From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: edk2-devel@lists.01.org
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Laszlo Ersek <lersek@redhat.com>,
Leif Lindholm <leif.lindholm@linaro.org>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <liming.gao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>, Hao Wu <hao.a.wu@intel.com>,
Jagadeesh Ujja <jagadeesh.ujja@arm.com>,
Achin Gupta <Achin.Gupta@arm.com>,
Thomas Panakamattam Abraham <thomas.abraham@arm.com>,
Sami Mujawar <Sami.Mujawar@arm.com>
Subject: [PATCH 6/6] MdeModulePkg/VariableRuntimeDxe: implement standalone MM version
Date: Thu, 3 Jan 2019 19:28:25 +0100 [thread overview]
Message-ID: <20190103182825.32231-8-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190103182825.32231-1-ard.biesheuvel@linaro.org>
Reuse most of the existing code to implement a variable runtime
driver that will be able to execute in the context of standalone
MM.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c | 69 ++++++++++
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 135 ++++++++++++++++++++
2 files changed, 204 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c
new file mode 100644
index 000000000000..fbc99467c057
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c
@@ -0,0 +1,69 @@
+/** @file
+
+ Parts of the SMM/MM implementation that are specific to standalone MM
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2018, Linaro, Ltd. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Variable.h"
+
+BOOLEAN
+VariableSmmIsBufferOutsideSmmValid (
+ IN EFI_PHYSICAL_ADDRESS Buffer,
+ IN UINT64 Length
+ )
+{
+ return TRUE;
+}
+
+/**
+ Notify the system that the SMM variable driver is ready
+**/
+VOID
+VariableNotifySmmReady (
+ VOID
+ )
+{
+}
+
+/**
+ Notify the system that the SMM variable write driver is ready
+**/
+VOID
+VariableNotifySmmWriteReady (
+ VOID
+ )
+{
+}
+
+EFI_STATUS
+EFIAPI
+VariableServiceInitialize (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_MM_SYSTEM_TABLE *MmSystemTable
+ )
+{
+ return MmVariableServiceInitialize ();
+}
+
+/**
+ Whether the TCG or TCG2 protocols are installed in the UEFI protocol database.
+ This information is used by the MorLock code to infer whether an existing
+ MOR variable is legitimate or not.
+**/
+BOOLEAN
+VariableHaveTcgProtocols (
+ VOID
+ )
+{
+ return FALSE;
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
new file mode 100644
index 000000000000..54d647af914c
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -0,0 +1,135 @@
+## @file
+# Provides SMM variable service.
+#
+# This module installs SMM variable protocol into SMM protocol database,
+# which can be used by SMM driver, and installs SMM variable protocol
+# into BS protocol database, which can be used to notify the SMM Runtime
+# Dxe driver that the SMM variable service is ready.
+# This module should be used with SMM Runtime DXE module together. The
+# SMM Runtime DXE module would install variable arch protocol and variable
+# write arch protocol based on SMM variable module.
+#
+# Caution: This module requires additional review when modified.
+# This driver will have external input - variable data and communicate buffer in SMM mode.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+# may not be modified without authorization. If platform fails to protect these resources,
+# the authentication service provided in this driver will be broken, and the behavior is undefined.
+#
+# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x0001001A
+ BASE_NAME = VariableStandaloneMm
+ FILE_GUID = 7ee2c0c1-c21a-4113-a53a-66824a95696f
+ MODULE_TYPE = MM_STANDALONE
+ VERSION_STRING = 1.0
+ PI_SPECIFICATION_VERSION = 0x00010032
+ ENTRY_POINT = VariableServiceInitialize
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = AARCH64
+#
+
+
+[Sources]
+ Reclaim.c
+ Variable.c
+ VariableSmm.c
+ VariableStandaloneMm.c
+ VarCheck.c
+ Variable.h
+ PrivilegePolymorphic.h
+ VariableExLib.c
+ TcgMorLockSmm.c
+ SpeculationBarrierSmm.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ StandaloneMmPkg/StandaloneMmPkg.dec
+
+[LibraryClasses]
+ AuthVariableLib
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ HobLib
+ MemoryAllocationLib
+ MmServicesTableLib
+ StandaloneMmDriverEntryPoint
+ SynchronizationLib
+ VarCheckLib
+
+[Protocols]
+ gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
+ ## CONSUMES
+ ## NOTIFY
+ gEfiSmmFaultTolerantWriteProtocolGuid
+ ## PRODUCES
+ ## UNDEFINED # SmiHandlerRegister
+ gEfiSmmVariableProtocolGuid
+ gEfiMmEndOfDxeProtocolGuid ## NOTIFY
+ gEdkiiSmmVarCheckProtocolGuid ## PRODUCES
+
+[Guids]
+ ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header
+ ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header
+ ## SOMETIMES_CONSUMES ## HOB
+ ## SOMETIMES_PRODUCES ## SystemTable
+ gEfiAuthenticatedVariableGuid
+
+ ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header
+ ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header
+ ## SOMETIMES_CONSUMES ## HOB
+ ## SOMETIMES_PRODUCES ## SystemTable
+ gEfiVariableGuid
+
+ ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang"
+ ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang"
+ ## SOMETIMES_CONSUMES ## Variable:L"Lang"
+ ## SOMETIMES_PRODUCES ## Variable:L"Lang"
+ gEfiGlobalVariableGuid
+
+ gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
+ gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
+
+ gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
+ gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB
+
+ ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag"
+ ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag"
+ gEdkiiVarErrorFlagGuid
+
+[FixedPcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES
+
+[FeaturePcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable.
+ gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang
+
+[Depex]
+ TRUE
--
2.17.1
next prev parent reply other threads:[~2019-01-03 18:29 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-03 18:28 [PATCH 0/6] implement standalone MM versions of the variable runtime drivers Ard Biesheuvel
2019-01-03 18:28 ` [PATCH] BaseTools/GenFds: permit stripped MM_CORE_STANDALONE binaries Ard Biesheuvel
2019-01-04 5:51 ` Feng, Bob C
2019-01-03 18:28 ` [PATCH 1/6] MdePkg/Include: add MmServicesTableLib header file Ard Biesheuvel
2019-01-10 6:06 ` Zeng, Star
2019-01-03 18:28 ` [PATCH 2/6] MdePkg: implement MmServicesTableLib based on traditional SMM Ard Biesheuvel
2019-01-10 1:35 ` Wang, Jian J
[not found] ` <9bfb4d7c-3d4e-c05c-49a1-1959ddc902e3@intel.com>
2019-01-10 6:54 ` Zeng, Star
2019-01-03 18:28 ` [PATCH 3/6] MdeModulePkg/FaultTolerantWriteDxe: factor out boot service accesses Ard Biesheuvel
2019-01-10 1:36 ` Wang, Jian J
2019-01-10 6:45 ` Zeng, Star
2019-01-03 18:28 ` [PATCH 4/6] MdeModulePkg/FaultTolerantWriteDxe: implement standalone MM version Ard Biesheuvel
2019-01-10 1:41 ` Wang, Jian J
2019-01-10 1:48 ` Wang, Jian J
2019-01-10 6:31 ` Zeng, Star
2019-01-10 6:47 ` Zeng, Star
2019-01-10 7:29 ` Zeng, Star
2019-01-10 7:33 ` Ard Biesheuvel
2019-01-10 7:59 ` Zeng, Star
2019-01-10 12:28 ` Wang, Jian J
2019-01-10 13:03 ` Laszlo Ersek
2019-01-10 16:23 ` Ard Biesheuvel
2019-01-11 2:18 ` Zeng, Star
2019-01-03 18:28 ` [PATCH 5/6] MdeModulePkg/VariableRuntimeDxe: factor out boot service accesses Ard Biesheuvel
2019-01-08 15:38 ` Laszlo Ersek
2019-01-10 2:33 ` Wang, Jian J
2019-01-10 7:17 ` Zeng, Star
2019-01-10 7:19 ` Zeng, Star
2019-01-03 18:28 ` Ard Biesheuvel [this message]
2019-01-10 1:49 ` [PATCH 6/6] MdeModulePkg/VariableRuntimeDxe: implement standalone MM version Wang, Jian J
2019-01-10 1:50 ` Wang, Jian J
2019-01-10 7:28 ` Zeng, Star
2019-01-03 19:13 ` [PATCH 0/6] implement standalone MM versions of the variable runtime drivers Ard Biesheuvel
2019-01-07 12:44 ` Gao, Liming
2019-01-07 13:05 ` Ard Biesheuvel
2019-01-07 19:08 ` Laszlo Ersek
2019-01-09 13:56 ` Gao, Liming
2019-01-09 15:29 ` Ard Biesheuvel
2019-01-14 2:55 ` Gao, Liming
2019-01-14 8:26 ` Ard Biesheuvel
2019-01-14 15:33 ` Gao, Liming
2019-01-09 9:44 ` Laszlo Ersek
2019-01-09 10:28 ` Ard Biesheuvel
2019-01-09 15:04 ` Laszlo Ersek
2019-01-09 21:46 ` Laszlo Ersek
2019-01-09 21:56 ` Ard Biesheuvel
2019-01-10 8:24 ` Zeng, Star
2019-01-13 15:42 ` Zeng, Star
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190103182825.32231-8-ard.biesheuvel@linaro.org \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox