From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B2846941230 for ; Tue, 7 May 2024 06:09:40 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ICJ5O+URDy61bGo2RtbtQ+33+H2UqS0hAb2nNruNRyM=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715062179; v=1; b=Av9aBkrQpg4yodSqnvmB6XduBZ+asve+00fsFSaiK4FV0bOi0znktZvuEj9caiKrz/Qy5DL2 7i5QpahvU7BVY/yErmuG+M6w6X5+zHIqtxw6mWxaahSrqxpASIm0Kp7qqgvNZZcY8qr4aWJGpVH 8y4QV4PhmSSVI9f43VBeg2WnD4miTuy2XH1YjnCx2LNneA5AHfiWr8TMZzEWZchoLhrK0fieUsn w4nyuzz/ZvtN8utNQPN8CE/HVcyjUcS2B4b3wz87YZc25MNImKaOoPL6Hr0yhw/crDTiG55kBVO mCMSMBqP4KwS2ov7Mnl02VyDwEnbkib1XuRkBWtU5UGwg== X-Received: by 127.0.0.2 with SMTP id SdeRYY7687511xFfrA7UKxCS; Mon, 06 May 2024 23:09:39 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) by mx.groups.io with SMTP id smtpd.web11.5114.1715062169840197202 for ; Mon, 06 May 2024 23:09:38 -0700 X-CSE-ConnectionGUID: QKF6jdCuQnOQ7q988f/z2Q== X-CSE-MsgGUID: MoZZzp+yRGWt9Yp0dy0S8w== X-IronPort-AV: E=McAfee;i="6600,9927,11065"; a="28308072" X-IronPort-AV: E=Sophos;i="6.07,260,1708416000"; d="scan'208";a="28308072" X-Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2024 23:09:38 -0700 X-CSE-ConnectionGUID: GtUw53phR4iKxEd5Q9VQHw== X-CSE-MsgGUID: 5XPACeYcRemQc84/0W7u5Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,260,1708416000"; d="scan'208";a="32869803" X-Received: from xieyuanh-mobl.ccr.corp.intel.com ([10.124.240.43]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2024 23:09:36 -0700 From: "Yuanhao Xie" To: devel@edk2.groups.io Cc: Liming Gao , Jiaxin Wu , Ray Ni , Yuanhao Xie Subject: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver. Date: Tue, 7 May 2024 14:09:10 +0800 Message-ID: <20240507060910.1687-4-yuanhao.xie@intel.com> In-Reply-To: <20240507060910.1687-1-yuanhao.xie@intel.com> References: <20240507060910.1687-1-yuanhao.xie@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 06 May 2024 23:09:38 -0700 Resent-From: yuanhao.xie@intel.com Reply-To: devel@edk2.groups.io,yuanhao.xie@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: n39FnoCQjhWnUDaDL26PPWk9x7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Av9aBkrQ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io The Lockbox Driver allows sensitive data to be securely stored in a designated area, thus protected against unauthorized access. This patch adds a Standalone MM Lockbox Driver with main modifications: 1. Separating shared code between the Standalone MM driver and the DXE MM Driver. 2. Utilizing services from the SMM Services Table (gSmst) as opposed to relying on Boot Services. Cc: Liming Gao Cc: Jiaxin Wu Cc: Ray Ni Signed-off-by: Yuanhao Xie --- MdeModulePkg/MdeModulePkg.dsc | 1 + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni | 14 ++++++++++++++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni | 14 ++++++++++++++ 5 files changed, 169 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 6bed9205ea..f0f02f180f 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -500,6 +500,7 @@ MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterStandaloneMm.inf MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAllocationProfileLib.inf MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationProfileLib.inf MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c new file mode 100644 index 0000000000..503be7efa8 --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c @@ -0,0 +1,84 @@ +/** @file + LockBox MM driver. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "SmmLockBoxCommon.h" + +/** + This function is an abstraction layer for implementation specific Mm buffer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} + +/** + Entry Point for LockBox MM driver. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxStandaloneMmEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE DispatchHandle; + VOID *Registration; + + // + // Register LockBox communication handler + // + Status = gMmst->MmiHandlerRegister ( + SmmLockBoxHandler, + &gEfiSmmLockBoxCommunicationGuid, + &DispatchHandle + ); + ASSERT_EFI_ERROR (Status); + + // + // Register SMM Ready To Lock Protocol notification + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEfiSmmReadyToLockProtocolGuid, + SmmReadyToLockEventNotify, + &Registration + ); + ASSERT_EFI_ERROR (Status); + return Status; +} diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf new file mode 100644 index 0000000000..544c87790c --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf @@ -0,0 +1,56 @@ +## @file +# LockBox MM driver. +# +# Copyright (c) 2024, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxStandaloneMm + MODULE_UNI_FILE = SmmLockBoxStandaloneMm.uni + FILE_GUID = a83a87a0-8a3e-482d-86c8-84a139f6ded0 + MODULE_TYPE = MM_STANDALONE + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT = SmmLockBoxStandaloneMmEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxStandaloneMm.c + SmmLockBoxCommon.c + SmmLockBoxCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + MmServicesTableLib + BaseLib + BaseMemoryLib + DebugLib + LockBoxLib + MemLib + StandaloneMmDriverEntryPoint + +[Guids] + gEfiSmmLockBoxCommunicationGuid ## PRODUCES ## GUID # SmiHandlerRegister + +[Protocols] + gEfiSmmReadyToLockProtocolGuid ## NOTIFY + gEfiLockBoxProtocolGuid ## PRODUCES + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + SmmLockBoxStandaloneMm.uni diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni new file mode 100644 index 0000000000..7f6218102f --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni @@ -0,0 +1,14 @@ +// /** @file +// LockBox MM driver. +// +// Copyright (c) 2024, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "LockBox MM driver." + +#string STR_MODULE_DESCRIPTION #language en-US "LockBox MM driver." + diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni new file mode 100644 index 0000000000..a5443ca5f9 --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni @@ -0,0 +1,14 @@ +// /** @file +// SmmLockBox Localized Strings and Content +// +// Copyright (c) 2024, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"MM Lock Box Driver" + + -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118639): https://edk2.groups.io/g/devel/message/118639 Mute This Topic: https://groups.io/mt/105955701/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-