From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Dong, Eric" <eric.dong@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib.
Date: Wed, 3 May 2017 14:19:50 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A9375FF@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <1493782306-14084-2-git-send-email-eric.dong@intel.com>
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Dong, Eric
> Sent: Wednesday, May 3, 2017 11:32 AM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib.
>
> Update code to consume SmmIoLib to check Mmio validation.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Eric Dong <eric.dong@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c | 30 +------------
> .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c | 51
> ----------------------
> .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h | 3 +-
> .../Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf | 2 +-
> 4 files changed, 3 insertions(+), 83 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> index 33f77bd..e38acfd 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
> @@ -1023,34 +1023,6 @@ GetAhciBarSize (
> }
>
> /**
> - This function check if the memory region is in GCD MMIO region.
> -
> - @param Addr The memory region start address to be checked.
> - @param Size The memory region length to be checked.
> -
> - @retval TRUE This memory region is in GCD MMIO region.
> - @retval FALSE This memory region is not in GCD MMIO region.
> -**/
> -BOOLEAN
> -EFIAPI
> -OpalIsValidMmioSpace (
> - IN EFI_PHYSICAL_ADDRESS Addr,
> - IN UINTN Size
> - )
> -{
> - UINTN Index;
> - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
> -
> - for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
> - Desc = &mGcdMemSpace[Index];
> - if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) &&
> (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress +
> Desc->Length))) {
> - return TRUE;
> - }
> - }
> -
> - return FALSE;
> -}
> -/**
> Get AHCI mode base address registers' Value.
>
> @param[in] Bus The bus number of ata host controller.
> @@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
> //
> // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by
> modifying MMIO Bar to point to SMRAM.
> //
> - if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
> + if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
> return EFI_UNSUPPORTED;
> }
>
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> index 2f2a1d9..0ea92b1 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
> @@ -61,9 +61,6 @@ VOID *mBuffer = NULL; // DMA can not
> read/write Data to smram, s
> // NVME
> NVME_CONTEXT mNvmeContext;
>
> -EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL;
> -UINTN mNumberOfDescriptors = 0;
> -
> /**
> Add new bridge node or nvme device info to the device list.
>
> @@ -648,44 +645,6 @@ S3SleepEntryCallBack (
> }
>
> /**
> - OpalPassword Notification for SMM EndOfDxe protocol.
> -
> - @param[in] Protocol Points to the protocol's unique identifier.
> - @param[in] Interface Points to the interface instance.
> - @param[in] Handle The handle on which the interface was installed.
> -
> - @retval EFI_SUCCESS Notification runs successfully.
> -**/
> -EFI_STATUS
> -EFIAPI
> -OpalPasswordEndOfDxeNotification (
> - IN CONST EFI_GUID *Protocol,
> - IN VOID *Interface,
> - IN EFI_HANDLE Handle
> - )
> -{
> - UINTN NumberOfDescriptors;
> - EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;
> - EFI_STATUS Status;
> -
> - Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors,
> &MemSpaceMap);
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof
> (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
> - if (EFI_ERROR (Status)) {
> - gBS->FreePool (MemSpaceMap);
> - return Status;
> - }
> -
> - mNumberOfDescriptors = NumberOfDescriptors;
> - gBS->FreePool (MemSpaceMap);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> Main entry for this driver.
>
> @param ImageHandle Image handle this driver.
> @@ -711,7 +670,6 @@ OpalPasswordSmmInit (
> EFI_SMM_VARIABLE_PROTOCOL *SmmVariable;
> OPAL_EXTRA_INFO_VAR OpalExtraInfo;
> UINTN DataSize;
> - EFI_EVENT EndOfDxeEvent;
> EFI_PHYSICAL_ADDRESS Address;
>
> mBuffer = NULL;
> @@ -820,15 +778,6 @@ OpalPasswordSmmInit (
> //
> mSwSmiValue = (UINT8) Context.SwSmiInputValue;
>
> - //
> - // Create event to record GCD descriptors at end of dxe for judging
> AHCI/NVMe PCI Bar
> - // is in MMIO space to avoid attack.
> - //
> - Status = gSmst->SmmRegisterProtocolNotify
> (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification,
> &EndOfDxeEvent);
> - if (EFI_ERROR (Status)) {
> - DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail,
> Status: %r\n", Status));
> - goto EXIT;
> - }
> Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,
> (VOID**)&SmmVariable);
> if (!EFI_ERROR (Status)) {
> DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> index ab31a6b..ce88786 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
> @@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
> #include <Library/S3BootScriptLib.h>
> #include <Library/DevicePathLib.h>
> #include <Library/DxeServicesTableLib.h>
> +#include <Library/SmmIoLib.h>
>
> #include <IndustryStandard/Pci22.h>
>
> @@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> EITHER EXPRESS OR IMPLIED.
>
> extern VOID *mBuffer;
>
> -extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace;
> -extern UINTN mNumberOfDescriptors;
> #pragma pack(1)
>
> typedef struct {
> diff --git a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> index cab0fd5..c62fa13 100644
> --- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> +++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
> @@ -58,6 +58,7 @@
> DxeServicesTableLib
> DevicePathLib
> OpalPasswordSupportLib
> + SmmIoLib
>
> [Guids]
> gOpalExtraInfoVariableGuid ## CONSUMES ## GUID
> @@ -69,7 +70,6 @@
> gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES
> gEfiSmmVariableProtocolGuid ## CONSUMES
> gEfiStorageSecurityCommandProtocolGuid ## CONSUMES
> - gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
>
> [Depex]
> gEfiSmmSwDispatch2ProtocolGuid AND
> --
> 2.7.0.windows.1
next prev parent reply other threads:[~2017-05-03 14:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-03 3:31 [Patch 0/2] Consume New SmmIoLib Eric Dong
2017-05-03 3:31 ` [Patch 1/2] SecurityPkg OpalPasswordSmm: Consume SmmIoLib Eric Dong
2017-05-03 14:19 ` Yao, Jiewen [this message]
2017-05-03 3:31 ` [Patch 2/2] SecurityPkg: " Eric Dong
2017-05-03 14:20 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503A9375FF@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox