From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=217.140.101.70; helo=foss.arm.com; envelope-from=jagadeesh.ujja@arm.com; receiver=edk2-devel@lists.01.org Received: from foss.arm.com (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by ml01.01.org (Postfix) with ESMTP id 28B0F2194D387 for ; Mon, 7 Jan 2019 05:10:04 -0800 (PST) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 056CE80D; Mon, 7 Jan 2019 05:10:04 -0800 (PST) Received: from usa.arm.com (a075555-lin.blr.arm.com [10.162.2.152]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 3D6833F5AF; Mon, 7 Jan 2019 05:10:01 -0800 (PST) From: Jagadeesh Ujja To: edk2-devel@lists.01.org, liming.gao@intel.com, chao.b.zhang@intel.com, leif.lindholm@linaro.org, ard.biesheuvel@linaro.org, thomas.abraham@arm.com, Achin.Gupta@arm.com, Supreeth.Venkatesh@arm.com, jian.j.wang@intel.com Date: Mon, 7 Jan 2019 18:39:23 +0530 Message-Id: <1546866566-21085-9-git-send-email-jagadeesh.ujja@arm.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1546866566-21085-1-git-send-email-jagadeesh.ujja@arm.com> References: <1546866566-21085-1-git-send-email-jagadeesh.ujja@arm.com> Subject: [PATCH v3 08/11] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 X-List-Received-Date: Mon, 07 Jan 2019 13:10:04 -0000 Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jagadeesh Ujja --- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 37 +++-- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 165 +++++++++++++++----- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 2 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 133 ++++++++++++++++ 4 files changed, 280 insertions(+), 57 deletions(-) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 443cf07..ff30c98 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -18,6 +18,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP
+Copyright (c) 2018, ARM Limited. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -3277,19 +3278,21 @@ VariableServiceSetVariable ( } } - // - // Special Handling for MOR Lock variable. - // - Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); - if (Status == EFI_ALREADY_STARTED) { + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { // - // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). - // Variable driver can just return SUCCESS. + // Special Handling for MOR Lock variable. // - return EFI_SUCCESS; - } - if (EFI_ERROR (Status)) { - return Status; + Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize)); + if (Status == EFI_ALREADY_STARTED) { + // + // EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor(). + // Variable driver can just return SUCCESS. + // + return EFI_SUCCESS; + } + if (EFI_ERROR (Status)) { + return Status; + } } Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); @@ -4098,12 +4101,14 @@ VariableWriteServiceInitialize ( } } - ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)) { + ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); - // - // Initialize MOR Lock variable. - // - MorLockInit (); + // + // Initialize MOR Lock variable. + // + MorLockInit (); + } return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 8c53f84..4834b4a 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,6 +15,7 @@ SmmVariableGetStatistics() should also do validation based on its own knowledge. Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2018, ARM Limited. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -34,8 +35,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include +#include +#include #include #include "Variable.h" +#include extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mSmmVariableHandle = NULL; @@ -218,11 +222,11 @@ GetFtwProtocol ( // // Locate Smm Fault Tolerent Write protocol // - Status = gSmst->SmmLocateProtocol ( - &gEfiSmmFaultTolerantWriteProtocolGuid, - NULL, - FtwProtocol - ); + Status = MmstLocateProtocol ( + &gEfiSmmFaultTolerantWriteProtocolGuid, + NULL, + FtwProtocol + ); return Status; } @@ -248,11 +252,11 @@ GetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // - return gSmst->SmmHandleProtocol ( - FvBlockHandle, - &gEfiSmmFirmwareVolumeBlockProtocolGuid, - (VOID **) FvBlock - ); + return MmstHandleProtocol ( + FvBlockHandle, + &gEfiSmmFirmwareVolumeBlockProtocolGuid, + (VOID **) FvBlock + ); } @@ -287,13 +291,13 @@ GetFvbCountAndBuffer ( BufferSize = 0; *NumberHandles = 0; *Buffer = NULL; - Status = gSmst->SmmLocateHandle ( - ByProtocol, - &gEfiSmmFirmwareVolumeBlockProtocolGuid, - NULL, - &BufferSize, - *Buffer - ); + Status = MmstLocateHandle ( + ByProtocol, + &gEfiSmmFirmwareVolumeBlockProtocolGuid, + NULL, + &BufferSize, + *Buffer + ); if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { return EFI_NOT_FOUND; } @@ -303,13 +307,13 @@ GetFvbCountAndBuffer ( return EFI_OUT_OF_RESOURCES; } - Status = gSmst->SmmLocateHandle ( - ByProtocol, - &gEfiSmmFirmwareVolumeBlockProtocolGuid, - NULL, - &BufferSize, - *Buffer - ); + Status = MmstLocateHandle ( + ByProtocol, + &gEfiSmmFirmwareVolumeBlockProtocolGuid, + NULL, + &BufferSize, + *Buffer + ); *NumberHandles = BufferSize / sizeof(EFI_HANDLE); if (EFI_ERROR(Status)) { @@ -499,10 +503,16 @@ SmmVariableHandler ( DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n")); return EFI_SUCCESS; } - - if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) { - DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n")); - return EFI_SUCCESS; + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { + if (!MmIsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) { + DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n")); + return EFI_SUCCESS; + } + } else { + if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) { + DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n")); + return EFI_SUCCESS; + } } SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *)CommBuffer; @@ -691,13 +701,17 @@ SmmVariableHandler ( break; } if (!mEndOfDxe) { - MorLockInitAtEndOfDxe (); - mEndOfDxe = TRUE; - VarCheckLibInitializeAtEndOfDxe (NULL); - // - // The initialization for variable quota. - // - InitializeVariableQuota (); + if (!PcdGetBool (PcdStandaloneMmVariableEnabled)){ + MorLockInitAtEndOfDxe (); + mEndOfDxe = TRUE; + VarCheckLibInitializeAtEndOfDxe (NULL); + // + // The initialization for variable quota. + // + InitializeVariableQuota (); + } else { + mEndOfDxe = TRUE; + } } ReclaimForOS (); Status = EFI_SUCCESS; @@ -911,12 +925,22 @@ SmmFtwNotificationEvent ( // // Notify the variable wrapper driver the variable write service is ready // - Status = gBS->InstallProtocolInterface ( - &mSmmVariableHandle, - &gSmmVariableWriteGuid, - EFI_NATIVE_INTERFACE, - NULL - ); + if (PcdGetBool (PcdStandaloneMmVariableEnabled)) { + Status = gMmst->MmInstallProtocolInterface ( + &mSmmVariableHandle, + &gSmmVariableWriteGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + } else { + Status = gBS->InstallProtocolInterface ( + &mSmmVariableHandle, + &gSmmVariableWriteGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + } + ASSERT_EFI_ERROR (Status); return EFI_SUCCESS; @@ -1026,4 +1050,63 @@ VariableServiceInitialize ( return EFI_SUCCESS; } +/** + Variable Driver main entry point. The Variable driver places the 4 EFI + runtime services in the EFI System Table and installs arch protocols + for variable read and write services being available. It also registers + a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS Variable service successfully initialized. + +**/ +EFI_STATUS +EFIAPI +StandaloneMmVariableServiceInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE VariableHandle; + VOID *SmmFtwRegistration; + + // + // Variable initialize. + // + Status = VariableCommonInitialize (); + ASSERT_EFI_ERROR (Status); + + mVariableBufferPayloadSize = GetMaxVariableSize () + + OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize (); + + Status = gMmst->MmAllocatePool ( + EfiRuntimeServicesData, + mVariableBufferPayloadSize, + (VOID **)&mVariableBufferPayload + ); + ASSERT_EFI_ERROR (Status); + + /// + /// Register SMM variable SMI handler + /// + VariableHandle = NULL; + Status = gMmst->MmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle); + ASSERT_EFI_ERROR (Status); + // + // Register FtwNotificationEvent () notify function. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEfiSmmFaultTolerantWriteProtocolGuid, + SmmFtwNotificationEvent, + &SmmFtwRegistration + ); + ASSERT_EFI_ERROR (Status); + + SmmFtwNotificationEvent (NULL, NULL, NULL); + + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index db7d220..5406426 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -76,6 +76,7 @@ AuthVariableLib VarCheckLib UefiBootServicesTableLib + CommonMmServicesLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES @@ -133,6 +134,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf new file mode 100644 index 0000000..e4b4ffd --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -0,0 +1,133 @@ +## @file +# Provides MM variable service. +# +# The whole MM authentication variable design relies on the integrity of flash part and MM. +# which is assumed to be protected by platform. All variable code and metadata in flash/MM Memory +# may not be modified without authorization. If platform fails to protect these resources, +# the authentication service provided in this driver will be broken, and the behavior is undefined. +# +# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2018, ARM Limited. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x0001000A + BASE_NAME = VariableSmm + MODULE_UNI_FILE = VariableSmm.uni + FILE_GUID = 23A089B3-EED5-4ac5-B2AB-43E3298C2343 + MODULE_TYPE = MM_STANDALONE + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT = StandaloneMmVariableServiceInitialize + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + Reclaim.c + Variable.c + VariableSmm.c + VarCheck.c + Variable.h + PrivilegePolymorphic.h + VariableExLib.c + TcgMorLockSmm.c + SpeculationBarrierSmm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + StandaloneMmDriverEntryPoint + MemoryAllocationLib + BaseLib + SynchronizationLib + BaseMemoryLib + DebugLib + HobLib + PcdLib + AuthVariableLib + VarCheckLib + MemLib + MmServicesTableLib + CommonMmServicesLib + +[Protocols] + gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiSmmFaultTolerantWriteProtocolGuid + ## PRODUCES + ## UNDEFINED # SmiHandlerRegister + gEfiSmmVariableProtocolGuid + ##gEfiSmmEndOfDxeProtocolGuid ## NOTIFY + gEdkiiSmmVarCheckProtocolGuid ## PRODUCES + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + gEfiGlobalVariableGuid + + gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" + + gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol + gEfiSystemNvDataFvGuid ## CONSUMES ## GUID + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB + + ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag" + ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag" + gEdkiiVarErrorFlagGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdStandaloneMmVariableEnabled + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + VariableSmmExtra.uni -- 2.7.4