From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=217.140.101.70; helo=foss.arm.com; envelope-from=jagadeesh.ujja@arm.com; receiver=edk2-devel@lists.01.org Received: from foss.arm.com (usa-sjc-mx-foss1.foss.arm.com [217.140.101.70]) by ml01.01.org (Postfix) with ESMTP id 5A8632117FD47 for ; Wed, 31 Oct 2018 04:10:12 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 38D4680D for ; Wed, 31 Oct 2018 04:10:12 -0700 (PDT) Received: from usa.arm.com (a75556-lin.blr.arm.com [10.162.2.34]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6D8B23F71D for ; Wed, 31 Oct 2018 04:10:11 -0700 (PDT) From: Jagadeesh Ujja To: edk2-devel@lists.01.org Date: Wed, 31 Oct 2018 16:39:43 +0530 Message-Id: <20181031110947.6305-6-jagadeesh.ujja@arm.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181031110947.6305-1-jagadeesh.ujja@arm.com> References: <20181031110947.6305-1-jagadeesh.ujja@arm.com> MIME-Version: 1.0 Subject: [RFC PATCH 5/9] MdeModulePkg/Variable/RuntimeDxe: adapt as a MM Standalone driver X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 X-List-Received-Date: Wed, 31 Oct 2018 11:10:12 -0000 Content-Transfer-Encoding: 8bit Adapt the variable runtime dxe driver to be used as a MM_STANDALONE driver to provide variable storage service in MM Standalone mode. Change-Id: Ieadd1e575d7c430b2a3223f049d41d88dfbaecb2 Signed-off-by: Jagadeesh Ujja --- .../Universal/Variable/RuntimeDxe/Variable.c | 16 ++- .../Universal/Variable/RuntimeDxe/Variable.h | 8 ++ .../Variable/RuntimeDxe/VariableMmStandalone.inf | 134 +++++++++++++++++++++ .../Universal/Variable/RuntimeDxe/VariableSmm.c | 73 ++++++++++- 4 files changed, 224 insertions(+), 7 deletions(-) create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableMmStandalone.inf diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index 8e8db71..71f706b 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -18,6 +18,7 @@ Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015-2018 Hewlett Packard Enterprise Development LP
+Copyright (c) 2018, ARM Limited. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -3200,12 +3201,16 @@ VariableServiceSetVariable ( ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) { return EFI_SECURITY_VIOLATION; } + +#ifndef MM_STANDALONE // // The MemoryLoadFence() call here is to ensure the above sanity check // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed // before the execution of subsequent codes. // MemoryLoadFence (); +#endif + PayloadSize = DataSize - AUTHINFO2_SIZE (Data); } else { PayloadSize = DataSize; @@ -3247,6 +3252,7 @@ VariableServiceSetVariable ( } } +#ifndef MM_STANDALONE // // Special Handling for MOR Lock variable. // @@ -3261,6 +3267,7 @@ VariableServiceSetVariable ( if (EFI_ERROR (Status)) { return Status; } +#endif Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); if (EFI_ERROR (Status)) { @@ -3744,8 +3751,11 @@ InitNonVolatileVariableStore ( if (NvStorageData == NULL) { return EFI_OUT_OF_RESOURCES; } - +#ifndef MM_STANDALONE NvStorageBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64); +#else + NvStorageBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase); +#endif if (NvStorageBase == 0) { NvStorageBase = (EFI_PHYSICAL_ADDRESS) PcdGet32 (PcdFlashNvStorageVariableBase); } @@ -4067,14 +4077,14 @@ VariableWriteServiceInitialize ( ASSERT_EFI_ERROR (Status); } } - +#ifndef MM_STANDALONE ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); // // Initialize MOR Lock variable. // MorLockInit (); - +#endif return Status; } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h index 938eb5d..fa5fd5d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h @@ -3,6 +3,7 @@ internal structure and functions used by Variable modules. Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2018, ARM Limited. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -16,7 +17,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #ifndef _VARIABLE_H_ #define _VARIABLE_H_ +#ifndef MM_STANDALONE #include +#else +#include +#include +#endif #include #include #include @@ -25,8 +31,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#ifndef MM_STANDALONE #include #include +#endif #include #include #include diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableMmStandalone.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableMmStandalone.inf new file mode 100644 index 0000000..871a6e8 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableMmStandalone.inf @@ -0,0 +1,134 @@ +## @file +# Provides MM variable service. +# +# The whole MM authentication variable design relies on the integrity of flash part and MM. +# which is assumed to be protected by platform. All variable code and metadata in flash/MM Memory +# may not be modified without authorization. If platform fails to protect these resources, +# the authentication service provided in this driver will be broken, and the behavior is undefined. +# +# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2018, ARM Limited. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = VariableSmm + MODULE_UNI_FILE = VariableSmm.uni + FILE_GUID = 23A089B3-EED5-4ac5-B2AB-43E3298C2343 + MODULE_TYPE = MM_STANDALONE + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT = VariableServiceInitialize + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + + +[Sources] + Reclaim.c + Variable.c + VariableSmm.c + VarCheck.c + Variable.h + PrivilegePolymorphic.h + VariableExLib.c + TcgMorLockSmm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + ArmPkg/ArmPkg.dec + edk2-platforms/Platform/ARM/ARM.dec + +[LibraryClasses] + StandaloneMmDriverEntryPoint + ArmSvcLib + ArmLib + MemoryAllocationLib + BaseLib + SynchronizationLib + BaseMemoryLib + DebugLib + HobLib + PcdLib + AuthVariableLib + VarCheckLib + MemLib + +[Protocols] + gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiSmmFaultTolerantWriteProtocolGuid + ## PRODUCES + ## UNDEFINED # SmiHandlerRegister + gEfiSmmVariableProtocolGuid + ##gEfiSmmEndOfDxeProtocolGuid ## NOTIFY + gEdkiiSmmVarCheckProtocolGuid ## PRODUCES + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + gEfiGlobalVariableGuid + + gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" + + gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol + gEfiSystemNvDataFvGuid ## CONSUMES ## GUID + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB + + ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag" + ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag" + gEdkiiVarErrorFlagGuid + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + VariableSmmExtra.uni diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 6dc19c2..2811264 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -15,6 +15,7 @@ SmmVariableGetStatistics() should also do validation based on its own knowledge. Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+Copyright (c) 2018, ARM Limited. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -37,6 +38,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include "Variable.h" +#ifdef MM_STANDALONE +#include +#include +#include +#include +#endif + extern VARIABLE_INFO_ENTRY *gVariableInfo; EFI_HANDLE mSmmVariableHandle = NULL; EFI_HANDLE mVariableHandle = NULL; @@ -46,6 +54,10 @@ UINTN mVariableBufferPayloadSize; extern BOOLEAN mEndOfDxe; extern VAR_CHECK_REQUEST_SOURCE mRequestSource; +#ifdef MM_STANDALONE +EFI_MM_SYSTEM_TABLE *mMmst = NULL; +#endif + /** SecureBoot Hook for SetVariable. @@ -218,7 +230,11 @@ GetFtwProtocol ( // // Locate Smm Fault Tolerent Write protocol // +#ifdef MM_STANDALONE + Status = mMmst->MmLocateProtocol ( +#else Status = gSmst->SmmLocateProtocol ( +#endif &gEfiSmmFaultTolerantWriteProtocolGuid, NULL, FtwProtocol @@ -248,7 +264,11 @@ GetFvbByHandle ( // // To get the SMM FVB protocol interface on the handle // +#ifdef MM_STANDALONE + return mMmst->MmHandleProtocol ( +#else return gSmst->SmmHandleProtocol ( +#endif FvBlockHandle, &gEfiSmmFirmwareVolumeBlockProtocolGuid, (VOID **) FvBlock @@ -287,7 +307,11 @@ GetFvbCountAndBuffer ( BufferSize = 0; *NumberHandles = 0; *Buffer = NULL; +#ifdef MM_STANDALONE + Status = mMmst->MmLocateHandle ( +#else Status = gSmst->SmmLocateHandle ( +#endif ByProtocol, &gEfiSmmFirmwareVolumeBlockProtocolGuid, NULL, @@ -302,8 +326,11 @@ GetFvbCountAndBuffer ( if (*Buffer == NULL) { return EFI_OUT_OF_RESOURCES; } - +#ifdef MM_STANDALONE + Status = mMmst->MmLocateHandle ( +#else Status = gSmst->SmmLocateHandle ( +#endif ByProtocol, &gEfiSmmFirmwareVolumeBlockProtocolGuid, NULL, @@ -499,8 +526,11 @@ SmmVariableHandler ( DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer payload size invalid!\n")); return EFI_SUCCESS; } - +#ifdef MM_STANDALONE + if (!MmIsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) { +#else if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) { +#endif DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n")); return EFI_SUCCESS; } @@ -537,12 +567,14 @@ SmmVariableHandler ( goto EXIT; } +#ifndef MM_STANDALONE // // The MemoryLoadFence() call here is to ensure the previous range/content // checks for the CommBuffer have been completed before the subsequent // consumption of the CommBuffer content. // MemoryLoadFence (); +#endif if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') { // // Make sure VariableName is A Null-terminated string. @@ -637,12 +669,14 @@ SmmVariableHandler ( goto EXIT; } +#ifndef MM_STANDALONE // // The MemoryLoadFence() call here is to ensure the previous range/content // checks for the CommBuffer have been completed before the subsequent // consumption of the CommBuffer content. // MemoryLoadFence (); +#endif if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') { // // Make sure VariableName is A Null-terminated string. @@ -691,6 +725,7 @@ SmmVariableHandler ( break; } if (!mEndOfDxe) { +#ifndef MM_STANDALONE MorLockInitAtEndOfDxe (); mEndOfDxe = TRUE; VarCheckLibInitializeAtEndOfDxe (NULL); @@ -698,6 +733,9 @@ SmmVariableHandler ( // The initialization for variable quota. // InitializeVariableQuota (); +#else + mEndOfDxe = TRUE; +#endif } ReclaimForOS (); Status = EFI_SUCCESS; @@ -778,12 +816,14 @@ SmmVariableHandler ( goto EXIT; } +#ifndef MM_STANDALONE // // The MemoryLoadFence() call here is to ensure the previous range/content // checks for the CommBuffer have been completed before the subsequent // consumption of the CommBuffer content. // MemoryLoadFence (); +#endif if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') { // // Make sure VariableName is A Null-terminated string. @@ -911,7 +951,11 @@ SmmFtwNotificationEvent ( // // Notify the variable wrapper driver the variable write service is ready // +#ifdef MM_STANDALONE + Status = mMmst->MmInstallProtocolInterface ( +#else Status = gBS->InstallProtocolInterface ( +#endif &mSmmVariableHandle, &gSmmVariableWriteGuid, EFI_NATIVE_INTERFACE, @@ -939,20 +983,28 @@ EFI_STATUS EFIAPI VariableServiceInitialize ( IN EFI_HANDLE ImageHandle, +#ifdef MM_STANDALONE + IN EFI_MM_SYSTEM_TABLE *SystemTable +#else IN EFI_SYSTEM_TABLE *SystemTable +#endif ) { EFI_STATUS Status; EFI_HANDLE VariableHandle; VOID *SmmFtwRegistration; +#ifndef MM_STANDALONE VOID *SmmEndOfDxeRegistration; +#else + mMmst = SystemTable; +#endif // // Variable initialize. // Status = VariableCommonInitialize (); ASSERT_EFI_ERROR (Status); - +#ifndef MM_STANDALONE // // Install the Smm Variable Protocol on a new handle. // @@ -972,11 +1024,16 @@ VariableServiceInitialize ( &mSmmVarCheck ); ASSERT_EFI_ERROR (Status); +#endif mVariableBufferPayloadSize = GetMaxVariableSize () + OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize (); +#ifdef MM_STANDALONE + Status = mMmst->MmAllocatePool ( +#else Status = gSmst->SmmAllocatePool ( +#endif EfiRuntimeServicesData, mVariableBufferPayloadSize, (VOID **)&mVariableBufferPayload @@ -987,6 +1044,10 @@ VariableServiceInitialize ( /// Register SMM variable SMI handler /// VariableHandle = NULL; +#ifdef MM_STANDALONE + Status = mMmst->MmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle); + ASSERT_EFI_ERROR (Status); +#else Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle); ASSERT_EFI_ERROR (Status); @@ -1010,11 +1071,15 @@ VariableServiceInitialize ( &SmmEndOfDxeRegistration ); ASSERT_EFI_ERROR (Status); - +#endif // // Register FtwNotificationEvent () notify function. // +#ifdef MM_STANDALONE + Status = mMmst->MmRegisterProtocolNotify ( +#else Status = gSmst->SmmRegisterProtocolNotify ( +#endif &gEfiSmmFaultTolerantWriteProtocolGuid, SmmFtwNotificationEvent, &SmmFtwRegistration -- 1.9.1