/jDSUkqZPOI7c6L3w4hbc3zDD2R7kAoj3fMiLGgZwjg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720147; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=33VMX0dS9OhFuVGltmYrFbzUkZVEJWQFm7bpjlm+8PI=; b=KTR9uIe4nBPd6WPr25722PwnFRgQtpr80dHS10DVfKFQIbyuix5ejr7aGqqSW43tqBXgirzM+uXqv00EDGufmTIjwrvdikEd2WJhZhncoJnbOTN/QeDxjfMdkJ4R1bPYmo4EwDhhWVFVgywu1IzI4p3fDNQ5G2fAHu4OZRLQo4w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95995+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720147858336.2006767231336; Sun, 6 Nov 2022 00:35:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 0vbCYY1788612xSnFZJ6i2Vi; Sun, 06 Nov 2022 00:35:47 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126 for ; Sun, 06 Nov 2022 00:35:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534278" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534278" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:32 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513479" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513479" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:31 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 15/19] SecurityPkg: Add null encryption variable libs Date: Sun, 6 Nov 2022 00:35:05 -0700 Message-Id: <20221106073509.3071-16-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: 7Hp2YlqfIeVvXtR9Mex8jlyIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720147; bh=3Gn8EGk+vUYPYS3+/3YaNAonJ7Ax6ZF4rDZ12MqSft0=; h=Cc:Date:From:Reply-To:Subject:To; b=ONyP3dMgflPSPqMS7cvMN17418+d8dVdgeGKcN3Gk6I4LZcjwI/qxSCXAeyf1ll3Ebr 6zkq2DRDTUUQ5Z49A5K+fjJMEAZb/Ffw49xP4U0BZXDyimvFY2qb1Ui219I3643X9TkBL ePi30JdvuKmfIqLPPPaxwhNBGASNVuvv8Ys= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720148873100042 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V4: Applied code review - Remove empty Guids section from .inf file. Update description in *.c. Remove *.uni file and reference to it. V1: Provide null ecryption variable libraries. These will be used by default for platforms that don't support protected variable encryption. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.in= f | 34 ++++++++ SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c = | 92 ++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariab= leLibNull.inf b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVar= iableLibNull.inf new file mode 100644 index 000000000000..185b6f9bedf7 --- /dev/null +++ b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNu= ll.inf @@ -0,0 +1,34 @@ +## @file +# Provides NULL version of encryption variable services. +# +# Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D EncryptionVariableLibNull + FILE_GUID =3D 3972E6FE-74D5-45C3-A9FB-DB9E5E5C9C17 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D EncryptionVariableLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + EncryptionVariable.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib diff --git a/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariab= le.c b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c new file mode 100644 index 000000000000..52ee8a7b5aae --- /dev/null +++ b/SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariable.c @@ -0,0 +1,92 @@ +/** @file + NULL implementation of EncryptionVariableLib. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include + +/** + Encrypt variable data. + + Null version. + + @param[in, out] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. + +**/ +EFI_STATUS +EFIAPI +EncryptVariable ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + return EFI_UNSUPPORTED; +} + +/** + Decrypt variable data. + + Null version. + + @param[in, out] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. + +**/ +EFI_STATUS +EFIAPI +DecryptVariable ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + return EFI_UNSUPPORTED; +} + +/** + Get cipher information. + + Null version. + + @param[in] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_UNSUPPORTED Unsupported interface. + +**/ +EFI_STATUS +EFIAPI +GetCipherDataInfo ( + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + return EFI_UNSUPPORTED; +} + +/** + Set cipher information for a variable. + + Null version. + + @param[in] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_UNSUPPORTED If this method is not supported. + +**/ +EFI_STATUS +EFIAPI +SetCipherDataInfo ( + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + return EFI_UNSUPPORTED; +} --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95995): https://edk2.groups.io/g/devel/message/95995 Mute This Topic: https://groups.io/mt/94840831/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95996+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95996+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720149; cv=none; d=zohomail.com; s=zohoarc; b=doc6SPfE0PWjhoFOMGVcbvgYeQkbvJkbZNYJiDgbPZg/GdRFllEM6S3hT39eFoIr5B311N2OoIE8hjMqGtlN9qia7mm01oLMpB85lO9uU0tmFGg1aGu20uRQ/0m4uIcBpG7Z0sj5BI9iLdBg3Jwfow61P6wnNWtfwbhnJfAFD80= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720149; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=CGj9hC6bNckKaJFW1I34qqhvh4ustgJyOZjvB2s/D6w=; b=RyXL5wvYMnn9xoxCmOWovTv+VGUj9NESvQ2PsJ1VcMjieAJu6IM1BmCt0hQkMTYiPsRpjUouS7bbeZ9Wmjr1pqbARR7S4plpEauGeRbxlVC7+SimJIdUXuUDuXAPXnlCypQolCD4lsy5QtkaSyu1b+W0nGK1ML0qynW49JO7CdQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95996+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720149450947.8848301132033; Sun, 6 Nov 2022 00:35:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id iv1RYY1788612xtMrDm35jKr; Sun, 06 Nov 2022 00:35:48 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.14307.1667720143790244062 for ; Sun, 06 Nov 2022 00:35:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534279" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534279" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:32 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513483" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513483" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:31 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 16/19] SecurityPkg: Add VariableKey library function Date: Sun, 6 Nov 2022 00:35:06 -0700 Message-Id: <20221106073509.3071-17-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: hRLlQnzpnRpWoXDQy33Zsa9Xx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720148; bh=By/4itaLEZ3PBj+Rquv6mYDNF6b0hdcpSaEG+o5Yl3E=; h=Cc:Date:From:Reply-To:Subject:To; b=AgAaKPPkjKcAaO86ZpB5kvNGa15mPE/Zxs+iXZpL0/vfb8Qg73Huw0X6w2gIdvovVfA mQiLMJf6VLsLY3Y4kc/ecqn3sxZqPBiAnncncS0bm0W/uyQP3pS6Fjl45o0KVKAYEIwvU 3VPEr17nGb+poPzJM/7LauN8nvV4mssJziE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720150892100057 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V5: Applied code review comments. Add PEIM to library class V1: Provide function that retrieves the key for protected variables. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf | 36 ++++++++++++ SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c | 59 +++++++++++++++= +++++ 2 files changed, 95 insertions(+) diff --git a/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf b/Securi= tyPkg/Library/VariableKeyLib/VariableKeyLib.inf new file mode 100644 index 000000000000..a9f7bb5afefd --- /dev/null +++ b/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf @@ -0,0 +1,36 @@ +## @file +# Provides default implementation of VariableKeyLib. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D VariableKeyLib + FILE_GUID =3D 7DF5A0BA-1DBB-4E67-A9F7-9FCCB1F9D250 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D VariableKeyLib|PEIM + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 Arm AArch64 +# + +[Sources] + VariableKeyLib.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + +[PpiS] + gKeyServicePpiGuid ## CONSUMES + diff --git a/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c b/Security= Pkg/Library/VariableKeyLib/VariableKeyLib.c new file mode 100644 index 000000000000..31b22782cb0c --- /dev/null +++ b/SecurityPkg/Library/VariableKeyLib/VariableKeyLib.c @@ -0,0 +1,59 @@ +/** @file + VariableKeyLib implementation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include + +#include + +#define VAR_KEY_SALT L"Key for RPMC Variable" +#define VAR_KEY_SALT_SIZE sizeof (VAR_KEY_SALT) + +/** + Retrieves the key for integrity and/or confidentiality of variables. + + @param[out] VariableKey A pointer to pointer for the variabl= e key buffer. + @param[in] VariableKeySize The size in bytes of the variable ke= y. + + @retval EFI_SUCCESS The variable key was returned. + @retval EFI_DEVICE_ERROR An error occurred while attempting= to get the variable key. + @retval EFI_ACCESS_DENIED The function was invoked after loc= king the key interface. + @retval EFI_UNSUPPORTED The variable key is not supported = in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +GetVariableKey ( + OUT VOID *VariableKey, + IN UINTN VariableKeySize + ) +{ + EFI_STATUS Status; + KEY_SERVICE_PPI *KeyService; + + Status =3D PeiServicesLocatePpi ( + &gKeyServicePpiGuid, + 0, + NULL, + (void **)&KeyService + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Status =3D KeyService->GenerateKey ( + (UINT8 *)VAR_KEY_SALT, + VAR_KEY_SALT_SIZE, + VariableKey, + VariableKeySize + ); + return Status; +} --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95996): https://edk2.groups.io/g/devel/message/95996 Mute This Topic: https://groups.io/mt/94840832/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95997+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95997+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720148; cv=none; d=zohomail.com; s=zohoarc; b=EEklKYcSZb8GAhXlAJbC2AlLD/q0BaTzHNLIJaKeV5worBlRCO/Lm3Vs2Bx29NWhaofnPRhmWer6001H77jYgiO0UjnCDH1T61mAJtzVY/HxOvNHAAK4045dgtM3+So9833i0AAyWA9sWmkl3l1RI1UgUOe3ELR/kklH39CTSD0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720148; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=cPe8eshL71YyMRxcBJZ9xQmlKcnv1au1mbfSY60LqkE=; b=SzKZyX2ZRArKS06zyr6xnSRNiiu47JDi2lQpt3lYNFi3N9LEmevFrj0rEh61hX73zp4BtyoVVkvGj5QEIiYkY1or1Y64kDEDE0h1qLEpxI/9fueRmHE3CCb349aseF1VQxF4oZkl8y41/5O1JqolUFw1OsvFcoNcFMhWjva39iU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95997+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720148405418.26388466604965; Sun, 6 Nov 2022 00:35:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CfddYY1788612x6wqeZ9gtgB; Sun, 06 Nov 2022 00:35:48 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126 for ; Sun, 06 Nov 2022 00:35:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534280" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534280" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:32 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513493" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513493" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:32 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Min Xu , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 17/19] SecurityPkg: Add EncryptionVariable lib with AES Date: Sun, 6 Nov 2022 00:35:07 -0700 Message-Id: <20221106073509.3071-18-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: HT0uG7pOpLGxaMVfrwQhbvq6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720148; bh=RHEC2Ua5yTWjV+KAM5pgSSIn53m4mOSzpM9qsvC4iis=; h=Cc:Date:From:Reply-To:Subject:To; b=Si9ZbR/lxCALLsW8IXx/xa0n4rtGY4rdHbNJtgs7ChCvNfr95/SB2PmZlGIkwgpwJCY x6oAm9nSuuo0thSMR+OoKBrfevsUZ/imJmUMIGHQm2HzAE1NbRH54b9W0xYBV2V033PvI q4BUShAlnM83rv8syZGFZ/12FNke0AbMLUw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720148914100046 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V3: Change AllocateZeroPool() with AllocatePages() and FreePool() with FreePages(). FreePool() is not supported in PEI phase so this was causing a memory leak. Reverse the order of the FreePages() call. V1: Add encryption/decryption of protected variable functionality. Add functions to get/set cipher data of a protected variable. This is use for supporting confidentiality for protected variables. Cc: Jian J Wang Cc: Jiewen Yao Cc: Min Xu Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf | 43 = ++ SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h | 49 = ++ SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c | 734 = ++++++++++++++++++++ 3 files changed, 826 insertions(+) diff --git a/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLi= b.inf b/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf new file mode 100644 index 000000000000..7ece52f2fb58 --- /dev/null +++ b/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf @@ -0,0 +1,43 @@ +## @file +# Provides variable encryption/decryption services. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D EncryptionVariableLib + FILE_GUID =3D 459E2CB0-AF4B-4415-B6A1-335E71FD8B85 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D EncryptionVariableLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + EncryptionVariable.c + EncryptionVariable.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + +[Guids] + gEfiVariableGuid + gEfiAuthenticatedVariableGuid diff --git a/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h= b/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h new file mode 100644 index 000000000000..f35f9f9e3ad7 --- /dev/null +++ b/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.h @@ -0,0 +1,49 @@ +/** @file + Definitions used by this library implementation. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef ENCRYPTION_VARIABLE_H_ +#define ENCRYPTION_VARIABLE_H_ + +#define ENC_KEY_SEP L":" +#define ENC_KEY_SEP_SIZE 2 +#define ENC_KEY_NAME L"VAR_ENC_KEY" +#define ENC_KEY_NAME_SIZE 22 + +#define ENC_KEY_SIZE (256/8) +#define ENC_BLOCK_SIZE AES_BLOCK_SIZE +#define ENC_IVEC_SIZE ENC_BLOCK_SIZE + +#define ENC_PADDING_BYTE 0x0F + +// +// PKCS#5 padding +// +// #define AES_CIPHER_DATA_SIZE(PlainDataSize) +// (AES_BLOCK_SIZE + (PlainDataSize)) & (~(AES_BLOCK_SIZE - 1)) +// +#define AES_CIPHER_DATA_SIZE(PlainDataSize) ALIGN_VALUE (PlainDataSize, A= ES_BLOCK_SIZE) + +#define FREE_POOL(Address) \ + if ((Address) !=3D NULL) { \ + FreePool (Address); \ + (Address) =3D NULL; \ + } + +#pragma pack(1) + +typedef struct { + UINT32 DataType; // SYM_TYPE_AES + UINT32 HeaderSize; // sizeof(VARIABLE_ENCRYPTION_HEADER) + UINT32 PlainDataSize; // Plain data size + UINT32 CipherDataSize; // Cipher data size + UINT8 KeyIvec[ENC_IVEC_SIZE]; +} VARIABLE_ENCRYPTION_HEADER; + +#pragma pack() + +#endif // _ENCRYPTION_VARIABLE_H_ diff --git a/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c= b/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c new file mode 100644 index 000000000000..d128b32f93e0 --- /dev/null +++ b/SecurityPkg/Library/EncryptionVariableLib/EncryptionVariable.c @@ -0,0 +1,734 @@ +/** @file + Implementation of EncryptionVariableLib with AES algorithm support. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include + +#include "EncryptionVariable.h" + +/** + Derive encryption key for given variable from variable root key. + + The derivation algorithm is depicted below + + HKDF_Expand(SHA256, RootKey, Name||':'||Guid||':'||Attr||"VAR_ENC_KEY") + + @param[in] VarEncInfo Pointer to structure containing detailed + information about a variable. + @param[in] EncKeySize Size of key requested. + @param[out] EncKey Buffer of key. + + @retval TRUE The key was derived successfully. + @retval FALSE Failed to generate encryption key. + +**/ +STATIC +BOOLEAN +EncVarLibGenEncKey ( + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo, + IN UINTN EncKeySize, + OUT UINT8 *EncKey + ) +{ + BOOLEAN Status; + + struct { + VOID *Data; + UINTN Size; + } InfoGroup[6]; + UINT8 *Info; + UINTN InfoSize; + UINTN Index; + UINT8 Salt[16]; + + // + // info: Name||':'||Guid||':'||Attr||"VAR_ENC_KEY" + // + InfoGroup[0].Size =3D VarEncInfo->Header.NameSize; + InfoGroup[0].Data =3D VarEncInfo->Header.VariableName; + + InfoGroup[1].Size =3D ENC_KEY_SEP_SIZE; + InfoGroup[1].Data =3D ENC_KEY_SEP; + + InfoGroup[2].Size =3D sizeof (*VarEncInfo->Header.VendorGuid); + InfoGroup[2].Data =3D VarEncInfo->Header.VendorGuid; + + InfoGroup[3].Size =3D ENC_KEY_SEP_SIZE; + InfoGroup[3].Data =3D ENC_KEY_SEP; + + InfoGroup[4].Size =3D sizeof (VarEncInfo->Header.Attributes); + InfoGroup[4].Data =3D &VarEncInfo->Header.Attributes; + + InfoGroup[5].Size =3D ENC_KEY_NAME_SIZE; + InfoGroup[5].Data =3D ENC_KEY_NAME; + + for (InfoSize =3D 0, Index =3D 0; Index < ARRAY_SIZE (InfoGroup); ++Inde= x) { + InfoSize +=3D InfoGroup[Index].Size; + } + + Info =3D AllocatePages (EFI_SIZE_TO_PAGES (InfoSize)); + if (Info =3D=3D NULL) { + ASSERT (Info !=3D NULL); + return FALSE; + } + + for (InfoSize =3D 0, Index =3D 0; Index < ARRAY_SIZE (InfoGroup); ++Inde= x) { + CopyMem (Info + InfoSize, InfoGroup[Index].Data, InfoGroup[Index].Size= ); + InfoSize +=3D InfoGroup[Index].Size; + } + + Status =3D HkdfSha256ExtractAndExpand ( + VarEncInfo->Key, + VarEncInfo->KeySize, + Salt, + 0, + Info, + InfoSize, + EncKey, + EncKeySize + ); + + FreePages (Info, EFI_SIZE_TO_PAGES (InfoSize)); + + return Status; +} + +/** + Generate init-vector for AES encryption. + + @param[out] InitVector IVEC buffer. + @param[in] Size Size of IVEC requested. + + @retval TRUE IVEC was generated successfully. + @retval FALSE Failed to generate IVEC. + +**/ +STATIC +BOOLEAN +EncVarLibGenIvec ( + OUT UINT8 *InitVector, + IN UINTN Size + ) +{ + return RandomBytes (InitVector, Size); +} + +/** + Check if there's valid variable information needed by encrypting or decr= ypting. + + @param[in] VarEncInfo Buffer conveying details about a variable. + @param[in] CheckForEnc Flag indicating check for encrypting (TRUE) = or + decrypting (FALSE). + + @retval TRUE VarEncInfo is valid. + @retval FALSE VarEncInfo is invalid. + +**/ +STATIC +BOOLEAN +IsValidVariableInfo ( + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo, + IN BOOLEAN CheckForEnc + ) +{ + BOOLEAN Valid; + + if (CheckForEnc) { + Valid =3D (VarEncInfo->Header.Data !=3D NULL && VarEncInfo->Header.Dat= aSize > 0) + || (VarEncInfo->PlainData !=3D NULL && VarEncInfo->PlainDataSi= ze > 0); + if (!Valid) { + ASSERT ( + (VarEncInfo->Header.Data !=3D NULL && VarEncInfo->Header.DataSize = > 0) + || (VarEncInfo->PlainData !=3D NULL && VarEncInfo->PlainDataS= ize > 0) + ); + } + } else { + Valid =3D (VarEncInfo->Header.Data !=3D NULL && VarEncInfo->Header.Dat= aSize > 0) + || (VarEncInfo->CipherData !=3D NULL && VarEncInfo->CipherData= Size > 0); + if (!Valid) { + ASSERT ( + (VarEncInfo->Header.Data !=3D NULL && VarEncInfo->Header.DataSize = > 0) + || (VarEncInfo->CipherData !=3D NULL && VarEncInfo->CipherDat= aSize > 0) + ); + } + } + + Valid =3D Valid + && VarEncInfo->Header.VariableName !=3D NULL + && VarEncInfo->Header.NameSize > 0 + && VarEncInfo->Header.VendorGuid !=3D NULL + && VarEncInfo->Key !=3D NULL + && VarEncInfo->KeySize > 0; + if (!Valid) { + ASSERT (VarEncInfo->Header.VariableName !=3D NULL); + ASSERT (VarEncInfo->Header.NameSize !=3D 0); + ASSERT (VarEncInfo->Header.VendorGuid !=3D NULL); + ASSERT (VarEncInfo->Key !=3D NULL); + ASSERT (VarEncInfo->KeySize > 0); + } + + return Valid; +} + +/** + Sanity check of encrption header prefixed to encrypted data. + + @param[in] EncHeader Pointer to VARIABLE_ENCRYPTION_HEADER. + @param[in] DataSize Size of variable data payload. + + @retval TRUE EncHeader is valid. + @retval FALSE EncHeader is invalid. + +**/ +STATIC +BOOLEAN +IsValidEncrptionHeader ( + IN VARIABLE_ENCRYPTION_HEADER *EncHeader, + IN UINT32 DataSize + ) +{ + if ( (DataSize > sizeof (VARIABLE_ENCRYPTION_HEADER)) + && ((EncHeader->DataType =3D=3D ENC_TYPE_AES) || (EncHeader->DataType= =3D=3D ENC_TYPE_NULL)) + && (EncHeader->HeaderSize >=3D sizeof (VARIABLE_ENCRYPTION_HEADER)) + && (EncHeader->CipherDataSize > 0) + && ((EncHeader->CipherDataSize % ENC_BLOCK_SIZE) =3D=3D 0) + && (EncHeader->PlainDataSize > 0) + && (EncHeader->PlainDataSize <=3D EncHeader->CipherDataSize) + && ((EncHeader->CipherDataSize + EncHeader->HeaderSize) <=3D DataSize= )) + { + return TRUE; + } + + return FALSE; +} + +/** + Encrypt variable data. + + If VarEncInfo->PlainData is not NULL, VarEncInfo->PlainData holds the pl= ain + data. Otherwise, VarEncInfo->Headr.Data is supposed to be the plain data. + + If VarEncInfo->CipherData is not NULL, The encrypted data is stored in + VarEncInfo->CipherData. Otherwise, the encrypted data is stored directly + in variable data buffer, i.e. VarEncInfo->Headr.Data. + + @param[in, out] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS Variable was encrypted successfully. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_BUFFER_TOO_SMALL VarEncInfo->CipherData is not NULL but + VarEncInfo->CipherDataSize is too small. + @retval EFI_ABORTED Uknown error occurred during encrypting. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. + +**/ +EFI_STATUS +EFIAPI +EncryptVariable ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + EFI_STATUS Status; + VOID *AesContext; + UINT8 EncKey[ENC_KEY_SIZE]; + UINT8 Ivec[ENC_IVEC_SIZE]; + UINT8 *PlainBuffer; + UINT8 *CipherBuffer; + UINT8 *PlainData; + UINT32 PlainDataSize; + VARIABLE_ENCRYPTION_HEADER *CipherData; + UINT32 CipherDataSize; + UINT32 PaddingBytes; + + Status =3D EFI_ABORTED; + AesContext =3D NULL; + PlainBuffer =3D NULL; + CipherBuffer =3D NULL; + + if (!IsValidVariableInfo (VarEncInfo, TRUE)) { + return EFI_INVALID_PARAMETER; + } + + if (VarEncInfo->PlainData !=3D NULL) { + PlainData =3D VarEncInfo->PlainData; + PlainDataSize =3D VarEncInfo->PlainDataSize; + } else { + PlainData =3D VarEncInfo->Header.Data; + PlainDataSize =3D (UINT32)VarEncInfo->Header.DataSize; + } + + CipherDataSize =3D AES_CIPHER_DATA_SIZE (PlainDataSize); + if (VarEncInfo->CipherData !=3D NULL) { + if (VarEncInfo->CipherDataSize + < (CipherDataSize + sizeof (VARIABLE_ENCRYPTION_HEADER))) + { + VarEncInfo->CipherDataSize =3D CipherDataSize + + sizeof (VARIABLE_ENCRYPTION_HEADER); + return EFI_BUFFER_TOO_SMALL; + } + + CipherData =3D VarEncInfo->CipherData; + } else { + CipherData =3D VarEncInfo->Header.Data; + } + + // + // Prepare buffer for encrypted data. + // + if ((UINTN)CipherData =3D=3D (UINTN)PlainData) { + // + // Need buffer to store the encrypted data temporarily. + // + CipherBuffer =3D (UINT8 *)AllocateZeroPool ( + CipherDataSize + + sizeof (VARIABLE_ENCRYPTION_HEADER) + ); + if (CipherBuffer =3D=3D NULL) { + ASSERT (CipherBuffer !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + } else { + CipherBuffer =3D (UINT8 *)CipherData; + } + + // + // Plain variable data must also be multiple of ENC_BLOCK_SIZE. + // + PaddingBytes =3D ALIGN_VALUE (PlainDataSize, ENC_BLOCK_SIZE) - PlainData= Size; + if (PaddingBytes !=3D 0) { + // + // Since the plain data size will be saved in the VARIABLE_ENCRYPTION_= HEADER, + // there's no need to do PKCS way of padding. To save space, just padd= ing + // the plain data to be of the nearest n*ENC_BLOCK_SIZE. + // + PlainBuffer =3D AllocateZeroPool (PlainDataSize + PaddingBytes); + if (PlainBuffer =3D=3D NULL) { + ASSERT (PlainBuffer !=3D NULL); + goto Done; + } + + CopyMem (PlainBuffer, PlainData, PlainDataSize); + SetMem (PlainBuffer + PlainDataSize, PaddingBytes, ENC_PADDING_BYTE); + } else { + PlainBuffer =3D PlainData; + } + + // + // Skip EFI_VARIABLE_APPEND_WRITE bit in generating encryption key. + // + VarEncInfo->Header.Attributes &=3D (~EFI_VARIABLE_APPEND_WRITE); + if (!EncVarLibGenEncKey (VarEncInfo, ENC_KEY_SIZE, EncKey)) { + ASSERT (FALSE); + return EFI_ABORTED; + } + + if (!EncVarLibGenIvec (Ivec, ENC_IVEC_SIZE)) { + ASSERT (FALSE); + return EFI_ABORTED; + } + + AesContext =3D AllocateZeroPool (AesGetContextSize ()); + if (AesContext =3D=3D NULL) { + ASSERT (AesContext !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + if (!AesInit (AesContext, EncKey, ENC_KEY_SIZE * 8)) { + ASSERT (FALSE); + goto Done; + } + + if (AesCbcEncrypt ( + AesContext, + PlainBuffer, + PlainDataSize + PaddingBytes, + Ivec, + CipherBuffer + sizeof (VARIABLE_ENCRYPTION_HEADER) + )) + { + // + // Keep the IV for decryption. + // + CopyMem (CipherData->KeyIvec, Ivec, ENC_BLOCK_SIZE); + + if ((UINTN)CipherBuffer !=3D (UINTN)CipherData) { + CopyMem ( + CipherData + 1, + CipherBuffer + sizeof (VARIABLE_ENCRYPTION_HEADER), + CipherDataSize + ); + } + + CipherData->CipherDataSize =3D CipherDataSize; + CipherData->PlainDataSize =3D PlainDataSize; + CipherData->DataType =3D ENC_TYPE_AES; + CipherData->HeaderSize =3D sizeof (VARIABLE_ENCRYPTION_HEADER); + + VarEncInfo->CipherData =3D CipherData; + VarEncInfo->CipherDataSize =3D CipherDataSize + sizeof (VARIABLE_ENC= RYPTION_HEADER); + VarEncInfo->CipherHeaderSize =3D sizeof (VARIABLE_ENCRYPTION_HEADER); + VarEncInfo->CipherDataType =3D ENC_TYPE_AES; + + Status =3D EFI_SUCCESS; + } else { + VarEncInfo->CipherData =3D NULL; + VarEncInfo->CipherDataSize =3D 0; + VarEncInfo->CipherHeaderSize =3D 0; + VarEncInfo->CipherDataType =3D ENC_TYPE_NULL; + + ASSERT (FALSE); + } + +Done: + FREE_POOL (AesContext); + if (PlainBuffer !=3D PlainData) { + FREE_POOL (PlainBuffer); + } + + if (CipherBuffer !=3D (UINT8 *)CipherData) { + FREE_POOL (CipherBuffer); + } + + return Status; +} + +/** + Decrypt variable data. + + If VarEncInfo->CipherData is not NULL, it must holds the cipher data to = be + decrypted. Otherwise, assume the cipher data from variable data buffer, = i.e. + VarEncInfo->Header.Data. + + If VarEncInfo->Flags.DecryptInPlace is TRUE, the decrypted data will be = put + back in the same buffer as cipher buffer got above, after encryption hea= der, + which helps to identify later if the data in buffer is decrypted or not.= This + can avoid repeat decryption when accessing the same variable more than o= nce. + + If VarEncInfo->Flags.DecryptInPlace is FALSE, VarEncInfo->PlainData must= be + passed in with a valid buffer with VarEncInfo->PlainDataSize set correct= ly + with its size. + + Note the VarEncInfo->PlainData is always pointing to the buffer address = with + decrypted data without encryption header, and VarEncInfo->PlainDataSize = is + always the size of original variable data, if this function returned + successfully. + + @param[in, out] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS Variable was decrypted successfully. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_BUFFER_TOO_SMALL VarEncInfo->PlainData is not NULL but + VarEncInfo->PlainDataSize is too small. + @retval EFI_ABORTED Uknown error occurred during decrypting. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_COMPROMISED_DATA The cipher header is not valid. + @retval EFI_UNSUPPORTED Unsupported to encrypt variable. + +**/ +EFI_STATUS +EFIAPI +DecryptVariable ( + IN OUT VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + VOID *AesContext; + UINT8 EncKey[ENC_KEY_SIZE]; + UINT8 *PlainBuffer; + UINT8 *PlainData; + VARIABLE_ENCRYPTION_HEADER *CipherData; + UINT32 CipherDataSize; + EFI_STATUS Status; + + Status =3D EFI_ABORTED; + AesContext =3D NULL; + PlainBuffer =3D NULL; + + if (!IsValidVariableInfo (VarEncInfo, FALSE)) { + return EFI_INVALID_PARAMETER; + } + + if (VarEncInfo->CipherData !=3D NULL) { + CipherData =3D VarEncInfo->CipherData; + CipherDataSize =3D VarEncInfo->CipherDataSize; + } else { + CipherData =3D VarEncInfo->Header.Data; + CipherDataSize =3D (UINT32)VarEncInfo->Header.DataSize; + } + + // + // Sanity check of cipher header. + // + if (!IsValidEncrptionHeader (CipherData, CipherDataSize)) { + return EFI_COMPROMISED_DATA; + } + + if ( (VarEncInfo->PlainData !=3D NULL) + && (VarEncInfo->PlainDataSize < CipherData->PlainDataSize)) + { + VarEncInfo->PlainDataSize =3D CipherData->PlainDataSize; + return EFI_BUFFER_TOO_SMALL; + } + + if (CipherData->DataType =3D=3D ENC_TYPE_AES) { + if (VarEncInfo->Flags.DecryptInPlace) { + // + // Reusing cipher data buffer needs to keep the encryption header. + // + PlainData =3D (UINT8 *)CipherData + CipherData->HeaderSize; + } else { + PlainData =3D VarEncInfo->PlainData; + } + + if (PlainData =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Always need buffer to store the decrypted data temporarily, due to + // padding bytes or buffer reuse. Then the buffer must be larger than + // CipherData->PlainDataSize. + // + PlainBuffer =3D AllocatePages (EFI_SIZE_TO_PAGES (CipherDataSize)); + if (PlainBuffer =3D=3D NULL) { + ASSERT (PlainBuffer !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + if (!EncVarLibGenEncKey (VarEncInfo, ENC_KEY_SIZE, EncKey)) { + ASSERT (FALSE); + goto Done; + } + + AesContext =3D AllocatePages (EFI_SIZE_TO_PAGES (AesGetContextSize ())= ); + if (AesContext =3D=3D NULL) { + ASSERT (AesContext !=3D NULL); + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + + if (!AesInit (AesContext, EncKey, ENC_KEY_SIZE * 8)) { + ASSERT (FALSE); + goto Done; + } + + if (AesCbcDecrypt ( + AesContext, + (UINT8 *)CipherData + CipherData->HeaderSize, + CipherDataSize - CipherData->HeaderSize, + CipherData->KeyIvec, + PlainBuffer + )) + { + Status =3D EFI_SUCCESS; + } else { + Status =3D EFI_COMPROMISED_DATA; + } + } else { + // + // The data has been decrypted already. + // + PlainBuffer =3D (UINT8 *)CipherData + CipherData->HeaderSize; + + if (VarEncInfo->PlainData !=3D NULL) { + PlainData =3D VarEncInfo->PlainData; + } else { + PlainData =3D PlainBuffer; + } + + Status =3D EFI_SUCCESS; + } + + if (!EFI_ERROR (Status)) { + if (PlainBuffer !=3D PlainData) { + CopyMem (PlainData, PlainBuffer, CipherData->PlainDataSize); + } + + if (VarEncInfo->PlainData !=3D NULL) { + if (VarEncInfo->PlainData !=3D PlainBuffer) { + CopyMem (VarEncInfo->PlainData, PlainBuffer, CipherData->PlainData= Size); + } + } else { + VarEncInfo->PlainData =3D PlainData; + } + + VarEncInfo->PlainDataSize =3D CipherData->PlainDataSize; + VarEncInfo->CipherHeaderSize =3D CipherData->HeaderSize; + VarEncInfo->CipherDataType =3D CipherData->DataType; + + if (VarEncInfo->Flags.DecryptInPlace) { + CipherData->DataType =3D ENC_TYPE_NULL; + } + } + +Done: + if (AesContext !=3D NULL) { + FreePages (AesContext, EFI_SIZE_TO_PAGES (AesGetContextSize ())); + } + + if (PlainBuffer !=3D NULL) { + FreePages (PlainBuffer, EFI_SIZE_TO_PAGES ((CipherDataSize))); + } + + return Status; +} + +/** + Get cipher information about a variable, including plaindata size, + cipher algorithm type, etc. + + For data passed in with VarEncInfo, + + VarEncInfo->Header.Data + - The variable data in normal variable structure. + VarEncInfo->Header.DataSize + - The size of variable data. + + For data passed out with VarEncInfo (valid only if EFI_SUCCESS is return= ed), + + VarEncInfo->CipherDataType + - ENC_TYPE_NULL, if the variable is not encrypted or has been decryp= ted; + - ENC_TYPE_AES, if the variable is encrypted. + VarEncInfo->CipherHeaderSize + - Size of cipher header put before encrypted or decrypted data. + VarEncInfo->PlainData + - NULL, if the variable is encrypted; Or + - pointer to original variable data, if the variable has been decryp= ted. + VarEncInfo->PlainDataSize + - The size of original variable data + VarEncInfo->CipherData + - NULL, if the variable is decrypted; Or + - pointer to start of encrypted variable data, including encryption = header; + VarEncInfo->CipherDataSize + - The size of encrypted variable data, including encryption header. + + @param[in] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS The information was retrieved successful= ly. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_NOT_FOUND No cipher information recognized. + @retval EFI_UNSUPPORTED Unsupported interface. + +**/ +EFI_STATUS +EFIAPI +GetCipherDataInfo ( + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + VARIABLE_ENCRYPTION_HEADER *EncHeader; + + if ((VarEncInfo->Header.Data =3D=3D NULL) || (VarEncInfo->Header.DataSiz= e =3D=3D 0)) { + ASSERT (VarEncInfo->Header.Data !=3D NULL); + ASSERT (VarEncInfo->Header.DataSize !=3D 0); + return EFI_INVALID_PARAMETER; + } + + // + // Validate encryption header. + // + EncHeader =3D (VARIABLE_ENCRYPTION_HEADER *)VarEncInfo->Header.Data; + if (!IsValidEncrptionHeader (EncHeader, (UINT32)VarEncInfo->Header.DataS= ize)) { + // + // Not an encrypted variable. + // + return EFI_NOT_FOUND; + } + + if (EncHeader->DataType =3D=3D ENC_TYPE_NULL) { + // + // The data must have been decrypted. + // + VarEncInfo->PlainData =3D (UINT8 *)VarEncInfo->Header.Data = + EncHeader->HeaderSize; + VarEncInfo->CipherData =3D NULL; + VarEncInfo->Flags.DecryptInPlace =3D TRUE; + } else { + // + // The data is encrypted. + // + VarEncInfo->CipherData =3D VarEncInfo->Header.Data; + VarEncInfo->PlainData =3D NULL; + VarEncInfo->Flags.DecryptInPlace =3D FALSE; + } + + VarEncInfo->PlainDataSize =3D EncHeader->PlainDataSize; + VarEncInfo->CipherDataSize =3D EncHeader->CipherDataSize + EncHeader->= HeaderSize; + VarEncInfo->CipherDataType =3D EncHeader->DataType; + VarEncInfo->CipherHeaderSize =3D EncHeader->HeaderSize; + + return EFI_SUCCESS; +} + +/** + Force set cipher information for a variable, like plaindata size, + cipher algorithm type, cipher data etc. + + The destination buffer must be passed via VarEncInfo->Header.Data. + + This method is only used to update and/or change plain data information. + + @param[in] VarEncInfo Pointer to structure containing detailed + information about a variable. + + @retval EFI_SUCCESS The information was updated successfully. + @retval EFI_INVALID_PARAMETER Variable information in VarEncInfo is in= valid. + @retval EFI_UNSUPPORTED If this method is not supported. + +**/ +EFI_STATUS +EFIAPI +SetCipherDataInfo ( + IN VARIABLE_ENCRYPTION_INFO *VarEncInfo + ) +{ + VARIABLE_ENCRYPTION_HEADER *EncHeader; + UINT8 *Data; + + if ( (VarEncInfo->Header.Data =3D=3D NULL) + || (VarEncInfo->Header.DataSize < sizeof (VARIABLE_ENCRYPTION_HEADER)) + || (VarEncInfo->CipherDataType !=3D ENC_TYPE_NULL)) + { + ASSERT (VarEncInfo->Header.Data !=3D NULL); + ASSERT (VarEncInfo->Header.DataSize >=3D sizeof (VARIABLE_ENCRYPTION_H= EADER)); + ASSERT (VarEncInfo->CipherDataType =3D=3D ENC_TYPE_NULL); + return EFI_INVALID_PARAMETER; + } + + Data =3D VarEncInfo->Header.Data; + EncHeader =3D (VARIABLE_ENCRYPTION_HEADER *)Data; + + if ( !IsValidEncrptionHeader (EncHeader, (UINT32)VarEncInfo->Header.Dat= aSize) + || (VarEncInfo->PlainDataSize > EncHeader->CipherDataSize)) + { + return EFI_INVALID_PARAMETER; + } + + if ((VarEncInfo->PlainData !=3D NULL) && (VarEncInfo->PlainDataSize > 0)= ) { + CopyMem ( + Data + EncHeader->HeaderSize, + VarEncInfo->PlainData, + VarEncInfo->PlainDataSize + ); + } + + EncHeader->DataType =3D VarEncInfo->CipherDataType; + if (VarEncInfo->PlainDataSize !=3D 0) { + EncHeader->PlainDataSize =3D VarEncInfo->PlainDataSize; + } + + return EFI_SUCCESS; +} --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95997): https://edk2.groups.io/g/devel/message/95997 Mute This Topic: https://groups.io/mt/94840833/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95998+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95998+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720149; cv=none; d=zohomail.com; s=zohoarc; b=F/50uCCICEujgWG7hfosmd6ha41IsAniuTQOr8KfbPnE380HzVgFBlEFSKZNXeHDsEgDXT/EszJF4RUqQFlrtQe9iYPWCdFcgmhlBceMTG4DHOET1Vq/je+lJTfGe5HAaKM0AGQsCjmy/diOQG0IMSYe7gtjGhYpXOxuFMSyhvM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720149; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=P+sl4hYUo6x7dNuJSG6RduYJfA4H1zr2W2MIgFToad0=; b=APefhsIr6h8q+4c0rBey4YM19cEjerhwL+8aD/dJYK0DwP7EOno88PS2SBO9fZSCXl76VxouuT8fq2xAyMbA8/nJKTCfAK81Dlj7zloOPpuqw/AKbnhK93kq/2t087lU94yCnA4qMKk8S6I0F4HTrIBDkkvi3BO+S5QIn4phKXY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95998+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720149013585.072435957221; Sun, 6 Nov 2022 00:35:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QUN2YY1788612xqYY1JAdxIO; Sun, 06 Nov 2022 00:35:48 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.14307.1667720143790244062 for ; Sun, 06 Nov 2022 00:35:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534282" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534282" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:33 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513501" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513501" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:32 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Min Xu , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 18/19] SecurityPkg: Add Protected Variable Services Date: Sun, 6 Nov 2022 00:35:08 -0700 Message-Id: <20221106073509.3071-19-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: OYFwq7AfKnFOpqFbgNjWSJoTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720148; bh=U5eTYWBZZDIlrC/QVVi/nyqkdElMC6V9KfEJiiqr8Qg=; h=Cc:Date:From:Reply-To:Subject:To; b=cnGsXV7ZJsYllCewngD7V7U35I/Y+OTQ7pVxAZ2qfKVno+I9fwuOAxvw6wMVZI8Jmcw HaO4mx5Af7dIRb/kTWLqhxBXc6EQ9VKZWkHHZhza38mGy/Pfn0UoOIg+hsYieIt4PJwKy RARndg2Bw//sqUPVoCCwNrg8mjG+BFjp4M4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720151056100074 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 V5: Applied code review comments. Remove unused API. V3: Change placement of buffer used for confidentiality crypto operation to fix an issue when enabling confidentiality. Remove un-needed increment of monotonic counter. V1: Add Protected Variable Services across the different UEFI phases. Functions includes creating variable digest, performing integrity check, initializing protected variables, updating protected variables, and verifying the MetaDataHmacVar variable. This module prevents UEFI variable tampering. It provides variable integrity and confidentiality. Cc: Jian J Wang Cc: Jiewen Yao Cc: Min Xu Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang --- SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf = | 64 + SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf = | 68 + SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf = | 67 + SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLib.in= f | 62 + SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h = | 589 ++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c = | 2103 ++++++++++++++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c = | 163 ++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c = | 1327 ++++++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c = | 209 ++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeCommon.c = | 967 +++++++++ SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c = | 233 +++ 11 files changed, 5852 insertions(+) diff --git a/SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableL= ib.inf b/SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.i= nf new file mode 100644 index 000000000000..74a0285af7ef --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf @@ -0,0 +1,64 @@ +## @file +# Provides protected variable services for EmulatorPkg. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D DxeProtectedVariableLib + MODULE_UNI_FILE =3D ProtectedVariableLib.uni + FILE_GUID =3D 6F424E10-0F75-4716-9F97-58C2E1C643AD + MODULE_TYPE =3D DXE_RUNTIME_DRIVER + VERSION_STRING =3D 0.1 + LIBRARY_CLASS =3D ProtectedVariableLib|DXE_RUNTIME_DRIV= ER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + ProtectedVariableDxe.c + ProtectedVariableCommon.c + ProtectedVariableSmmDxeCommon.c + ProtectedVariableInternal.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + HobLib + BaseCryptLib + EncryptionVariableLib + RpmcLib + HashApiLib + SortLib + +[Protocols] + gEfiVariableWriteArchProtocolGuid + +[Guids] + gEdkiiMetaDataHmacVariableGuid + gEdkiiProtectedVariableGlobalGuid + gEdkiiVarErrorFlagGuid + gEdkiiProtectedVariableContextGuid + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize diff --git a/SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableL= ib.inf b/SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.i= nf new file mode 100644 index 000000000000..44c959a94ca3 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf @@ -0,0 +1,68 @@ +## @file +# Provides protected variable services. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D PeiProtectedVariableLib + MODULE_UNI_FILE =3D ProtectedVariableLib.uni + FILE_GUID =3D 76FBFBCE-ACBB-4084-A348-8FCC97AAEB9D + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 0.1 + LIBRARY_CLASS =3D ProtectedVariableLib|PEIM + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# + +[Sources] + ProtectedVariablePei.c + ProtectedVariableCommon.c + ProtectedVariableInternal.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + HobLib + BaseCryptLib + RpmcLib + VariableKeyLib + EncryptionVariableLib + ReportStatusCodeLib + PeiServicesLib + HashApiLib + SortLib + +[Guids] + gEdkiiMetaDataHmacVariableGuid + gEdkiiProtectedVariableGlobalGuid + gEdkiiVarErrorFlagGuid + gEdkiiProtectedVariableContextGuid + +[Ppis] + gEfiPeiMemoryDiscoveredPpiGuid + gEfiPeiVariableStoreDiscoveredPpiGuid + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeVariableIntegrity + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize diff --git a/SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableL= ib.inf b/SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.i= nf new file mode 100644 index 000000000000..ecf0b1a43d30 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf @@ -0,0 +1,67 @@ +## @file +# Provides protected variable services. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D SmmProtectedVariableLib + MODULE_UNI_FILE =3D ProtectedVariableLib.uni + FILE_GUID =3D 2BEE71E5-259B-4057-A2C1-2115DF43C76A + MODULE_TYPE =3D DXE_SMM_DRIVER + VERSION_STRING =3D 0.1 + LIBRARY_CLASS =3D ProtectedVariableLib|DXE_SMM_DRIVER M= M_STANDALONE + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + ProtectedVariableSmm.c + ProtectedVariableCommon.c + ProtectedVariableSmmDxeCommon.c + ProtectedVariableInternal.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + HobLib + BaseCryptLib + EncryptionVariableLib + RpmcLib + VariableKeyLib + HashApiLib + SortLib + +[Protocols] + gEfiMmEndOfDxeProtocolGuid + +[Guids] + gSmmVariableWriteGuid + gEdkiiMetaDataHmacVariableGuid + gEdkiiProtectedVariableGlobalGuid + gEdkiiVarErrorFlagGuid + gEdkiiProtectedVariableContextGuid + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize + diff --git a/SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVa= riableLib.inf b/SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtecte= dVariableLib.inf new file mode 100644 index 000000000000..011ccdce2db8 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableL= ib.inf @@ -0,0 +1,62 @@ +## @file +# Provides protected variable services. +# +# Copyright (c) 2022, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010029 + BASE_NAME =3D SmmRuntimeProtectedVariableLib + MODULE_UNI_FILE =3D ProtectedVariableLib.uni + FILE_GUID =3D 99A623DE-1AD3-4AB3-909D-E3AADD7845EF + MODULE_TYPE =3D DXE_RUNTIME_DRIVER + VERSION_STRING =3D 0.1 + LIBRARY_CLASS =3D ProtectedVariableLib|DXE_DRIVER DXE_R= UNTIME_DRIVER + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + ProtectedVariableSmmRuntime.c + ProtectedVariableCommon.c + ProtectedVariableInternal.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + HobLib + BaseCryptLib + EncryptionVariableLib + RpmcLib + HashApiLib + SortLib + +[Guids] + gEfiEventVirtualAddressChangeGuid + gEdkiiMetaDataHmacVariableGuid + gEdkiiProtectedVariableGlobalGuid + gEdkiiVarErrorFlagGuid + gEdkiiProtectedVariableContextGuid + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableName + gEfiSecurityPkgTokenSpaceGuid.PcdPlatformVariableGuid + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableIntegrity + gEfiSecurityPkgTokenSpaceGuid.PcdProtectedVariableConfidentiality + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize + diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInte= rnal.h b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal= .h new file mode 100644 index 000000000000..7948649b21bd --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableInternal.h @@ -0,0 +1,589 @@ +/** @file + Definitions shared among different implementation of ProtectedVariableLi= b. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef PROTECTED_VARIABLE_INTERNAL_H_ +#define PROTECTED_VARIABLE_INTERNAL_H_ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#define VARIABLE_KEY_SIZE (256/8) + +#define METADATA_HMAC_SIZE (256/8) +#define METADATA_HMAC_KEY_NAME L"HMAC_KEY" +#define METADATA_HMAC_KEY_NAME_SIZE 0x10 + +#define METADATA_HMAC_SEP L":" +#define METADATA_HMAC_SEP_SIZE 2 + +#define METADATA_HMAC_VARIABLE_NAME L"MetaDataHmacVar" +#define METADATA_HMAC_VARIABLE_NAME_SIZE sizeof (METADATA_HMAC_VARIABLE_N= AME) +#define METADATA_HMAC_VARIABLE_GUID gEdkiiMetaDataHmacVariableGuid +#define METADATA_HMAC_VARIABLE_ATTR VARIABLE_ATTRIBUTE_NV_BS_RT + +#define DIGEST_CONTEXT_SIZE (HashApiGetContextSize()) + +#define MAX_VARIABLE_SIZE = \ + MAX (MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxAuthVariableSiz= e)), \ + PcdGet32 (PcdMaxHardwareErrorVariableSize)) + +#define IS_VARIABLE(Var, Name, Guid) \ + (StrCmp ((Var)->VariableName, (Name)) =3D=3D 0 \ + && CompareGuid ((CONST EFI_GUID *)(Var)->VendorGuid, (CONST EFI_GUID *)= (Guid))) + +#define VARIABLE_SIZE(VarInfo) \ + (((UINTN)(VarInfo)->Header.Data - (UINTN)(VarInfo)->Buffer) \ + + (VarInfo)->Header.DataSize \ + + GET_PAD_SIZE ((VarInfo)->Header.DataSize)) + +#define VARIABLE_HEADER_SIZE(AuthFlag) \ + ((AuthFlag) ? sizeof (AUTHENTICATED_VARIABLE_HEADER) \ + : sizeof (VARIABLE_HEADER)) + +#define VARIABLE_NAME(Var, AuthFlag) \ + ((CHAR16 *)((UINTN)(Var) + VARIABLE_HEADER_SIZE(AuthFlag))) + +#define VARIABLE_START(VarStore) \ + ((VARIABLE_HEADER *)HEADER_ALIGN ((VARIABLE_STORE_HEADER *)(VarStore) += 1)) + +#define VARIABLE_END(VarStore) \ + ((VARIABLE_HEADER *)HEADER_ALIGN ((UINTN)(VarStore) \ + + ((VARIABLE_STORE_HEADER *)(VarStore))->Size)) + +#define SET_VARIABLE_DATA_SIZE(VarInfo, Size) = \ + if ((VarInfo)->Flags.Auth) { = \ + ((AUTHENTICATED_VARIABLE_HEADER *)((VarInfo)->Buffer))->DataSize =3D S= ize; \ + (VarInfo)->Header.DataSize =3D Size; = \ + } else { = \ + ((VARIABLE_HEADER *)((VarInfo)->Buffer))->DataSize =3D Size; = \ + (VarInfo)->Header.DataSize =3D Size; = \ + } + +#define IS_KNOWN_UNPROTECTED_VARIABLE(Global, VarInfo) \ + (CheckKnownUnprotectedVariable ((Global), (VarInfo)) < UnprotectedVarInd= exMax) + +#define GET_CNTX(Global) ((PROTECTED_VARIABLE_CONTEXT_IN *)(UINTN)((Glob= al)->ContextIn)) +#define GET_BUFR(Address) ((VOID *)(UINTN)(Address)) +#define GET_ADRS(Buffer) ((EFI_PHYSICAL_ADDRESS)(UINTN)(Buffer)) + +typedef struct _VARIABLE_IDENTIFIER { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; + UINT8 State; +} VARIABLE_IDENTIFIER; + +typedef enum { + IndexHmacInDel =3D 0, /// MetaDataHmacVar with state VAR_IN_DELETED_= TRANSITION + IndexHmacAdded, /// MetaDataHmacVar with state VAR_ADDED + IndexErrorFlag, /// VarErrorFlag + IndexPlatformVar, /// Platform Variable + UnprotectedVarIndexMax +} UNPROTECTED_VARIABLE_INDEX; + +#pragma pack(1) + +#define PROTECTED_VARIABLE_CONTEXT_OUT_STRUCT_VERSION 0x02 + +typedef struct _PROTECTED_VARIABLE_FLAG { + BOOLEAN Auth; // Authenticated variable format + BOOLEAN WriteInit; // Write-init-done + BOOLEAN WriteReady; // Ready-to-write + BOOLEAN RecoveryMode; // Variable storage recovery or provisioning + BOOLEAN CacheReady; // Indicates Cache is available + BOOLEAN Reserved; // reserved +} PROTECTED_VARIABLE_FLAG; + +typedef struct _PROTECTED_VARIABLE_GLOBAL { + UINT32 StructVersion; + UINT32 StructSize; + + /// + /// Variable root key used to derive Encryption key and HMAC key. + /// + UINT8 RootKey[VARIABLE_KEY_SIZE]; + /// + /// HMAC key derived from RootKey. + /// + UINT8 MetaDataHmacKey[VARIABLE_KEY_SIZE]; + /// + /// Number of variables in linked list pointed by VariableDigests. + /// + UINT32 VariableNumber; + /// + /// Size of memory reserved by VariableCache. + /// + UINT32 VariableCacheSize; + /// + /// Memory reserved to temporarily hold data of one variable, for integr= ity + /// validation purpose. + /// + EFI_PHYSICAL_ADDRESS VariableCache; + /// + /// Pointer to linked list, in which each node holds the digest value of= each + /// variable. + /// + EFI_PHYSICAL_ADDRESS VariableDigests; + /// + /// Memory reserved for Context used in hash API to avoid repeat alloc/f= ree. + /// + EFI_PHYSICAL_ADDRESS DigestContext; + /// + /// Pointer to one of node in linked list pointed by VariableDigests, wh= ich + /// has been just accessed. This is mainly used to facilitate the two ca= lls + /// use case of GetVariable(). + /// + EFI_PHYSICAL_ADDRESS LastAccessedVariable; + /// + /// Cached copy of pointers to nodes of unprotected variables in the lin= ked + /// list pointed by VariableDigests. + /// + EFI_PHYSICAL_ADDRESS Unprotected[UnprotectedVarIndexMax]; + /// + /// Pointer to data structure holding helper functions passed by user of + /// ProtectedVariableLib, most of which are used to complete operations = on + /// variable storage. + /// + EFI_PHYSICAL_ADDRESS ContextIn; + + /// + /// Pointer to Global data structure. This is to hold pre-mem address va= lue. + /// Later to be used to identify pre-mem to post-mem transition. + /// + EFI_PHYSICAL_ADDRESS GlobalSelf; + + PROTECTED_VARIABLE_FLAG Flags; +} PROTECTED_VARIABLE_GLOBAL; + +#pragma pack() + +/* Sort method function pointer taking two parameters */ +typedef +INTN +(*SORT_METHOD) ( + IN VARIABLE_DIGEST *Variable1, + IN VARIABLE_DIGEST *Variable2 + ); + +/* Update variable digest data function pointer */ +typedef +BOOLEAN +(*DIGEST_UPDATE) ( + IN OUT VOID *Context, + IN VOID *Data, + IN UINTN DataSize + ); + +/** + + Print variable information + + @param[in] Data8 Pointer to data + @param[out] DataSize Size of data + +**/ +VOID +PrintVariableData ( + IN UINT8 *Data8, + IN UINTN DataSize + ); + +/** + + Derive HMAC key from given variable root key. + + @param[in] RootKey Pointer to root key to derive from. + @param[in] RootKeySize Size of root key. + @param[out] HmacKey Pointer to generated HMAC key. + @param[in] HmacKeySize Size of HMAC key. + + @retval TRUE The HMAC key is derived successfully. + @retval FALSE Failed to generate HMAC key from given root key. + +**/ +BOOLEAN +EFIAPI +GenerateMetaDataHmacKey ( + IN CONST UINT8 *RootKey, + IN UINTN RootKeySize, + OUT UINT8 *HmacKey, + IN UINTN HmacKeySize + ); + +/** + + Digests the given variable data and updates HMAC context. + + @param[in,out] Context Pointer to initialized HMAC context. + @param[in] VarInfo Pointer to variable data. + + @retval TRUE HMAC context was updated successfully. + @retval FALSE Failed to update HMAC context. + +**/ +BOOLEAN +UpdateVariableMetadataHmac ( + IN VOID *Context, + IN PROTECTED_VARIABLE_INFO *VarInfo + ); + +/** + + Re-calculate HMAC based on new variable data and re-generate MetaDataHma= cVar. + + @param[in] Global Pointer to global configuration data. + @param[in] NewVarInfo Pointer to buffer of new variable data. + @param[in,out] NewHmacVarInfo Pointer to buffer of new MetaDataHmacVar. + + @return EFI_SUCCESS The HMAC value was updated successfully. + @return EFI_ABORTED Failed to calculate the HMAC value. + @return EFI_OUT_OF_RESOURCES Not enough resource to calculate HMC value. + @return EFI_NOT_FOUND The MetaDataHmacVar was not found in stora= ge. + +**/ +EFI_STATUS +RefreshVariableMetadataHmac ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *NewVarInfo, + IN OUT PROTECTED_VARIABLE_INFO *NewHmacVarInfo + ); + +/** + + Retrieve the context and global configuration data structure from HOB. + + Once protected NV variable storage is cached and verified in PEI phase, + all related information are stored in a HOB which can be used by PEI var= iable + service itself and passed to SMM along with the boot flow, which can avo= id + many duplicate works, like generating HMAC key, verifying NV variable st= orage, + etc. + + The HOB can be identified by gEdkiiProtectedVariableGlobalGuid. + + @param[out] Global Pointer to global configuration data from PEI = phase. + + @retval EFI_SUCCESS The HOB was found, and Context and Global are re= trieved. + @retval EFI_NOT_FOUND The HOB was not found. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableGlobalFromHob ( + OUT PROTECTED_VARIABLE_GLOBAL **Global OPTIONAL + ); + +/** + + Get context and/or global data structure used to process protected varia= ble. + + @param[out] Global Pointer to global configuration data. + + @retval EFI_SUCCESS Get requested structure successfully. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableGlobal ( + OUT PROTECTED_VARIABLE_GLOBAL **Global OPTIONAL + ); + +/** + + Get context data structure used to process protected variable. + + @param[out] ContextIn Pointer to context provided by variable runtim= e services. + + @retval EFI_SUCCESS Get requested structure successfully. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableContext ( + PROTECTED_VARIABLE_CONTEXT_IN **ContextIn OPTIONAL + ); + +/** + + Check if a given variable is unprotected variable specified in advance + and return its index ID. + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to variable information data. + + @retval IndexHmacInDel Variable is MetaDataHmacVar in delete-transiti= on state. + @retval IndexHmacAdded Variable is MetaDataHmacVar in valid state. + @retval IndexErrorFlag Variable is VarErrorLog. + @retval Others Variable is not any known unprotected variable= s. + +**/ +UNPROTECTED_VARIABLE_INDEX +CheckKnownUnprotectedVariable ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo + ); + +/** + + Return the size of variable MetaDataHmacVar. + + @param[in] AuthFlag Auth-variable indicator. + + @retval size of variable MetaDataHmacVar. + +**/ +UINTN +GetMetaDataHmacVarSize ( + IN BOOLEAN AuthFlag + ); + +/** + + Fix state of MetaDataHmacVar on NV variable storage, if there's failure = at + last boot during updating variable. + + This must be done before the first writing of variable in current boot, + including storage reclaim. + + @retval EFI_UNSUPPORTED Updating NV variable storage is not suppo= rted. + @retval EFI_OUT_OF_RESOURCES Not enough resource to complete the opera= tion. + @retval EFI_SUCCESS Variable store was successfully updated. + +**/ +EFI_STATUS +FixupHmacVariable ( + VOID + ); + +/** + + Verify the variable digest. + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to verified copy of protected variables. + @param[in] VarDig Pointer to variable digest data. + + @retval EFI_INVALID_PARAMETER Invalid parameter was passed in. + @retval EFI_OUT_OF_RESOURCES Not enough resource to calculate hash. + @retval EFI_ABORTED An error was encountered. + @retval EFI_COMPROMISED_DATA The data was compromised. + @retval EFI_SUCCESS Variable digest was successfully verified. + +**/ +EFI_STATUS +VerifyVariableDigest ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN VARIABLE_DIGEST *VarDig + ); + +/** + + Get the variable digest. + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to verified copy of protected vari= ables. + @param[in,out] DigestValue Pointer to variable digest value. + + @retval EFI_INVALID_PARAMETER Invalid parameter was passed in. + @retval EFI_OUT_OF_RESOURCES Not enough resource to calculate hash. + @retval EFI_ABORTED An error was encountered. + @retval EFI_COMPROMISED_DATA The data was compromised. + @retval EFI_SUCCESS Variable digest was successfully verified. + +**/ +EFI_STATUS +GetVariableDigest ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN OUT UINT8 *DigestValue + ); + +/** + + Compare variable name and Guid + + @param[in] Name1 Name of first variable. + @param[in] Name1Size Size of first variable. + @param[in] Name2 Name of second variable. + @param[in] Name2Size Size of second variable. + @param[in] Guid1 Guid for first variable. + @param[in] Guid2 Guid for second variable. + + @retval 0 First name is identical to Second name. + @return others First name is not identical to Second name. + +**/ +INTN +CompareVariableNameAndGuid ( + IN CONST CHAR16 *Name1, + IN UINTN Name1Size, + IN CONST CHAR16 *Name2, + IN UINTN Name2Size, + IN EFI_GUID *Guid1, + IN EFI_GUID *Guid2 + ); + +/** + + Compare variable digest. + + @param[in] Variable1 Pointer to first variable digest. + @param[in] Variable2 Pointer to second variable digest. + + @retval 0 Variables are identical. + @return others Variables are not identical. + +**/ +INTN +CompareVariableDigestInfo ( + IN VARIABLE_DIGEST *Variable1, + IN VARIABLE_DIGEST *Variable2 + ); + +/** + + Move a node backward in the order controlled by SortMethod. + + @param[in] Node Pointer to node to be moved. + @param[in] SortMethod Method used to compare node in list. + +**/ +VOID +MoveNodeBackward ( + IN OUT VARIABLE_DIGEST *Node, + IN SORT_METHOD SortMethod + ); + +/** + + Remove variable digest node. + + @param[in,out] Global Pointer to global configuration data. + @param[in,out] VarDig Pointer to variable digest value. + @param[in] FreeResource Flag to indicate whether to free resource. + +**/ +VOID +RemoveVariableDigestNode ( + IN OUT PROTECTED_VARIABLE_GLOBAL *Global, + IN OUT VARIABLE_DIGEST *VarDig, + IN BOOLEAN FreeResource + ); + +/** + + Insert variable digest node. + + @param[in,out] Global Pointer to global configuration data. + @param[in] VarDig Pointer to variable digest value. + @param[in] SortMethod Method for sorting. + +**/ +VOID +InsertVariableDigestNode ( + IN OUT PROTECTED_VARIABLE_GLOBAL *Global, + IN VARIABLE_DIGEST *VarDig, + IN SORT_METHOD SortMethod + ); + +/** + + Create variable digest node. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] NameSize Size of variable name. + @param[in] DataSize Size of variable data. + @param[in] AuthVar Authenticated variable flag. + @param[in] Global Pointer to global configuration data. + + @retval Ptr Pointer to variable digest + +**/ +VARIABLE_DIGEST * +CreateVariableDigestNode ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 NameSize, + IN UINT32 DataSize, + IN BOOLEAN AuthVar, + IN PROTECTED_VARIABLE_GLOBAL *Global + ); + +/** + + Find the specified variable digest + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to variable data. + @param[in] FindNext Flag to continue looking for variable. + +**/ +VARIABLE_DIGEST * +FindVariableInternal ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN BOOLEAN FindNext + ); + +/** + + Synchronize the RPMC counters + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to variable data. + @param[in] FindNext Flag to continue looking for variable. + + @retval EFI_SUCCESS Successfully sync RPMC counters. + @return others Failed to sync RPMC counters. + +**/ +EFI_STATUS +SyncRpmcCounter ( + VOID + ); + +/** + + Perform for protected variable integrity check. + + If this initialization failed upon any error, the whole variable services + should not be used. A system reset might be needed to re-construct NV + variable storage to be the default state. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + @retval EFI_COMPROMISED_DATA If failed to check integrity of protec= ted variables. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +PerformVariableIntegrityCheck ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ); + +extern EFI_TIME mDefaultTimeStamp; +extern VARIABLE_IDENTIFIER mUnprotectedVariables[UnprotectedVar= IndexMax]; +extern PROTECTED_VARIABLE_CONTEXT_IN mVariableContextIn; +extern PROTECTED_VARIABLE_GLOBAL mProtectedVariableGlobal; + +#endif diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableComm= on.c b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c new file mode 100644 index 000000000000..456c871a4561 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableCommon.c @@ -0,0 +1,2103 @@ +/** @file + The common protected variable operation routines. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include +#include + +#include +#include +#include +#include + +#include "ProtectedVariableInternal.h" + +EFI_TIME mDefaultTimeStamp =3D { 0, 0, 0, 0, 0, 0, 0, 0,= 0, 0, 0 }; +VARIABLE_IDENTIFIER mUnprotectedVariables[] =3D { + { + METADATA_HMAC_VARIABLE_NAME, + &METADATA_HMAC_VARIABLE_GUID, + VAR_ADDED & VAR_IN_DELETED_TRANSITION + }, + { + METADATA_HMAC_VARIABLE_NAME, + &METADATA_HMAC_VARIABLE_GUID, + VAR_ADDED + }, + { + VAR_ERROR_FLAG_NAME, + &gEdkiiVarErrorFlagGuid, + VAR_ADDED + }, + { + (CHAR16 *)PcdGetPtr (PcdPlatformVariableName), + (EFI_GUID *)PcdGetPtr (PcdPlatformVariableGuid), + VAR_ADDED + } +}; + +/** + Print variable information. + + @param[in] Data8 Pointer to data. + @param[in] DataSize Size of data. + +**/ +VOID +PrintVariableData ( + IN UINT8 *Data8, + IN UINTN DataSize + ) +{ + UINTN Index; + + for (Index =3D 0; Index < DataSize; Index++) { + if (Index % 0x10 =3D=3D 0) { + DEBUG ((DEBUG_INFO, "\n%08X:", Index)); + } + + DEBUG ((DEBUG_INFO, " %02X", *Data8++)); + } + + DEBUG ((DEBUG_INFO, "\n")); +} + +/** + + Retrieve the context and global configuration data structure from HOB. + + Once protected NV variable storage is cached and verified in PEI phase, + all related information are stored in a HOB which can be used by PEI var= iable + service itself and passed to SMM along with the boot flow, which can avo= id + many duplicate works, like generating HMAC key, verifying NV variable st= orage, + etc. + + The HOB can be identified by gEdkiiProtectedVariableGlobalGuid. + + @param[out] Global Pointer to global configuration data from PEI = phase. + + @retval EFI_SUCCESS The HOB was found, and Context and Global are re= trieved. + @retval EFI_NOT_FOUND The HOB was not found. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableGlobalFromHob ( + OUT PROTECTED_VARIABLE_GLOBAL **Global + ) +{ + VOID *Data; + EFI_PEI_HOB_POINTERS Hob; + EFI_HOB_MEMORY_ALLOCATION *MemoryAllocationHob; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + EFI_PHYSICAL_ADDRESS OldStart; + VARIABLE_DIGEST *VarDig; + EFI_HOB_GUID_TYPE *GuidHob; + UINTN Index; + + Hob.Raw =3D GetFirstGuidHob (&gEdkiiProtectedVariableGlobalGuid); + if (Hob.Raw !=3D NULL) { + Data =3D GET_GUID_HOB_DATA (Hob); + } else { + // + // Search the global from allocated memory blob. + // + Data =3D NULL; + MemoryAllocationHob =3D NULL; + + Hob.Raw =3D GetFirstHob (EFI_HOB_TYPE_MEMORY_ALLOCATION); + while (Hob.Raw !=3D NULL) { + MemoryAllocationHob =3D (EFI_HOB_MEMORY_ALLOCATION *)Hob.Raw; + if (CompareGuid ( + &MemoryAllocationHob->AllocDescriptor.Name, + &gEdkiiProtectedVariableGlobalGuid + )) + { + Data =3D (VOID *)(UINTN) + MemoryAllocationHob->AllocDescriptor.MemoryBaseAddress; + break; + } + + Hob.Raw =3D GET_NEXT_HOB (Hob); + Hob.Raw =3D GetNextHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, Hob.Raw); + } + } + + if (Data =3D=3D NULL) { + return EFI_NOT_FOUND; + } + + if (Global !=3D NULL) { + GuidHob =3D GetFirstGuidHob (&gEdkiiProtectedVariableContextGuid); + if (GuidHob !=3D NULL) { + ContextIn =3D (PROTECTED_VARIABLE_CONTEXT_IN *)GET_GUID_HOB_DATA (Gu= idHob); + } else { + ASSERT (GuidHob =3D=3D NULL); + } + + *Global =3D (PROTECTED_VARIABLE_GLOBAL *)((UINT8 *)Data); + // + // Fix pointers in the HOB (due to physical memory readiness) + // + if ((*Global)->GlobalSelf !=3D (EFI_PHYSICAL_ADDRESS)(UINTN)(*Global))= { + OldStart =3D (*Global)->GlobalSelf; + (*Global)->ContextIn =3D GET_ADRS (ContextIn); + + // + // Mark Memory caching is available + // + (*Global)->Flags.CacheReady =3D TRUE; + + // + // Re-allocate new minimum cache + // + (*Global)->VariableCache =3D GET_ADRS (Data) + + ((*Global)->VariableCache - OldStart); + + (*Global)->DigestContext =3D GET_ADRS (((*Global) + 1)); + for (Index =3D 0; Index < UnprotectedVarIndexMax; Index++) { + if ((*Global)->Unprotected[Index] !=3D VAR_INDEX_INVALID) { + (*Global)->Unprotected[Index] =3D GET_ADRS (Data) + + ((*Global)->Unprotected[Index]= - OldStart); + } + } + + (*Global)->LastAccessedVariable =3D GET_ADRS (Data) + + ((*Global)->LastAccessedVariable= - OldStart); + + // + // Fix all linked-list pointers inside VARIABLE_SIGNATURE. + // + (*Global)->VariableDigests =3D GET_ADRS (Data) + + ((*Global)->VariableDigests - OldStar= t); + VarDig =3D VAR_DIG_PTR ((*Global)->VariableDigests); + while (VarDig !=3D NULL) { + if (VarDig->Prev !=3D 0) { + VarDig->Prev =3D GET_ADRS (Data) + (VarDig->Prev - OldStart); + } + + if (VarDig->Next !=3D 0) { + VarDig->Next =3D GET_ADRS (Data) + (VarDig->Next - OldStart); + } + + VarDig =3D VAR_DIG_NEXT (VarDig); + } + + (*Global)->GlobalSelf =3D (EFI_PHYSICAL_ADDRESS)(UINTN)(*Global); + } + } + + return EFI_SUCCESS; +} + +/** + + Derive HMAC key from given variable root key. + + @param[in] RootKey Pointer to root key to derive from. + @param[in] RootKeySize Size of root key. + @param[out] HmacKey Pointer to generated HMAC key. + @param[in] HmacKeySize Size of HMAC key. + + @retval TRUE The HMAC key is derived successfully. + @retval FALSE Failed to generate HMAC key from given root key. + +**/ +BOOLEAN +EFIAPI +GenerateMetaDataHmacKey ( + IN CONST UINT8 *RootKey, + IN UINTN RootKeySize, + OUT UINT8 *HmacKey, + IN UINTN HmacKeySize + ) +{ + UINT8 Salt[AES_BLOCK_SIZE]; + + return HkdfSha256ExtractAndExpand ( + RootKey, + RootKeySize, + Salt, + 0, + (UINT8 *)METADATA_HMAC_KEY_NAME, + METADATA_HMAC_KEY_NAME_SIZE, + HmacKey, + HmacKeySize + ); +} + +/** + + Return the size of variable MetaDataHmacVar. + + @param[in] AuthFlag Auth-variable indicator. + + @retval size of variable MetaDataHmacVar. + +**/ +UINTN +GetMetaDataHmacVarSize ( + IN BOOLEAN AuthFlag + ) +{ + UINTN Size; + + if (AuthFlag) { + Size =3D sizeof (AUTHENTICATED_VARIABLE_HEADER); + } else { + Size =3D sizeof (VARIABLE_HEADER); + } + + Size +=3D METADATA_HMAC_VARIABLE_NAME_SIZE; + Size +=3D GET_PAD_SIZE (Size); + Size +=3D METADATA_HMAC_SIZE; + Size +=3D GET_PAD_SIZE (Size); + + return Size; +} + +/** + + Digests the given variable data and updates HMAC context. + + @param[in] Context Pointer to initialized HMAC context. + @param[in] VarInfo Pointer to variable data. + @param[in] UpdateMethod Function to run when updating variable di= gest. + + @retval TRUE HMAC context was updated successfully. + @retval FALSE Failed to update HMAC context. + +**/ +STATIC +BOOLEAN +UpdateVariableDigestData ( + IN VOID *Context, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN DIGEST_UPDATE UpdateMethod + ) +{ + VOID *Buffer[12]; + UINT32 BufferSize[12]; + UINTN Index; + BOOLEAN Status; + + // + // Empty variable is legal here (e.g. variable deletion case or write-in= it case). + // + if ((VarInfo =3D=3D NULL) || + (VarInfo->CipherData =3D=3D NULL) || + (VarInfo->CipherDataSize =3D=3D 0)) + { + return TRUE; + } + + // + // HMAC (":" || VariableName) + // + Buffer[0] =3D METADATA_HMAC_SEP; + BufferSize[0] =3D METADATA_HMAC_SEP_SIZE; + + Buffer[1] =3D VarInfo->Header.VariableName; + BufferSize[1] =3D (UINT32)VarInfo->Header.NameSize; + + // + // HMAC (":" || VendorGuid || Attributes || DataSize) + // + Buffer[2] =3D METADATA_HMAC_SEP; + BufferSize[2] =3D METADATA_HMAC_SEP_SIZE; + + Buffer[3] =3D VarInfo->Header.VendorGuid; + BufferSize[3] =3D sizeof (EFI_GUID); + + Buffer[4] =3D &VarInfo->Header.Attributes; + BufferSize[4] =3D sizeof (VarInfo->Header.Attributes); + + Buffer[5] =3D &VarInfo->CipherDataSize; + BufferSize[5] =3D sizeof (VarInfo->CipherDataSize); + + // + // HMAC (":" || CipherData) + // + Buffer[6] =3D METADATA_HMAC_SEP; + BufferSize[6] =3D METADATA_HMAC_SEP_SIZE; + + Buffer[7] =3D VarInfo->CipherData; + BufferSize[7] =3D VarInfo->CipherDataSize; + + // + // HMAC (":" || PubKeyIndex || AuthMonotonicCount || TimeStamp) + // + Buffer[8] =3D METADATA_HMAC_SEP; + BufferSize[8] =3D METADATA_HMAC_SEP_SIZE; + + Buffer[9] =3D &VarInfo->Header.PubKeyIndex; + BufferSize[9] =3D sizeof (VarInfo->Header.PubKeyIndex); + + Buffer[10] =3D &VarInfo->Header.MonotonicCount; + BufferSize[10] =3D sizeof (VarInfo->Header.MonotonicCount); + + Buffer[11] =3D (VarInfo->Header.TimeStamp !=3D NULL) ? + VarInfo->Header.TimeStamp : &mDefaultTimeStamp; + BufferSize[11] =3D sizeof (EFI_TIME); + + for (Index =3D 0; Index < ARRAY_SIZE (Buffer); ++Index) { + Status =3D UpdateMethod (Context, Buffer[Index], BufferSize[Index]); + if (!Status) { + ASSERT (FALSE); + return FALSE; + } + } + + return TRUE; +} + +/** + + Digests the given variable data and updates HMAC context. + + @param[in] Context Pointer to initialized HMAC context. + @param[in] VarInfo Pointer to variable data. + + @retval TRUE HMAC context was updated successfully. + @retval FALSE Failed to update HMAC context. + +**/ +BOOLEAN +UpdateVariableMetadataHmac ( + IN VOID *Context, + IN PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + return UpdateVariableDigestData (Context, VarInfo, (DIGEST_UPDATE)HmacSh= a256Update); +} + +/** + + Get the variable digest. + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to verified copy of protected vari= ables. + @param[in,out] DigestValue Pointer to variable digest value. + + @retval EFI_INVALID_PARAMETER Invalid parameter was passed in. + @retval EFI_OUT_OF_RESOURCES Not enough resource to calculate hash. + @retval EFI_ABORTED An error was encountered. + @retval EFI_COMPROMISED_DATA The data was compromised. + @retval EFI_SUCCESS Variable digest was successfully verified. + +**/ +EFI_STATUS +GetVariableDigest ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN OUT UINT8 *DigestValue + ) +{ + EFI_STATUS Status; + VOID *Context; + + if ((Global =3D=3D NULL) || (VarInfo =3D=3D NULL) || (DigestValue =3D=3D= NULL)) { + ASSERT (Global !=3D NULL); + ASSERT (VarInfo !=3D NULL); + ASSERT (DigestValue !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Context =3D GET_BUFR (Global->DigestContext); + if (!HashApiInit (Context)) { + ASSERT (Context !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + if (VarInfo->CipherData =3D=3D NULL) { + VarInfo->CipherData =3D VarInfo->Header.Data; + VarInfo->CipherDataSize =3D (UINT32)VarInfo->Header.DataSize; + } + + if ( !UpdateVariableDigestData (Context, VarInfo, (DIGEST_UPDATE)HashAp= iUpdate) + || !HashApiFinal (Context, DigestValue)) + { + ASSERT (FALSE); + Status =3D EFI_ABORTED; + } else { + Status =3D EFI_SUCCESS; + } + + return Status; +} + +/** + + Verify the variable digest. + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to verified copy of protected variables. + @param[in] VarDig Pointer to variable digest data. + + @retval EFI_INVALID_PARAMETER Invalid parameter was passed in. + @retval EFI_OUT_OF_RESOURCES Not enough resource to calculate hash. + @retval EFI_ABORTED An error was encountered. + @retval EFI_COMPROMISED_DATA The data was compromised. + @retval EFI_SUCCESS Variable digest was successfully verified. + +**/ +EFI_STATUS +VerifyVariableDigest ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN VARIABLE_DIGEST *VarDig + ) +{ + EFI_STATUS Status; + UINT8 NewDigest[METADATA_HMAC_SIZE]; + + if (Global->Flags.RecoveryMode || !VarDig->Flags.Protected) { + return EFI_SUCCESS; + } + + ASSERT (VarDig->DigestSize =3D=3D sizeof (NewDigest)); + + Status =3D GetVariableDigest (Global, VarInfo, NewDigest); + if (!EFI_ERROR (Status)) { + if (CompareMem (VAR_DIG_VALUE (VarDig), NewDigest, VarDig->DigestSize)= !=3D 0) { + Status =3D EFI_COMPROMISED_DATA; + } + } + + return Status; +} + +/** + Initialize variable MetaDataHmacVar. + + @param[in,out] Variable Pointer to buffer of MetaDataHmacVar. + @param[in] AuthFlag Variable format flag. + +**/ +VOID +InitMetadataHmacVariable ( + IN OUT VARIABLE_HEADER *Variable, + IN BOOLEAN AuthFlag + ) +{ + UINT8 *NamePtr; + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + + Variable->StartId =3D VARIABLE_DATA; + Variable->State =3D VAR_ADDED; + Variable->Reserved =3D 0; + Variable->Attributes =3D VARIABLE_ATTRIBUTE_NV_BS_RT; + + if (AuthFlag) { + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + + AuthVariable->NameSize =3D METADATA_HMAC_VARIABLE_NAME_SIZE; + AuthVariable->DataSize =3D METADATA_HMAC_SIZE; + AuthVariable->PubKeyIndex =3D 0; + AuthVariable->MonotonicCount =3D 0; + + ZeroMem (&AuthVariable->TimeStamp, sizeof (EFI_TIME)); + CopyMem (&AuthVariable->VendorGuid, &METADATA_HMAC_VARIABLE_GUID, size= of (EFI_GUID)); + + NamePtr =3D (UINT8 *)AuthVariable + sizeof (AUTHENTICATED_VARIABLE_HEA= DER); + } else { + Variable->NameSize =3D METADATA_HMAC_VARIABLE_NAME_SIZE; + Variable->DataSize =3D METADATA_HMAC_SIZE; + + CopyMem (&Variable->VendorGuid, &METADATA_HMAC_VARIABLE_GUID, sizeof (= EFI_GUID)); + + NamePtr =3D (UINT8 *)Variable + sizeof (VARIABLE_HEADER); + } + + CopyMem (NamePtr, METADATA_HMAC_VARIABLE_NAME, METADATA_HMAC_VARIABLE_NA= ME_SIZE); +} + +/** + Re-calculate HMAC based on new variable data and re-generate MetaDataHma= cVar. + + @param[in] Global Pointer to global configuration data. + @param[in] NewVarInfo Pointer to buffer of new variable data. + @param[in,out] NewHmacVarInfo Pointer to buffer of new MetaDataHmacVar. + + @return EFI_SUCCESS The HMAC value was updated successfully. + @return EFI_ABORTED Failed to calculate the HMAC value. + @return EFI_OUT_OF_RESOURCES Not enough resource to calculate HMC value. + @return EFI_NOT_FOUND The MetaDataHmacVar was not found in stora= ge. + +**/ +EFI_STATUS +RefreshVariableMetadataHmac ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *NewVarInfo, + IN OUT PROTECTED_VARIABLE_INFO *NewHmacVarInfo + ) +{ + EFI_STATUS Status; + VOID *Context; + UINT32 Counter; + PROTECTED_VARIABLE_INFO VarInfo; + PROTECTED_VARIABLE_INFO CurrHmacVarInfo; + UINT8 *HmacValue; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + VARIABLE_DIGEST *VarDig; + VARIABLE_DIGEST *HmacVarDig; + + ZeroMem ((VOID *)&VarInfo, sizeof (VarInfo)); + ZeroMem ((VOID *)&CurrHmacVarInfo, sizeof (CurrHmacVarInfo)); + + Status =3D RequestMonotonicCounter (RPMC_COUNTER_2, &Counter); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Counter +=3D 1; + ContextIn =3D GET_CNTX (Global); + + // + // Delete current MetaDataHmacVariable first, if any. + // + if (Global->Unprotected[IndexHmacAdded] !=3D VAR_INDEX_INVALID) { + HmacVarDig =3D VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded]); + + CurrHmacVarInfo.Header.NameSize =3D HmacVarDig->NameSize; + CurrHmacVarInfo.Header.VariableName =3D VAR_DIG_NAME (HmacVarDig); + CurrHmacVarInfo.Header.VendorGuid =3D VAR_DIG_GUID (HmacVarDig); + + CurrHmacVarInfo.Buffer =3D VAR_HDR_PTR (HmacVarDig->CacheIndex); + CurrHmacVarInfo.StoreIndex =3D HmacVarDig->StoreIndex; + CurrHmacVarInfo.Flags.Auth =3D HmacVarDig->Flags.Auth; + // + // Force marking current MetaDataHmacVariable as VAR_IN_DELETED_TRANSI= TION. + // + CurrHmacVarInfo.Buffer->State &=3D VAR_IN_DELETED_TRANSITION; + HmacVarDig->State &=3D VAR_IN_DELETED_TRANSITION; + Status =3D ContextIn->UpdateVariableStore ( + &CurrHmacVarInfo, + OFFSET_OF (VARIABLE_HEAD= ER, State), + sizeof (CurrHmacVarInfo.= Buffer->State), + &CurrHmacVarInfo.Buffer-= >State + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } else if (Global->Unprotected[IndexHmacInDel] !=3D VAR_INDEX_INVALID) { + HmacVarDig =3D VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel]); + } else { + // + // No MetaDataHmacVar. Allocate space to cache its value. + // + HmacVarDig =3D CreateVariableDigestNode ( + METADATA_HMAC_VARIABLE_NAME, + &METADATA_HMAC_VARIABLE_GUID, + METADATA_HMAC_VARIABLE_NAME_SIZE, + METADATA_HMAC_SIZE, + Global->Flags.Auth, + Global + ); + if (HmacVarDig =3D=3D NULL) { + ASSERT (HmacVarDig !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + HmacVarDig->Flags.Protected =3D FALSE; + } + + if (HmacVarDig->CacheIndex =3D=3D VAR_INDEX_INVALID) { + HmacVarDig->CacheIndex =3D (GET_ADRS (Global)) + (Global->StructSize -= GetMetaDataHmacVarSize (Global->Flags.Auth)); + } + + // + // Construct new MetaDataHmacVar. + // + if (NewHmacVarInfo =3D=3D NULL) { + NewHmacVarInfo =3D &VarInfo; + NewHmacVarInfo->Buffer =3D GET_BUFR (HmacVarDig->CacheIndex); + } + + InitMetadataHmacVariable (NewHmacVarInfo->Buffer, Global->Flags.Auth); + + NewHmacVarInfo->StoreIndex =3D VAR_INDEX_INVALID; // Skip calculatin= g offset + NewHmacVarInfo->Flags.Auth =3D Global->Flags.Auth; + Status =3D ContextIn->GetVariableInfo (NewHmacVarInf= o); + ASSERT_EFI_ERROR (Status); + HmacValue =3D NewHmacVarInfo->Header.Data; + + // + // Re-calculate HMAC for all valid variables + // + Context =3D HmacSha256New (); + if (Context =3D=3D NULL) { + ASSERT (Context !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + Status =3D EFI_ABORTED; + if (!HmacSha256SetKey ( + Context, + Global->MetaDataHmacKey, + sizeof (Global->MetaDataHmacKey) + )) + { + ASSERT (FALSE); + goto Done; + } + + // + // HMAC (|| hash(Var1) || hash(Var2) || ... || hash(VarN)) + // + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + while (VarDig !=3D NULL) { + if (VarDig->Flags.Valid && VarDig->Flags.Protected) { + HmacSha256Update (Context, VAR_DIG_VALUE (VarDig), VarDig->DigestSiz= e); + } + + VarDig =3D VAR_DIG_NEXT (VarDig); + } + + // + // HMAC (RpmcMonotonicCounter) + // + if (!HmacSha256Update (Context, &Counter, sizeof (Counter))) { + ASSERT (FALSE); + goto Done; + } + + if (!HmacSha256Final (Context, HmacValue)) { + ASSERT (FALSE); + goto Done; + } + + // + // Update HMAC value in cache. + // + CopyMem (VAR_DIG_VALUE (HmacVarDig), HmacValue, HmacVarDig->DataSize); + if ((HmacVarDig->Prev =3D=3D 0) && (HmacVarDig->Next =3D=3D 0)) { + InsertVariableDigestNode (Global, HmacVarDig, NULL); + } + + // + // Just one MetaDataHmacVar is needed for normal operation. + // + Global->Unprotected[IndexHmacAdded] =3D VAR_DIG_ADR (HmacVarDig); + Global->Unprotected[IndexHmacInDel] =3D VAR_INDEX_INVALID; + + Status =3D EFI_SUCCESS; + +Done: + if (Context !=3D NULL) { + HmacSha256Free (Context); + } + + return Status; +} + +/** + + Check if a given variable is unprotected variable specified in advance + and return its index ID. + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to variable information data. + + @retval IndexHmacInDel Variable is MetaDataHmacVar in delete-transiti= on state. + @retval IndexHmacAdded Variable is MetaDataHmacVar in valid state. + @retval IndexErrorFlag Variable is VarErrorLog. + @retval Others Variable is not any known unprotected variable= s. + +**/ +UNPROTECTED_VARIABLE_INDEX +CheckKnownUnprotectedVariable ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + UNPROTECTED_VARIABLE_INDEX Index; + + if ((VarInfo =3D=3D NULL) || ( (VarInfo->StoreIndex =3D=3D VAR_INDEX_IN= VALID) + && ( (VarInfo->Header.VariableName =3D=3D NULL) + || (VarInfo->Header.VendorGuid =3D=3D NULL))= )) + { + ASSERT (VarInfo !=3D NULL); + ASSERT (VarInfo->StoreIndex !=3D VAR_INDEX_INVALID); + ASSERT (VarInfo->Header.VariableName !=3D NULL); + ASSERT (VarInfo->Header.VendorGuid !=3D NULL); + return UnprotectedVarIndexMax; + } + + for (Index =3D 0; Index < UnprotectedVarIndexMax; ++Index) { + if ( (Global->Unprotected[Index] !=3D VAR_INDEX_INVALID) + && (VarInfo->StoreIndex !=3D VAR_INDEX_INVALID)) + { + if (VarInfo->StoreIndex =3D=3D VAR_DIG_PTR (Global->Unprotected[Inde= x])->StoreIndex) { + break; + } + } else if (IS_VARIABLE ( + &VarInfo->Header, + mUnprotectedVariables[Index].VariableName, + mUnprotectedVariables[Index].VendorGuid + ) && (VarInfo->Header.State =3D=3D mUnprotectedVariables[= Index].State)) + { + break; + } + } + + return Index; +} + +/** + + Compare variable name and Guid + + @param[in] Name1 Name of first variable. + @param[in] Name1Size Size of first variable. + @param[in] Name2 Name of second variable. + @param[in] Name2Size Size of second variable. + @param[in] Guid1 Guid for first variable. + @param[in] Guid2 Guid for second variable. + + @retval 0 First name is identical to Second name. + @return others First name is not identical to Second name. + +**/ +INTN +CompareVariableNameAndGuid ( + IN CONST CHAR16 *Name1, + IN UINTN Name1Size, + IN CONST CHAR16 *Name2, + IN UINTN Name2Size, + IN EFI_GUID *Guid1, + IN EFI_GUID *Guid2 + ) +{ + INTN Result; + + Result =3D StrnCmp ( + Name1, + Name2, + MIN (Name1Size, Name2Size) / sizeof (CHAR16) + ); + if (Result =3D=3D 0) { + if (Name1Size !=3D Name2Size) { + // + // Longer name is 'bigger' than shorter one. + // + Result =3D (INTN)Name1Size - (INTN)Name2Size; + } else { + // + // The variable name is the same. Compare the GUID. + // + Result =3D CompareMem ((VOID *)Guid1, (VOID *)Guid2, sizeof (EFI_GUI= D)); + } + } + + return Result; +} + +/** + + Compare variable digest. + + @param[in] Variable1 Pointer to first variable digest. + @param[in] Variable2 Pointer to second variable digest. + + @retval 0 Variables are identical. + @return others Variables are not identical. + +**/ +INTN +CompareVariableDigestInfo ( + IN VARIABLE_DIGEST *Variable1, + IN VARIABLE_DIGEST *Variable2 + ) +{ + return CompareVariableNameAndGuid ( + VAR_DIG_NAME (Variable1), + Variable1->NameSize, + VAR_DIG_NAME (Variable2), + Variable2->NameSize, + &Variable1->VendorGuid, + &Variable2->VendorGuid + ); +} + +/** + + Move a node backward in the order controlled by SortMethod. + + @param[in,out] Node Pointer to node to be moved. + @param[in] SortMethod Method used to compare node in list. + +**/ +VOID +MoveNodeBackward ( + IN OUT VARIABLE_DIGEST *Node, + IN SORT_METHOD SortMethod + ) +{ + VARIABLE_DIGEST *Curr; + VARIABLE_DIGEST *Prev; + INTN Result; + + Curr =3D Node; + while (Curr !=3D NULL) { + Prev =3D VAR_DIG_PREV (Curr); + if (Prev =3D=3D NULL) { + Result =3D -1; + } else { + Result =3D SortMethod (Prev, Node); + } + + // + // 'Result > 0' means the 'Prev' is 'bigger' than 'Node'. Continue to = check + // previous node til a node 'smaller' than 'Node' found. + // + if (Result > 0) { + Curr =3D Prev; + continue; + } + + if (Curr !=3D Node) { + // + // Remove Node first + // + if (VAR_DIG_PREV (Node) !=3D NULL) { + VAR_DIG_PREV (Node)->Next =3D Node->Next; + } + + if (VAR_DIG_NEXT (Node) !=3D NULL) { + VAR_DIG_NEXT (Node)->Prev =3D Node->Prev; + } + + // + // Insert Node before Curr. + // + Node->Prev =3D Curr->Prev; + Node->Next =3D VAR_DIG_ADR (Curr); + + if (Curr->Prev !=3D 0) { + VAR_DIG_PREV (Curr)->Next =3D VAR_DIG_ADR (Node); + } + + Curr->Prev =3D VAR_DIG_ADR (Node); + } + + // + // If there're two identical variables in storage, one of them must be + // "in-delete-transition" state. Mark it as "deleted" anyway. + // + if (Result =3D=3D 0) { + if (Curr->State =3D=3D (VAR_ADDED & VAR_IN_DELETED_TRANSITION)) { + Curr->State &=3D VAR_DELETED; + } + + if (Prev->State =3D=3D (VAR_ADDED & VAR_IN_DELETED_TRANSITION)) { + Prev->State &=3D VAR_DELETED; + } + } + + break; + } +} + +/** + + Create variable digest node. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] NameSize Size of variable name. + @param[in] DataSize Size of variable data. + @param[in] AuthVar Authenticated variable flag. + @param[in] Global Pointer to global configuration data. + + @retval Ptr Pointer to variable digest + +**/ +VARIABLE_DIGEST * +CreateVariableDigestNode ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 NameSize, + IN UINT32 DataSize, + IN BOOLEAN AuthVar, + IN PROTECTED_VARIABLE_GLOBAL *Global + ) +{ + VARIABLE_DIGEST *VarDig; + VOID *Buffer; + UINTN VarSize; + + VarDig =3D (VARIABLE_DIGEST *)AllocateZeroPool ( + sizeof (VARIABLE_DIGEST) + NameSize + META= DATA_HMAC_SIZE + ); + if ((VarDig =3D=3D NULL) || (Global =3D=3D NULL)) { + ASSERT (VarDig !=3D NULL); + ASSERT (Global !=3D NULL); + return NULL; + } + + VarDig->DataSize =3D DataSize; + VarDig->NameSize =3D NameSize; + VarDig->DigestSize =3D METADATA_HMAC_SIZE; + VarDig->State =3D VAR_ADDED; + VarDig->Attributes =3D VARIABLE_ATTRIBUTE_NV_BS_RT; + VarDig->Flags.Auth =3D AuthVar; + VarDig->Flags.Valid =3D TRUE; + VarDig->Flags.Freeable =3D TRUE; + VarDig->Flags.Protected =3D PcdGetBool (PcdProtectedVariableIntegrity); + VarDig->Flags.Encrypted =3D PcdGetBool (PcdProtectedVariableConfidential= ity); + VarDig->StoreIndex =3D VAR_INDEX_INVALID; + VarDig->CacheIndex =3D VAR_INDEX_INVALID; + + if (Global->Flags.CacheReady =3D=3D TRUE) { + VarSize =3D VARIABLE_HEADER_SIZE (VarDig->Flags.Auth); + VarSize +=3D VarDig->NameSize + GET_PAD_SIZE (VarDig->NameSize); + VarSize +=3D VarDig->DataSize + GET_PAD_SIZE (VarDig->DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + + Buffer =3D AllocateZeroPool (VarSize); + if (Buffer !=3D NULL) { + VarDig->CacheIndex =3D (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + } + } + + CopyMem (VAR_DIG_NAME (VarDig), VariableName, NameSize); + CopyMem (VAR_DIG_GUID (VarDig), VendorGuid, sizeof (EFI_GUID)); + + return VarDig; +} + +/** + + Remove variable digest node. + + @param[in,out] Global Pointer to global configuration data. + @param[in,out] VarDig Pointer to variable digest value. + @param[in] FreeResource Flag to indicate whether to free resource. + +**/ +VOID +RemoveVariableDigestNode ( + IN OUT PROTECTED_VARIABLE_GLOBAL *Global, + IN OUT VARIABLE_DIGEST *VarDig, + IN BOOLEAN FreeResource + ) +{ + VARIABLE_DIGEST *Prev; + VARIABLE_DIGEST *Next; + + Prev =3D VAR_DIG_PREV (VarDig); + Next =3D VAR_DIG_NEXT (VarDig); + + if (Global->VariableDigests =3D=3D VAR_DIG_ADR (VarDig)) { + Global->VariableDigests =3D VAR_DIG_ADR (Next); + } + + if (Prev !=3D NULL) { + Prev->Next =3D VAR_DIG_ADR (Next); + } + + if (Next !=3D NULL) { + Next->Prev =3D VAR_DIG_ADR (Prev); + } + + VarDig->Prev =3D 0; + VarDig->Next =3D 0; + VarDig->Flags.Valid =3D FALSE; + + if (FreeResource && VarDig->Flags.Freeable) { + if ((VarDig->CacheIndex !=3D 0) && (VarDig->CacheIndex !=3D VAR_INDEX_= INVALID)) { + VarDig->CacheIndex =3D VAR_INDEX_INVALID; + } + } +} + +/** + + Insert variable digest node. + + @param[in,out] Global Pointer to global configuration data. + @param[in] VarDig Pointer to variable digest value. + @param[in] SortMethod Method for sorting. + +**/ +VOID +InsertVariableDigestNode ( + IN OUT PROTECTED_VARIABLE_GLOBAL *Global, + IN VARIABLE_DIGEST *VarDig, + IN SORT_METHOD SortMethod + ) +{ + VARIABLE_DIGEST *Curr; + VARIABLE_DIGEST *Prev; + BOOLEAN DoReplace; + INTN Result; + + if (SortMethod =3D=3D NULL) { + SortMethod =3D CompareVariableDigestInfo; + } + + DoReplace =3D FALSE; + Curr =3D VAR_DIG_PTR (Global->VariableDigests); + if (Curr =3D=3D NULL) { + // + // First one. + // + VarDig->Prev =3D 0; + VarDig->Next =3D 0; + Global->VariableDigests =3D VAR_DIG_ADR (VarDig); + return; + } + + while (Curr !=3D NULL && Curr !=3D VarDig) { + Result =3D SortMethod (VarDig, Curr); + + if (Result <=3D 0) { + ASSERT (VarDig->StoreIndex !=3D Curr->StoreIndex); + + // + // The same variable already in list? + // + if (Result =3D=3D 0) { + // + // Keep only the same new one, unless states are different. In such + // situation, the one with no VAR_ADDED will be deleted. + // + if (VarDig->State >=3D Curr->State) { + DoReplace =3D TRUE; + Curr->Flags.Valid =3D FALSE; // to-be-deleted + } else { + DoReplace =3D FALSE; + VarDig->Flags.Valid =3D FALSE; // to-be-deleted + } + } + + // + // Put VarDig before Curr + // + VarDig->Next =3D VAR_DIG_ADR (Curr); + VarDig->Prev =3D Curr->Prev; + + if (VAR_DIG_PREV (Curr) !=3D NULL) { + VAR_DIG_PREV (Curr)->Next =3D VAR_DIG_ADR (VarDig); + } + + Curr->Prev =3D VAR_DIG_ADR (VarDig); + + if (DoReplace) { + RemoveVariableDigestNode (Global, Curr, TRUE); + } + + break; + } + + Prev =3D Curr; + Curr =3D VAR_DIG_NEXT (Curr); + if (Curr =3D=3D NULL) { + Prev->Next =3D VAR_DIG_ADR (VarDig); + + VarDig->Prev =3D VAR_DIG_ADR (Prev); + VarDig->Next =3D 0; + } + } + + // + // Update the head node if necessary. + // + if (VAR_DIG_PTR (VarDig->Prev) =3D=3D NULL) { + Global->VariableDigests =3D VAR_DIG_ADR (VarDig); + } +} + +/** + + Find the specified variable digest + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to variable data. + @param[in] FindNext Flag to continue looking for variable. + +**/ +VARIABLE_DIGEST * +FindVariableInternal ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_INFO *VarInfo, + IN BOOLEAN FindNext + ) +{ + VARIABLE_DIGEST *VarDig; + VARIABLE_DIGEST *Found; + VARIABLE_DIGEST *FirstStoreIndexVar; + BOOLEAN ByIndex; + INTN FwdOrBwd; + + // + // If VarInfo->StoreIndex is valid, use it to find the variable. Otherwi= se, + // use the variable name and guid instead, if given. If no clue at all, = return + // the variable with lowest StoreIndex. + // + if ( (VarInfo->StoreIndex !=3D VAR_INDEX_INVALID) + || (VarInfo->Header.VariableName =3D=3D NULL) + || (VarInfo->Header.VendorGuid =3D=3D NULL)) + { + ByIndex =3D TRUE; + } else { + ByIndex =3D FALSE; + } + + Found =3D NULL; + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + FirstStoreIndexVar =3D VarDig; + FwdOrBwd =3D 1; + + // + // Discover variable with first/smallest store index + // + while (VarDig !=3D NULL) { + if (VarDig->StoreIndex < FirstStoreIndexVar->StoreIndex) { + FirstStoreIndexVar =3D VAR_DIG_PTR (VarDig); + } + + VarDig =3D VAR_DIG_NEXT (VarDig); + } + + // + // Input variable is NULL than return first variable + // with smallest store index from the variable digest list. + // + if (((VarInfo->Header.VariableName =3D=3D NULL) || + (VarInfo->Header.VendorGuid =3D=3D NULL)) && + (ByIndex =3D=3D FALSE)) + { + return FirstStoreIndexVar; + } + + // + // Start with first entry + // + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + while (VarDig !=3D NULL) { + if (ByIndex) { + if (FindNext) { + if (VarDig->StoreIndex =3D=3D VarInfo->StoreIndex) { + Found =3D VarDig =3D VAR_DIG_NEXT (VarDig); + break; + } + } else if (VarDig->StoreIndex =3D=3D VarInfo->StoreIndex) { + Found =3D VarDig; + break; + } + } else { + // + // Match given variable name and vendor guid. + // + if (IS_VARIABLE (&VarInfo->Header, VAR_DIG_NAME (VarDig), VAR_DIG_GU= ID (VarDig))) { + Found =3D (FindNext) ? VAR_DIG_NEXT (VarDig) : VarDig; + break; + } + } + + VarDig =3D (FwdOrBwd > 0) ? VAR_DIG_NEXT (VarDig) : VAR_DIG_PREV (VarD= ig); + if (VarDig =3D=3D NULL) { + } + } + + return Found; +} + +/** + + Synchronize the RPMC counters + + @param[in] Global Pointer to global configuration data. + @param[in] VarInfo Pointer to variable data. + @param[in] FindNext Flag to continue looking for variable. + + @retval EFI_SUCCESS Successfully sync RPMC counters. + @return others Failed to sync RPMC counters. + +**/ +EFI_STATUS +SyncRpmcCounter ( + VOID + ) +{ + UINT32 Counter1; + UINT32 Counter2; + EFI_STATUS Status; + + // + // Sync RPMC1 & RPMC2. + // + Status =3D RequestMonotonicCounter (RPMC_COUNTER_1, &Counter1); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Status =3D RequestMonotonicCounter (RPMC_COUNTER_2, &Counter2); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + while (Counter1 < Counter2) { + Status =3D IncrementMonotonicCounter (RPMC_COUNTER_1); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + ++Counter1; + } + + while (Counter2 < Counter1) { + Status =3D IncrementMonotonicCounter (RPMC_COUNTER_2); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + ++Counter2; + } + + return EFI_SUCCESS; +} + +/** + + An alternative version of ProtectedVariableLibGetData to get plain data = from + given variable, if encrypted. + + @param[in] Global Pointer to global configuration data. + @param[in,out] VarInfo Pointer to structure containing variab= le + information. VarInfo->Header.Data must= point + to the original variable data. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER VarInfo is NULL or both VarInfo->Buffe= r and + VarInfo->Offset are invalid. + @retval EFI_NOT_FOUND The specified variable could not be fo= und. + +**/ +STATIC +EFI_STATUS +ProtectedVariableLibGetDataInternal ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + VOID *Buffer; + UINTN BufferSize; + + if ((Global =3D=3D NULL) || (VarInfo =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + ContextIn =3D GET_CNTX (Global); + + // + // Check if the data has been decrypted or not. + // + BufferSize =3D VarInfo->PlainDataSize; + VarInfo->CipherData =3D NULL; + VarInfo->CipherDataSize =3D 0; + VarInfo->PlainData =3D NULL; + VarInfo->PlainDataSize =3D 0; + Status =3D GetCipherDataInfo (VarInfo); + + if ((Status =3D=3D EFI_UNSUPPORTED) || (Status =3D=3D EFI_NOT_FOUND)) { + VarInfo->Flags.DecryptInPlace =3D TRUE; + VarInfo->PlainDataSize =3D (UINT32)VarInfo->Header.DataSize; + VarInfo->PlainData =3D VarInfo->Header.Data; + VarInfo->CipherDataType =3D 0; + VarInfo->CipherHeaderSize =3D 0; + Status =3D EFI_SUCCESS; + } else if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + // + // Don't do decryption if the caller provided buffer is too small + // Simply return the real Plain Data Size via VarInfo->PlainDataSize + // + if (BufferSize < VarInfo->PlainDataSize) { + return EFI_BUFFER_TOO_SMALL; + } + + // + // If the variable data is cipher data, decrypt it inplace if possible. + // + if ((VarInfo->PlainData =3D=3D NULL) && (VarInfo->CipherData !=3D NULL))= { + VarInfo->Key =3D Global->RootKey; + VarInfo->KeySize =3D sizeof (Global->RootKey); + + switch (ContextIn->VariableServiceUser) { + case FromPeiModule: + VarInfo->Flags.DecryptInPlace =3D FALSE; + // + // In PEI VariableCache holds Cipher header + Cipher data + // Do not override Cipher header data during decrypt operation + // + VarInfo->PlainData =3D GET_BUFR (Global->VariableCache + VarInfo->= CipherHeaderSize); + + Status =3D DecryptVariable (VarInfo); + if (Status =3D=3D EFI_UNSUPPORTED) { + VarInfo->PlainData =3D VarInfo->Header.Data; + VarInfo->PlainDataSize =3D (UINT32)VarInfo->Header.DataSize; + VarInfo->CipherDataType =3D 0; + VarInfo->CipherHeaderSize =3D 0; + + Status =3D EFI_SUCCESS; + } + + break; + + case FromSmmModule: + VarInfo->Flags.DecryptInPlace =3D FALSE; + VarInfo->PlainData =3D GET_BUFR (Global->VariableCache); + + Status =3D DecryptVariable (VarInfo); + if (Status =3D=3D EFI_UNSUPPORTED) { + VarInfo->PlainData =3D VarInfo->Header.Data; + VarInfo->PlainDataSize =3D (UINT32)VarInfo->Header.DataSize; + VarInfo->CipherDataType =3D 0; + VarInfo->CipherHeaderSize =3D 0; + + Status =3D EFI_SUCCESS; + } + + break; + + case FromBootServiceModule: + case FromRuntimeModule: + // + // The SMM passes back only decrypted data. We re-use the original= cipher + // data buffer to keep the plain data along with the cipher header. + // + VarInfo->Flags.DecryptInPlace =3D TRUE; + Buffer =3D (VOID *)((UINTN)VarInfo->CipherD= ata + VarInfo->CipherHeaderSize); + BufferSize =3D VarInfo->PlainDataSize; + Status =3D ContextIn->FindVariableSmm ( + VarInfo->Header.Varia= bleName, + VarInfo->Header.Vendo= rGuid, + &VarInfo->Header.Attr= ibutes, + &BufferSize, + Buffer + ); + if (!EFI_ERROR (Status)) { + // + // Flag the payload as plain data to avoid re-decrypting. + // + VarInfo->CipherDataType =3D ENC_TYPE_NULL; + VarInfo->PlainDataSize =3D (UINT32)BufferSize; + VarInfo->PlainData =3D Buffer; + + Status =3D SetCipherDataInfo (VarInfo); + if (Status =3D=3D EFI_UNSUPPORTED) { + Status =3D EFI_SUCCESS; + } + } + + break; + + default: + Status =3D EFI_UNSUPPORTED; + break; + } + + VarInfo->CipherData =3D NULL; + VarInfo->CipherDataSize =3D 0; + } + + return Status; +} + +/** + + An alternative version of ProtectedVariableLibGetData to get plain data,= if + encrypted, from given variable, for different use cases. + + @param[in,out] VarInfo Pointer to structure containing variable= information. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER VarInfo is NULL or both VarInfo->Buffe= r and + VarInfo->Offset are invalid. + @retval EFI_NOT_FOUND The specified variable could not be fo= und. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByInfo ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_GLOBAL *Global; + VOID **Buffer; + UINT32 BufferSize; + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + // + // Save the output data buffer because below call + // call will use this struct field internally. + // + Buffer =3D VarInfo->PlainData; + BufferSize =3D VarInfo->PlainDataSize; + + Status =3D ProtectedVariableLibGetDataInternal (Global, VarInfo); + if (EFI_ERROR (Status) || ((BufferSize) < VarInfo->PlainDataSize)) { + // + // Return with caller provided buffer with zero DataSize + // + VarInfo->PlainData =3D Buffer; + return Status; + } + + // + // Copy Plain data to ouput data buffer + // + CopyMem (Buffer, VarInfo->PlainData, VarInfo->PlainDataSize); + VarInfo->PlainData =3D Buffer; + + return Status; +} + +/** + + Retrieve plain data, if encrypted, of given variable. + + If variable encryption is employed, this function will initiate a SMM re= quest + to get the plain data. Due to security consideration, the decryption can= only + be done in SMM environment. + + @param[in] Variable Pointer to header of a Variable. + @param[in,out] Data Pointer to plain data of the given va= riable. + @param[in,out] DataSize Size of data returned or data buffer = needed. + @param[in] AuthFlag Auth-variable indicator. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_NOT_FOUND The specified variable could not be f= ound. + @retval EFI_BUFFER_TOO_SMALL If *DataSize is smaller than needed. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByBuffer ( + IN VARIABLE_HEADER *Variable, + IN OUT VOID *Data, + IN OUT UINT32 *DataSize, + IN BOOLEAN AuthFlag + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO VarInfo; + PROTECTED_VARIABLE_GLOBAL *Global; + AUTHENTICATED_VARIABLE_HEADER *AuthVariable; + VOID *Buffer; + + if ((Variable =3D=3D NULL) || (DataSize =3D=3D NULL)) { + ASSERT (Variable !=3D NULL); + ASSERT (DataSize !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + ZeroMem (&VarInfo, sizeof (VarInfo)); + + VarInfo.Buffer =3D Variable; + VarInfo.Flags.Auth =3D AuthFlag; + VarInfo.PlainDataSize =3D *DataSize; + + if (VarInfo.Flags.Auth =3D=3D TRUE) { + AuthVariable =3D (AUTHENTICATED_VARIABLE_HEADER *)Variable; + + VarInfo.Header.VariableName =3D (CHAR16 *)((UINTN)Variable + sizeof (A= UTHENTICATED_VARIABLE_HEADER)); + VarInfo.Header.NameSize =3D AuthVariable->NameSize; + VarInfo.Header.VendorGuid =3D &AuthVariable->VendorGuid; + VarInfo.Header.Attributes =3D AuthVariable->Attributes; + VarInfo.Header.DataSize =3D AuthVariable->DataSize; + } else { + VarInfo.Header.VariableName =3D (CHAR16 *)((UINTN)Variable + sizeof (V= ARIABLE_HEADER)); + VarInfo.Header.NameSize =3D Variable->NameSize; + VarInfo.Header.VendorGuid =3D &Variable->VendorGuid; + VarInfo.Header.Attributes =3D Variable->Attributes; + VarInfo.Header.DataSize =3D Variable->DataSize; + } + + Buffer =3D VARIABLE_NAME (VarInfo.Buffer, VarInfo.Flags.Aut= h); + Buffer =3D GET_BUFR (GET_ADRS (Buffer) + VarInfo.Header.Nam= eSize); + Buffer =3D GET_BUFR (GET_ADRS (Buffer) + GET_PAD_SIZE (VarI= nfo.Header.NameSize)); + VarInfo.Header.Data =3D Buffer; + + Status =3D ProtectedVariableLibGetDataInternal (Global, &VarInfo); + *DataSize =3D VarInfo.PlainDataSize; + if (EFI_ERROR (Status)) { + return Status; + } + + CopyMem (Data, VarInfo.PlainData, VarInfo.PlainDataSize); + + return Status; +} + +/** + This service retrieves a variable's value using its name and GUID. + + Read the specified variable from the UEFI variable store. If the Data + buffer is too small to hold the contents of the variable, the error + EFI_BUFFER_TOO_SMALL is returned and DataSize is set to the required buf= fer + size to obtain the data. + + @param VariableName A pointer to a null-terminated string that= is the variable's name. + @param VariableGuid A pointer to an EFI_GUID that is the varia= ble's GUID. The combination of + VariableGuid and VariableName must be uniq= ue. + @param Attributes If non-NULL, on return, points to the vari= able's attributes. + @param DataSize On entry, points to the size in bytes of t= he Data buffer. + On return, points to the size of the data = returned in Data. + @param Data Points to the buffer which will hold the r= eturned variable value. + May be NULL with a zero DataSize in order = to determine the size of the buffer needed. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable was be found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the resultin= g data. + DataSize is updated with the size required= for + the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid, DataSize or Da= ta is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetByName ( + IN CONST CHAR16 *VariableName, + IN CONST EFI_GUID *VariableGuid, + OUT UINT32 *Attributes, + IN OUT UINTN *DataSize, + OUT VOID *Data OPTIONAL + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *VarDig; + PROTECTED_VARIABLE_INFO VarInfo; + EFI_TIME TimeStamp; + VOID *DataBuffer; + + if ((VariableName =3D=3D NULL) || (VariableGuid =3D=3D NULL) || (DataSiz= e =3D=3D NULL)) { + ASSERT (VariableName !=3D NULL); + ASSERT (VariableGuid !=3D NULL); + ASSERT (DataSize !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Status =3D GetProtectedVariableGlobal (&Global); + + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + + ContextIn =3D GET_CNTX (Global); + + ZeroMem (&VarInfo, sizeof (VarInfo)); + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Header.VariableName =3D (CHAR16 *)VariableName; + VarInfo.Header.NameSize =3D StrSize (VariableName); + VarInfo.Header.VendorGuid =3D (EFI_GUID *)VariableGuid; + + VarDig =3D FindVariableInternal (Global, &VarInfo, FALSE); + if (VarDig =3D=3D NULL) { + return EFI_NOT_FOUND; + } + + if (Attributes !=3D NULL) { + *Attributes =3D VarDig->Attributes; + } + + if ((Data =3D=3D NULL) || (*DataSize < VarDig->PlainDataSize)) { + *DataSize =3D VarDig->PlainDataSize; + return EFI_BUFFER_TOO_SMALL; + } + + VarInfo.Flags.Auth =3D VarDig->Flags.Auth; + VarInfo.Flags.Protected =3D VarDig->Flags.Protected; + + // + // Verify digest before copy the data back, if the variable is not in ca= che. + // + if (VarDig->CacheIndex !=3D VAR_INDEX_INVALID) { + VarInfo.Header.VariableName =3D NULL; + VarInfo.Header.VendorGuid =3D NULL; + VarInfo.Buffer =3D GET_BUFR (VarDig->CacheIndex); + + Status =3D ContextIn->GetVariableInfo (&VarInfo); + ASSERT_EFI_ERROR (Status); + } else { + // + // A buffer for at least one variable data (<=3DPcdMax(Auth)VariableSi= ze) + // must be reserved in advance. + // + ASSERT ( + Global->VariableCache !=3D 0 + && Global->VariableCacheSize >=3D VarDig->DataSize + ); + DataBuffer =3D GET_BUFR (Global->VariableCache); + // + // Note name and GUID are already there. + // + VarInfo.StoreIndex =3D VarDig->StoreIndex; + + VarInfo.Header.VariableName =3D NULL; // Prevent name from being retri= eved again. + VarInfo.Header.NameSize =3D 0; + VarInfo.Header.VendorGuid =3D NULL; // Prevent guid from being retri= eved again. + VarInfo.Header.TimeStamp =3D &TimeStamp; + VarInfo.Header.Data =3D DataBuffer; + VarInfo.Header.DataSize =3D VarDig->DataSize; + + // + // Get detailed information about the variable. + // + Status =3D ContextIn->GetVariableInfo (&VarInfo); + ASSERT_EFI_ERROR (Status); + + // + // The variable must be validated its digest value to avoid TOCTOU, if= it's + // not been cached yet. + // + VarInfo.Header.VariableName =3D VAR_DIG_NAME (VarDig); + VarInfo.Header.NameSize =3D VarDig->NameSize; + VarInfo.Header.VendorGuid =3D &VarDig->VendorGuid; + Status =3D VerifyVariableDigest (Global, &VarInfo= , VarDig); + if (EFI_ERROR (Status)) { + return Status; + } + } + + VarInfo.PlainDataSize =3D (UINT32)*DataSize; + + // + // Decrypt the data, if necessary. + // + Status =3D ProtectedVariableLibGetDataInternal (Global, &VarInfo); + *DataSize =3D VarInfo.PlainDataSize; + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_INFO, + "%a: %d Exit(). VariableName =3D %s, VariableGuid =3D 0x%g, DataSize= =3D 0x%X, Data Buffer =3D 0x%lX, Status =3D %r\n", + __FUNCTION__, + __LINE__, + VariableName, + VariableGuid, + *DataSize, + Data, + Status + )); + return Status; + } + + CopyMem (Data, VarInfo.PlainData, VarInfo.PlainDataSize); + + return Status; +} + +/** + + This function is used to enumerate the variables managed by current + ProtectedVariableLib. + + If the VarInfo->StoreIndex is invalid (VAR_INDEX_INVALID), the first var= iable + with the smallest StoreIndex will be returned. Otherwise, the variable w= ith + StoreIndex just after than the VarInfo->StoreIndex will be returned. + + @param[in,out] VarInfo Pointer to structure containing variable= information. + + @retval EFI_SUCCESS Found the specified variable. + @retval EFI_INVALID_PARAMETER VarInfo is NULL. + @retval EFI_NOT_FOUND The specified variable could not be fo= und. + +**/ +STATIC +EFI_STATUS +GetNextVariableInternal ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *Found; + + if (VarInfo =3D=3D NULL) { + ASSERT (VarInfo !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Found =3D FindVariableInternal (Global, VarInfo, TRUE); + if (Found =3D=3D NULL) { + return EFI_NOT_FOUND; + } + + // + // Return all cached data. + // + VarInfo->Header.VariableName =3D VAR_DIG_NAME (Found); + VarInfo->Header.VendorGuid =3D VAR_DIG_GUID (Found); + VarInfo->Header.NameSize =3D Found->NameSize; + VarInfo->Header.DataSize =3D Found->DataSize; + VarInfo->Header.Attributes =3D Found->Attributes; + + VarInfo->PlainDataSize =3D Found->PlainDataSize; + VarInfo->StoreIndex =3D Found->StoreIndex; + if (Found->CacheIndex !=3D VAR_INDEX_INVALID) { + VarInfo->Buffer =3D GET_BUFR (Found->CacheIndex); + } + + VarInfo->Flags.Auth =3D Found->Flags.Auth; + + return EFI_SUCCESS; +} + +/** + + Find the request variable. + + @param[in, out] VarInfo Pointer to variable data. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_INVALID_PARAMETER Variable info is NULL. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFind ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *Found; + + if (VarInfo =3D=3D NULL) { + ASSERT (VarInfo !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Found =3D FindVariableInternal (Global, VarInfo, FALSE); + if (Found =3D=3D NULL) { + return EFI_NOT_FOUND; + } + + // + // Return all cached data. + // + VarInfo->Header.VariableName =3D VAR_DIG_NAME (Found); + VarInfo->Header.VendorGuid =3D VAR_DIG_GUID (Found); + VarInfo->Header.NameSize =3D Found->NameSize; + VarInfo->Header.DataSize =3D Found->DataSize; + VarInfo->Header.Attributes =3D Found->Attributes; + + VarInfo->PlainDataSize =3D Found->PlainDataSize; + VarInfo->StoreIndex =3D Found->StoreIndex; + if (Found->CacheIndex !=3D VAR_INDEX_INVALID) { + VarInfo->Buffer =3D GET_BUFR (Found->CacheIndex); + } + + VarInfo->Flags.Auth =3D Found->Flags.Auth; + + return EFI_SUCCESS; +} + +/** + Return the next variable name and GUID. + + This function is called multiple times to retrieve the VariableName + and VariableGuid of all variables currently available in the system. + On each call, the previous results are passed into the interface, + and, on return, the interface returns the data for the next + interface. When the entire variable list has been returned, + EFI_NOT_FOUND is returned. + + @param VariableNameSize On entry, points to the size of the buffer poi= nted to by VariableName. + On return, the size of the variable name buffe= r. + @param VariableName On entry, a pointer to a null-terminated strin= g that is the variable's name. + On return, points to the next variable's null-= terminated name string. + @param VariableGuid On entry, a pointer to an EFI_GUID that is the= variable's GUID. + On return, a pointer to the next variable's GU= ID. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_NOT_FOUND The variable could not be found. + @retval EFI_BUFFER_TOO_SMALL The VariableNameSize is too small for the = resulting + data. VariableNameSize is updated with the= size + required for the specified variable. + @retval EFI_INVALID_PARAMETER VariableName, VariableGuid or + VariableNameSize is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved becaus= e of a device error. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFindNext ( + IN OUT UINTN *VariableNameSize, + IN OUT CHAR16 *VariableName, + IN OUT EFI_GUID *VariableGuid + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO VarInfo; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *VarDig; + UINTN Size; + + if ((VariableNameSize =3D=3D NULL) || (VariableName =3D=3D NULL) || (Var= iableGuid =3D=3D NULL)) { + ASSERT (VariableNameSize !=3D NULL); + ASSERT (VariableName !=3D NULL); + ASSERT (VariableGuid !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + return Status; + } + + SetMem (&VarInfo, sizeof (VarInfo), 0); + Size =3D StrSize (VariableName); + + if (Size <=3D 2) { + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + } else { + VarInfo.Header.VariableName =3D VariableName; + VarInfo.Header.NameSize =3D Size; + VarInfo.Header.VendorGuid =3D VariableGuid; + + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + + VarDig =3D FindVariableInternal (Global, &VarInfo, TRUE); + } + + if (VarDig =3D=3D NULL) { + return EFI_NOT_FOUND; + } + + if (VarDig->NameSize > *VariableNameSize) { + return EFI_BUFFER_TOO_SMALL; + } + + CopyMem (VariableName, VAR_DIG_NAME (VarDig), VarDig->NameSize); + CopyGuid (VariableGuid, &VarDig->VendorGuid); + *VariableNameSize =3D VarInfo.Header.NameSize; + + return EFI_SUCCESS; +} + +/** + + Return the next variable name and GUID. + + @param[in, out] VarInfo Pointer to variable data. + + @retval EFI_SUCCESS The variable was read successfully. + @retval EFI_INVALID_PARAMETER VarInfo is NULL. + @retval EFI_NOT_FOUND The specified variable could not be foun= d. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibFindNextEx ( + IN OUT PROTECTED_VARIABLE_INFO *VarInfo + ) +{ + return GetNextVariableInternal (VarInfo); +} + +/** + + Return the max count of a variable. + + @return max count of a variable. + +**/ +UINTN +ProtectedVariableLibGetMaxVariablesCount ( + VOID + ) +{ + PROTECTED_VARIABLE_GLOBAL *Global; + PROTECTED_VARIABLE_INFO VarInfo; + VARIABLE_DIGEST *VarDig; + EFI_STATUS Status; + UINTN Count; + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return 0; + } + + Count =3D 0; + ZeroMem (&VarInfo, sizeof (VarInfo)); + + // + // Start with first entry + // + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + VarInfo.Header.VariableName =3D VAR_DIG_NAME (VarDig); + VarInfo.Header.VendorGuid =3D VAR_DIG_GUID (VarDig); + VarInfo.StoreIndex =3D VarDig->StoreIndex; + + do { + VarInfo.Buffer =3D NULL; + Status =3D ProtectedVariableLibFindNextEx (&VarInfo); + if (EFI_ERROR (Status)) { + return Count; + } + + Count++; + } while (TRUE); +} + +/** + The function is called by PerformQuickSort to sort. + + @param[in] Left The pointer to first buffer. + @param[in] Right The pointer to second buffer. + + @retval 0 Buffer1 equal to Buffer2. + @return < 0 Buffer1 is less than Buffer2. + @return > 0 Buffer1 is greater than Buffer2. + +**/ +INTN +EFIAPI +CompareStoreIndex ( + IN CONST VOID *Left, + IN CONST VOID *Right + ) +{ + EFI_PHYSICAL_ADDRESS StoreIndex1; + EFI_PHYSICAL_ADDRESS StoreIndex2; + + StoreIndex1 =3D (*(EFI_PHYSICAL_ADDRESS *)Left); + StoreIndex2 =3D (*(EFI_PHYSICAL_ADDRESS *)Right); + + if (StoreIndex1 =3D=3D StoreIndex2) { + return (0); + } + + if (StoreIndex1 < StoreIndex2) { + return (-1); + } + + return (1); +} + +/** + Refresh variable information changed by variable service. + + @param Buffer Pointer to a pointer of buffer. + @param NumElements Pointer to number of elements in list. + + + @return EFI_SUCCESS Successfully retrieved sorted list. + @return others Unsuccessful. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibGetSortedList ( + IN OUT EFI_PHYSICAL_ADDRESS **Buffer, + IN OUT UINTN *NumElements + ) +{ + EFI_STATUS Status; + UINTN Count; + UINTN StoreIndexTableSize; + EFI_PHYSICAL_ADDRESS *StoreIndexTable; + PROTECTED_VARIABLE_INFO VarInfo; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *VarDig; + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Count =3D 0; + ZeroMem (&VarInfo, sizeof (VarInfo)); + StoreIndexTableSize =3D ProtectedVariableLibGetMaxVariablesCount (); + StoreIndexTable =3D AllocateZeroPool (sizeof (EFI_PHYSICAL_ADDRESS) = * StoreIndexTableSize); + + // + // Start with first entry + // + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + VarInfo.Header.VariableName =3D VAR_DIG_NAME (VarDig); + VarInfo.Header.VendorGuid =3D VAR_DIG_GUID (VarDig); + VarInfo.StoreIndex =3D VarDig->StoreIndex; + StoreIndexTable[Count] =3D VarInfo.StoreIndex; + Count++; + + // + // Populate the un-sorted table + // + do { + VarInfo.Buffer =3D NULL; + Status =3D ProtectedVariableLibFindNextEx (&VarInfo); + if (EFI_ERROR (Status)) { + break; + } + + StoreIndexTable[Count] =3D VarInfo.StoreIndex; + Count++; + } while (TRUE); + + PerformQuickSort ( + StoreIndexTable, + Count, + sizeof (EFI_PHYSICAL_ADDRESS), + (SORT_COMPARE)CompareStoreIndex + ); + + *Buffer =3D StoreIndexTable; + *NumElements =3D Count; + + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.= c b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c new file mode 100644 index 000000000000..94df21eacf25 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableDxe.c @@ -0,0 +1,163 @@ +/** @file + Implemention of ProtectedVariableLib for SMM variable services. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include "Library/UefiBootServicesTableLib.h" +#include "Library/MemoryAllocationLib.h" + +#include "ProtectedVariableInternal.h" + +PROTECTED_VARIABLE_CONTEXT_IN mVariableContextIn =3D { + PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION, + sizeof (PROTECTED_VARIABLE_CONTEXT_IN), + 0, + FromSmmModule, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +PROTECTED_VARIABLE_GLOBAL mProtectedVariableGlobal =3D { + PROTECTED_VARIABLE_CONTEXT_OUT_STRUCT_VERSION, + sizeof (PROTECTED_VARIABLE_GLOBAL), + { 0 }, + { 0 }, + 0, + 0, + 0, + 0, + 0, + 0, + { 0, 0, 0 }, + 0, + 0, + { 0, 0, 0, 0, 0, 0} +}; + +/** + Fix incorrect state of MetaDataHmacVariable before any variable update. + + @param[in] Event The event that occurred + @param[in] Context For EFI compatibility. Not used. + +**/ +VOID +EFIAPI +VariableWriteProtocolCallback ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Fix incorrect state of MetaDataHmacVariable before any variable updat= e. + // This has to be done here due to the fact that this operation needs to + // update NV storage but the FVB and FTW protocol might not be ready dur= ing + // ProtectedVariableLibInitialize(). + // + Status =3D FixupHmacVariable (); + ASSERT_EFI_ERROR (Status); + + Status =3D ProtectedVariableLibWriteInit (); + ASSERT_EFI_ERROR (Status); + + gBS->CloseEvent (Event); +} + +/** + + Initialization for protected variable services. + + If this initialization failed upon any error, the whole variable services + should not be used. A system reset might be needed to re-construct NV + variable storage to be the default state. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + @retval EFI_COMPROMISED_DATA If failed to check integrity of protec= ted variables. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibInitialize ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN *ProtectedVarContext; + PROTECTED_VARIABLE_GLOBAL *OldGlobal; + PROTECTED_VARIABLE_GLOBAL *NewGlobal; + VOID *VarWriteReg; + + if ( (ContextIn =3D=3D NULL) + || (ContextIn->StructVersion !=3D PROTECTED_VARIABLE_CONTEXT_IN_STRUC= T_VERSION) + || (ContextIn->StructSize !=3D sizeof (PROTECTED_VARIABLE_CONTEXT_IN)) + || (ContextIn->GetVariableInfo =3D=3D NULL) + || (ContextIn->GetNextVariableInfo =3D=3D NULL) + || (ContextIn->UpdateVariableStore =3D=3D NULL) + || (ContextIn->UpdateVariable =3D=3D NULL)) + { + ASSERT (ContextIn !=3D NULL); + ASSERT (ContextIn->StructVersion =3D=3D PROTECTED_VARIABLE_CONTEXT_IN_= STRUCT_VERSION); + ASSERT (ContextIn->StructSize =3D=3D sizeof (PROTECTED_VARIABLE_CONTEX= T_IN)); + ASSERT (ContextIn->GetVariableInfo !=3D NULL); + ASSERT (ContextIn->GetNextVariableInfo !=3D NULL); + ASSERT (ContextIn->UpdateVariableStore !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + GetProtectedVariableGlobal (&NewGlobal); + ProtectedVarContext =3D GET_CNTX (NewGlobal); + CopyMem (ProtectedVarContext, ContextIn, sizeof (mVariableContextIn)); + ProtectedVarContext->VariableServiceUser =3D FromSmmModule; + + // + // Get root key and HMAC key from HOB created by PEI variable driver. + // + Status =3D GetProtectedVariableGlobalFromHob (&OldGlobal); + ASSERT_EFI_ERROR (Status); + + CopyMem ((VOID *)NewGlobal, (CONST VOID *)OldGlobal, sizeof (*OldGlobal)= ); + + // + // The keys must not be available outside SMM. + // + if (ProtectedVarContext->VariableServiceUser =3D=3D FromSmmModule) { + ZeroMem (OldGlobal->RootKey, sizeof (OldGlobal->RootKey)); + ZeroMem (OldGlobal->MetaDataHmacKey, sizeof (OldGlobal->MetaDataHmacKe= y)); + } + + // + // Register variable write protocol notify function used to fix any + // inconsistency in MetaDataHmacVariable before the first variable write + // operation. + // + NewGlobal->Flags.WriteInit =3D FALSE; + NewGlobal->Flags.WriteReady =3D FALSE; + + EfiCreateProtocolNotifyEvent ( + &gEfiVariableWriteArchProtocolGuid, + TPL_CALLBACK, + VariableWriteProtocolCallback, + NULL, + &VarWriteReg + ); + + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.= c b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c new file mode 100644 index 000000000000..8b5ccb83e32d --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariablePei.c @@ -0,0 +1,1327 @@ +/** @file + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +#include +#include + +#include +#include +#include +#include + +#include "ProtectedVariableInternal.h" + +/** + Function allocates a global buffer. + + This function allocates a buffer with the specified size. + + @param[in] Size Size of buffer to allocate. + @param[in] AllocatePage Whether to allocate pages. + + @retval Buffer Pointer to the Buffer allocated. + @retval NULL if no Buffer was found. + +**/ +VOID * +AllocateGlobalBuffer ( + IN UINT32 Size, + IN BOOLEAN AllocatePage + ) +{ + VOID *Buffer; + EFI_HOB_MEMORY_ALLOCATION *MemoryAllocationHob; + EFI_PEI_HOB_POINTERS Hob; + + Buffer =3D NULL; + if (!AllocatePage) { + Buffer =3D BuildGuidHob (&gEdkiiProtectedVariableGlobalGuid, Size); + } + + if (Buffer =3D=3D NULL) { + // + // Use the AllocatePages() to get over size limit of general GUID-ed H= OB. + // + Buffer =3D AllocatePages (EFI_SIZE_TO_PAGES (Size)); + if (Buffer =3D=3D NULL) { + ASSERT_EFI_ERROR (EFI_OUT_OF_RESOURCES); + return NULL; + } + + // + // Mark the HOB holding the pages just allocated so that it can be + // identified later. + // + MemoryAllocationHob =3D NULL; + Hob.Raw =3D GetFirstHob (EFI_HOB_TYPE_MEMORY_ALLOCATION); + while (Hob.Raw !=3D NULL) { + MemoryAllocationHob =3D (EFI_HOB_MEMORY_ALLOCATION *)Hob.Raw; + if ((UINTN)Buffer =3D=3D (UINTN)MemoryAllocationHob->AllocDescriptor= .MemoryBaseAddress) { + CopyGuid ( + &MemoryAllocationHob->AllocDescriptor.Name, + &gEdkiiProtectedVariableGlobalGuid + ); + break; + } + + Hob.Raw =3D GET_NEXT_HOB (Hob); + Hob.Raw =3D GetNextHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, Hob.Raw); + } + } + + return Buffer; +} + +/** + Callback use to re-verify all variables and cache them in memory. + + @param[in] PeiServices General purpose services available to ev= ery PEIM. + @param[in] NotifyDescriptor The notification structure this PEIM reg= istered on install. + @param[in] Ppi The memory discovered PPI. Not used. + + @retval EFI_SUCCESS The function completed successfully. + @retval others There's error in MP initialization. +**/ +EFI_STATUS +EFIAPI +MemoryDiscoveredPpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *VarDig; + PROTECTED_VARIABLE_INFO VarInfo; + VOID *Buffer; + UINT32 VarSize; + INTN Result; + + Status =3D GetProtectedVariableGlobal (&Global); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + ContextIn =3D GET_CNTX (Global); + + // + // Allocate last Var buffer for confidentiality crypto operation + // + VarSize =3D (Global->VariableNumber + 1) * MAX_VARIABLE_SIZE; + Buffer =3D AllocateGlobalBuffer (VarSize, TRUE); + + // + // Traverse all valid variables. + // + VarDig =3D VAR_DIG_PTR (Global->VariableDigests); + while (VarDig !=3D NULL) { + if (VarDig->CacheIndex =3D=3D VAR_INDEX_INVALID) { + ASSERT (VarDig->StoreIndex !=3D VAR_INDEX_INVALID); + + VarSize =3D VARIABLE_HEADER_SIZE (Global->Flags.Auth); + VarSize +=3D VarDig->NameSize + GET_PAD_SIZE (VarDig->NameSize); + VarSize +=3D VarDig->DataSize + GET_PAD_SIZE (VarDig->DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + + // + // Note the variable might be in unconsecutive space. + // + ZeroMem (&VarInfo, sizeof (VarInfo)); + VarInfo.StoreIndex =3D VarDig->StoreIndex; + VarInfo.Buffer =3D Buffer; + VarInfo.Flags.Auth =3D VarDig->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&VarInfo); + ASSERT_EFI_ERROR (Status); + // + // VerifyVariableDigest() refers to CipherData for raw data. + // + VarInfo.CipherData =3D VarInfo.Header.Data; + VarInfo.CipherDataSize =3D (UINT32)VarInfo.Header.DataSize; + + // + // Make sure that the cached copy is not compromised. + // + Status =3D VerifyVariableDigest (Global, &VarInfo, VarDig); + if (EFI_ERROR (Status)) { + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_UNRECOVERED, + (PcdGet32 (PcdStatusCodeVariableIntegrity) | (Status & 0xFF)) + ); + ASSERT_EFI_ERROR (Status); + CpuDeadLoop (); + } + + // + // Simply use the cache address as CacheIndex of the variable. + // + VarDig->CacheIndex =3D GET_ADRS (Buffer); + Buffer =3D (UINT8 *)Buffer + MAX_VARIABLE_SIZE; + } else { + Result =3D StrnCmp ( + VAR_DIG_NAME (VarDig), + METADATA_HMAC_VARIABLE_NAME, + METADATA_HMAC_VARIABLE_NAME_SIZE + ); + if (Result =3D=3D 0) { + CopyMem ( + Buffer, + GET_BUFR (Global->GlobalSelf + (Global->StructSize - GetMetaData= HmacVarSize (Global->Flags.Auth))), + GetMetaDataHmacVarSize (Global->Flags.Auth) + ); + + // + // Simply use the cache address as CacheIndex of the variable. + // + VarDig->CacheIndex =3D GET_ADRS (Buffer); + Buffer =3D (UINT8 *)Buffer + MAX_VARIABLE_SIZE; + } + } + + VarDig =3D VAR_DIG_NEXT (VarDig); + } + + return EFI_SUCCESS; +} + +/** + Callback use to perform variable integrity check. + + @param[in] PeiServices General purpose services available to ev= ery PEIM. + @param[in] NotifyDescriptor The notification structure this PEIM reg= istered on install. + @param[in] Ppi The memory discovered PPI. Not used. + + @retval EFI_SUCCESS The function completed successfully. + @retval others There's error in MP initialization. +**/ +EFI_STATUS +EFIAPI +VariableStoreDiscoveredPpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + EFI_STATUS Status; + EFI_HOB_GUID_TYPE *GuidHob; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + + GuidHob =3D GetFirstGuidHob (&gEdkiiProtectedVariableContextGuid); + if (GuidHob !=3D NULL) { + ContextIn =3D (PROTECTED_VARIABLE_CONTEXT_IN *)GET_GUID_HOB_DATA (Guid= Hob); + } else { + ASSERT (GuidHob =3D=3D NULL); + } + + Status =3D ContextIn->IsHobVariableStoreAvailable (); + + if (Status =3D=3D EFI_NOT_READY) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + Status =3D PerformVariableIntegrityCheck (ContextIn); + + return Status; +} + +EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] =3D { + { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMI= NATE_LIST), + &gEfiPeiMemoryDiscoveredPpiGuid, + MemoryDiscoveredPpiNotifyCallback + } +}; + +EFI_PEI_NOTIFY_DESCRIPTOR mVariableStoreNotifyList[] =3D { + { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMI= NATE_LIST), + &gEfiPeiVariableStoreDiscoveredPpiGuid, + VariableStoreDiscoveredPpiNotifyCallback + } +}; + +/** + + Get global data structure used to process protected variable. + + @param[out] Global Pointer to global configuration data. + + @retval EFI_SUCCESS Get requested structure successfully. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableGlobal ( + OUT PROTECTED_VARIABLE_GLOBAL **Global OPTIONAL + ) +{ + return GetProtectedVariableGlobalFromHob (Global); +} + +/** + + Get context data structure used to process protected variable. + + @param[out] ContextIn Pointer to context provided by variable runtim= e services. + + @retval EFI_SUCCESS Get requested structure successfully. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableContext ( + PROTECTED_VARIABLE_CONTEXT_IN **ContextIn OPTIONAL + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + + GuidHob =3D GetFirstGuidHob (&gEdkiiProtectedVariableContextGuid); + if (GuidHob !=3D NULL) { + *ContextIn =3D (PROTECTED_VARIABLE_CONTEXT_IN *)GET_GUID_HOB_DATA (Gui= dHob); + return EFI_SUCCESS; + } + + return EFI_NOT_FOUND; +} + +/** + Verify the HMAC value stored in MetaDataHmacVar against all valid and + protected variables in storage. + + @param[in,out] Global Pointer to global configuration data. + + @retval EFI_SUCCESS The HMAC value matches. + @retval EFI_ABORTED Error in HMAC value calculation. + @retval EFI_VOLUME_CORRUPTED Inconsistency found in NV variable stora= ge. + @retval EFI_COMPROMISED_DATA The HMAC value doesn't match. + +**/ +EFI_STATUS +VerifyMetaDataHmac ( + IN OUT PROTECTED_VARIABLE_GLOBAL *Global + ) +{ + EFI_STATUS Status; + VARIABLE_DIGEST *VariableDig; + UINT32 Counter1; + UINT32 Counter2; + VOID *Hmac1; + VOID *Hmac2; + UINT8 HmacVal1[METADATA_HMAC_SIZE]; + UINT8 HmacVal2[METADATA_HMAC_SIZE]; + + Hmac1 =3D NULL; + Hmac2 =3D HmacSha256New (); + if (Hmac2 =3D=3D NULL) { + ASSERT (Hmac2 !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + if (!HmacSha256SetKey (Hmac2, Global->MetaDataHmacKey, sizeof (Global->M= etaDataHmacKey))) { + ASSERT (FALSE); + Status =3D EFI_ABORTED; + goto Done; + } + + // + // Retrieve the RPMC counter value. + // + Status =3D RequestMonotonicCounter (RPMC_COUNTER_1, &Counter1); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + goto Done; + } + + Status =3D RequestMonotonicCounter (RPMC_COUNTER_2, &Counter2); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + goto Done; + } + + // + // Counter1 must be either equal to Counter2 or just one step ahead of C= ounter2. + // + if ((Counter1 > Counter2) && ((Counter1 - Counter2) > 1)) { + Status =3D EFI_COMPROMISED_DATA; + goto Done; + } + + VariableDig =3D VAR_DIG_PTR (Global->VariableDigests); + while (VariableDig !=3D NULL) { + // + // Only take valid protected variables into account. + // + if (VariableDig->Flags.Protected && VariableDig->Flags.Valid) { + if (!HmacSha256Update ( + Hmac2, + VAR_DIG_VALUE (VariableDig), + VariableDig->DigestSize + )) + { + ASSERT (FALSE); + Status =3D EFI_ABORTED; + goto Done; + } + } + + VariableDig =3D VAR_DIG_NEXT (VariableDig); + } + + // + // If two MetaDataHmacVariable were found, check which one is valid. We = might + // need two HMAC values to check against: one for Counter1, one for Coun= ter2. + // + if ( (Global->Unprotected[IndexHmacAdded] !=3D VAR_INDEX_INVALID) + && (Global->Unprotected[IndexHmacInDel] !=3D VAR_INDEX_INVALID) + && (Counter1 !=3D Counter2)) + { + // + // Might need to check Counter1. There must be something wrong in last= boot. + // + Hmac1 =3D HmacSha256New (); + if ((Hmac1 =3D=3D NULL) || !HmacSha256Duplicate (Hmac2, Hmac1)) { + ASSERT (FALSE); + Status =3D EFI_OUT_OF_RESOURCES; + goto Done; + } + + if ( !HmacSha256Update (Hmac1, &Counter1, sizeof (Counter1)) + || !HmacSha256Final (Hmac1, HmacVal1)) + { + ASSERT (FALSE); + Status =3D EFI_ABORTED; + goto Done; + } + } + + // + // Always check Counter2. + // + if ( !HmacSha256Update (Hmac2, &Counter2, sizeof (Counter2)) + || !HmacSha256Final (Hmac2, HmacVal2)) + { + ASSERT (FALSE); + Status =3D EFI_ABORTED; + goto Done; + } + + // + // When writing (update or add) a variable, there must be following ste= ps + // performed: + // + // A - Increment Counter1 + // B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state of VAR_ADDED + // D - Write the new protected variable + // E - Increment Counter2 + // F - Mark old MetaDataHmacVar as VAR_DELETED + // + Status =3D EFI_COMPROMISED_DATA; + if ( (Global->Unprotected[IndexHmacAdded] !=3D VAR_INDEX_INVALID) + && (Global->Unprotected[IndexHmacInDel] =3D=3D VAR_INDEX_INVALID)) + { + if (CompareMem ( + VAR_DIG_VALUE (VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded])= ), + HmacVal2, + METADATA_HMAC_SIZE + ) =3D=3D 0) + { + // + // + // + A - Increment Counter1 + // B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state of VAR_ADDED + // D - Write the new protected variable + // E - Increment Counter2 + // F - Mark old MetaDataHmacVar as VAR_DELETED + // + // or, + // + // + A - Increment Counter1 + // + B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // + C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state of VAR_ADDED + // + D - Write the new protected variable + // + E - Increment Counter2 + // + F - Mark old MetaDataHmacVar as VAR_DELETED + // + Status =3D EFI_SUCCESS; + + VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded])->Flags.Valid =3D T= RUE; + } + } else if ( (Global->Unprotected[IndexHmacAdded] =3D=3D VAR_INDEX_INVAL= ID) + && (Global->Unprotected[IndexHmacInDel] !=3D VAR_INDEX_INVALID= )) + { + if (CompareMem ( + VAR_DIG_VALUE (VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel])= ), + HmacVal2, + METADATA_HMAC_SIZE + ) =3D=3D 0) + { + // + // + A - Increment Counter1 + // + B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state of VAR_ADDED + // D - Write the new protected variable + // E - Increment Counter2 + // F - Mark old MetaDataHmacVar as VAR_DELETED + // + Status =3D EFI_SUCCESS; + + VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel])->Flags.Valid =3D T= RUE; + } + } else if ( (Global->Unprotected[IndexHmacAdded] !=3D VAR_INDEX_INVALID) + && (Global->Unprotected[IndexHmacInDel] !=3D VAR_INDEX_INVALID= )) + { + if (Counter1 > Counter2) { + if (CompareMem ( + VAR_DIG_VALUE (VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel= ])), + HmacVal2, + METADATA_HMAC_SIZE + ) =3D=3D 0) + { + // + // + A - Increment Counter1 + // + B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // + C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state VAR_ADDED + // D - Write the new protected variable + // E - Increment Counter2 + // F - Mark old MetaDataHmacVar as VAR_DELETED + // + Status =3D EFI_SUCCESS; + + VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded])->Flags.Valid =3D= FALSE; + VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel])->Flags.Valid =3D= TRUE; + } else if (CompareMem ( + VAR_DIG_VALUE (VAR_DIG_PTR (Global->Unprotected[IndexHm= acAdded])), + HmacVal1, + METADATA_HMAC_SIZE + ) =3D=3D 0) + { + // + // + A - Increment Counter1 + // + B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // + C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state of VAR_ADD= ED + // + D - Write the new protected variable + // E - Increment Counter2 + // F - Mark old MetaDataHmacVar as VAR_DELETED + // + Status =3D EFI_SUCCESS; + + VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded])->Flags.Valid =3D= TRUE; + VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel])->Flags.Valid =3D= FALSE; + } + } else { + if (CompareMem ( + VAR_DIG_VALUE (VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded= ])), + HmacVal2, + METADATA_HMAC_SIZE + ) =3D=3D 0) + { + // + // + A - Increment Counter1 + // + B - Mark old MetaDataHmacVar as VAR_IN_DELETED_TRANSITION + // + C - Calculate new HMAC value against Counter2+1, + // and force-add a new MetaDataHmacVar with state of VAR_ADD= ED + // + D - Write the new protected variable + // + E - Increment Counter2 + // F - Mark old MetaDataHmacVar as VAR_DELETED + // + Status =3D EFI_SUCCESS; + + VAR_DIG_PTR (Global->Unprotected[IndexHmacAdded])->Flags.Valid =3D= TRUE; + VAR_DIG_PTR (Global->Unprotected[IndexHmacInDel])->Flags.Valid =3D= FALSE; + } + } + } else { + // + // There must be logic error or variable written to storage skipped + // the protected variable service, if code reaches here. + // + ASSERT (FALSE); + } + +Done: + if (Hmac1 !=3D NULL) { + HmacSha256Free (Hmac1); + } + + if (Hmac2 !=3D NULL) { + HmacSha256Free (Hmac2); + } + + return Status; +} + +/** + Collect variable digest information. + + This information is collected to be used to for integrity check. + + @param[in] Global Pointer to global configuration data. + @param[in] ContextIn Pointer to variable service context = needed by + protected variable. + @param[in, out] DigestBuffer Base address of digest of each varia= ble. + @param[out] DigestBufferSize Digest size of one variable if Diges= tBuffer is NULL. + Size of DigestBuffer if DigestBuffer= is NOT NULL. + @param[out] VariableNumber Number of valid variables. + + @retval EFI_SUCCESS Successfully retreived variable digest. + @retval EFI_INVALID_PARAMETER One ore more parameters are invalid. + @retval EFI_OUT_OF_RESOURCES Unable to allocate memory. + @retval EFI_BUFFER_TOO_SMALL The DigestBufferSize pass in is too sm= all. + +**/ +EFI_STATUS +CollectVariableDigestInfo ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn, + IN OUT VOID *DigestBuffer OPTIONAL, + OUT UINT32 *DigestBufferSize OPTIONAL, + OUT UINT32 *VariableNumber OPTIONAL + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO VarInfo; + UINT32 VarNum; + UINT32 DigSize; + VARIABLE_DIGEST *VarDig; + EFI_TIME TimeStamp; + UNPROTECTED_VARIABLE_INDEX VarIndex; + + // + // This function might be called before Global is initialized. In that c= ase, + // Global must be NULL but not ContextIn. + // + if ((Global =3D=3D NULL) && (ContextIn =3D=3D NULL)) { + ASSERT (Global !=3D NULL || ContextIn !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + if ((Global =3D=3D NULL) && (DigestBuffer !=3D NULL)) { + ASSERT (Global !=3D NULL && DigestBuffer !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + if ( (DigestBuffer !=3D NULL) + && ((DigestBufferSize =3D=3D NULL) || (*DigestBufferSize =3D=3D 0))) + { + ASSERT ( + DigestBuffer !=3D NULL + && DigestBufferSize !=3D NULL && *DigestBufferSize > 0 + ); + return EFI_INVALID_PARAMETER; + } + + if ((Global !=3D NULL) && (ContextIn =3D=3D NULL)) { + ContextIn =3D GET_CNTX (Global); + } + + DigSize =3D 0; + VarNum =3D 0; + VarDig =3D NULL; + + ZeroMem (&VarInfo, sizeof (VarInfo)); + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; // To get the first variable. + + if ((Global !=3D NULL) && + (Global->VariableCache !=3D 0) && + (Global->VariableCacheSize > 0)) + { + // + // Use the variable cache to hold a copy of one variable. + // + VarInfo.Buffer =3D GET_BUFR (Global->VariableCache); + } else { + // + // Allocate a buffer to hold a copy of one variable + // + VarInfo.Buffer =3D AllocatePages (EFI_SIZE_TO_PAGES (MAX_VARIABLE_SIZE= )); + if (VarInfo.Buffer =3D=3D NULL) { + ASSERT (VarInfo.Buffer !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + } + + if ((DigestBuffer !=3D NULL) && (*DigestBufferSize > 0)) { + VarDig =3D DigestBuffer; + } + + while (TRUE) { + if (VarDig !=3D NULL) { + if (DigSize >=3D (*DigestBufferSize)) { + // + // Out of buffer. + // + break; + } + + VarInfo.Header.VendorGuid =3D &VarDig->VendorGuid; + VarInfo.Header.VariableName =3D VAR_DIG_NAME (VarDig); + VarInfo.Header.NameSize =3D (UINTN)DigestBuffer + (UINTN)*Digest= BufferSize + - (UINTN)VarInfo.Header.VariableName; + VarInfo.Header.TimeStamp =3D &TimeStamp; + VarInfo.Header.Data =3D NULL; + } else { + ZeroMem ((VOID *)&VarInfo.Header, sizeof (VarInfo.Header)); + } + + Status =3D ContextIn->GetNextVariableInfo (&VarInfo); + if (EFI_ERROR (Status)) { + break; + } + + // + // Skip deleted variables. + // + if ( (VarInfo.Header.State !=3D VAR_ADDED) + && (VarInfo.Header.State !=3D (VAR_ADDED & VAR_IN_DELETED_TRANSITIO= N))) + { + continue; + } + + if (Global !=3D NULL) { + Global->Flags.Auth &=3D VarInfo.Flags.Auth; + } + + VarNum +=3D 1; + DigSize +=3D (UINT32)(sizeof (VARIABLE_DIGEST) + + VarInfo.Header.NameSize + + METADATA_HMAC_SIZE); + if ((DigestBuffer !=3D NULL) && (DigSize > *DigestBufferSize)) { + ASSERT (DigSize <=3D *DigestBufferSize); + return EFI_BUFFER_TOO_SMALL; + } + + if (VarDig !=3D NULL) { + VarDig->Prev =3D 0; + VarDig->Next =3D 0; + VarDig->State =3D VarInfo.Header.State; + VarDig->Attributes =3D VarInfo.Header.Attributes; + VarDig->DataSize =3D (UINT32)VarInfo.Header.DataSize; + VarDig->NameSize =3D (UINT16)VarInfo.Header.NameSize; + VarDig->DigestSize =3D METADATA_HMAC_SIZE; + VarDig->StoreIndex =3D VarInfo.StoreIndex; + + if ((VarInfo.Buffer !=3D NULL) && ((UINTN)VarInfo.Buffer !=3D Global= ->VariableCache)) { + VarDig->CacheIndex =3D GET_ADRS (VarInfo.Buffer); + } else { + VarDig->CacheIndex =3D VAR_INDEX_INVALID; + } + + VarDig->Flags.Auth =3D VarInfo.Flags.Auth; + VarDig->Flags.Valid =3D TRUE; + + VarIndex =3D CheckKnownUnprotectedVariable (Global, &VarInfo); + if (VarIndex >=3D UnprotectedVarIndexMax) { + // + // Check information relating to encryption, if enabled. + // + VarDig->Flags.Encrypted =3D FALSE; + if ((VarInfo.Header.Data !=3D NULL) && (VarInfo.Header.DataSize > = 0)) { + VarInfo.CipherData =3D NULL; + VarInfo.CipherDataSize =3D 0; + VarInfo.PlainData =3D NULL; + VarInfo.PlainDataSize =3D 0; + Status =3D GetCipherDataInfo (&VarInfo); + if (!EFI_ERROR (Status)) { + // + // Discovered encrypted variable mark variable to be + // encrypted on the next SetVariable() operation + // + VarDig->Flags.Encrypted =3D PcdGetBool (PcdProtectedVariableCo= nfidentiality); + } else { + VarInfo.PlainData =3D VarInfo.Header.Data; + VarInfo.PlainDataSize =3D (UINT32)VarInfo.Header.DataSize; + VarInfo.CipherDataType =3D 0; + VarInfo.CipherHeaderSize =3D 0; + if (Status =3D=3D EFI_NOT_FOUND) { + // + // Found variable that is not encrypted mark variable to be + // encrypted on the next SetVariable() operation + // + VarDig->Flags.Encrypted =3D PcdGetBool (PcdProtectedVariable= Confidentiality); + } + } + } + + // + // Variable is protected + // + VarDig->Flags.Protected =3D PcdGetBool (PcdProtectedVariableIntegr= ity); + VarDig->PlainDataSize =3D VarInfo.PlainDataSize; + + // + // Calculate digest only for protected variable. + // + Status =3D GetVariableDigest (Global, &VarInfo, VAR_DIG_VALUE (Var= Dig)); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Keep the VarDig in an ordered list. + // + InsertVariableDigestNode (Global, VarDig, CompareVariableDigestInf= o); + } else { + VarDig->Flags.Protected =3D FALSE; + VarDig->Flags.Encrypted =3D FALSE; + VarDig->PlainDataSize =3D VarDig->DataSize; + + // + // Make use of VARIABLE_DIGEST->DigestValue to cache HMAC value fr= om + // MetaDataHmacVar, which doesn't need a digest value (only protec= ted + // variables need it for integrity check). + // + if ((VarIndex =3D=3D IndexHmacInDel) || (VarIndex =3D=3D IndexHmac= Added)) { + if (VarDig->State =3D=3D VAR_ADDED) { + VarIndex =3D IndexHmacAdded; + } else { + VarIndex =3D IndexHmacInDel; + } + } + + Global->Unprotected[VarIndex] =3D VAR_DIG_ADR (VarDig); + + if ((VarInfo.Header.Data !=3D NULL) && (VarDig->DataSize <=3D VarD= ig->DigestSize)) { + CopyMem (VAR_DIG_VALUE (VarDig), VarInfo.Header.Data, VarDig->Da= taSize); + } + + // + // Don't add the VarDig for MetaDataHmacVar into the linked list n= ow. + // Do it after the HMAC has been validated. + // + if ((VarIndex !=3D IndexHmacInDel) || (VarIndex !=3D IndexHmacAdde= d)) { + InsertVariableDigestNode (Global, VarDig, CompareVariableDigestI= nfo); + } + } + + VarDig =3D (VARIABLE_DIGEST *)((UINTN)VarDig + VAR_DIG_END (VarDig)); + } + } + + if (EFI_ERROR (Status) && (Status !=3D EFI_NOT_FOUND)) { + return Status; + } + + if (DigestBufferSize !=3D NULL) { + *DigestBufferSize =3D DigSize; + } + + if (VariableNumber !=3D NULL) { + *VariableNumber =3D VarNum; + } + + if ((Global =3D=3D NULL) && (VarInfo.Buffer !=3D NULL)) { + // + // Free Buffer + // + FreePages (VarInfo.Buffer, EFI_SIZE_TO_PAGES (MAX_VARIABLE_SIZE)); + } + + return EFI_SUCCESS; +} + +/** + + Perform for protected variable integrity check. + + If this initialization failed upon any error, the whole variable services + should not be used. A system reset might be needed to re-construct NV + variable storage to be the default state. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + @retval EFI_COMPROMISED_DATA If failed to check integrity of protec= ted variables. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +PerformVariableIntegrityCheck ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ) +{ + EFI_STATUS Status; + UINT32 HobDataSize; + UINT32 VarNumber; + VOID *Buffer; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *DigBuffer; + UINT32 DigBufferSize; + UINT32 HmacMetaDataSize; + UINTN Index; + BOOLEAN PreviousKey; + EFI_HOB_GUID_TYPE *GuidHob; + + if ((ContextIn =3D=3D NULL) || (ContextIn->GetNextVariableInfo =3D=3D NU= LL)) { + ASSERT (ContextIn !=3D NULL); + ASSERT (ContextIn->GetNextVariableInfo !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + ContextIn->StructSize =3D (ContextIn->StructSize =3D=3D 0) ? sizeof (*Co= ntextIn) + : ContextIn->Struct= Size; + + // + // Enumerate all variables first to collect info for resource allocation. + // + DigBufferSize =3D 0; + Status =3D CollectVariableDigestInfo ( + NULL, + ContextIn, + NULL, + &DigBufferSize, + &VarNumber + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return EFI_VOLUME_CORRUPTED; + } + + // + // Allocate buffer for Global. Memory layout: + // + // Global + // Digest context + // Variable Digest List + // HmacMetaData + // + // To save precious NEM space of processor, variable cache will not be + // allocated at this point until physical memory is ready for use. + // + HmacMetaDataSize =3D (UINT32)GetMetaDataHmacVarSize (TRUE); + HobDataSize =3D sizeof (PROTECTED_VARIABLE_GLOBAL) + + (UINT32)DIGEST_CONTEXT_SIZE + + DigBufferSize + + HmacMetaDataSize; + Buffer =3D AllocateGlobalBuffer (HobDataSize, FALSE); + if (Buffer =3D=3D NULL) { + ASSERT (Buffer !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + Global =3D (PROTECTED_VARIABLE_GLOBAL *)((UINTN)Buffer); + Global->DigestContext =3D GET_ADRS (Global + 1); + + if (DigBufferSize > 0) { + DigBuffer =3D (VARIABLE_DIGEST *)(UINTN)(Global->DigestContext + DIGES= T_CONTEXT_SIZE); + ZeroMem (DigBuffer, DigBufferSize); + } else { + DigBuffer =3D NULL; + } + + // + // Keep a copy of ContextIn in HOB for later uses. + // + Global->GlobalSelf =3D GET_ADRS (Global); + Global->ContextIn =3D GET_ADRS (ContextIn); + + Global->StructVersion =3D PROTECTED_VARIABLE_CONTEXT_OUT_STRUCT_VERSION; + Global->StructSize =3D HobDataSize; + + Global->VariableNumber =3D VarNumber; + Global->VariableDigests =3D 0; + + Global->Flags.Auth =3D TRUE; + Global->Flags.WriteInit =3D FALSE; + Global->Flags.WriteReady =3D FALSE; + + GuidHob =3D GetFirstGuidHob (&gEfiAuthenticatedVariableGuid); + if (GuidHob =3D=3D NULL) { + GuidHob =3D GetFirstGuidHob (&gEfiVariableGuid); + if (GuidHob !=3D NULL) { + Global->Flags.Auth =3D FALSE; + } + } + + Global->Flags.RecoveryMode =3D (GuidHob !=3D NULL); + + // + // Before physical memory is ready, we cannot cache all variables in the= very + // limited NEM space. But we still need to reserve buffer to hold data of + // one variable as well as context for integrity check (HMAC calculation= ). + // + Global->VariableCacheSize =3D MAX_VARIABLE_SIZE; + Buffer =3D AllocatePages (EFI_SIZE_TO_PAGES (Global->= VariableCacheSize)); + if (Buffer =3D=3D NULL) { + ASSERT (Buffer !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + Global->VariableCache =3D GET_ADRS (Buffer); + Global->LastAccessedVariable =3D VAR_INDEX_INVALID; + + for (Index =3D 0; Index < UnprotectedVarIndexMax; ++Index) { + Global->Unprotected[Index] =3D VAR_INDEX_INVALID; + } + + // + // Re-enumerate all NV variables and build digest list. + // + Status =3D CollectVariableDigestInfo ( + Global, + ContextIn, + DigBuffer, + &DigBufferSize, + &VarNumber + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + ASSERT (Global->VariableNumber =3D=3D VarNumber); + + // + // Fix-up number of valid protected variables (i.e. exclude unprotected = ones) + // + for (Index =3D 0; VarNumber !=3D 0 && Index < UnprotectedVarIndexMax; ++= Index) { + if (Global->Unprotected[Index] !=3D VAR_INDEX_INVALID) { + --VarNumber; + } + } + + // + // Get root key and generate HMAC key. + // + PreviousKey =3D FALSE; + Status =3D GetVariableKey ((VOID *)Global->RootKey, sizeof (Global-= >RootKey)); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + Status =3D EFI_COMPROMISED_DATA; + } + + // + // Derive the MetaDataHmacKey from root key + // + if (!GenerateMetaDataHmacKey ( + Global->RootKey, + sizeof (Global->RootKey), + Global->MetaDataHmacKey, + sizeof (Global->MetaDataHmacKey) + )) + { + ASSERT (FALSE); + Status =3D EFI_COMPROMISED_DATA; + } + + // + // Check the integrity of all NV variables, if any. + // + if (( (Global->Unprotected[IndexHmacAdded] !=3D VAR_INDEX_INVALID) + || (Global->Unprotected[IndexHmacInDel] !=3D VAR_INDEX_INVALID))) + { + // + // Validate the HMAC stored in variable MetaDataHmacVar. + // + Status =3D VerifyMetaDataHmac (Global); + if (EFI_ERROR (Status)) { + // + // Try again with the previous root key if the latest key failed the= HMAC validation. + // + Status =3D GetVariableKey ((VOID *)Global->RootKey, sizeof (Global->= RootKey)); + if (!EFI_ERROR (Status)) { + // + // Derive the MetaDataHmacKey from previous root key + // + if (GenerateMetaDataHmacKey ( + Global->RootKey, + sizeof (Global->RootKey), + Global->MetaDataHmacKey, + sizeof (Global->MetaDataHmacKey) + ) =3D=3D TRUE) + { + // + // Validate the HMAC stored in variable MetaDataHmacVar. + // + Status =3D VerifyMetaDataHmac (Global); + if (!EFI_ERROR (Status)) { + Status =3D EFI_COMPROMISED_DATA; + } + } else { + Status =3D EFI_COMPROMISED_DATA; + } + } + } + } else if (Global->Flags.RecoveryMode) { + // + // Generate the first version of MetaDataHmacVar. + // + Status =3D SyncRpmcCounter (); + if (!EFI_ERROR (Status)) { + Status =3D RefreshVariableMetadataHmac (Global, NULL, NULL); + if (!EFI_ERROR (Status)) { + // + // MetaDataHmacVar is always calculated against Counter2+1. Updati= ng + // RPMCs to match it. + // + (VOID)IncrementMonotonicCounter (RPMC_COUNTER_1); + (VOID)IncrementMonotonicCounter (RPMC_COUNTER_2); + } + } + } else if ((VarNumber > 0) && !Global->Flags.RecoveryMode) { + // + // There's no MetaDataHmacVar found for protected variables. Suppose + // the variable storage is compromised. + // + Status =3D EFI_COMPROMISED_DATA; + } + + if (EFI_ERROR (Status)) { + // + // The integrity of variables have been compromised. The platform has = to do + // something to recover the variable store. But the boot should not go= on + // anyway this time. + // + DEBUG ((DEBUG_ERROR, "%a: %d Integrity check Status =3D %r\n", __FUNCT= ION__, __LINE__, Status)); + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_UNRECOVERED, + (PcdGet32 (PcdStatusCodeVariableIntegrity) | EFI_SW_PEI_PC_RECOVERY_= BEGIN) + ); + #if defined (EDKII_UNIT_TEST_FRAMEWORK_ENABLED) // Avoid test malfunction= ing. + return Status; + #else + ASSERT_EFI_ERROR (Status); + CpuDeadLoop (); + #endif + } + + // + // Everything's OK. + // + REPORT_STATUS_CODE ( + EFI_PROGRESS_CODE, + PcdGet32 (PcdStatusCodeVariableIntegrity) + ); + + if (GET_BUFR (Global->VariableCacheSize) !=3D NULL) { + // + // Free Buffer + // + FreePages (Buffer, EFI_SIZE_TO_PAGES (Global->VariableCacheSize)); + } + + // + // Keep the valid MetaDataHmacVar in the list. + // + for (Index =3D 0; Index < IndexPlatformVar; ++Index) { + if ( (Global->Unprotected[Index] !=3D VAR_INDEX_INVALID) + && VAR_DIG_PTR (Global->Unprotected[Index])->Flags.Valid) + { + InsertVariableDigestNode ( + Global, + VAR_DIG_PTR (Global->Unprotected[Index]), + NULL + ); + } + } + + // + // Restore the key to the latest one. + // + if (PreviousKey) { + Status =3D GetVariableKey ((VOID *)Global->RootKey, sizeof (Global->Ro= otKey)); + ASSERT_EFI_ERROR (Status); + + // + // Derive the MetaDataHmacKey from root key + // + if (!GenerateMetaDataHmacKey ( + Global->RootKey, + sizeof (Global->RootKey), + Global->MetaDataHmacKey, + sizeof (Global->MetaDataHmacKey) + )) + { + ASSERT (FALSE); + } + } + + // + // Make sure that the RPMC counter is in-sync. + // + Status =3D SyncRpmcCounter (); + + // + // Setup a hook to migrate data in Global once physical memory is ready. + // + Status =3D PeiServicesNotifyPpi (mPostMemNotifyList); + + return Status; +} + +/** + + Initialization for protected variable services. + + If the variable store is available than perform integrity check. + Otherwise, defer integrity check until variable store is available. + + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + @retval EFI_COMPROMISED_DATA If failed to check integrity of protec= ted variables. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibInitialize ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ) +{ + EFI_STATUS Status; + VOID *ContextInHob; + PROTECTED_VARIABLE_INFO VarInfo; + + if ((ContextIn =3D=3D NULL) || (ContextIn->GetNextVariableInfo =3D=3D NU= LL)) { + ASSERT (ContextIn !=3D NULL); + ASSERT (ContextIn->GetNextVariableInfo !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + // + // Keep a copy of ContextIn in HOB for later uses. + // + ContextIn->StructSize =3D (ContextIn->StructSize =3D=3D 0) ? sizeof (*Co= ntextIn) + : ContextIn->Struct= Size; + ContextInHob =3D BuildGuidHob (&gEdkiiProtectedVariableContextGuid, Cont= extIn->StructSize); + CopyMem (ContextInHob, ContextIn, ContextIn->StructSize); + + // + // Discover if Variable Store Info Hob has been published by platform dr= iver. + // It contains information regards to HOB or NV Variable Store availabil= ity + // + ZeroMem ((VOID *)&VarInfo.Header, sizeof (VarInfo.Header)); + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Buffer =3D AllocatePages (EFI_SIZE_TO_PAGES (MAX_VARIABLE_SI= ZE)); + if (VarInfo.Buffer =3D=3D NULL) { + ASSERT (VarInfo.Buffer !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + FreePages (VarInfo.Buffer, EFI_SIZE_TO_PAGES ((MAX_VARIABLE_SIZE))); + + Status =3D ContextIn->GetNextVariableInfo (&VarInfo); + if (EFI_ERROR (Status)) { + // + // Register for platform driver callback when Variable Store is availa= ble. + // + DEBUG ((DEBUG_INFO, "Variable Store is not available. Register for a i= ntegrity check callback\n")); + Status =3D PeiServicesNotifyPpi (mVariableStoreNotifyList); + return Status; + } + + // + // HOB Variable store is not available + // Assume NV Variable store is available instead + // Perform integrity check on NV Variable Store + // + DEBUG ((DEBUG_INFO, "NV Variable Store is available. Perform integrity c= heck\n")); + Status =3D PerformVariableIntegrityCheck (ContextInHob); + return Status; +} + +/** + + Prepare for variable update. + + (Not suppported in PEI phase.) + + @retval EFI_UNSUPPORTED Updating variable is not supported. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteInit ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + + Update a variable with protection provided by this library. + + Not supported in PEI phase. + + @param[in,out] CurrVariable Variable to be updated. It's NULL if + adding a new variable. + @param[in] CurrVariableInDel In-delete-transition copy of updatin= g variable. + @param[in,out] NewVariable Buffer of new variable data. + Buffer of "MetaDataHmacVar" and new + variable (encrypted). + @param[in,out] NewVariableSize Size of NewVariable. + Size of (encrypted) NewVariable and + "MetaDataHmacVar". + + @retval EFI_UNSUPPORTED Not support updating variable in PEI pha= se. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibUpdate ( + IN OUT VARIABLE_HEADER *CurrVariable, + IN VARIABLE_HEADER *CurrVariableInDel, + IN OUT VARIABLE_HEADER *NewVariable, + IN OUT UINTN *NewVariableSize + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + + Finalize a variable updating after it's written to NV variable storage + successfully. + + @param[in] NewVariable Buffer of new variables and MetaDataHm= acVar. + @param[in] VariableSize Size of buffer pointed by NewVariable. + @param[in] StoreIndex StoreIndex to NV variable storage from= where the new + variable and MetaDataHmacVar have been= written. + + @retval EFI_UNSUPPORTED Not support updating variable in PEI p= hase. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteFinal ( + IN VARIABLE_HEADER *NewVariable, + IN UINTN VariableSize, + IN UINT64 StoreIndex + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.= c b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c new file mode 100644 index 000000000000..8e964f4cd28d --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmm.c @@ -0,0 +1,209 @@ +/** @file + Implemention of ProtectedVariableLib for SMM variable services. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include "Guid/SmmVariableCommon.h" + +#include "Library/MmServicesTableLib.h" +#include "Library/MemoryAllocationLib.h" + +#include "ProtectedVariableInternal.h" + +PROTECTED_VARIABLE_CONTEXT_IN mVariableContextIn =3D { + PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION, + sizeof (PROTECTED_VARIABLE_CONTEXT_IN), + 0, + FromSmmModule, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +PROTECTED_VARIABLE_GLOBAL mProtectedVariableGlobal =3D { + PROTECTED_VARIABLE_CONTEXT_OUT_STRUCT_VERSION, + sizeof (PROTECTED_VARIABLE_GLOBAL), + { 0 }, + { 0 }, + 0, + 0, + 0, + 0, + 0, + 0, + { 0, 0, 0 }, + 0, + 0, + { 0, 0, 0, 0} +}; + +/** + + Callback function to call variable write. + + @param[in] Protocol Not Used. + @param[in] Interface Not Used. + @param[in] Handle Not Used. + + @retval EFI_SUCCESS Protected variable write successful. + @retval others Protected variable write failed. + +**/ +EFI_STATUS +EFIAPI +VariableWriteProtocolCallback ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + + Status =3D ProtectedVariableLibWriteInit (); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + +/** + + Initialization for protected variable services. + + If this initialization failed upon any error, the whole variable services + should not be used. A system reset might be needed to re-construct NV + variable storage to be the default state. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + @retval EFI_COMPROMISED_DATA If failed to check integrity of protec= ted variables. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process protected varia= ble. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibInitialize ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN *ProtectedVarContext; + PROTECTED_VARIABLE_GLOBAL *OldGlobal; + PROTECTED_VARIABLE_GLOBAL *NewGlobal; + VARIABLE_DIGEST *VarDig; + VARIABLE_DIGEST *NewVarDig; + EFI_PHYSICAL_ADDRESS NewCacheIndex; + UINTN VarSize; + UNPROTECTED_VARIABLE_INDEX Index; + + if ( (ContextIn =3D=3D NULL) + || (ContextIn->StructVersion !=3D PROTECTED_VARIABLE_CONTEXT_IN_STRUC= T_VERSION) + || (ContextIn->StructSize !=3D sizeof (PROTECTED_VARIABLE_CONTEXT_IN)) + || (ContextIn->GetVariableInfo =3D=3D NULL) + || (ContextIn->GetNextVariableInfo =3D=3D NULL) + || (ContextIn->UpdateVariableStore =3D=3D NULL) + || (ContextIn->UpdateVariable =3D=3D NULL)) + { + ASSERT (ContextIn !=3D NULL); + ASSERT (ContextIn->StructVersion =3D=3D PROTECTED_VARIABLE_CONTEXT_IN_= STRUCT_VERSION); + ASSERT (ContextIn->StructSize =3D=3D sizeof (PROTECTED_VARIABLE_CONTEX= T_IN)); + ASSERT (ContextIn->GetVariableInfo !=3D NULL); + ASSERT (ContextIn->GetNextVariableInfo !=3D NULL); + ASSERT (ContextIn->UpdateVariableStore !=3D NULL); + ASSERT (ContextIn->UpdateVariable !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + GetProtectedVariableGlobal (&NewGlobal); + ProtectedVarContext =3D GET_CNTX (NewGlobal); + CopyMem (ProtectedVarContext, ContextIn, sizeof (mVariableContextIn)); + ProtectedVarContext->VariableServiceUser =3D FromSmmModule; + + // + // Get root key and HMAC key from HOB created by PEI variable driver. + // + Status =3D GetProtectedVariableGlobalFromHob (&OldGlobal); + ASSERT_EFI_ERROR (Status); + + CopyMem ((VOID *)NewGlobal, (CONST VOID *)OldGlobal, sizeof (*OldGlobal)= ); + + // + // The keys must not be available outside SMM. + // + if (ProtectedVarContext->VariableServiceUser =3D=3D FromSmmModule) { + ZeroMem (OldGlobal->RootKey, sizeof (OldGlobal->RootKey)); + ZeroMem (OldGlobal->MetaDataHmacKey, sizeof (OldGlobal->MetaDataHmacKe= y)); + } + + NewGlobal->Flags.WriteInit =3D FALSE; + NewGlobal->Flags.WriteReady =3D FALSE; + NewGlobal->LastAccessedVariable =3D 0; + NewGlobal->VariableCache =3D GET_ADRS (AllocateZeroPool (MAX_VARI= ABLE_SIZE)); + NewGlobal->DigestContext =3D GET_ADRS (AllocateZeroPool (DIGEST_C= ONTEXT_SIZE)); + if (NewGlobal->DigestContext =3D=3D 0) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Copy over variable from HOB to SMM memory + // + NewGlobal->VariableDigests =3D 0; + VarDig =3D VAR_DIG_PTR (OldGlobal->VariableDigests); + while (VarDig !=3D NULL) { + // + // Allocate new Var Digest in SMM memory + // + NewVarDig =3D (VARIABLE_DIGEST *)AllocateZeroPool ( + sizeof (VARIABLE_DIGEST) + VarDig->Na= meSize + METADATA_HMAC_SIZE + ); + if (NewVarDig =3D=3D NULL) { + ASSERT (NewVarDig !=3D NULL); + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (NewVarDig, VarDig, sizeof (VARIABLE_DIGEST)); + NewVarDig->Prev =3D 0; + NewVarDig->Next =3D 0; + + CopyMem (VAR_DIG_NAME (NewVarDig), VAR_DIG_NAME (VarDig), VarDig->Name= Size); + CopyMem (VAR_DIG_VALUE (NewVarDig), VAR_DIG_VALUE (VarDig), VarDig->Di= gestSize); + + VarSize =3D VARIABLE_HEADER_SIZE (NewGlobal->Flags.Auth); + VarSize +=3D VarDig->NameSize + GET_PAD_SIZE (VarDig->NameSize); + VarSize +=3D VarDig->DataSize + GET_PAD_SIZE (VarDig->DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + + NewCacheIndex =3D GET_ADRS (AllocateZeroPool (VarSize)); + if (GET_BUFR (NewCacheIndex) =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (GET_BUFR (NewCacheIndex), GET_BUFR (VarDig->CacheIndex), VarS= ize); + NewVarDig->CacheIndex =3D NewCacheIndex; + NewVarDig->Flags.Freeable =3D TRUE; + + for (Index =3D 0; Index < UnprotectedVarIndexMax; ++Index) { + if (OldGlobal->Unprotected[Index] =3D=3D VAR_DIG_ADR (VarDig)) { + NewGlobal->Unprotected[Index] =3D VAR_DIG_ADR (NewVarDig); + } + } + + InsertVariableDigestNode (NewGlobal, NewVarDig, NULL); + + VarDig =3D VAR_DIG_NEXT (VarDig); + } + + return Status; +} diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmD= xeCommon.c b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmD= xeCommon.c new file mode 100644 index 000000000000..8472fc8a33c7 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmDxeCommo= n.c @@ -0,0 +1,967 @@ +/** @file + Implemention of ProtectedVariableLib for SMM variable services. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include "Guid/SmmVariableCommon.h" + +#include "Library/MmServicesTableLib.h" +#include "Library/MemoryAllocationLib.h" +#include + +#include "ProtectedVariableInternal.h" + +/** + + Get context and/or global data structure used to process protected varia= ble. + + @param[out] Global Pointer to global configuration data. + + @retval EFI_SUCCESS Get requested structure successfully. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableGlobal ( + OUT PROTECTED_VARIABLE_GLOBAL **Global OPTIONAL + ) +{ + if (Global !=3D NULL) { + mProtectedVariableGlobal.ContextIn =3D GET_ADRS (&mVariableContextIn); + *Global =3D &mProtectedVariableGlobal; + } + + return EFI_SUCCESS; +} + +/** + Encrypt given variable data and generate new HMAC value against it. + + @param[in] Global Pointer to global configuration data. + @param[in,out] NewVarInfo Pointer to buffer of new variable data. + @param[in,out] NewVarDig Pointer to buffer of new variable digest. + + @retval EFI_SUCCESS No error occurred during the encryption an= d HMC calculation. + @retval EFI_ABORTED Failed to do HMC calculation. + @return EFI_OUT_OF_RESOURCES Not enough resource to calculate HMC value. + @return EFI_NOT_FOUND The MetaDataHmacVar was not found in stora= ge. + +**/ +STATIC +EFI_STATUS +UpdateVariableInternal ( + IN PROTECTED_VARIABLE_GLOBAL *Global, + IN OUT PROTECTED_VARIABLE_INFO *NewVarInfo, + IN OUT VARIABLE_DIGEST *NewVarDig + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO CachedVarInfo; + VOID *Buffer; + UINTN VarSize; + + if ((NewVarInfo =3D=3D NULL) || (NewVarDig =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // If Add or update variable, encrypt new data first. + // + if (NewVarInfo->Buffer !=3D NULL) { + Status =3D EFI_UNSUPPORTED; + + if (NewVarDig->Flags.Encrypted) { + NewVarInfo->PlainData =3D NULL; + NewVarInfo->PlainDataSize =3D 0; + NewVarInfo->CipherData =3D NULL; + NewVarInfo->CipherDataSize =3D 0; + NewVarInfo->Key =3D Global->RootKey; + NewVarInfo->KeySize =3D sizeof (Global->RootKey); + NewVarInfo->Header.Attributes &=3D (~EFI_VARIABLE_APPEND_WRITE); + Status =3D EncryptVariable (NewVarInfo); + if (!EFI_ERROR (Status)) { + // + // Update new data size in variable header. + // + SET_VARIABLE_DATA_SIZE (NewVarInfo, NewVarInfo->CipherDataSize); + } else if (Status !=3D EFI_UNSUPPORTED) { + ASSERT (FALSE); + return Status; + } + } + + if (Status =3D=3D EFI_UNSUPPORTED) { + NewVarInfo->CipherData =3D NewVarInfo->Header.Data; + NewVarInfo->CipherDataSize =3D (UINT32)NewVarInfo->Header.DataSize; + NewVarInfo->PlainData =3D NULL; + NewVarInfo->PlainDataSize =3D 0; + } + } else { + NewVarInfo->CipherData =3D NULL; + NewVarInfo->CipherDataSize =3D 0; + NewVarInfo->PlainData =3D NULL; + NewVarInfo->PlainDataSize =3D 0; + } + + if (NewVarDig->CacheIndex !=3D 0) { + // + // Update the cached copy. + // + ZeroMem ((VOID *)&CachedVarInfo, sizeof (CachedVarInfo)); + CachedVarInfo.Buffer =3D GET_BUFR (NewVarDig->CacheIndex); + CachedVarInfo.StoreIndex =3D VAR_INDEX_INVALID; + CachedVarInfo.Flags.Auth =3D NewVarInfo->Flags.Auth; + + Status =3D GET_CNTX (Global)->GetVariableInfo (&CachedVarInfo); + ASSERT_EFI_ERROR (Status); + + if ((CachedVarInfo.Header.DataSize !=3D 0) && (NewVarInfo->CipherDataS= ize > CachedVarInfo.Header.DataSize)) { + // + // allocate new VarInfo buffer that is of greater CipherDataSize + // + VarSize =3D VARIABLE_HEADER_SIZE (NewVarDig->Flags.Auth); + VarSize +=3D NewVarInfo->Header.NameSize + GET_PAD_SIZE (NewVarInfo-= >Header.NameSize); + VarSize +=3D NewVarInfo->CipherDataSize + GET_PAD_SIZE (NewVarInfo->= CipherDataSize); + VarSize =3D HEADER_ALIGN (VarSize); + Buffer =3D AllocateZeroPool (VarSize); + if (Buffer !=3D NULL) { + VarSize =3D VARIABLE_HEADER_SIZE (NewVarDig->Flags.Auth); + VarSize +=3D CachedVarInfo.Header.NameSize + GET_PAD_SIZE (CachedV= arInfo.Header.NameSize); + VarSize +=3D CachedVarInfo.Header.DataSize + GET_PAD_SIZE (CachedV= arInfo.DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + + CopyMem ( + Buffer, + CachedVarInfo.Buffer, + VarSize + ); + + FreePool (CachedVarInfo.Buffer); + + // + // Update the cached copy. + // + ZeroMem ((VOID *)&CachedVarInfo, sizeof (CachedVarInfo)); + CachedVarInfo.Buffer =3D Buffer; + CachedVarInfo.StoreIndex =3D VAR_INDEX_INVALID; + CachedVarInfo.Flags.Auth =3D NewVarInfo->Flags.Auth; + Status =3D GET_CNTX (Global)->GetVariableInfo (&= CachedVarInfo); + ASSERT_EFI_ERROR (Status); + NewVarDig->CacheIndex =3D (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + } + } + + CopyMem ( + CachedVarInfo.Header.Data, + NewVarInfo->CipherData, + NewVarInfo->CipherDataSize + ); + SET_VARIABLE_DATA_SIZE (&CachedVarInfo, NewVarInfo->CipherDataSize); + + NewVarDig->State =3D VAR_ADDED; + NewVarDig->DataSize =3D NewVarInfo->CipherDataSize; + + if (NewVarInfo->PlainDataSize > 0) { + NewVarDig->PlainDataSize =3D NewVarInfo->PlainDataSize; + } else { + NewVarDig->PlainDataSize =3D NewVarDig->DataSize; + } + + // + // (Re-)Calculate the hash of the variable. + // + if (NewVarDig->Flags.Protected) { + GetVariableDigest (Global, NewVarInfo, VAR_DIG_VALUE (NewVarDig)); + } + } + + return EFI_SUCCESS; +} + +/** + + Fix state of MetaDataHmacVar on NV variable storage, if there's failure = at + last boot during updating variable. + + This must be done before the first writing of variable in current boot, + including storage reclaim. + + @retval EFI_UNSUPPORTED Updating NV variable storage is not suppo= rted. + @retval EFI_OUT_OF_RESOURCES Not enough resource to complete the opera= tion. + @retval EFI_SUCCESS Variable store was successfully updated. + +**/ +EFI_STATUS +FixupHmacVariable ( + VOID + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO HmacVarInfo; + PROTECTED_VARIABLE_GLOBAL *Global; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + VARIABLE_DIGEST *VarDig; + UINTN Index; + + Status =3D GetProtectedVariableGlobal (&Global); + ASSERT_EFI_ERROR (Status); + + if (Global->Flags.WriteReady) { + return EFI_SUCCESS; + } + + ContextIn =3D GET_CNTX (Global); + + // + // Delete invalid MetaDataHmacVar. + // + for (Index =3D 0; Index <=3D IndexHmacAdded; ++Index) { + if (Global->Unprotected[Index] =3D=3D VAR_INDEX_INVALID) { + continue; + } + + VarDig =3D VAR_DIG_PTR (Global->Unprotected[Index]); + if (VarDig->Flags.Valid) { + continue; + } + + ZeroMem ((VOID *)&HmacVarInfo, sizeof (HmacVarInfo)); + HmacVarInfo.StoreIndex =3D VarDig->StoreIndex; + HmacVarInfo.Flags.Auth =3D VarDig->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&HmacVarInfo); + if (!EFI_ERROR (Status) && (HmacVarInfo.Buffer !=3D NULL)) { + HmacVarInfo.Buffer->State &=3D VAR_DELETED; + Status =3D ContextIn->UpdateVariableStore ( + &HmacVarInfo, + OFFSET_OF (VARIABLE_HEADER= , State), + sizeof (HmacVarInfo.Buffer= ->State), + &HmacVarInfo.Buffer->State + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + + // + // Release the resource and update related states. + // + VarDig->State &=3D VAR_DELETED; + RemoveVariableDigestNode (Global, VarDig, FALSE); + Global->Unprotected[Index] =3D VAR_INDEX_INVALID; + } + + // + // There should be no MetaDataHmacVar if in variable storage recovery mo= de. + // + if (Global->Flags.RecoveryMode) { + ASSERT (Global->Unprotected[IndexHmacAdded] =3D=3D VAR_INDEX_INVALID); + ASSERT (Global->Unprotected[IndexHmacInDel] =3D=3D VAR_INDEX_INVALID); + } + + Global->Flags.WriteReady =3D TRUE; + + return EFI_SUCCESS; +} + +/** + + Prepare for variable update. + + This is needed only once during current boot to mitigate replay attack. = Its + major job is to advance RPMC (Replay Protected Monotonic Counter). + + @retval EFI_SUCCESS Variable is ready to update hereafter. + @retval EFI_UNSUPPORTED Updating variable is not supported. + @retval EFI_DEVICE_ERROR Error in advancing RPMC. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteInit ( + VOID + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_GLOBAL *Global; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + PROTECTED_VARIABLE_INFO VarInfo; + + (VOID)GetProtectedVariableGlobal (&Global); + ContextIn =3D GET_CNTX (Global); + + // + // HmacVarInfo should be here + // + if (Global->Flags.RecoveryMode) { + // + // Flush default variables to variable storage if in variable recovery= mode. + // + Status =3D ContextIn->UpdateVariableStore (NULL, 0, (UINT32)-1, NULL); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } else { + ContextIn =3D GET_CNTX (Global); + + // + // Fix any wrong MetaDataHmacVar information before adding new one. + // + Status =3D FixupHmacVariable (); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + if (!Global->Flags.WriteReady) { + return EFI_NOT_READY; + } + + // + // Refresh MetaDataHmacVar with RPMC2 by 1 in each boot before any var= iable + // update, by deleting (attr =3D=3D 0 && datasize =3D=3D 0) the old o= ne. + // + ZeroMem (&VarInfo, sizeof (PROTECTED_VARIABLE_INFO)); // Zero attr & = datasize + + VarInfo.Flags.Auth =3D Global->Flags.Auth; + VarInfo.Header.VariableName =3D METADATA_HMAC_VARIABLE_NAME; + VarInfo.Header.NameSize =3D METADATA_HMAC_VARIABLE_NAME_SIZE; + VarInfo.Header.VendorGuid =3D &METADATA_HMAC_VARIABLE_GUID; + + // + // Pretend to delete MetaDataHmacVar. + // + Status =3D ContextIn->UpdateVariable (&VarInfo.Header); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + + mProtectedVariableGlobal.Flags.WriteInit =3D TRUE; + + return EFI_SUCCESS; +} + +/** + + Update a variable with protection provided by this library. + + If variable encryption is employed, the new variable data will be encryp= ted + before being written to NV variable storage. + + A special variable, called "MetaDataHmacVar", will always be updated alo= ng + with variable being updated to reflect the changes (HMAC value) of all + protected valid variables. The only exceptions, currently, is variable + variable "VarErrorLog". + + The buffer passed by NewVariable must be double of maximum variable size, + which allows to pass the "MetaDataHmacVar" back to caller along with enc= rypted + new variable data, if any. This can make sure the new variable data and + "MetaDataHmacVar" can be written at almost the same time to reduce the c= hance + of compromising the integrity. + + If *NewVariableSize is zero, it means to delete variable passed by CurrV= ariable + and/or CurrVariableInDel. "MetaDataHmacVar" will be updated as well in s= uch + case because of less variables in storage. NewVariable should be always = passed + in to convey new "MetaDataHmacVar" back. + + @param[in,out] CurrVariable Variable to be updated. It's NULL if + adding a new variable. + @param[in] CurrVariableInDel In-delete-transition copy of updatin= g variable. + @param[in,out] NewVariable Buffer of new variable data. + Buffer of "MetaDataHmacVar" and new + variable (encrypted). + @param[in,out] NewVariableSize Size of NewVariable. + Size of (encrypted) NewVariable and + "MetaDataHmacVar". + + @retval EFI_SUCCESS The variable is updated with protection = successfully. + @retval EFI_INVALID_PARAMETER NewVariable is NULL. + @retval EFI_NOT_FOUND Information missing to finish the operat= ion. + @retval EFI_ABORTED Failed to encrypt variable or calculate = HMAC. + @retval EFI_NOT_READY The RPMC device is not yet initialized. + @retval EFI_DEVICE_ERROR The RPMC device has error in updating. + @retval EFI_ACCESS_DENIED The given variable is not allowed to upd= ate. + Currently this only happens on updating + "MetaDataHmacVar" from code outside of t= his + library. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibUpdate ( + IN OUT VARIABLE_HEADER *CurrVariable, + IN VARIABLE_HEADER *CurrVariableInDel, + IN OUT VARIABLE_HEADER *NewVariable, + IN OUT UINTN *NewVariableSize + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + PROTECTED_VARIABLE_GLOBAL *Global; + PROTECTED_VARIABLE_INFO VarInfo; + VARIABLE_DIGEST *VarDig; + VARIABLE_DIGEST *CurrVarDig; + VARIABLE_DIGEST *NewVarDig; + PROTECTED_VARIABLE_INFO NewVarInfo; + PROTECTED_VARIABLE_INFO NewHmacVarInfo; + UINTN VarSize; + UINT64 UnprotectedVarIndex; + + // + // Advance RPMC + // + Status =3D IncrementMonotonicCounter (RPMC_COUNTER_1); + ASSERT_EFI_ERROR (Status); + + // + // Buffer for new variable is always needed, even this function is calle= d to + // delete an existing one, because we need to pass the MetaDataHmacVar b= ack + // which will be updated upon each variable addition or deletion. + // + if ((NewVariable =3D=3D NULL) || (NewVariableSize =3D=3D NULL)) { + ASSERT (NewVariable !=3D NULL); + ASSERT (NewVariableSize !=3D NULL); + return EFI_INVALID_PARAMETER; + } + + Status =3D GetProtectedVariableGlobal (&Global); + ASSERT_EFI_ERROR (Status); + ContextIn =3D GET_CNTX (Global); + + if (!Global->Flags.WriteReady && !Global->Flags.WriteInit) { + return EFI_NOT_READY; + } + + VarSize =3D 0; + CurrVarDig =3D NULL; + NewVarDig =3D NULL; + UnprotectedVarIndex =3D VAR_INDEX_INVALID; + + // + // Check existing copy of the same variable. + // + if (CurrVariable !=3D NULL) { + // + // Find local cached copy, if possible. + // + ZeroMem (&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D CurrVariable; + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&VarInfo); // Retrieve the name= /guid + ASSERT_EFI_ERROR (Status); + + UnprotectedVarIndex =3D CheckKnownUnprotectedVariable (Global, &VarInf= o); + if (UnprotectedVarIndex < UnprotectedVarIndexMax) { + CurrVarDig =3D VAR_DIG_PTR (Global->Unprotected[UnprotectedVarIndex]= ); + } else { + CurrVarDig =3D FindVariableInternal (Global, &VarInfo, FALSE); + } + + ASSERT (CurrVarDig !=3D NULL); + CurrVarDig->State &=3D VAR_DELETED; + } + + // + // The old copy of the variable might haven't been deleted completely. + // + if (CurrVariableInDel !=3D NULL) { + // + // Find local cached copy, if possible. + // + ZeroMem (&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D CurrVariableInDel; + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&VarInfo); // Retrieve the name= /guid + ASSERT_EFI_ERROR (Status); + + if (UnprotectedVarIndex =3D=3D VAR_INDEX_INVALID) { + UnprotectedVarIndex =3D CheckKnownUnprotectedVariable (Global, &VarI= nfo); + } + + if (UnprotectedVarIndex < UnprotectedVarIndexMax) { + VarDig =3D VAR_DIG_PTR (Global->Unprotected[UnprotectedVarIndex]); + } else { + VarDig =3D FindVariableInternal (Global, &VarInfo, FALSE); + } + + if ((VarDig !=3D NULL) && (VAR_DIG_ADR (VarDig) !=3D VAR_INDEX_INVALID= )) { + VarDig->State &=3D VAR_DELETED; + + // + // Just need one node for the same variable. So remove the one + // in-del-transition. + // + if ((CurrVarDig !=3D NULL) && (VarDig !=3D CurrVarDig)) { + RemoveVariableDigestNode (Global, VarDig, TRUE); + } else { + CurrVarDig =3D VarDig; // Reuse the one in-del-transition. + } + } + } + + // + // New data of the variable or new variable to be added. + // + if (NewVariable !=3D NULL) { + // + // Completely new variable? + // + if (UnprotectedVarIndex =3D=3D VAR_INDEX_INVALID) { + ZeroMem (&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D NewVariable; + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&VarInfo); // Retrieve the na= me/guid + ASSERT_EFI_ERROR (Status); + + UnprotectedVarIndex =3D CheckKnownUnprotectedVariable (Global, &VarI= nfo); + } + } + + // + // Reserve space for MetaDataHmacVar (before the new variable so + // that it can be written first). + // + ZeroMem (&NewVarInfo, sizeof (NewVarInfo)); + ZeroMem (&NewHmacVarInfo, sizeof (NewHmacVarInfo)); + + // + // Put the MetaDataHmacVar at the beginning of buffer. + // + NewHmacVarInfo.Buffer =3D NewVariable; + + if (*NewVariableSize =3D=3D 0) { + // + // Delete variable (but not MetaDataHmacVar) + // + if ( (UnprotectedVarIndex !=3D IndexHmacAdded) + && (UnprotectedVarIndex !=3D IndexHmacInDel)) + { + RemoveVariableDigestNode (Global, CurrVarDig, TRUE); + } + + NewVarInfo.Buffer =3D NULL; + } else if (UnprotectedVarIndex >=3D IndexPlatformVar) { + // + // Add/update variable. Move new variable data to be after MetaDataHma= cVar. + // + // TRICK: New MetaDataHmacVar will be put at the beginning of buffer + // for new variable so that they can be written into non-volati= le + // variable storage in one call. This can avoid writing one var= iable + // (NewHmacVarInfo) in the middle of writing another variable + // (NewVarInfo), which will need two calls and introduce extra + // complexities (from temp variable buffer reservation to varia= ble + // space reclaim, etc.) in current implementation of variable + // services. The caller must make sure there's enough space in + // variable buffer (i.e. at least 2 * MaxVariableSize). + // + NewVarInfo.Buffer =3D (VARIABLE_HEADER *)((UINTN)NewVariable + + GetMetaDataHmacVarSize (Glob= al->Flags.Auth)); + CopyMem ((VOID *)NewVarInfo.Buffer, (VOID *)NewVariable, *NewVariableS= ize); + + NewVarInfo.StoreIndex =3D VAR_INDEX_INVALID; // Skip offset calculat= ion (it's new one) + NewVarInfo.Flags.Auth =3D Global->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&NewVarInfo); + ASSERT_EFI_ERROR (Status); + + if (CurrVarDig !=3D NULL) { + // + // Update existing variable. Re-use the node. + // + NewVarDig =3D CurrVarDig; + } else { + // + // Add new variable. + // + NewVarDig =3D CreateVariableDigestNode ( + NewVarInfo.Header.VariableName, + NewVarInfo.Header.VendorGuid, + (UINT16)NewVarInfo.Header.NameSize, + (UINT32)NewVarInfo.Header.DataSize, + NewVarInfo.Flags.Auth, + Global + ); + if (NewVarDig =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + NewVarDig->Attributes =3D NewVarInfo.Header.Attributes; + if (UnprotectedVarIndex < UnprotectedVarIndexMax) { + NewVarDig->Flags.Protected =3D FALSE; + NewVarDig->Flags.Encrypted =3D FALSE; + Global->Unprotected[UnprotectedVarIndex] =3D VAR_DIG_ADR (NewVarDi= g); + } + + // + // copy new variable to CacheIndex + // + VarSize =3D VARIABLE_HEADER_SIZE (NewVarInfo.Flags.Auth); + VarSize +=3D NewVarInfo.Header.NameSize + GET_PAD_SIZE (NewVarInfo.H= eader.NameSize); + VarSize +=3D NewVarInfo.Header.DataSize + GET_PAD_SIZE (NewVarInfo.H= eader.DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + CopyMem (GET_BUFR (NewVarDig->CacheIndex), GET_BUFR (NewVarInfo.Buff= er), VarSize); + InsertVariableDigestNode (Global, NewVarDig, NULL); + } + } + + if ( (UnprotectedVarIndex =3D=3D IndexHmacAdded) + || (UnprotectedVarIndex =3D=3D IndexHmacInDel)) + { + // + // MetaDataHmacVar should be managed only by this library. It's not + // supposed to be updated by external users of variable service. The o= nly + // exception is that deleting it (not really delete but refresh the HM= AC + // value against RPMC+1) is allowed before WriteInit, as a way to alwa= ys + // increment RPMC once in current boot before any variable updates. + // + if ((NewVarInfo.Buffer !=3D NULL) || Global->Flags.WriteInit) { + return EFI_ACCESS_DENIED; + } + } else { + // + // Do encryption, if enabled. + // + if ((NewVarDig !=3D NULL) && (NewVarInfo.Buffer !=3D NULL)) { + Status =3D UpdateVariableInternal (Global, &NewVarInfo, NewVarDig); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + } + + // + // Refresh MetaDataHmacVar. + // + Status =3D RefreshVariableMetadataHmac (Global, NULL, &NewHmacVarInfo); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + + // + // Return size for both MetaDataHmacVar and added/updated one. + // + VarSize =3D VARIABLE_SIZE (&NewHmacVarInfo); + *NewVariableSize =3D HEADER_ALIGN (VarSize); + if (NewVarInfo.Buffer !=3D NULL) { + VarSize =3D VARIABLE_SIZE (&NewVarInfo); + VarSize =3D HEADER_ALIGN (VarSize); + + if (VarSize > GET_CNTX (Global)->MaxVariableSize) { + return EFI_BAD_BUFFER_SIZE; + } + + *NewVariableSize +=3D VarSize; + } + + return EFI_SUCCESS; +} + +/** + + Finalize a variable updating after it's written to NV variable storage + successfully. + + This usually includes works like increasing RPMC, synchronizing local ca= che, + updating new position of "MetaDataHmacVar", deleting old copy of "MetaDa= taHmacVar" + completely, etc. + + @param[in] NewVariable Buffer of new variables and MetaDataHm= acVar. + @param[in] VariableSize Size of buffer pointed by NewVariable. + @param[in] StoreIndex StoreIndex to NV variable storage from= where the new + variable and MetaDataHmacVar have been= written. + + @retval EFI_SUCCESS No problem in winding up the variable write = operation. + @retval Others Failed to updating state of old copy of upda= ted + variable, or failed to increase RPMC, etc. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteFinal ( + IN VARIABLE_HEADER *NewVariable, + IN UINTN VariableSize, + IN UINT64 StoreIndex + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO VarInfo; + PROTECTED_VARIABLE_CONTEXT_IN *ContextIn; + PROTECTED_VARIABLE_GLOBAL *Global; + UNPROTECTED_VARIABLE_INDEX Index; + VARIABLE_DIGEST *VarDig; + VOID *Buffer; + UINTN VarSize; + UINTN NewVarSize; + + Status =3D GetProtectedVariableGlobal (&Global); + ASSERT_EFI_ERROR (Status); + ContextIn =3D GET_CNTX (Global); + + ZeroMem ((VOID *)&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D NewVariable; + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + + Status =3D ContextIn->GetVariableInfo (&VarInfo); + ASSERT_EFI_ERROR (Status); + + Index =3D CheckKnownUnprotectedVariable (Global, &VarInfo); + if (Index < UnprotectedVarIndexMax) { + VarDig =3D VAR_DIG_PTR (Global->Unprotected[Index]); + } else { + VarDig =3D FindVariableInternal (Global, &VarInfo, FALSE); + } + + if (Index =3D=3D IndexHmacAdded) { + // + // Advance the RPMC to let it match new MetaDataHmacVar. + // + Status =3D IncrementMonotonicCounter (RPMC_COUNTER_2); + ASSERT_EFI_ERROR (Status); + + if ((VarDig->StoreIndex !=3D VAR_INDEX_INVALID) && (VarDig->State !=3D= VAR_ADDED)) { + ZeroMem ((VOID *)&VarInfo, sizeof (VarInfo)); + VarInfo.StoreIndex =3D VarDig->StoreIndex; // Still point to old co= py + VarInfo.Flags.Auth =3D Global->Flags.Auth; + + // + // Delete variable completely. + // + Status =3D ContextIn->GetVariableInfo (&VarInfo); + ASSERT_EFI_ERROR (Status); + + if ( (VarInfo.Buffer->State =3D=3D VAR_ADDED) + || (VarInfo.Buffer->State =3D=3D (VAR_ADDED & VAR_IN_DELETED_TRAN= SITION))) + { + VarInfo.Buffer->State &=3D VAR_DELETED; + Status =3D ContextIn->UpdateVariableStore ( + &VarInfo, + OFFSET_OF (VARIABLE_HEADER, = State), + sizeof (VarInfo.Buffer->Stat= e), + &VarInfo.Buffer->State + ); + if (EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + return Status; + } + } + } + } + + VarDig->StoreIndex =3D StoreIndex; + VarDig->State =3D VAR_ADDED; + + ZeroMem ((VOID *)&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D NULL; + VarInfo.StoreIndex =3D VarDig->StoreIndex; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + Status =3D ContextIn->GetVariableInfo (&VarInfo); + + // + // Check if cache pool need re-allocation due to variable size increase + // + VarSize =3D VARIABLE_HEADER_SIZE (VarDig->Flags.Auth); + VarSize +=3D VarDig->NameSize + GET_PAD_SIZE (VarDig->NameSize); + VarSize +=3D VarDig->DataSize + GET_PAD_SIZE (VarDig->DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + + NewVarSize =3D VARIABLE_HEADER_SIZE (VarInfo.Flags.Auth); + NewVarSize +=3D VarInfo.Header.NameSize + GET_PAD_SIZE (VarInfo.Header.N= ameSize); + NewVarSize +=3D VarInfo.Header.DataSize + GET_PAD_SIZE (VarInfo.Header.D= ataSize); + NewVarSize =3D HEADER_ALIGN (NewVarSize); + + if (VarSize < NewVarSize) { + if (VarDig->Flags.Freeable =3D=3D TRUE) { + FreePool (GET_BUFR (VarDig->CacheIndex)); + } + + Buffer =3D AllocatePool (NewVarSize); + if (Buffer !=3D NULL) { + VarDig->CacheIndex =3D (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + } else { + ASSERT (FALSE); + return EFI_ABORTED; + } + } + + // + // Update cached copy. + // + CopyMem (GET_BUFR (VarDig->CacheIndex), NewVariable, NewVarSize); + + // + // Check if there is consecutive variable as part of the write or + // is it just the MetaDataHmacVar variable + // + if (NewVarSize < VariableSize) { + // + // Advance to consecutive Variable + // + NewVariable =3D GET_BUFR (GET_ADRS (NewVariable) + NewVarSize); + + // + // Update the StoreIndex of consecutive Variable + // + ZeroMem ((VOID *)&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D NULL; + VarInfo.StoreIndex =3D VarDig->StoreIndex; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + Status =3D ContextIn->GetNextVariableInfo (&VarInfo); + StoreIndex =3D VarInfo.StoreIndex; + + // + // The new StoreIndex does not exist in the variable digest. + // It is yet to be updated. + // Therefore, find variable by Name & Guid instead. + // + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarDig =3D FindVariableInternal (Global, &VarInfo, FALSE); + + // + // Check if cache pool need re-allocation due to variable size increase + // + VarSize =3D VARIABLE_HEADER_SIZE (VarDig->Flags.Auth); + VarSize +=3D VarDig->NameSize + GET_PAD_SIZE (VarDig->NameSize); + VarSize +=3D VarDig->DataSize + GET_PAD_SIZE (VarDig->DataSize); + VarSize =3D HEADER_ALIGN (VarSize); + + NewVarSize =3D VARIABLE_HEADER_SIZE (VarInfo.Flags.Auth); + NewVarSize +=3D VarInfo.Header.NameSize + GET_PAD_SIZE (VarInfo.Header= .NameSize); + NewVarSize +=3D VarInfo.Header.DataSize + GET_PAD_SIZE (VarInfo.Header= .DataSize); + NewVarSize =3D HEADER_ALIGN (NewVarSize); + + if (VarSize < NewVarSize) { + if (VarDig->Flags.Freeable =3D=3D TRUE) { + FreePool (GET_BUFR (VarDig->CacheIndex)); + } + + Buffer =3D AllocatePool (NewVarSize); + if (Buffer !=3D NULL) { + VarDig->CacheIndex =3D (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + } else { + ASSERT (FALSE); + return EFI_ABORTED; + } + } + + // + // Update cached copy. + // + CopyMem (GET_BUFR (VarDig->CacheIndex), NewVariable, NewVarSize); + VarDig->StoreIndex =3D StoreIndex; + } + + return Status; +} + +/** + Refresh variable information changed by variable service. + + @param[in] Variable Pointer to buffer of the updated variable. + @param[in] VariableSize Size of variable pointed by Variable. + @param[in] StoreIndex New index of the variable in store. + @param[in] RefreshData Flag to indicate if the variable has been u= pdated. + + @return EFI_SUCCESS No error occurred in updating. + @return EFI_NOT_FOUND The given variable was not found in + ProtectedVariableLib. +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibRefresh ( + IN VARIABLE_HEADER *Variable, + IN UINTN VariableSize, + IN UINT64 StoreIndex, + IN BOOLEAN RefreshData + ) +{ + EFI_STATUS Status; + PROTECTED_VARIABLE_INFO VarInfo; + PROTECTED_VARIABLE_GLOBAL *Global; + VARIABLE_DIGEST *VarDig; + + (VOID)GetProtectedVariableGlobal (&Global); + + ZeroMem ((VOID *)&VarInfo, sizeof (VarInfo)); + VarInfo.Buffer =3D Variable; + VarInfo.StoreIndex =3D VAR_INDEX_INVALID; + VarInfo.Flags.Auth =3D Global->Flags.Auth; + + Status =3D GET_CNTX (Global)->GetVariableInfo (&VarInfo); + ASSERT_EFI_ERROR (Status); + + VarDig =3D FindVariableInternal (Global, &VarInfo, FALSE); + if (VarDig =3D=3D NULL) { + ASSERT (VarDig !=3D NULL); + return EFI_NOT_FOUND; + } + + if (StoreIndex !=3D VAR_INDEX_INVALID) { + VarDig->StoreIndex =3D StoreIndex; + } + + if (RefreshData) { + if (VarDig->CacheIndex =3D=3D VAR_INDEX_INVALID) { + VarDig->CacheIndex =3D (EFI_PHYSICAL_ADDRESS)(UINTN) + AllocatePool (MAX_VARIABLE_SIZE); + } + + CopyMem (GET_BUFR (VarDig->CacheIndex), Variable, VariableSize); + } + + // + // Information should stay the same other than following ones. + // + VarDig->State =3D VarInfo.Header.State; + VarDig->DataSize =3D (UINT32)VarInfo.Header.DataSize; + + return EFI_SUCCESS; +} + +/** + + Determine if the variable is the HMAC variable + + @param VariableName Pointer to variable name. + + @return TRUE Variable is HMAC variable + @return FALSE Variable is not HMAC variable + +**/ +BOOLEAN +ProtectedVariableLibIsHmac ( + IN CHAR16 *VariableName + ) +{ + INTN Result; + + Result =3D StrnCmp ( + METADATA_HMAC_VARIABLE_NAME, + VariableName, + METADATA_HMAC_VARIABLE_NAME_SIZE + ); + + if (Result =3D=3D 0) { + return TRUE; + } + + return FALSE; +} diff --git a/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmR= untime.c b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRun= time.c new file mode 100644 index 000000000000..4591d1cd59e5 --- /dev/null +++ b/SecurityPkg/Library/ProtectedVariableLib/ProtectedVariableSmmRuntime.c @@ -0,0 +1,233 @@ +/** @file + Implemention of ProtectedVariableLib for BootService/Runtime use cases. + +Copyright (c) 2022, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include "Library/MemoryAllocationLib.h" +#include "Library/UefiBootServicesTableLib.h" +#include "Library/UefiRuntimeLib.h" +#include "ProtectedVariableInternal.h" + +EFI_EVENT mVaChangeEvent =3D NULL; + +PROTECTED_VARIABLE_CONTEXT_IN mRtVariableContextIn =3D { + PROTECTED_VARIABLE_CONTEXT_IN_STRUCT_VERSION, + sizeof (PROTECTED_VARIABLE_CONTEXT_IN), + 0, + FromRuntimeModule, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +PROTECTED_VARIABLE_GLOBAL mRtProtectedVariableGlobal =3D { + PROTECTED_VARIABLE_CONTEXT_OUT_STRUCT_VERSION, + sizeof (PROTECTED_VARIABLE_GLOBAL), + { 0 }, + { 0 }, + 0, + 0, + 0, + 0, + 0, + 0, + { 0, 0, 0 }, + 0, + 0, + { 0, 0, 0, 0, 0, 0} +}; + +/** + + Get global data structure used to process protected variable. + + @param[out] Global Pointer to global configuration data. + + @retval EFI_SUCCESS Get requested structure successfully. + +**/ +EFI_STATUS +EFIAPI +GetProtectedVariableGlobal ( + OUT PROTECTED_VARIABLE_GLOBAL **Global OPTIONAL + ) +{ + if (Global !=3D NULL) { + mRtProtectedVariableGlobal.ContextIn =3D GET_ADRS (&mRtVariableContext= In); + *Global =3D &mRtProtectedVariableGlobal; + } + + return EFI_SUCCESS; +} + +/** + Notification function of EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE. + + This is a notification function registered on EVT_SIGNAL_VIRTUAL_ADDRESS= _CHANGE event. + It convers pointer to new virtual address. + + @param[in] Event Event whose notification function is being invo= ked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +VirtualAddressChangeEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + if (mRtVariableContextIn.FindVariableSmm !=3D NULL) { + EfiConvertPointer (0x0, (VOID **)&mRtVariableContextIn.FindVariableSmm= ); + } + + if (mRtVariableContextIn.GetVariableInfo !=3D NULL) { + EfiConvertPointer (0x0, (VOID **)&mRtVariableContextIn.GetVariableInfo= ); + } + + if (mRtVariableContextIn.GetNextVariableInfo !=3D NULL) { + EfiConvertPointer (0x0, (VOID **)&mRtVariableContextIn.GetNextVariable= Info); + } + + if (mRtVariableContextIn.UpdateVariableStore !=3D NULL) { + EfiConvertPointer (0x0, (VOID **)&mRtVariableContextIn.UpdateVariableS= tore); + } + + EfiConvertPointer (0x0, (VOID **)&mRtVariableContextIn); + if (mRtProtectedVariableGlobal.VariableCache !=3D 0) { + EfiConvertPointer (0x0, (VOID **)&mRtProtectedVariableGlobal.VariableC= ache); + } + + EfiConvertPointer (0x0, (VOID **)&mRtProtectedVariableGlobal); +} + +/** + + Initialization for protected variable services. + + If this initialization failed upon any error, the whole variable services + should not be used. A system reset might be needed to re-construct NV + variable storage to be the default state. + + @param[in] ContextIn Pointer to variable service context needed by + protected variable. + + @retval EFI_SUCCESS Protected variable services are ready. + @retval EFI_INVALID_PARAMETER If ContextIn =3D=3D NULL or something = missing or + mismatching in the content in ContextI= n. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibInitialize ( + IN PROTECTED_VARIABLE_CONTEXT_IN *ContextIn + ) +{ + if ( (ContextIn =3D=3D NULL) + || (ContextIn->StructVersion !=3D PROTECTED_VARIABLE_CONTEXT_IN_STRUC= T_VERSION) + || (ContextIn->FindVariableSmm =3D=3D NULL) + || (ContextIn->GetVariableInfo =3D=3D NULL)) + { + return EFI_INVALID_PARAMETER; + } + + CopyMem (&mRtVariableContextIn, ContextIn, sizeof (mRtVariableContextIn)= ); + + // + // Register the event to convert the pointer for runtime. + // + gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + VirtualAddressChangeEvent, + NULL, + &gEfiEventVirtualAddressChangeGuid, + &mVaChangeEvent + ); + + return EFI_SUCCESS; +} + +/** + + Prepare for variable update. + + Not supported in DXE phase. + + @retval EFI_UNSUPPORTED Updating variable is not supported. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteInit ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + + Update a variable with protection provided by this library. + + Not supported in DXE phase. + + @param[in,out] CurrVariable Variable to be updated. It's NULL if + adding a new variable. + @param[in] CurrVariableInDel In-delete-transition copy of updatin= g variable. + @param[in,out] NewVariable Buffer of new variable data or + Buffer of "MetaDataHmacVar" and new = variable (encrypted). + @param[in,out] NewVariableSize Size of NewVariable or + Size of (encrypted) NewVariable and = "MetaDataHmacVar". + + @retval EFI_UNSUPPORTED Not support updating variable. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibUpdate ( + IN OUT VARIABLE_HEADER *CurrVariable, + IN VARIABLE_HEADER *CurrVariableInDel, + IN OUT VARIABLE_HEADER *NewVariable, + IN OUT UINTN *NewVariableSize + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + + Finalize a variable updating after it's written to NV variable storage + successfully. + + (Not supported for BootService/Runtime use cases.) + + @param[in] NewVariable Buffer of new variables and MetaDataHm= acVar. + @param[in] VariableSize Size of buffer pointed by NewVariable. + @param[in] StoreIndex StoreIndex to NV variable storage from= where the new + variable and MetaDataHmacVar have been= written. + + @retval EFI_UNSUPPORTED Not supported for BootService/Runtime = use cases. + +**/ +EFI_STATUS +EFIAPI +ProtectedVariableLibWriteFinal ( + IN VARIABLE_HEADER *NewVariable, + IN UINTN VariableSize, + IN UINT64 StoreIndex + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95998): https://edk2.groups.io/g/devel/message/95998 Mute This Topic: https://groups.io/mt/94840834/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun Apr 28 18:20:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+95999+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95999+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1667720149; cv=none; d=zohomail.com; s=zohoarc; b=N83s1jHfk1UBN8qKq0+RxdFOM8m8GiKGT61/gDNVMWlg9QEH5o56is+C8nwD6FYSmDg2+HOKZ/nidv6cqrJhI+A/s7im971HDlA60oi2Cit5U3FkIkZMf4KifNpHc5qb1EsGFpQLN008iLh1gHqiDsCnGvwm3u8kO9DjxrODQls= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667720149; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ODC8vfqCP1h6M5nXdqXb55WbTaKfq/0pM9U62TFqXyw=; b=NYUNbVo+Pk6Q1i0tZflxaYi3AhrryXREV7ep8T9QQZzC4mdtkPYyQM9ACeK1lb+scrmcvwIqBYuhrmPWYPrdmyKqYmpjLNeFaBLFJOENGNNx2eJfjKGEtnFwg+GcJGk7Misw0e623HLz9ZDLL33w5OFfSEkMWWJDfQcj6K3G0OQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+95999+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1667720149392648.8835037053826; Sun, 6 Nov 2022 00:35:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id W8n8YY1788612xRI9DcS380e; Sun, 06 Nov 2022 00:35:49 -0700 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.14178.1667720143243526126 for ; Sun, 06 Nov 2022 00:35:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="396534284" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="396534284" X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:34 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10522"; a="810513506" X-IronPort-AV: E=Sophos;i="5.96,142,1665471600"; d="scan'208";a="810513506" X-Received: from jvang-mobl.amr.corp.intel.com ([10.209.139.244]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2022 00:35:33 -0700 From: "Judah Vang" To: devel@edk2.groups.io Cc: Jian J Wang , Jiewen Yao , Nishant C Mistry Subject: [edk2-devel] [PATCH v5 19/19] SecurityPkg: Add references to new *.inf files Date: Sun, 6 Nov 2022 00:35:09 -0700 Message-Id: <20221106073509.3071-20-judah.vang@intel.com> In-Reply-To: <20221106073509.3071-1-judah.vang@intel.com> References: <20221106073509.3071-1-judah.vang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,judah.vang@intel.com X-Gm-Message-State: FNq2wEFsUizAxBH6dWIEaLIVx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1667720149; bh=saFJU4l8MzEyTvhdIUbMKhs2l5PFN3om/bOsFAQzfNY=; h=Cc:Date:From:Reply-To:Subject:To; b=BgdM9nb88+Y2xe4Qk1BiLQ7OwDUycfDRijCxKhM2jtzGhjZ9nyFbSOZPoLri4ZD/H+t WZ4MANn6H7SW5PIRuRq2DVtchN6p5pz8UB9KpLcaOAailPBy+ZChdCZ8/0NU/WA5MBtDS SXpM1JXj3ky1LIqFqdg6TuIwkg/ihAUKQH8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1667720150883100056 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 Add references to the different *ProtectedVariableLib.inf. Also add references to VariableKeyLibNull.inf, EncryptionVariableLibNull.inf, ProtectedVariableNull.inf. Cc: Jian J Wang Cc: Jiewen Yao Cc: Nishant C Mistry Signed-off-by: Jian J Wang Signed-off-by: Nishant C Mistry Signed-off-by: Judah Vang Reviewed-by: Jian J Wang --- SecurityPkg/SecurityPkg.dsc | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 6bf53c565882..3134b103ff53 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -1,7 +1,7 @@ ## @file # Security Module Package for All Architectures. # -# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights = reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent @@ -67,8 +67,11 @@ [LibraryClasses] TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLi= b.inf TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLi= b.inf ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSyst= emLibNull.inf + + # These should be Null by default VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull= .inf RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf + EncryptionVariableLib|SecurityPkg/Library/EncryptionVariableLibNull/Encr= yptionVariableLibNull.inf TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo= gRecordLib.inf MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibN= ull.inf SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBo= otVariableLib.inf @@ -261,9 +264,17 @@ [Components] # # Variable Confidentiality & Integrity # + SecurityPkg/Library/ProtectedVariableLib/PeiProtectedVariableLib.inf + SecurityPkg/Library/ProtectedVariableLib/DxeProtectedVariableLib.inf + SecurityPkg/Library/ProtectedVariableLib/SmmProtectedVariableLib.inf + SecurityPkg/Library/ProtectedVariableLib/SmmRuntimeProtectedVariableLib.= inf + SecurityPkg/Library/EncryptionVariableLib/EncryptionVariableLib.inf + SecurityPkg/Library/VariableKeyLib/VariableKeyLib.inf + SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectio= nLibVarPolicy.inf + SecurityPkg/Library/EncryptionVariableLibNull/EncryptionVariableLibNull.= inf =20 # # Other --=20 2.35.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#95999): https://edk2.groups.io/g/devel/message/95999 Mute This Topic: https://groups.io/mt/94840835/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-