From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118709+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id D950D740038
	for <rebecca@openfw.io>; Thu,  9 May 2024 03:42:04 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=Yl7mRGfcyIRQUmx3fgMtcfYWC0qY8kCIdIzEtOST33g=;
 c=relaxed/simple; d=groups.io;
 h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1715226123; v=1;
 b=UtCmM66HDIl0hXmtq4T1CiV7NQzQMMV17t8gr8VwJDDS4zg81VIZgFxtTMSUiX6ZBlo7a8ed
 m70N7G1FrEfoTk1SlqmhYGZXEVLgo6G+3dpKq0nRLqN+g7mZEMH7Sd9rfn77iI/pkfGUTm76MJA
 ymO/7l0YXZhzSq6vQdu5V1ugz2b9evaA5hEr/hvpSbXgR97nOGWLJXH/7kIotPrp7sLZthIRJev
 XAiDo/YBTvulfwkOOL/RjLTG6rwoKVbfDAP1pZlD8ZmiFpA6QyYRpQN4dB4IJ3UuPvLbzQ4mZrE
 kJ6TpwDjp5hEBI6l+EDOOtu50mCxhxa5hXXxQtOHSK+hQ==
X-Received: by 127.0.0.2 with SMTP id muEoYY7687511xBtV5b74iSH; Wed, 08 May 2024 20:42:03 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9])
 by mx.groups.io with SMTP id smtpd.web10.1925.1715226122257173492
 for <devel@edk2.groups.io>;
 Wed, 08 May 2024 20:42:02 -0700
X-CSE-ConnectionGUID: 0HzgL8zOS6uSULEv2YOE6w==
X-CSE-MsgGUID: Ch8k36VPTP+qVSHr4P23dg==
X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="21792093"
X-IronPort-AV: E=Sophos;i="6.08,146,1712646000"; 
   d="scan'208";a="21792093"
X-Received: from fmviesa005.fm.intel.com ([10.60.135.145])
  by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 20:42:01 -0700
X-CSE-ConnectionGUID: v+ISoe5VSPuW/wcShsu5yw==
X-CSE-MsgGUID: 3UjdHVsZSASxkm3VINOQmg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,146,1712646000"; 
   d="scan'208";a="33579265"
X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16])
  by fmviesa005.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 May 2024 20:42:01 -0700
X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Wed, 8 May 2024 20:42:01 -0700
X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Wed, 8 May 2024 20:42:00 -0700
X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35 via Frontend Transport; Wed, 8 May 2024 20:42:00 -0700
X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.40) by
 edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Wed, 8 May 2024 20:42:00 -0700
X-Received: from MN0PR11MB6158.namprd11.prod.outlook.com (2603:10b6:208:3ca::18)
 by SN7PR11MB7018.namprd11.prod.outlook.com (2603:10b6:806:2ad::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.39; Thu, 9 May
 2024 03:41:58 +0000
X-Received: from MN0PR11MB6158.namprd11.prod.outlook.com
 ([fe80::13cf:47a8:4737:84e9]) by MN0PR11MB6158.namprd11.prod.outlook.com
 ([fe80::13cf:47a8:4737:84e9%3]) with mapi id 15.20.7544.039; Thu, 9 May 2024
 03:41:58 +0000
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: "Xie, Yuanhao" <yuanhao.xie@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: Liming Gao <gaoliming@byosoft.com.cn>, "Ni, Ray" <ray.ni@intel.com>
Subject: Re: [edk2-devel] [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c.
Thread-Topic: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c.
Thread-Index: AQHaoEUoGW1fgzBcFUKyPcBRYd0LfrGORPUg
Date: Thu, 9 May 2024 03:41:58 +0000
Message-ID: <MN0PR11MB61582A4CEF45C996E9080237FEE62@MN0PR11MB6158.namprd11.prod.outlook.com>
References: <20240507060910.1687-1-yuanhao.xie@intel.com>
 <20240507060910.1687-3-yuanhao.xie@intel.com>
In-Reply-To: <20240507060910.1687-3-yuanhao.xie@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN0PR11MB6158:EE_|SN7PR11MB7018:EE_
x-ms-office365-filtering-correlation-id: b724b94d-ed27-409f-69eb-08dc6fd9fa83
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: =?us-ascii?Q?RfL4y0g1dKQsXFPhyCV8oS+VdsiTZ9UTVa4G1Ks6ObV802xb9kyBByyFnWfH?=
 =?us-ascii?Q?3RrZ+nKL5sSnF63zklp+0oi6uXbSFJyJobTuMDp8f+hI6UgxqAYCKGWIbwi+?=
 =?us-ascii?Q?2oNfFbCwumW37asa5DO0x0GxsuKrzMs5DSVpVjXq5Onp/X+wwqAwdixedCIe?=
 =?us-ascii?Q?KITUSW+//01si9qHocWWE71wOpzSxWH1hHqebvKeWddd97HZvAPWlbygFdkM?=
 =?us-ascii?Q?HZdrdxHCqfGGSJwXnqlrRg95e6sF6wM+eCsgc8rRIbFwvtmN4buE7mcKGp6l?=
 =?us-ascii?Q?OdDQn5OSdbHvWQm/2/nzYmLPXQ55MCeM1/75AA73ih8kvg6vp5cRC6tOAkNr?=
 =?us-ascii?Q?gmiRB58flFC+DLM9y7D3pt/FOQCUhuaNr/MLpgq4gAD2XAIWWIBynxzdszMd?=
 =?us-ascii?Q?Hd1CvyUkYsu7DExodzlVlF0oJDvckZJXgAkZ31L4pDpR7KDvd9HTE38oag4Z?=
 =?us-ascii?Q?tsup8uHgJXi2jmJR0YxAPtap5PkArwExRp5EhG17yhu83MAdanaLNXmtnVLQ?=
 =?us-ascii?Q?cEZrLWnjIQHieIt+9S0E14Mcy0RTAKHkUzSu92j+nAQaYacOj7gnUUBDl71C?=
 =?us-ascii?Q?ZaA/71caXdQ4fhi9cz5ogdsCYffSUwFqjW+wPyJSUEMFQmLfQVoIP61WzCf/?=
 =?us-ascii?Q?O61BQnawxEaBQ5jNugr8DvrmnocBUcZjIwi3Eymi20/TW+XCF1CqXeUcwG4j?=
 =?us-ascii?Q?mhb1wykdFmohpTtoICalIsRIKhxoZxV0u9EKKfFm0Iq1L1Zv53K34skjf8Zo?=
 =?us-ascii?Q?zKJRmKPnAtwwTFCo4hKGpfLV36URQwq/mup5F0kzsJF/UU40XhJCQoefcaGV?=
 =?us-ascii?Q?s0qe3MzPb3DGYyFPZgONGXormsPr4OckcnEY/lXMokqJKCOdxVTBfoGjUS1y?=
 =?us-ascii?Q?gQpdlrln3uCJ4xIUmlXON7zDs6vzE+20zQqyLbX3zLypLyVfxxnjTQK5T3vU?=
 =?us-ascii?Q?Bv2zexK2/vUOBJbH1QbBHb3l575bRBmlc8m/M0o2jFeN5c1bom5a9BjnErYK?=
 =?us-ascii?Q?MkhVmTf2S1Yf6REufklq+Fpb6gcMwZvKe7HbUCdDSCyU7sNpGM6NlJXKJj/6?=
 =?us-ascii?Q?M9r/wRtbka2MGHlyt60i7WEBzzUWLaicnIzVaGqhCzrXnPHVcOE1wRmGaPio?=
 =?us-ascii?Q?4KIBP9W89j365X1HiVn3hkz3nx1KgLFrEm8UaovJWbDXkvZOeqPnVObRnH1V?=
 =?us-ascii?Q?DBmzSlZdE3cRs/C+qa1zQS7CF3/lgBLIIbhF4R3Cc6BSwSed6RTO83oqCjcD?=
 =?us-ascii?Q?PtdbUCp4dQsrcnzjeDQZhucUcFeRMmQz03AdkPO7CUNSHQWEc5+7qTkS4GKn?=
 =?us-ascii?Q?jtyPXta3cPzR+cSrnD3NeZzfrhm5jQJ5edsQ+M1ALxdp/Q=3D=3D?=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+ymfsM13ALiPZWJ+F+oWqoOhrJrfeWtHLhXFddhLowgYrjv2146zuQ5ogOnH?=
 =?us-ascii?Q?p9jR55y2J8eYOQIzPIcggHSFfjiFpHPbR52guBeaa/Xu6d1ZE+jTO796e52g?=
 =?us-ascii?Q?Wrvq54fKVaZOUMx+kQd1kxaE11Fmmw9gCYAzMR9JTsP1ZsTHFEmlcsAEz1bY?=
 =?us-ascii?Q?vdv/LThGGCSb2TySVEMJby++9N+S1Nqj+D3cw120aJ6UQTH+oQjvP+T/U5vF?=
 =?us-ascii?Q?fxMrzNqNd/pExYKAA8nTsPGGRQdVGJzP8ZytILwbqFG8zXnkz3lc3lvc3MzE?=
 =?us-ascii?Q?we9HZThaIG/sAFBIKyOkMyq+V0i/Hhn25c2TseA8vIU3DO0ADNE3mgSNYvX8?=
 =?us-ascii?Q?au4wJLkG8j97IPvBRm6EhH4DSmWYREHHDO400s0XmbQ2O4tUvQpJefoYFFsR?=
 =?us-ascii?Q?QayRcUxY7GOTmeX703sr9UoJSz3XMcz1tf/ohibSVrbFAnQVvLGc3vZhmOSH?=
 =?us-ascii?Q?N5dS8YffEcsqseGvHJ+XNOXfU3ZASParPPtWNHM6kgMFt9EA6ITt4Qej/krU?=
 =?us-ascii?Q?GG5gGb/WI250BNu6aZRLyRJOyfU4RRYoeqCYp4ha1HWG+gtyjYhyRC8K4+6J?=
 =?us-ascii?Q?jvpRHIe0LyUmgSJ8rtqk3FIbYGg7YKSrvQTNnLfjhSkOZqXDh1G1NyyfgLcs?=
 =?us-ascii?Q?puSnpZ9GwH/ZwaP0dNYGQoDDXrgC38wp3U/gD++QUt1GczoFkXGES2RnRePK?=
 =?us-ascii?Q?KyNYqE5/UQ99vPOA1Z7kOGSDyxwxVk69VQGcKlXBXIr7+XCrU+RW99YhAY4h?=
 =?us-ascii?Q?imbl7rLmWo8Qst/FbCO4cCY58i0J2nKr7WxlROFjit4/KzAaNqjxPuQ/yxwI?=
 =?us-ascii?Q?w5FsCmH2IUb5JI1treFxl4ozjBq/eZ1iPuStyhTlqH1fYPrS/2VZbgjq/Hcm?=
 =?us-ascii?Q?lIIuLPlzhF1aVI4EltyL9+FWGTHXuJGhK1catJ7tZBxAY2fF9qphQgtZNhEu?=
 =?us-ascii?Q?PsWEUThSSQbzMRO8W1S3QVG42Gw0bQD3TaIAIocYA/BQs/Am0YkXuiDU3uum?=
 =?us-ascii?Q?LKhSqAqlx517jC+5SRIpyR88puofVqYfjTbf8g5DCVas2G9vUZ9bTKEmYGFl?=
 =?us-ascii?Q?+yRKX7OkhD56lLzJlN38wB2moFPzrhqTnhVJvVAReS5m5df+TsSqVru+4iGG?=
 =?us-ascii?Q?jkpSeoSq4ZTT/0+JOuZKXdVJbNeL/aqd3H1c6stmucG3gGVXet4EopsaTuN/?=
 =?us-ascii?Q?IQuTywFjqu4GsIKlRoYwNsUjhxBjtbHlb7KlEXzDvXC+5jfJUmPjDejzlKgy?=
 =?us-ascii?Q?KLx/ubFAyNkVlG2rzudVXrEJ1Z+QHc+crqnNnT1tIVTZGkR7glhhIOz3kAWJ?=
 =?us-ascii?Q?3tzSqd72SmBEwRUsNjA8YN+fc/dqZ/mYNT+7YFn+FRKYM7T97t08lfsomkdc?=
 =?us-ascii?Q?ZzJUM/KD8toddqNOmfyzA85NU/HhCwZmMOU+UlUU7491PMC/FqbH3zY62C1C?=
 =?us-ascii?Q?KDu1RINlUV2PLzmkG5ggSvSDHL5/HryPGwSdbY2HXZI0PQ0fiZGoELop2VeC?=
 =?us-ascii?Q?E1SQPdnxb9Xtw1Y/ocdKSHVYRn97j+l3wbn/YGu6UPP6IZGezKMdevX8fgD8?=
 =?us-ascii?Q?Dndt7kbaxEBi1V/HoDA=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN0PR11MB6158.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b724b94d-ed27-409f-69eb-08dc6fd9fa83
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2024 03:41:58.1009
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rvkDsF/Te15GWQZ18GHb3IJMOY5Kmyb+Gojppr/v1ZpCZLF1c4qCmCtoXfCT65jNDgJ+W6MRTplwkUYeyVYYtQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB7018
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 08 May 2024 20:42:02 -0700
Resent-From: jiaxin.wu@intel.com
Reply-To: devel@edk2.groups.io,jiaxin.wu@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: THVrnnSzeZompN4KL2E0mrCfx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=UtCmM66H;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>

> -----Original Message-----
> From: Xie, Yuanhao <yuanhao.xie@intel.com>
> Sent: Tuesday, May 7, 2024 2:09 PM
> To: devel@edk2.groups.io
> Cc: Liming Gao <gaoliming@byosoft.com.cn>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Ni, Ray <ray.ni@intel.com>; Xie, Yuanhao
> <yuanhao.xie@intel.com>
> Subject: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c.
>=20
> The Lockbox Driver allows sensitive data to be securely stored in a
> designated area, thus protected against unauthorized access.
>=20
> This patch does not introduce any functional modifications.
> It refactors the existing logic into a common component to facilitates
> the integration of the Standalone MM Lockbox Driver in an upcoming patch
>=20
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
>=20
> Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
> ---
>  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c       | 361
> ++++++++++++-------------------------------------------------------------=
--------------
> -------------------------------------------------------------------------=
---------------------
> -------------------------------------------------------------------------=
---------------------
> -------------------------------------------------------------------------=
-------------
>  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf     |   4
> +++-
>  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c |
> 384
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++
>  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h |
> 148
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++
>  4 files changed, 547 insertions(+), 350 deletions(-)
>=20
> diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
> index c1e15c596b..2774979c34 100644
> --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
> +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
> @@ -9,7 +9,7 @@
>    SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(),
> SmmLockBoxSave()
>    will receive untrusted input and do basic validation.
>=20
> -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR>
>=20
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
> @@ -31,360 +31,24 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include <Protocol/LockBox.h>
>  #include <Guid/SmmLockBox.h>
>=20
> -BOOLEAN  mLocked =3D FALSE;
> +#include "SmmLockBoxCommon.h"
>=20
>  /**
> -  Dispatch function for SMM lock box save.
> +  This function is an abstraction layer for implementation specific Mm b=
uffer
> validation routine.
>=20
> -  Caution: This function may receive untrusted input.
> -  Restore buffer and length are external input, so this function will va=
lidate
> -  it is in SMRAM.
> +  @param Buffer  The buffer start address to be checked.
> +  @param Length  The buffer length to be checked.
>=20
> -  @param LockBoxParameterSave  parameter of lock box save
> +  @retval TRUE  This buffer is valid per processor architecture and not =
overlap
> with SMRAM.
> +  @retval FALSE This buffer is not valid per processor architecture or o=
verlap
> with SMRAM.
>  **/
> -VOID
> -SmmLockBoxSave (
> -  IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE  *LockBoxParameterSave
> +BOOLEAN
> +IsBufferOutsideMmValid (
> +  IN EFI_PHYSICAL_ADDRESS  Buffer,
> +  IN UINT64                Length
>    )
>  {
> -  EFI_STATUS                       Status;
> -  EFI_SMM_LOCK_BOX_PARAMETER_SAVE  TempLockBoxParameterSave;
> -
> -  //
> -  // Sanity check
> -  //
> -  if (mLocked) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"));
> -    LockBoxParameterSave->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> -    return;
> -  }
> -
> -  CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SAVE));
> -
> -  //
> -  // Sanity check
> -  //
> -  if (!SmmIsBufferOutsideSmmValid
> ((UINTN)TempLockBoxParameterSave.Buffer,
> (UINTN)TempLockBoxParameterSave.Length)) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in SMRAM or buffer
> overflow!\n"));
> -    LockBoxParameterSave->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> -    return;
> -  }
> -
> -  //
> -  // The SpeculationBarrier() call here is to ensure the above range che=
ck for
> -  // the CommBuffer have been completed before calling into SaveLockBox(=
).
> -  //
> -  SpeculationBarrier ();
> -
> -  //
> -  // Save data
> -  //
> -  Status =3D SaveLockBox (
> -             &TempLockBoxParameterSave.Guid,
> -             (VOID *)(UINTN)TempLockBoxParameterSave.Buffer,
> -             (UINTN)TempLockBoxParameterSave.Length
> -             );
> -  LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status;
> -  return;
> -}
> -
> -/**
> -  Dispatch function for SMM lock box set attributes.
> -
> -  @param LockBoxParameterSetAttributes  parameter of lock box set
> attributes
> -**/
> -VOID
> -SmmLockBoxSetAttributes (
> -  IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> *LockBoxParameterSetAttributes
> -  )
> -{
> -  EFI_STATUS                                 Status;
> -  EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> TempLockBoxParameterSetAttributes;
> -
> -  //
> -  // Sanity check
> -  //
> -  if (mLocked) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"));
> -    LockBoxParameterSetAttributes->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> -    return;
> -  }
> -
> -  CopyMem (&TempLockBoxParameterSetAttributes,
> LockBoxParameterSetAttributes, sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES));
> -
> -  //
> -  // Update data
> -  //
> -  Status =3D SetLockBoxAttributes (
> -             &TempLockBoxParameterSetAttributes.Guid,
> -             TempLockBoxParameterSetAttributes.Attributes
> -             );
> -  LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)Status;
> -  return;
> -}
> -
> -/**
> -  Dispatch function for SMM lock box update.
> -
> -  Caution: This function may receive untrusted input.
> -  Restore buffer and length are external input, so this function will va=
lidate
> -  it is in SMRAM.
> -
> -  @param LockBoxParameterUpdate  parameter of lock box update
> -**/
> -VOID
> -SmmLockBoxUpdate (
> -  IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  *LockBoxParameterUpdate
> -  )
> -{
> -  EFI_STATUS                         Status;
> -  EFI_SMM_LOCK_BOX_PARAMETER_UPDATE
> TempLockBoxParameterUpdate;
> -
> -  //
> -  // Sanity check
> -  //
> -  if (mLocked) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"));
> -    LockBoxParameterUpdate->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> -    return;
> -  }
> -
> -  CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate,
> sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE));
> -
> -  //
> -  // Sanity check
> -  //
> -  if (!SmmIsBufferOutsideSmmValid
> ((UINTN)TempLockBoxParameterUpdate.Buffer,
> (UINTN)TempLockBoxParameterUpdate.Length)) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in SMRAM or
> buffer overflow!\n"));
> -    LockBoxParameterUpdate->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> -    return;
> -  }
> -
> -  //
> -  // The SpeculationBarrier() call here is to ensure the above range che=
ck for
> -  // the CommBuffer have been completed before calling into
> UpdateLockBox().
> -  //
> -  SpeculationBarrier ();
> -
> -  //
> -  // Update data
> -  //
> -  Status =3D UpdateLockBox (
> -             &TempLockBoxParameterUpdate.Guid,
> -             (UINTN)TempLockBoxParameterUpdate.Offset,
> -             (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer,
> -             (UINTN)TempLockBoxParameterUpdate.Length
> -             );
> -  LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status;
> -  return;
> -}
> -
> -/**
> -  Dispatch function for SMM lock box restore.
> -
> -  Caution: This function may receive untrusted input.
> -  Restore buffer and length are external input, so this function will va=
lidate
> -  it is in SMRAM.
> -
> -  @param LockBoxParameterRestore  parameter of lock box restore
> -**/
> -VOID
> -SmmLockBoxRestore (
> -  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE  *LockBoxParameterRestore
> -  )
> -{
> -  EFI_STATUS                          Status;
> -  EFI_SMM_LOCK_BOX_PARAMETER_RESTORE
> TempLockBoxParameterRestore;
> -
> -  CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore,
> sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE));
> -
> -  //
> -  // Sanity check
> -  //
> -  if (!SmmIsBufferOutsideSmmValid
> ((UINTN)TempLockBoxParameterRestore.Buffer,
> (UINTN)TempLockBoxParameterRestore.Length)) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address in SMRAM or
> buffer overflow!\n"));
> -    LockBoxParameterRestore->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> -    return;
> -  }
> -
> -  //
> -  // Restore data
> -  //
> -  if ((TempLockBoxParameterRestore.Length =3D=3D 0) &&
> (TempLockBoxParameterRestore.Buffer =3D=3D 0)) {
> -    Status =3D RestoreLockBox (
> -               &TempLockBoxParameterRestore.Guid,
> -               NULL,
> -               NULL
> -               );
> -  } else {
> -    Status =3D RestoreLockBox (
> -               &TempLockBoxParameterRestore.Guid,
> -               (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,
> -               (UINTN *)&TempLockBoxParameterRestore.Length
> -               );
> -    if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D=3D EFI_SUCCE=
SS)) {
> -      //
> -      // Return the actual Length value.
> -      //
> -      LockBoxParameterRestore->Length =3D
> TempLockBoxParameterRestore.Length;
> -    }
> -  }
> -
> -  LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status;
> -  return;
> -}
> -
> -/**
> -  Dispatch function for SMM lock box restore all in place.
> -
> -  @param LockBoxParameterRestoreAllInPlace  parameter of lock box restor=
e
> all in place
> -**/
> -VOID
> -SmmLockBoxRestoreAllInPlace (
> -  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE
> *LockBoxParameterRestoreAllInPlace
> -  )
> -{
> -  EFI_STATUS  Status;
> -
> -  Status                                                 =3D RestoreAllL=
ockBoxInPlace ();
> -  LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D
> (UINT64)Status;
> -  return;
> -}
> -
> -/**
> -  Dispatch function for a Software SMI handler.
> -
> -  Caution: This function may receive untrusted input.
> -  Communicate buffer and buffer size are external input, so this functio=
n will
> do basic validation.
> -
> -  @param DispatchHandle  The unique handle assigned to this handler by
> SmiHandlerRegister().
> -  @param Context         Points to an optional handler context which was
> specified when the
> -                         handler was registered.
> -  @param CommBuffer      A pointer to a collection of data in memory tha=
t will
> -                         be conveyed from a non-SMM environment into an =
SMM
> environment.
> -  @param CommBufferSize  The size of the CommBuffer.
> -
> -  @retval EFI_SUCCESS Command is handled successfully.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -SmmLockBoxHandler (
> -  IN EFI_HANDLE  DispatchHandle,
> -  IN CONST VOID  *Context         OPTIONAL,
> -  IN OUT VOID    *CommBuffer      OPTIONAL,
> -  IN OUT UINTN   *CommBufferSize  OPTIONAL
> -  )
> -{
> -  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  *LockBoxParameterHeader;
> -  UINTN                              TempCommBufferSize;
> -
> -  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n"));
> -
> -  //
> -  // If input is invalid, stop processing this SMI
> -  //
> -  if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) {
> -    return EFI_SUCCESS;
> -  }
> -
> -  TempCommBufferSize =3D *CommBufferSize;
> -
> -  //
> -  // Sanity check
> -  //
> -  if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size invalid!\n"));
> -    return EFI_SUCCESS;
> -  }
> -
> -  if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer,
> TempCommBufferSize)) {
> -    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in SMRAM or
> overflow!\n"));
> -    return EFI_SUCCESS;
> -  }
> -
> -  LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER
> *)((UINTN)CommBuffer);
> -
> -  LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1;
> -
> -  DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n",
> (UINTN)LockBoxParameterHeader));
> -
> -  DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n",
> (UINTN)LockBoxParameterHeader->Command));
> -
> -  switch (LockBoxParameterHeader->Command) {
> -    case EFI_SMM_LOCK_BOX_COMMAND_SAVE:
> -      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) {
> -        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SAVE
> invalid!\n"));
> -        break;
> -      }
> -
> -      SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE
> *)(UINTN)LockBoxParameterHeader);
> -      break;
> -    case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:
> -      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)) {
> -        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> UPDATE invalid!\n"));
> -        break;
> -      }
> -
> -      SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE
> *)(UINTN)LockBoxParameterHeader);
> -      break;
> -    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:
> -      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)) {
> -        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> RESTORE invalid!\n"));
> -        break;
> -      }
> -
> -      SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE
> *)(UINTN)LockBoxParameterHeader);
> -      break;
> -    case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:
> -      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) {
> -        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> SET_ATTRIBUTES invalid!\n"));
> -        break;
> -      }
> -
> -      SmmLockBoxSetAttributes
> ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> *)(UINTN)LockBoxParameterHeader);
> -      break;
> -    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:
> -      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) {
> -        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> RESTORE_ALL_IN_PLACE invalid!\n"));
> -        break;
> -      }
> -
> -      SmmLockBoxRestoreAllInPlace
> ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE
> *)(UINTN)LockBoxParameterHeader);
> -      break;
> -    default:
> -      DEBUG ((DEBUG_ERROR, "SmmLockBox Command invalid!\n"));
> -      break;
> -  }
> -
> -  LockBoxParameterHeader->Command =3D (UINT32)-1;
> -
> -  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n"));
> -
> -  return EFI_SUCCESS;
> -}
> -
> -/**
> -  Smm Ready To Lock event notification handler.
> -
> -  It sets a flag indicating that SMRAM has been locked.
> -
> -  @param[in] Protocol   Points to the protocol's unique identifier.
> -  @param[in] Interface  Points to the interface instance.
> -  @param[in] Handle     The handle on which the interface was installed.
> -
> -  @retval EFI_SUCCESS   Notification handler runs successfully.
> - **/
> -EFI_STATUS
> -EFIAPI
> -SmmReadyToLockEventNotify (
> -  IN CONST EFI_GUID  *Protocol,
> -  IN VOID            *Interface,
> -  IN EFI_HANDLE      Handle
> -  )
> -{
> -  mLocked =3D TRUE;
> -  return EFI_SUCCESS;
> +  return SmmIsBufferOutsideSmmValid (Buffer, Length);
>  }
>=20
>  /**
> @@ -438,6 +102,5 @@ SmmLockBoxEntryPoint (
>                         NULL
>                         );
>    ASSERT_EFI_ERROR (Status);
> -
>    return Status;
>  }
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
> index 5081b2d7f2..f279706e90 100644
> --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
> +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
> @@ -6,7 +6,7 @@
>  #  This external input must be validated carefully to avoid security iss=
ue like
>  #  buffer overflow, integer overflow.
>  #
> -#  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR=
>
> +#  Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR=
>
>  #
>  #  SPDX-License-Identifier: BSD-2-Clause-Patent
>  #
> @@ -30,6 +30,8 @@
>=20
>  [Sources]
>    SmmLockBox.c
> +  SmmLockBoxCommon.c
> +  SmmLockBoxCommon.h
>=20
>  [Packages]
>    MdePkg/MdePkg.dec
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c
> new file mode 100644
> index 0000000000..5c6eae05af
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c
> @@ -0,0 +1,384 @@
> +/** @file
> +  LockBox SMM/MM driver.
> +
> +  Caution: This module requires additional review when modified.
> +  This driver will have external input - communicate buffer in SMM mode.
> +  This external input must be validated carefully to avoid security issu=
e like
> +  buffer overflow, integer overflow.
> +
> +  SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(),
> SmmLockBoxSave()
> +  will receive untrusted input and do basic validation.
> +
> +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR>
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <PiSmm.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/LockBoxLib.h>
> +
> +#include <Protocol/SmmReadyToLock.h>
> +#include <Protocol/SmmCommunication.h>
> +#include <Protocol/LockBox.h>
> +#include <Guid/SmmLockBox.h>
> +#include "SmmLockBoxCommon.h"
> +
> +BOOLEAN  mLocked =3D FALSE;
> +
> +/**
> +  Dispatch function for SMM lock box save.
> +
> +  Caution: This function may receive untrusted input.
> +  Restore buffer and length are external input, so this function will va=
lidate
> +  it is in SMRAM.
> +
> +  @param LockBoxParameterSave  parameter of lock box save
> +**/
> +VOID
> +SmmLockBoxSave (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE  *LockBoxParameterSave
> +  )
> +{
> +  EFI_STATUS                       Status;
> +  EFI_SMM_LOCK_BOX_PARAMETER_SAVE  TempLockBoxParameterSave;
> +
> +  //
> +  // Sanity check
> +  //
> +  if (mLocked) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"));
> +    LockBoxParameterSave->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> +    return;
> +  }
> +
> +  CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SAVE));
> +
> +  //
> +  // Sanity check
> +  //
> +  if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterSave.Buffer,
> (UINTN)TempLockBoxParameterSave.Length)) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in SMRAM or buffer
> overflow!\n"));
> +    LockBoxParameterSave->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> +    return;
> +  }
> +
> +  //
> +  // The SpeculationBarrier() call here is to ensure the above range che=
ck for
> +  // the CommBuffer have been completed before calling into SaveLockBox(=
).
> +  //
> +  SpeculationBarrier ();
> +
> +  //
> +  // Save data
> +  //
> +  Status =3D SaveLockBox (
> +             &TempLockBoxParameterSave.Guid,
> +             (VOID *)(UINTN)TempLockBoxParameterSave.Buffer,
> +             (UINTN)TempLockBoxParameterSave.Length
> +             );
> +  LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status;
> +  return;
> +}
> +
> +/**
> +  Dispatch function for SMM lock box set attributes.
> +
> +  @param LockBoxParameterSetAttributes  parameter of lock box set
> attributes
> +**/
> +VOID
> +SmmLockBoxSetAttributes (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> *LockBoxParameterSetAttributes
> +  )
> +{
> +  EFI_STATUS                                 Status;
> +  EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> TempLockBoxParameterSetAttributes;
> +
> +  //
> +  // Sanity check
> +  //
> +  if (mLocked) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"));
> +    LockBoxParameterSetAttributes->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> +    return;
> +  }
> +
> +  CopyMem (&TempLockBoxParameterSetAttributes,
> LockBoxParameterSetAttributes, sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES));
> +
> +  //
> +  // Update data
> +  //
> +  Status =3D SetLockBoxAttributes (
> +             &TempLockBoxParameterSetAttributes.Guid,
> +             TempLockBoxParameterSetAttributes.Attributes
> +             );
> +  LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)Status;
> +  return;
> +}
> +
> +/**
> +  Dispatch function for SMM lock box update.
> +
> +  Caution: This function may receive untrusted input.
> +  Restore buffer and length are external input, so this function will va=
lidate
> +  it is in SMRAM.
> +
> +  @param LockBoxParameterUpdate  parameter of lock box update
> +**/
> +VOID
> +SmmLockBoxUpdate (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  *LockBoxParameterUpdate
> +  )
> +{
> +  EFI_STATUS                         Status;
> +  EFI_SMM_LOCK_BOX_PARAMETER_UPDATE
> TempLockBoxParameterUpdate;
> +
> +  //
> +  // Sanity check
> +  //
> +  if (mLocked) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"));
> +    LockBoxParameterUpdate->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> +    return;
> +  }
> +
> +  CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate,
> sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE));
> +
> +  //
> +  // Sanity check
> +  //
> +  if (!IsBufferOutsideMmValid
> ((UINTN)TempLockBoxParameterUpdate.Buffer,
> (UINTN)TempLockBoxParameterUpdate.Length)) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in SMRAM or
> buffer overflow!\n"));
> +    LockBoxParameterUpdate->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> +    return;
> +  }
> +
> +  //
> +  // The SpeculationBarrier() call here is to ensure the above range che=
ck for
> +  // the CommBuffer have been completed before calling into
> UpdateLockBox().
> +  //
> +  SpeculationBarrier ();
> +
> +  //
> +  // Update data
> +  //
> +  Status =3D UpdateLockBox (
> +             &TempLockBoxParameterUpdate.Guid,
> +             (UINTN)TempLockBoxParameterUpdate.Offset,
> +             (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer,
> +             (UINTN)TempLockBoxParameterUpdate.Length
> +             );
> +  LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status;
> +  return;
> +}
> +
> +/**
> +  Dispatch function for SMM lock box restore.
> +
> +  Caution: This function may receive untrusted input.
> +  Restore buffer and length are external input, so this function will va=
lidate
> +  it is in SMRAM.
> +
> +  @param LockBoxParameterRestore  parameter of lock box restore
> +**/
> +VOID
> +SmmLockBoxRestore (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE
> *LockBoxParameterRestore
> +  )
> +{
> +  EFI_STATUS                          Status;
> +  EFI_SMM_LOCK_BOX_PARAMETER_RESTORE
> TempLockBoxParameterRestore;
> +
> +  CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore,
> sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE));
> +
> +  //
> +  // Sanity check
> +  //
> +  if (!IsBufferOutsideMmValid
> ((UINTN)TempLockBoxParameterRestore.Buffer,
> (UINTN)TempLockBoxParameterRestore.Length)) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address in SMRAM or
> buffer overflow!\n"));
> +    LockBoxParameterRestore->Header.ReturnStatus =3D
> (UINT64)EFI_ACCESS_DENIED;
> +    return;
> +  }
> +
> +  //
> +  // Restore data
> +  //
> +  if ((TempLockBoxParameterRestore.Length =3D=3D 0) &&
> (TempLockBoxParameterRestore.Buffer =3D=3D 0)) {
> +    Status =3D RestoreLockBox (
> +               &TempLockBoxParameterRestore.Guid,
> +               NULL,
> +               NULL
> +               );
> +  } else {
> +    Status =3D RestoreLockBox (
> +               &TempLockBoxParameterRestore.Guid,
> +               (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,
> +               (UINTN *)&TempLockBoxParameterRestore.Length
> +               );
> +    if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D=3D EFI_SUCCE=
SS)) {
> +      //
> +      // Return the actual Length value.
> +      //
> +      LockBoxParameterRestore->Length =3D
> TempLockBoxParameterRestore.Length;
> +    }
> +  }
> +
> +  LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status;
> +  return;
> +}
> +
> +/**
> +  Dispatch function for SMM lock box restore all in place.
> +
> +  @param LockBoxParameterRestoreAllInPlace  parameter of lock box restor=
e
> all in place
> +**/
> +VOID
> +SmmLockBoxRestoreAllInPlace (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE
> *LockBoxParameterRestoreAllInPlace
> +  )
> +{
> +  EFI_STATUS  Status;
> +
> +  Status                                                 =3D RestoreAllL=
ockBoxInPlace ();
> +  LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D
> (UINT64)Status;
> +  return;
> +}
> +
> +/**
> +  Dispatch function for a Software SMI handler.
> +
> +  Caution: This function may receive untrusted input.
> +  Communicate buffer and buffer size are external input, so this functio=
n will
> do basic validation.
> +
> +  @param DispatchHandle  The unique handle assigned to this handler by
> SmiHandlerRegister().
> +  @param Context         Points to an optional handler context which was
> specified when the
> +                         handler was registered.
> +  @param CommBuffer      A pointer to a collection of data in memory tha=
t will
> +                         be conveyed from a non-SMM environment into an =
SMM
> environment.
> +  @param CommBufferSize  The size of the CommBuffer.
> +
> +  @retval EFI_SUCCESS Command is handled successfully.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SmmLockBoxHandler (
> +  IN EFI_HANDLE  DispatchHandle,
> +  IN CONST VOID  *Context         OPTIONAL,
> +  IN OUT VOID    *CommBuffer      OPTIONAL,
> +  IN OUT UINTN   *CommBufferSize  OPTIONAL
> +  )
> +{
> +  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  *LockBoxParameterHeader;
> +  UINTN                              TempCommBufferSize;
> +
> +  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n"));
> +
> +  //
> +  // If input is invalid, stop processing this SMI
> +  //
> +  if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) {
> +    return EFI_SUCCESS;
> +  }
> +
> +  TempCommBufferSize =3D *CommBufferSize;
> +
> +  //
> +  // Sanity check
> +  //
> +  if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size
> invalid!\n"));
> +    return EFI_SUCCESS;
> +  }
> +
> +  if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize))
> {
> +    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in SMRAM or
> overflow!\n"));
> +    return EFI_SUCCESS;
> +  }
> +
> +  LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER
> *)((UINTN)CommBuffer);
> +
> +  LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1;
> +
> +  DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n",
> (UINTN)LockBoxParameterHeader));
> +
> +  DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n",
> (UINTN)LockBoxParameterHeader->Command));
> +
> +  switch (LockBoxParameterHeader->Command) {
> +    case EFI_SMM_LOCK_BOX_COMMAND_SAVE:
> +      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) {
> +        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SAVE
> invalid!\n"));
> +        break;
> +      }
> +
> +      SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE
> *)(UINTN)LockBoxParameterHeader);
> +      break;
> +    case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:
> +      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)) {
> +        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> UPDATE invalid!\n"));
> +        break;
> +      }
> +
> +      SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE
> *)(UINTN)LockBoxParameterHeader);
> +      break;
> +    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:
> +      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)) {
> +        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> RESTORE invalid!\n"));
> +        break;
> +      }
> +
> +      SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE
> *)(UINTN)LockBoxParameterHeader);
> +      break;
> +    case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:
> +      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) {
> +        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> SET_ATTRIBUTES invalid!\n"));
> +        break;
> +      }
> +
> +      SmmLockBoxSetAttributes
> ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> *)(UINTN)LockBoxParameterHeader);
> +      break;
> +    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:
> +      if (TempCommBufferSize < sizeof
> (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) {
> +        DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for
> RESTORE_ALL_IN_PLACE invalid!\n"));
> +        break;
> +      }
> +
> +      SmmLockBoxRestoreAllInPlace
> ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE
> *)(UINTN)LockBoxParameterHeader);
> +      break;
> +    default:
> +      DEBUG ((DEBUG_ERROR, "SmmLockBox Command invalid!\n"));
> +      break;
> +  }
> +
> +  LockBoxParameterHeader->Command =3D (UINT32)-1;
> +
> +  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n"));
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Smm Ready To Lock event notification handler.
> +
> +  It sets a flag indicating that SMRAM has been locked.
> +
> +  @param[in] Protocol   Points to the protocol's unique identifier.
> +  @param[in] Interface  Points to the interface instance.
> +  @param[in] Handle     The handle on which the interface was installed.
> +
> +  @retval EFI_SUCCESS   Notification handler runs successfully.
> + **/
> +EFI_STATUS
> +EFIAPI
> +SmmReadyToLockEventNotify (
> +  IN CONST EFI_GUID  *Protocol,
> +  IN VOID            *Interface,
> +  IN EFI_HANDLE      Handle
> +  )
> +{
> +  mLocked =3D TRUE;
> +  return EFI_SUCCESS;
> +}
> diff --git
> a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h
> new file mode 100644
> index 0000000000..2205c4fb3b
> --- /dev/null
> +++
> b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h
> @@ -0,0 +1,148 @@
> +/** @file
> +  LockBox SMM/MM driver.
> +
> +  Caution: This module requires additional review when modified.
> +  This driver will have external input - communicate buffer in SMM mode.
> +  This external input must be validated carefully to avoid security issu=
e like
> +  buffer overflow, integer overflow.
> +
> +  SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(),
> SmmLockBoxSave()
> +  will receive untrusted input and do basic validation.
> +
> +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR>
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <PiSmm.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/LockBoxLib.h>
> +
> +#include <Protocol/SmmReadyToLock.h>
> +#include <Protocol/SmmCommunication.h>
> +#include <Protocol/LockBox.h>
> +#include <Guid/SmmLockBox.h>
> +
> +/**
> +  This function is an abstraction layer for implementation specific Mm b=
uffer
> validation routine.
> +
> +  @param Buffer  The buffer start address to be checked.
> +  @param Length  The buffer length to be checked.
> +
> +  @retval TRUE  This buffer is valid per processor architecture and not =
overlap
> with SMRAM.
> +  @retval FALSE This buffer is not valid per processor architecture or o=
verlap
> with SMRAM.
> +**/
> +BOOLEAN
> +IsBufferOutsideMmValid (
> +  IN EFI_PHYSICAL_ADDRESS  Buffer,
> +  IN UINT64                Length
> +  );
> +
> +/**
> +  Dispatch function for SMM lock box save.
> +
> +  Caution: This function may receive untrusted input.
> +  Restore buffer and length are external input, so this function will va=
lidate
> +  it is in SMRAM.
> +
> +  @param LockBoxParameterSave  parameter of lock box save
> +**/
> +VOID
> +SmmLockBoxSave (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE  *LockBoxParameterSave
> +  );
> +
> +/**
> +  Dispatch function for SMM lock box set attributes.
> +
> +  @param LockBoxParameterSetAttributes  parameter of lock box set
> attributes
> +**/
> +VOID
> +SmmLockBoxSetAttributes (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES
> *LockBoxParameterSetAttributes
> +  );
> +
> +/**
> +  Dispatch function for SMM lock box update.
> +
> +  Caution: This function may receive untrusted input.
> +  Restore buffer and length are external input, so this function will va=
lidate
> +  it is in SMRAM.
> +
> +  @param LockBoxParameterUpdate  parameter of lock box update
> +**/
> +VOID
> +SmmLockBoxUpdate (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  *LockBoxParameterUpdate
> +  );
> +
> +/**
> +  Dispatch function for SMM lock box restore.
> +
> +  Caution: This function may receive untrusted input.
> +  Restore buffer and length are external input, so this function will va=
lidate
> +  it is in SMRAM.
> +
> +  @param LockBoxParameterRestore  parameter of lock box restore
> +**/
> +VOID
> +SmmLockBoxRestore (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE
> *LockBoxParameterRestore
> +  );
> +
> +/**
> +  Dispatch function for SMM lock box restore all in place.
> +
> +  @param LockBoxParameterRestoreAllInPlace  parameter of lock box restor=
e
> all in place
> +**/
> +VOID
> +SmmLockBoxRestoreAllInPlace (
> +  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE
> *LockBoxParameterRestoreAllInPlace
> +  );
> +
> +/**
> +  Dispatch function for a Software SMI handler.
> +
> +  Caution: This function may receive untrusted input.
> +  Communicate buffer and buffer size are external input, so this functio=
n will
> do basic validation.
> +
> +  @param DispatchHandle  The unique handle assigned to this handler by
> SmiHandlerRegister().
> +  @param Context         Points to an optional handler context which was
> specified when the
> +                         handler was registered.
> +  @param CommBuffer      A pointer to a collection of data in memory tha=
t will
> +                         be conveyed from a non-SMM environment into an =
SMM
> environment.
> +  @param CommBufferSize  The size of the CommBuffer.
> +
> +  @retval EFI_SUCCESS Command is handled successfully.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +SmmLockBoxHandler (
> +  IN EFI_HANDLE  DispatchHandle,
> +  IN CONST VOID  *Context         OPTIONAL,
> +  IN OUT VOID    *CommBuffer      OPTIONAL,
> +  IN OUT UINTN   *CommBufferSize  OPTIONAL
> +  );
> +
> +/**
> +  Smm Ready To Lock event notification handler.
> +
> +  It sets a flag indicating that SMRAM has been locked.
> +
> +  @param[in] Protocol   Points to the protocol's unique identifier.
> +  @param[in] Interface  Points to the interface instance.
> +  @param[in] Handle     The handle on which the interface was installed.
> +
> +  @retval EFI_SUCCESS   Notification handler runs successfully.
> + **/
> +EFI_STATUS
> +EFIAPI
> +SmmReadyToLockEventNotify (
> +  IN CONST EFI_GUID  *Protocol,
> +  IN VOID            *Interface,
> +  IN EFI_HANDLE      Handle
> +  );
> --
> 2.39.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118709): https://edk2.groups.io/g/devel/message/118709
Mute This Topic: https://groups.io/mt/105955700/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-