Re: [PATCH 6/6] MdeModulePkg/VariableRuntimeDxe: implement standalone MM version

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wang, Jian J" <jian.j.wang@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: Laszlo Ersek <lersek@redhat.com>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>,
	 "Gao, Liming" <liming.gao@intel.com>,
	"Wu, Hao A" <hao.a.wu@intel.com>,
	Jagadeesh Ujja <jagadeesh.ujja@arm.com>,
	Achin Gupta <Achin.Gupta@arm.com>,
	Thomas Panakamattam Abraham <thomas.abraham@arm.com>,
	Sami Mujawar <Sami.Mujawar@arm.com>
Subject: Re: [PATCH 6/6] MdeModulePkg/VariableRuntimeDxe: implement standalone MM version
Date: Thu, 10 Jan 2019 01:50:19 +0000	[thread overview]
Message-ID: <D827630B58408649ACB04F44C510003625893147@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <20190103182825.32231-8-ard.biesheuvel@linaro.org>


Reviewed-by: Jian J Wang <jian.j.wang@intel.com>


> -----Original Message-----
> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org]
> Sent: Friday, January 04, 2019 2:28 AM
> To: edk2-devel@lists.01.org
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Laszlo Ersek
> <lersek@redhat.com>; Leif Lindholm <leif.lindholm@linaro.org>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>;
> Jagadeesh Ujja <jagadeesh.ujja@arm.com>; Achin Gupta
> <Achin.Gupta@arm.com>; Thomas Panakamattam Abraham
> <thomas.abraham@arm.com>; Sami Mujawar <Sami.Mujawar@arm.com>
> Subject: [PATCH 6/6] MdeModulePkg/VariableRuntimeDxe: implement
> standalone MM version
> 
> Reuse most of the existing code to implement a variable runtime
> driver that will be able to execute in the context of standalone
> MM.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c   |
> 69 ++++++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf |
> 135 ++++++++++++++++++++
>  2 files changed, 204 insertions(+)
> 
> diff --git
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c
> new file mode 100644
> index 000000000000..fbc99467c057
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c
> @@ -0,0 +1,69 @@
> +/** @file
> +
> +  Parts of the SMM/MM implementation that are specific to standalone MM
> +
> +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2018, Linaro, Ltd. All rights reserved. <BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution.  The full text of the license may be found
> at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
> OR IMPLIED.
> +
> +**/
> +
> +#include "Variable.h"
> +
> +BOOLEAN
> +VariableSmmIsBufferOutsideSmmValid (
> +  IN EFI_PHYSICAL_ADDRESS  Buffer,
> +  IN UINT64                Length
> +  )
> +{
> +  return TRUE;
> +}
> +
> +/**
> +  Notify the system that the SMM variable driver is ready
> +**/
> +VOID
> +VariableNotifySmmReady (
> +  VOID
> +  )
> +{
> +}
> +
> +/**
> +  Notify the system that the SMM variable write driver is ready
> +**/
> +VOID
> +VariableNotifySmmWriteReady (
> +  VOID
> +  )
> +{
> +}
> +
> +EFI_STATUS
> +EFIAPI
> +VariableServiceInitialize (
> +  IN EFI_HANDLE                           ImageHandle,
> +  IN EFI_MM_SYSTEM_TABLE                  *MmSystemTable
> +  )
> +{
> +  return MmVariableServiceInitialize ();
> +}
> +
> +/**
> +  Whether the TCG or TCG2 protocols are installed in the UEFI protocol
> database.
> +  This information is used by the MorLock code to infer whether an existing
> +  MOR variable is legitimate or not.
> +**/
> +BOOLEAN
> +VariableHaveTcgProtocols (
> +  VOID
> +  )
> +{
> +  return FALSE;
> +}
> diff --git
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> new file mode 100644
> index 000000000000..54d647af914c
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
> @@ -0,0 +1,135 @@
> +## @file
> +#  Provides SMM variable service.
> +#
> +#  This module installs SMM variable protocol into SMM protocol database,
> +#  which can be used by SMM driver, and installs SMM variable protocol
> +#  into BS protocol database, which can be used to notify the SMM Runtime
> +#  Dxe driver that the SMM variable service is ready.
> +#  This module should be used with SMM Runtime DXE module together. The
> +#  SMM Runtime DXE module would install variable arch protocol and variable
> +#  write arch protocol based on SMM variable module.
> +#
> +#  Caution: This module requires additional review when modified.
> +#  This driver will have external input - variable data and communicate buffer in
> SMM mode.
> +#  This external input must be validated carefully to avoid security issues such
> as
> +#  buffer overflow or integer overflow.
> +#    The whole SMM authentication variable design relies on the integrity of
> flash part and SMM.
> +#  which is assumed to be protected by platform.  All variable code and
> metadata in flash/SMM Memory
> +#  may not be modified without authorization. If platform fails to protect these
> resources,
> +#  the authentication service provided in this driver will be broken, and the
> behavior is undefined.
> +#
> +# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the BSD
> License
> +# which accompanies this distribution. The full text of the license may be found
> at
> +# http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x0001001A
> +  BASE_NAME                      = VariableStandaloneMm
> +  FILE_GUID                      = 7ee2c0c1-c21a-4113-a53a-66824a95696f
> +  MODULE_TYPE                    = MM_STANDALONE
> +  VERSION_STRING                 = 1.0
> +  PI_SPECIFICATION_VERSION       = 0x00010032
> +  ENTRY_POINT                    = VariableServiceInitialize
> +
> +#
> +# The following information is for reference only and not required by the build
> tools.
> +#
> +#  VALID_ARCHITECTURES           = AARCH64
> +#
> +
> +
> +[Sources]
> +  Reclaim.c
> +  Variable.c
> +  VariableSmm.c
> +  VariableStandaloneMm.c
> +  VarCheck.c
> +  Variable.h
> +  PrivilegePolymorphic.h
> +  VariableExLib.c
> +  TcgMorLockSmm.c
> +  SpeculationBarrierSmm.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  StandaloneMmPkg/StandaloneMmPkg.dec
> +
> +[LibraryClasses]
> +  AuthVariableLib
> +  BaseLib
> +  BaseMemoryLib
> +  DebugLib
> +  HobLib
> +  MemoryAllocationLib
> +  MmServicesTableLib
> +  StandaloneMmDriverEntryPoint
> +  SynchronizationLib
> +  VarCheckLib
> +
> +[Protocols]
> +  gEfiSmmFirmwareVolumeBlockProtocolGuid        ## CONSUMES
> +  ## CONSUMES
> +  ## NOTIFY
> +  gEfiSmmFaultTolerantWriteProtocolGuid
> +  ## PRODUCES
> +  ## UNDEFINED # SmiHandlerRegister
> +  gEfiSmmVariableProtocolGuid
> +  gEfiMmEndOfDxeProtocolGuid                   ## NOTIFY
> +  gEdkiiSmmVarCheckProtocolGuid                ## PRODUCES
> +
> +[Guids]
> +  ## SOMETIMES_CONSUMES   ## GUID # Signature of Variable store header
> +  ## SOMETIMES_PRODUCES   ## GUID # Signature of Variable store header
> +  ## SOMETIMES_CONSUMES   ## HOB
> +  ## SOMETIMES_PRODUCES   ## SystemTable
> +  gEfiAuthenticatedVariableGuid
> +
> +  ## SOMETIMES_CONSUMES   ## GUID # Signature of Variable store header
> +  ## SOMETIMES_PRODUCES   ## GUID # Signature of Variable store header
> +  ## SOMETIMES_CONSUMES   ## HOB
> +  ## SOMETIMES_PRODUCES   ## SystemTable
> +  gEfiVariableGuid
> +
> +  ## SOMETIMES_CONSUMES   ## Variable:L"PlatformLang"
> +  ## SOMETIMES_PRODUCES   ## Variable:L"PlatformLang"
> +  ## SOMETIMES_CONSUMES   ## Variable:L"Lang"
> +  ## SOMETIMES_PRODUCES   ## Variable:L"Lang"
> +  gEfiGlobalVariableGuid
> +
> +  gEfiMemoryOverwriteControlDataGuid            ## SOMETIMES_CONSUMES   ##
> Variable:L"MemoryOverwriteRequestControl"
> +  gEfiMemoryOverwriteRequestControlLockGuid     ## SOMETIMES_PRODUCES
> ## Variable:L"MemoryOverwriteRequestControlLock"
> +
> +  gEfiSystemNvDataFvGuid                        ## CONSUMES             ## GUID
> +  gEdkiiFaultTolerantWriteGuid                  ## SOMETIMES_CONSUMES   ## HOB
> +
> +  ## SOMETIMES_CONSUMES   ## Variable:L"VarErrorFlag"
> +  ## SOMETIMES_PRODUCES   ## Variable:L"VarErrorFlag"
> +  gEdkiiVarErrorFlagGuid
> +
> +[FixedPcd]
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize       ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase       ##
> SOMETIMES_CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64     ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize                  ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize              ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize          ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize     ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize                ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize                 ##
> CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize
> ## CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize
> ## CONSUMES
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe
> ## CONSUMES
> +
> +[FeaturePcd]
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics        ##
> CONSUMES  # statistic the information of variable.
> +  gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate       ##
> CONSUMES  # Auto update PlatformLang/Lang
> +
> +[Depex]
> +  TRUE
> --
> 2.17.1

next prev parent reply	other threads:[~2019-01-10  1:50 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-03 18:28 [PATCH 0/6] implement standalone MM versions of the variable runtime drivers Ard Biesheuvel
2019-01-03 18:28 ` [PATCH] BaseTools/GenFds: permit stripped MM_CORE_STANDALONE binaries Ard Biesheuvel
2019-01-04  5:51   ` Feng, Bob C
2019-01-03 18:28 ` [PATCH 1/6] MdePkg/Include: add MmServicesTableLib header file Ard Biesheuvel
2019-01-10  6:06   ` Zeng, Star
2019-01-03 18:28 ` [PATCH 2/6] MdePkg: implement MmServicesTableLib based on traditional SMM Ard Biesheuvel
2019-01-10  1:35   ` Wang, Jian J
     [not found]   ` <9bfb4d7c-3d4e-c05c-49a1-1959ddc902e3@intel.com>
2019-01-10  6:54     ` Zeng, Star
2019-01-03 18:28 ` [PATCH 3/6] MdeModulePkg/FaultTolerantWriteDxe: factor out boot service accesses Ard Biesheuvel
2019-01-10  1:36   ` Wang, Jian J
2019-01-10  6:45   ` Zeng, Star
2019-01-03 18:28 ` [PATCH 4/6] MdeModulePkg/FaultTolerantWriteDxe: implement standalone MM version Ard Biesheuvel
2019-01-10  1:41   ` Wang, Jian J
2019-01-10  1:48     ` Wang, Jian J
2019-01-10  6:31     ` Zeng, Star
2019-01-10  6:47   ` Zeng, Star
2019-01-10  7:29     ` Zeng, Star
2019-01-10  7:33       ` Ard Biesheuvel
2019-01-10  7:59         ` Zeng, Star
2019-01-10 12:28           ` Wang, Jian J
2019-01-10 13:03           ` Laszlo Ersek
2019-01-10 16:23             ` Ard Biesheuvel
2019-01-11  2:18               ` Zeng, Star
2019-01-03 18:28 ` [PATCH 5/6] MdeModulePkg/VariableRuntimeDxe: factor out boot service accesses Ard Biesheuvel
2019-01-08 15:38   ` Laszlo Ersek
2019-01-10  2:33     ` Wang, Jian J
2019-01-10  7:17       ` Zeng, Star
2019-01-10  7:19   ` Zeng, Star
2019-01-03 18:28 ` [PATCH 6/6] MdeModulePkg/VariableRuntimeDxe: implement standalone MM version Ard Biesheuvel
2019-01-10  1:49   ` Wang, Jian J
2019-01-10  1:50   ` Wang, Jian J [this message]
2019-01-10  7:28   ` Zeng, Star
2019-01-03 19:13 ` [PATCH 0/6] implement standalone MM versions of the variable runtime drivers Ard Biesheuvel
2019-01-07 12:44 ` Gao, Liming
2019-01-07 13:05   ` Ard Biesheuvel
2019-01-07 19:08     ` Laszlo Ersek
2019-01-09 13:56     ` Gao, Liming
2019-01-09 15:29       ` Ard Biesheuvel
2019-01-14  2:55         ` Gao, Liming
2019-01-14  8:26           ` Ard Biesheuvel
2019-01-14 15:33             ` Gao, Liming
2019-01-09  9:44 ` Laszlo Ersek
2019-01-09 10:28   ` Ard Biesheuvel
2019-01-09 15:04     ` Laszlo Ersek
2019-01-09 21:46       ` Laszlo Ersek
2019-01-09 21:56         ` Ard Biesheuvel
2019-01-10  8:24 ` Zeng, Star
2019-01-13 15:42 ` Zeng, Star

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D827630B58408649ACB04F44C510003625893147@SHSMSX107.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox