From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.120; helo=mga04.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A429022135D3D for ; Tue, 6 Mar 2018 22:37:57 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Mar 2018 22:44:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.47,434,1515484800"; d="scan'208";a="22559472" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga008.fm.intel.com with ESMTP; 06 Mar 2018 22:44:12 -0800 Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 22:44:11 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 6 Mar 2018 22:44:05 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.124]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.130]) with mapi id 14.03.0319.002; Wed, 7 Mar 2018 14:44:02 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Zeng, Star" Thread-Topic: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY Thread-Index: AQHTtVdhse+uNN4wKEmR2TqoUKK9S6PEVJ8w Date: Wed, 7 Mar 2018 06:44:01 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AADF70C@shsmsx102.ccr.corp.intel.com> References: <1520346480-65348-1-git-send-email-star.zeng@intel.com> <1520346480-65348-2-git-send-email-star.zeng@intel.com> In-Reply-To: <1520346480-65348-2-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYjcwOTM0MmEtYjI0NC00MTdiLWIwODctYzc0MWY3Y2IyNjM3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjIuNS4xOCIsIlRydXN0ZWRMYWJlbEhhc2giOiJBQk9oVytsdVRyUkFiSHVQK3V3ejNPVDNZVnJmQ29VSlBVYnhmNld0cDVYQ0FlY29wQkc2cDFkTG9ENWlXR2g5In0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/7] MdeModulePkg LockBoxLib: Support LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 06:37:58 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of St= ar > Zeng > Sent: Tuesday, March 6, 2018 10:28 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Zeng, Star > Subject: [edk2] [PATCH 1/7] MdeModulePkg LockBoxLib: Support > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY >=20 > With this flag, the LockBox can be restored in S3 resume only. > The LockBox can not be restored after SmmReadyToLock in normal boot > and after EndOfS3Resume in S3 resume. > It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE. >=20 > Cc: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Star Zeng > --- > MdeModulePkg/Include/Library/LockBoxLib.h | 14 +- > .../Library/SmmLockBoxLib/SmmLockBoxDxeLib.c | 4 +- > .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.c | 227 > ++++++++++++++++++++- > .../Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf | 10 +- > 4 files changed, 247 insertions(+), 8 deletions(-) >=20 > diff --git a/MdeModulePkg/Include/Library/LockBoxLib.h > b/MdeModulePkg/Include/Library/LockBoxLib.h > index db7fd05def58..80beb4d0f880 100644 > --- a/MdeModulePkg/Include/Library/LockBoxLib.h > +++ b/MdeModulePkg/Include/Library/LockBoxLib.h > @@ -2,7 +2,7 @@ > This library is only intended to be used by DXE modules that need save > confidential information to LockBox and get it by PEI modules in S3 ph= ase. >=20 > -Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
>=20 > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -62,9 +62,17 @@ SetLockBoxAttributes ( > ); >=20 > // > -// With this flag, this LockBox can be restored to this Buffer with > RestoreAllLockBoxInPlace() > +// With this flag, this LockBox can be restored to this Buffer > +// with RestoreAllLockBoxInPlace() > // > -#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 > +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0 > +// > +// With this flag, this LockBox can be restored in S3 resume only. > +// This LockBox can not be restored after SmmReadyToLock in normal boot > +// and after EndOfS3Resume in S3 resume. > +// It can not be set together with LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE. > +// > +#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY BIT1 >=20 > /** > This function will update confidential information to lockbox. > diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > index b75f81e69e04..9b6f0bedbd4f 100644 > --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c > @@ -1,6 +1,6 @@ > /** @file >=20 > -Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
>=20 > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -241,7 +241,7 @@ SetLockBoxAttributes ( > // Basic check > // > if ((Guid =3D=3D NULL) || > - ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) !=3D 0)) { > + ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) !=3D 0)) { > return EFI_INVALID_PARAMETER; > } >=20 > diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > index 4960df755534..af75a4cb9cd1 100644 > --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c > @@ -1,6 +1,6 @@ > /** @file >=20 > -Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
>=20 > This program and the accompanying materials > are licensed and made available under the terms and conditions > @@ -20,6 +20,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include > +#include > +#include > +#include >=20 > #include "SmmLockBoxLibPrivate.h" >=20 > @@ -31,6 +35,11 @@ SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext; > LIST_ENTRY mLockBoxQueue =3D INITIALIZE_LIST_HEAD_VARIABLE > (mLockBoxQueue); >=20 > BOOLEAN mSmmConfigurationTableInstalled =3D FALSE; > +VOID *mRegistrationSmmEndOfDxe =3D NULL; > +VOID *mRegistrationSmmReadyToLock =3D NULL; > +VOID *mRegistrationEndOfS3Resume =3D NULL; > +BOOLEAN mSmmLockBoxSmmReadyToLock =3D FALSE; > +BOOLEAN mSmmLockBoxDuringS3Resume =3D FALSE; >=20 > /** > This function return SmmLockBox context from SMST. > @@ -64,6 +73,128 @@ InternalGetSmmLockBoxContext ( > } >=20 > /** > + Notification for SMM ReadyToLock protocol. > + > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. > + > + @retval EFI_SUCCESS Notification runs successfully. > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxSmmReadyToLockNotify ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > + ) > +{ > + mSmmLockBoxSmmReadyToLock =3D TRUE; > + return EFI_SUCCESS; > +} > + > +/** > + Main entry point for an SMM handler dispatch or communicate-based > callback. > + > + @param[in] DispatchHandle The unique handle assigned to this > handler by SmiHandlerRegister(). > + @param[in] Context Points to an optional handler context > which was specified when the > + handler was registered. > + @param[in,out] CommBuffer A pointer to a collection of data in > memory that will > + be conveyed from a non-SMM > environment into an SMM environment. > + @param[in,out] CommBufferSize The size of the CommBuffer. > + > + @retval EFI_SUCCESS The interrupt was > handled and quiesced. No other handlers > + should still be called. > + @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has > been quiesced but other handlers should > + still be called. > + @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still > pending and other handlers should still > + be called. > + @retval EFI_INTERRUPT_PENDING The interrupt could not > be quiesced. > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxS3EntryCallBack ( > + IN EFI_HANDLE DispatchHandle, > + IN CONST VOID *Context OPTIONAL, > + IN OUT VOID *CommBuffer OPTIONAL, > + IN OUT UINTN *CommBufferSize OPTIONAL > + ) > +{ > + mSmmLockBoxDuringS3Resume =3D TRUE; > + return EFI_SUCCESS; > +} > + > +/** > + Notification for SMM EndOfDxe protocol. > + > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. > + > + @retval EFI_SUCCESS Notification runs successfully. > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxSmmEndOfDxeNotify ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > + ) > +{ > + EFI_STATUS Status; > + EFI_SMM_SX_DISPATCH2_PROTOCOL *SxDispatch; > + EFI_SMM_SX_REGISTER_CONTEXT EntryRegisterContext; > + EFI_HANDLE S3EntryHandle; > + > + // > + // Locate SmmSxDispatch2 protocol. > + // > + Status =3D gSmst->SmmLocateProtocol ( > + &gEfiSmmSxDispatch2ProtocolGuid, > + NULL, > + (VOID **)&SxDispatch > + ); > + if (!EFI_ERROR (Status) && (SxDispatch !=3D NULL)) { > + // > + // Register a S3 entry callback function to > + // determine if it will be during S3 resume. > + // > + EntryRegisterContext.Type =3D SxS3; > + EntryRegisterContext.Phase =3D SxEntry; > + Status =3D SxDispatch->Register ( > + SxDispatch, > + SmmLockBoxS3EntryCallBack, > + &EntryRegisterContext, > + &S3EntryHandle > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > + return EFI_SUCCESS; > +} > + > +/** > + Notification for SMM EndOfS3Resume protocol. > + > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. > + > + @retval EFI_SUCCESS Notification runs successfully. > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxEndOfS3ResumeNotify ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > + ) > +{ > + mSmmLockBoxDuringS3Resume =3D FALSE; > + return EFI_SUCCESS; > +} > + > +/** > Constructor for SmmLockBox library. > This is used to set SmmLockBox context, which will be used in PEI phas= e in S3 > boot path later. >=20 > @@ -86,6 +217,36 @@ SmmLockBoxSmmConstructor ( > DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructor > - Enter\n")); >=20 > // > + // Register SmmReadyToLock notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify ( > + &gEfiSmmReadyToLockProtocolGuid, > + SmmLockBoxSmmReadyToLockNotify, > + &mRegistrationSmmReadyToLock > + ); > + ASSERT_EFI_ERROR (Status); > + > + // > + // Register SmmEndOfDxe notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify ( > + &gEfiSmmEndOfDxeProtocolGuid, > + SmmLockBoxSmmEndOfDxeNotify, > + &mRegistrationSmmEndOfDxe > + ); > + ASSERT_EFI_ERROR (Status); > + > + // > + // Register EndOfS3Resume notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify ( > + &gEdkiiEndOfS3ResumeGuid, > + SmmLockBoxEndOfS3ResumeNotify, > + &mRegistrationEndOfS3Resume > + ); > + ASSERT_EFI_ERROR (Status); > + > + // > // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone > // > SmmLockBoxContext =3D InternalGetSmmLockBoxContext (); > @@ -158,6 +319,40 @@ SmmLockBoxSmmDestructor ( > DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib uninstall > SmmLockBoxCommunication configuration table\n")); > } >=20 > + if (mRegistrationSmmReadyToLock !=3D NULL) { > + // > + // Unregister SmmReadyToLock notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify ( > + &gEfiSmmReadyToLockProtocolGuid, > + NULL, > + &mRegistrationSmmReadyToLock > + ); > + ASSERT_EFI_ERROR (Status); > + } > + if (mRegistrationSmmEndOfDxe !=3D NULL) { > + // > + // Unregister SmmEndOfDxe notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify ( > + &gEfiSmmEndOfDxeProtocolGuid, > + NULL, > + &mRegistrationSmmEndOfDxe > + ); > + ASSERT_EFI_ERROR (Status); > + } > + if (mRegistrationEndOfS3Resume !=3D NULL) { > + // > + // Unregister EndOfS3Resume notification. > + // > + Status =3D gSmst->SmmRegisterProtocolNotify ( > + &gEdkiiEndOfS3ResumeGuid, > + NULL, > + &mRegistrationEndOfS3Resume > + ); > + ASSERT_EFI_ERROR (Status); > + } > + > return EFI_SUCCESS; > } >=20 > @@ -354,8 +549,16 @@ SetLockBoxAttributes ( > // Basic check > // > if ((Guid =3D=3D NULL) || > - ((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) !=3D 0)) { > + ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) !=3D 0)) { > + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit > (%r)\n", EFI_INVALID_PARAMETER)); > + return EFI_INVALID_PARAMETER; > + } > + > + if (((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) !=3D 0) && > + ((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) !=3D 0)) { > DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit > (%r)\n", EFI_INVALID_PARAMETER)); > + DEBUG ((EFI_D_INFO, " LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE > and LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY\n\n")); > + DEBUG ((EFI_D_INFO, " can not be set together\n")); > return EFI_INVALID_PARAMETER; > } >=20 > @@ -368,6 +571,16 @@ SetLockBoxAttributes ( > return EFI_NOT_FOUND; > } >=20 > + if ((((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) !=3D 0) && > + ((LockBox->Attributes & > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) !=3D 0)) || > + (((LockBox->Attributes & > LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) !=3D 0) && > + ((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) !=3D 0))) { > + DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes 0x%lx > 0x%lx - Exit (%r)\n", LockBox->Attributes, Attributes, > EFI_INVALID_PARAMETER)); > + DEBUG ((EFI_D_INFO, " LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE > and LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY\n\n")); > + DEBUG ((EFI_D_INFO, " can not be set together\n")); > + return EFI_INVALID_PARAMETER; > + } > + > // > // Update data > // > @@ -496,6 +709,16 @@ RestoreLockBox ( > return EFI_NOT_FOUND; > } >=20 > + if (((LockBox->Attributes & > LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) !=3D 0) && > + mSmmLockBoxSmmReadyToLock && > + !mSmmLockBoxDuringS3Resume) { > + // > + // With LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, > + // this LockBox can be restored in S3 resume only. > + // > + return EFI_ACCESS_DENIED; > + } > + > // > // Set RestoreBuffer > // > diff --git a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf > b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf > index eb7ba0bb2e89..426af4cccfe0 100644 > --- a/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf > +++ b/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf > @@ -1,7 +1,7 @@ > ## @file > # SMM LockBox library instance. > # > -# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > # > # This program and the accompanying materials > # are licensed and made available under the terms and conditions > @@ -44,7 +44,15 @@ [LibraryClasses] > BaseLib > DebugLib >=20 > +[Protocols] > + gEfiSmmReadyToLockProtocolGuid ## NOTIFY > + gEfiSmmEndOfDxeProtocolGuid ## NOTIFY > + gEfiSmmSxDispatch2ProtocolGuid ## NOTIFY > + > [Guids] > ## SOMETIMES_CONSUMES ## UNDEFINED # SmmSystemTable > ## SOMETIMES_PRODUCES ## UNDEFINED # SmmSystemTable > gEfiSmmLockBoxCommunicationGuid > + ## CONSUMES ## UNDEFINED # Protocol notify > + gEdkiiEndOfS3ResumeGuid > + > -- > 2.7.0.windows.1 >=20 > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel