From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id D950D740038 for ; Thu, 9 May 2024 03:42:04 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Yl7mRGfcyIRQUmx3fgMtcfYWC0qY8kCIdIzEtOST33g=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715226123; v=1; b=UtCmM66HDIl0hXmtq4T1CiV7NQzQMMV17t8gr8VwJDDS4zg81VIZgFxtTMSUiX6ZBlo7a8ed m70N7G1FrEfoTk1SlqmhYGZXEVLgo6G+3dpKq0nRLqN+g7mZEMH7Sd9rfn77iI/pkfGUTm76MJA ymO/7l0YXZhzSq6vQdu5V1ugz2b9evaA5hEr/hvpSbXgR97nOGWLJXH/7kIotPrp7sLZthIRJev XAiDo/YBTvulfwkOOL/RjLTG6rwoKVbfDAP1pZlD8ZmiFpA6QyYRpQN4dB4IJ3UuPvLbzQ4mZrE kJ6TpwDjp5hEBI6l+EDOOtu50mCxhxa5hXXxQtOHSK+hQ== X-Received: by 127.0.0.2 with SMTP id muEoYY7687511xBtV5b74iSH; Wed, 08 May 2024 20:42:03 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) by mx.groups.io with SMTP id smtpd.web10.1925.1715226122257173492 for ; Wed, 08 May 2024 20:42:02 -0700 X-CSE-ConnectionGUID: 0HzgL8zOS6uSULEv2YOE6w== X-CSE-MsgGUID: Ch8k36VPTP+qVSHr4P23dg== X-IronPort-AV: E=McAfee;i="6600,9927,11067"; a="21792093" X-IronPort-AV: E=Sophos;i="6.08,146,1712646000"; d="scan'208";a="21792093" X-Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 May 2024 20:42:01 -0700 X-CSE-ConnectionGUID: v+ISoe5VSPuW/wcShsu5yw== X-CSE-MsgGUID: 3UjdHVsZSASxkm3VINOQmg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,146,1712646000"; d="scan'208";a="33579265" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmviesa005.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 May 2024 20:42:01 -0700 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 8 May 2024 20:42:01 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 8 May 2024 20:42:00 -0700 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 8 May 2024 20:42:00 -0700 X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.40) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 8 May 2024 20:42:00 -0700 X-Received: from MN0PR11MB6158.namprd11.prod.outlook.com (2603:10b6:208:3ca::18) by SN7PR11MB7018.namprd11.prod.outlook.com (2603:10b6:806:2ad::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.39; Thu, 9 May 2024 03:41:58 +0000 X-Received: from MN0PR11MB6158.namprd11.prod.outlook.com ([fe80::13cf:47a8:4737:84e9]) by MN0PR11MB6158.namprd11.prod.outlook.com ([fe80::13cf:47a8:4737:84e9%3]) with mapi id 15.20.7544.039; Thu, 9 May 2024 03:41:58 +0000 From: "Wu, Jiaxin" To: "Xie, Yuanhao" , "devel@edk2.groups.io" CC: Liming Gao , "Ni, Ray" Subject: Re: [edk2-devel] [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c. Thread-Topic: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c. Thread-Index: AQHaoEUoGW1fgzBcFUKyPcBRYd0LfrGORPUg Date: Thu, 9 May 2024 03:41:58 +0000 Message-ID: References: <20240507060910.1687-1-yuanhao.xie@intel.com> <20240507060910.1687-3-yuanhao.xie@intel.com> In-Reply-To: <20240507060910.1687-3-yuanhao.xie@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN0PR11MB6158:EE_|SN7PR11MB7018:EE_ x-ms-office365-filtering-correlation-id: b724b94d-ed27-409f-69eb-08dc6fd9fa83 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?RfL4y0g1dKQsXFPhyCV8oS+VdsiTZ9UTVa4G1Ks6ObV802xb9kyBByyFnWfH?= =?us-ascii?Q?3RrZ+nKL5sSnF63zklp+0oi6uXbSFJyJobTuMDp8f+hI6UgxqAYCKGWIbwi+?= =?us-ascii?Q?2oNfFbCwumW37asa5DO0x0GxsuKrzMs5DSVpVjXq5Onp/X+wwqAwdixedCIe?= =?us-ascii?Q?KITUSW+//01si9qHocWWE71wOpzSxWH1hHqebvKeWddd97HZvAPWlbygFdkM?= =?us-ascii?Q?HZdrdxHCqfGGSJwXnqlrRg95e6sF6wM+eCsgc8rRIbFwvtmN4buE7mcKGp6l?= =?us-ascii?Q?OdDQn5OSdbHvWQm/2/nzYmLPXQ55MCeM1/75AA73ih8kvg6vp5cRC6tOAkNr?= =?us-ascii?Q?gmiRB58flFC+DLM9y7D3pt/FOQCUhuaNr/MLpgq4gAD2XAIWWIBynxzdszMd?= =?us-ascii?Q?Hd1CvyUkYsu7DExodzlVlF0oJDvckZJXgAkZ31L4pDpR7KDvd9HTE38oag4Z?= =?us-ascii?Q?tsup8uHgJXi2jmJR0YxAPtap5PkArwExRp5EhG17yhu83MAdanaLNXmtnVLQ?= =?us-ascii?Q?cEZrLWnjIQHieIt+9S0E14Mcy0RTAKHkUzSu92j+nAQaYacOj7gnUUBDl71C?= =?us-ascii?Q?ZaA/71caXdQ4fhi9cz5ogdsCYffSUwFqjW+wPyJSUEMFQmLfQVoIP61WzCf/?= =?us-ascii?Q?O61BQnawxEaBQ5jNugr8DvrmnocBUcZjIwi3Eymi20/TW+XCF1CqXeUcwG4j?= =?us-ascii?Q?mhb1wykdFmohpTtoICalIsRIKhxoZxV0u9EKKfFm0Iq1L1Zv53K34skjf8Zo?= =?us-ascii?Q?zKJRmKPnAtwwTFCo4hKGpfLV36URQwq/mup5F0kzsJF/UU40XhJCQoefcaGV?= =?us-ascii?Q?s0qe3MzPb3DGYyFPZgONGXormsPr4OckcnEY/lXMokqJKCOdxVTBfoGjUS1y?= =?us-ascii?Q?gQpdlrln3uCJ4xIUmlXON7zDs6vzE+20zQqyLbX3zLypLyVfxxnjTQK5T3vU?= =?us-ascii?Q?Bv2zexK2/vUOBJbH1QbBHb3l575bRBmlc8m/M0o2jFeN5c1bom5a9BjnErYK?= =?us-ascii?Q?MkhVmTf2S1Yf6REufklq+Fpb6gcMwZvKe7HbUCdDSCyU7sNpGM6NlJXKJj/6?= =?us-ascii?Q?M9r/wRtbka2MGHlyt60i7WEBzzUWLaicnIzVaGqhCzrXnPHVcOE1wRmGaPio?= =?us-ascii?Q?4KIBP9W89j365X1HiVn3hkz3nx1KgLFrEm8UaovJWbDXkvZOeqPnVObRnH1V?= =?us-ascii?Q?DBmzSlZdE3cRs/C+qa1zQS7CF3/lgBLIIbhF4R3Cc6BSwSed6RTO83oqCjcD?= =?us-ascii?Q?PtdbUCp4dQsrcnzjeDQZhucUcFeRMmQz03AdkPO7CUNSHQWEc5+7qTkS4GKn?= =?us-ascii?Q?jtyPXta3cPzR+cSrnD3NeZzfrhm5jQJ5edsQ+M1ALxdp/Q=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+ymfsM13ALiPZWJ+F+oWqoOhrJrfeWtHLhXFddhLowgYrjv2146zuQ5ogOnH?= =?us-ascii?Q?p9jR55y2J8eYOQIzPIcggHSFfjiFpHPbR52guBeaa/Xu6d1ZE+jTO796e52g?= =?us-ascii?Q?Wrvq54fKVaZOUMx+kQd1kxaE11Fmmw9gCYAzMR9JTsP1ZsTHFEmlcsAEz1bY?= =?us-ascii?Q?vdv/LThGGCSb2TySVEMJby++9N+S1Nqj+D3cw120aJ6UQTH+oQjvP+T/U5vF?= =?us-ascii?Q?fxMrzNqNd/pExYKAA8nTsPGGRQdVGJzP8ZytILwbqFG8zXnkz3lc3lvc3MzE?= =?us-ascii?Q?we9HZThaIG/sAFBIKyOkMyq+V0i/Hhn25c2TseA8vIU3DO0ADNE3mgSNYvX8?= =?us-ascii?Q?au4wJLkG8j97IPvBRm6EhH4DSmWYREHHDO400s0XmbQ2O4tUvQpJefoYFFsR?= =?us-ascii?Q?QayRcUxY7GOTmeX703sr9UoJSz3XMcz1tf/ohibSVrbFAnQVvLGc3vZhmOSH?= =?us-ascii?Q?N5dS8YffEcsqseGvHJ+XNOXfU3ZASParPPtWNHM6kgMFt9EA6ITt4Qej/krU?= =?us-ascii?Q?GG5gGb/WI250BNu6aZRLyRJOyfU4RRYoeqCYp4ha1HWG+gtyjYhyRC8K4+6J?= =?us-ascii?Q?jvpRHIe0LyUmgSJ8rtqk3FIbYGg7YKSrvQTNnLfjhSkOZqXDh1G1NyyfgLcs?= =?us-ascii?Q?puSnpZ9GwH/ZwaP0dNYGQoDDXrgC38wp3U/gD++QUt1GczoFkXGES2RnRePK?= =?us-ascii?Q?KyNYqE5/UQ99vPOA1Z7kOGSDyxwxVk69VQGcKlXBXIr7+XCrU+RW99YhAY4h?= =?us-ascii?Q?imbl7rLmWo8Qst/FbCO4cCY58i0J2nKr7WxlROFjit4/KzAaNqjxPuQ/yxwI?= =?us-ascii?Q?w5FsCmH2IUb5JI1treFxl4ozjBq/eZ1iPuStyhTlqH1fYPrS/2VZbgjq/Hcm?= =?us-ascii?Q?lIIuLPlzhF1aVI4EltyL9+FWGTHXuJGhK1catJ7tZBxAY2fF9qphQgtZNhEu?= =?us-ascii?Q?PsWEUThSSQbzMRO8W1S3QVG42Gw0bQD3TaIAIocYA/BQs/Am0YkXuiDU3uum?= =?us-ascii?Q?LKhSqAqlx517jC+5SRIpyR88puofVqYfjTbf8g5DCVas2G9vUZ9bTKEmYGFl?= =?us-ascii?Q?+yRKX7OkhD56lLzJlN38wB2moFPzrhqTnhVJvVAReS5m5df+TsSqVru+4iGG?= =?us-ascii?Q?jkpSeoSq4ZTT/0+JOuZKXdVJbNeL/aqd3H1c6stmucG3gGVXet4EopsaTuN/?= =?us-ascii?Q?IQuTywFjqu4GsIKlRoYwNsUjhxBjtbHlb7KlEXzDvXC+5jfJUmPjDejzlKgy?= =?us-ascii?Q?KLx/ubFAyNkVlG2rzudVXrEJ1Z+QHc+crqnNnT1tIVTZGkR7glhhIOz3kAWJ?= =?us-ascii?Q?3tzSqd72SmBEwRUsNjA8YN+fc/dqZ/mYNT+7YFn+FRKYM7T97t08lfsomkdc?= =?us-ascii?Q?ZzJUM/KD8toddqNOmfyzA85NU/HhCwZmMOU+UlUU7491PMC/FqbH3zY62C1C?= =?us-ascii?Q?KDu1RINlUV2PLzmkG5ggSvSDHL5/HryPGwSdbY2HXZI0PQ0fiZGoELop2VeC?= =?us-ascii?Q?E1SQPdnxb9Xtw1Y/ocdKSHVYRn97j+l3wbn/YGu6UPP6IZGezKMdevX8fgD8?= =?us-ascii?Q?Dndt7kbaxEBi1V/HoDA=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN0PR11MB6158.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b724b94d-ed27-409f-69eb-08dc6fd9fa83 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2024 03:41:58.1009 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: rvkDsF/Te15GWQZ18GHb3IJMOY5Kmyb+Gojppr/v1ZpCZLF1c4qCmCtoXfCT65jNDgJ+W6MRTplwkUYeyVYYtQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB7018 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 20:42:02 -0700 Resent-From: jiaxin.wu@intel.com Reply-To: devel@edk2.groups.io,jiaxin.wu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: THVrnnSzeZompN4KL2E0mrCfx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=UtCmM66H; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Jiaxin Wu > -----Original Message----- > From: Xie, Yuanhao > Sent: Tuesday, May 7, 2024 2:09 PM > To: devel@edk2.groups.io > Cc: Liming Gao ; Wu, Jiaxin > ; Ni, Ray ; Xie, Yuanhao > > Subject: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c. >=20 > The Lockbox Driver allows sensitive data to be securely stored in a > designated area, thus protected against unauthorized access. >=20 > This patch does not introduce any functional modifications. > It refactors the existing logic into a common component to facilitates > the integration of the Standalone MM Lockbox Driver in an upcoming patch >=20 > Cc: Liming Gao > Cc: Jiaxin Wu > Cc: Ray Ni >=20 > Signed-off-by: Yuanhao Xie > --- > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c | 361 > ++++++++++++-------------------------------------------------------------= -------------- > -------------------------------------------------------------------------= --------------------- > -------------------------------------------------------------------------= --------------------- > -------------------------------------------------------------------------= ------------- > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf | 4 > +++- > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c | > 384 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++ > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h | > 148 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++++++++++++++++++++++++++ > 4 files changed, 547 insertions(+), 350 deletions(-) >=20 > diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > index c1e15c596b..2774979c34 100644 > --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > @@ -9,7 +9,7 @@ > SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), > SmmLockBoxSave() > will receive untrusted input and do basic validation. >=20 > -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
>=20 > SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > @@ -31,360 +31,24 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include >=20 > -BOOLEAN mLocked =3D FALSE; > +#include "SmmLockBoxCommon.h" >=20 > /** > - Dispatch function for SMM lock box save. > + This function is an abstraction layer for implementation specific Mm b= uffer > validation routine. >=20 > - Caution: This function may receive untrusted input. > - Restore buffer and length are external input, so this function will va= lidate > - it is in SMRAM. > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. >=20 > - @param LockBoxParameterSave parameter of lock box save > + @retval TRUE This buffer is valid per processor architecture and not = overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or o= verlap > with SMRAM. > **/ > -VOID > -SmmLockBoxSave ( > - IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > ) > { > - EFI_STATUS Status; > - EFI_SMM_LOCK_BOX_PARAMETER_SAVE TempLockBoxParameterSave; > - > - // > - // Sanity check > - // > - if (mLocked) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); > - LockBoxParameterSave->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > - return; > - } > - > - CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)); > - > - // > - // Sanity check > - // > - if (!SmmIsBufferOutsideSmmValid > ((UINTN)TempLockBoxParameterSave.Buffer, > (UINTN)TempLockBoxParameterSave.Length)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in SMRAM or buffer > overflow!\n")); > - LockBoxParameterSave->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > - return; > - } > - > - // > - // The SpeculationBarrier() call here is to ensure the above range che= ck for > - // the CommBuffer have been completed before calling into SaveLockBox(= ). > - // > - SpeculationBarrier (); > - > - // > - // Save data > - // > - Status =3D SaveLockBox ( > - &TempLockBoxParameterSave.Guid, > - (VOID *)(UINTN)TempLockBoxParameterSave.Buffer, > - (UINTN)TempLockBoxParameterSave.Length > - ); > - LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status; > - return; > -} > - > -/** > - Dispatch function for SMM lock box set attributes. > - > - @param LockBoxParameterSetAttributes parameter of lock box set > attributes > -**/ > -VOID > -SmmLockBoxSetAttributes ( > - IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > *LockBoxParameterSetAttributes > - ) > -{ > - EFI_STATUS Status; > - EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > TempLockBoxParameterSetAttributes; > - > - // > - // Sanity check > - // > - if (mLocked) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); > - LockBoxParameterSetAttributes->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > - return; > - } > - > - CopyMem (&TempLockBoxParameterSetAttributes, > LockBoxParameterSetAttributes, sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)); > - > - // > - // Update data > - // > - Status =3D SetLockBoxAttributes ( > - &TempLockBoxParameterSetAttributes.Guid, > - TempLockBoxParameterSetAttributes.Attributes > - ); > - LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)Status; > - return; > -} > - > -/** > - Dispatch function for SMM lock box update. > - > - Caution: This function may receive untrusted input. > - Restore buffer and length are external input, so this function will va= lidate > - it is in SMRAM. > - > - @param LockBoxParameterUpdate parameter of lock box update > -**/ > -VOID > -SmmLockBoxUpdate ( > - IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate > - ) > -{ > - EFI_STATUS Status; > - EFI_SMM_LOCK_BOX_PARAMETER_UPDATE > TempLockBoxParameterUpdate; > - > - // > - // Sanity check > - // > - if (mLocked) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); > - LockBoxParameterUpdate->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > - return; > - } > - > - CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, > sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)); > - > - // > - // Sanity check > - // > - if (!SmmIsBufferOutsideSmmValid > ((UINTN)TempLockBoxParameterUpdate.Buffer, > (UINTN)TempLockBoxParameterUpdate.Length)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in SMRAM or > buffer overflow!\n")); > - LockBoxParameterUpdate->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > - return; > - } > - > - // > - // The SpeculationBarrier() call here is to ensure the above range che= ck for > - // the CommBuffer have been completed before calling into > UpdateLockBox(). > - // > - SpeculationBarrier (); > - > - // > - // Update data > - // > - Status =3D UpdateLockBox ( > - &TempLockBoxParameterUpdate.Guid, > - (UINTN)TempLockBoxParameterUpdate.Offset, > - (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer, > - (UINTN)TempLockBoxParameterUpdate.Length > - ); > - LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status; > - return; > -} > - > -/** > - Dispatch function for SMM lock box restore. > - > - Caution: This function may receive untrusted input. > - Restore buffer and length are external input, so this function will va= lidate > - it is in SMRAM. > - > - @param LockBoxParameterRestore parameter of lock box restore > -**/ > -VOID > -SmmLockBoxRestore ( > - IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore > - ) > -{ > - EFI_STATUS Status; > - EFI_SMM_LOCK_BOX_PARAMETER_RESTORE > TempLockBoxParameterRestore; > - > - CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore, > sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)); > - > - // > - // Sanity check > - // > - if (!SmmIsBufferOutsideSmmValid > ((UINTN)TempLockBoxParameterRestore.Buffer, > (UINTN)TempLockBoxParameterRestore.Length)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address in SMRAM or > buffer overflow!\n")); > - LockBoxParameterRestore->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > - return; > - } > - > - // > - // Restore data > - // > - if ((TempLockBoxParameterRestore.Length =3D=3D 0) && > (TempLockBoxParameterRestore.Buffer =3D=3D 0)) { > - Status =3D RestoreLockBox ( > - &TempLockBoxParameterRestore.Guid, > - NULL, > - NULL > - ); > - } else { > - Status =3D RestoreLockBox ( > - &TempLockBoxParameterRestore.Guid, > - (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer, > - (UINTN *)&TempLockBoxParameterRestore.Length > - ); > - if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D=3D EFI_SUCCE= SS)) { > - // > - // Return the actual Length value. > - // > - LockBoxParameterRestore->Length =3D > TempLockBoxParameterRestore.Length; > - } > - } > - > - LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status; > - return; > -} > - > -/** > - Dispatch function for SMM lock box restore all in place. > - > - @param LockBoxParameterRestoreAllInPlace parameter of lock box restor= e > all in place > -**/ > -VOID > -SmmLockBoxRestoreAllInPlace ( > - IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE > *LockBoxParameterRestoreAllInPlace > - ) > -{ > - EFI_STATUS Status; > - > - Status =3D RestoreAllL= ockBoxInPlace (); > - LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D > (UINT64)Status; > - return; > -} > - > -/** > - Dispatch function for a Software SMI handler. > - > - Caution: This function may receive untrusted input. > - Communicate buffer and buffer size are external input, so this functio= n will > do basic validation. > - > - @param DispatchHandle The unique handle assigned to this handler by > SmiHandlerRegister(). > - @param Context Points to an optional handler context which was > specified when the > - handler was registered. > - @param CommBuffer A pointer to a collection of data in memory tha= t will > - be conveyed from a non-SMM environment into an = SMM > environment. > - @param CommBufferSize The size of the CommBuffer. > - > - @retval EFI_SUCCESS Command is handled successfully. > - > -**/ > -EFI_STATUS > -EFIAPI > -SmmLockBoxHandler ( > - IN EFI_HANDLE DispatchHandle, > - IN CONST VOID *Context OPTIONAL, > - IN OUT VOID *CommBuffer OPTIONAL, > - IN OUT UINTN *CommBufferSize OPTIONAL > - ) > -{ > - EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader; > - UINTN TempCommBufferSize; > - > - DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n")); > - > - // > - // If input is invalid, stop processing this SMI > - // > - if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) { > - return EFI_SUCCESS; > - } > - > - TempCommBufferSize =3D *CommBufferSize; > - > - // > - // Sanity check > - // > - if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size invalid!\n")); > - return EFI_SUCCESS; > - } > - > - if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, > TempCommBufferSize)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in SMRAM or > overflow!\n")); > - return EFI_SUCCESS; > - } > - > - LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER > *)((UINTN)CommBuffer); > - > - LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1; > - > - DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n", > (UINTN)LockBoxParameterHeader)); > - > - DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", > (UINTN)LockBoxParameterHeader->Command)); > - > - switch (LockBoxParameterHeader->Command) { > - case EFI_SMM_LOCK_BOX_COMMAND_SAVE: > - if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SAVE > invalid!\n")); > - break; > - } > - > - SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE > *)(UINTN)LockBoxParameterHeader); > - break; > - case EFI_SMM_LOCK_BOX_COMMAND_UPDATE: > - if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > UPDATE invalid!\n")); > - break; > - } > - > - SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE > *)(UINTN)LockBoxParameterHeader); > - break; > - case EFI_SMM_LOCK_BOX_COMMAND_RESTORE: > - if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > RESTORE invalid!\n")); > - break; > - } > - > - SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE > *)(UINTN)LockBoxParameterHeader); > - break; > - case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES: > - if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > SET_ATTRIBUTES invalid!\n")); > - break; > - } > - > - SmmLockBoxSetAttributes > ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > *)(UINTN)LockBoxParameterHeader); > - break; > - case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE: > - if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) { > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > RESTORE_ALL_IN_PLACE invalid!\n")); > - break; > - } > - > - SmmLockBoxRestoreAllInPlace > ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE > *)(UINTN)LockBoxParameterHeader); > - break; > - default: > - DEBUG ((DEBUG_ERROR, "SmmLockBox Command invalid!\n")); > - break; > - } > - > - LockBoxParameterHeader->Command =3D (UINT32)-1; > - > - DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n")); > - > - return EFI_SUCCESS; > -} > - > -/** > - Smm Ready To Lock event notification handler. > - > - It sets a flag indicating that SMRAM has been locked. > - > - @param[in] Protocol Points to the protocol's unique identifier. > - @param[in] Interface Points to the interface instance. > - @param[in] Handle The handle on which the interface was installed. > - > - @retval EFI_SUCCESS Notification handler runs successfully. > - **/ > -EFI_STATUS > -EFIAPI > -SmmReadyToLockEventNotify ( > - IN CONST EFI_GUID *Protocol, > - IN VOID *Interface, > - IN EFI_HANDLE Handle > - ) > -{ > - mLocked =3D TRUE; > - return EFI_SUCCESS; > + return SmmIsBufferOutsideSmmValid (Buffer, Length); > } >=20 > /** > @@ -438,6 +102,5 @@ SmmLockBoxEntryPoint ( > NULL > ); > ASSERT_EFI_ERROR (Status); > - > return Status; > } > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf > index 5081b2d7f2..f279706e90 100644 > --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf > +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf > @@ -6,7 +6,7 @@ > # This external input must be validated carefully to avoid security iss= ue like > # buffer overflow, integer overflow. > # > -# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved. > +# Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved. > # > # SPDX-License-Identifier: BSD-2-Clause-Patent > # > @@ -30,6 +30,8 @@ >=20 > [Sources] > SmmLockBox.c > + SmmLockBoxCommon.c > + SmmLockBoxCommon.h >=20 > [Packages] > MdePkg/MdePkg.dec > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c > new file mode 100644 > index 0000000000..5c6eae05af > --- /dev/null > +++ > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c > @@ -0,0 +1,384 @@ > +/** @file > + LockBox SMM/MM driver. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - communicate buffer in SMM mode. > + This external input must be validated carefully to avoid security issu= e like > + buffer overflow, integer overflow. > + > + SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), > SmmLockBoxSave() > + will receive untrusted input and do basic validation. > + > +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
> + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > +#include > +#include "SmmLockBoxCommon.h" > + > +BOOLEAN mLocked =3D FALSE; > + > +/** > + Dispatch function for SMM lock box save. > + > + Caution: This function may receive untrusted input. > + Restore buffer and length are external input, so this function will va= lidate > + it is in SMRAM. > + > + @param LockBoxParameterSave parameter of lock box save > +**/ > +VOID > +SmmLockBoxSave ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave > + ) > +{ > + EFI_STATUS Status; > + EFI_SMM_LOCK_BOX_PARAMETER_SAVE TempLockBoxParameterSave; > + > + // > + // Sanity check > + // > + if (mLocked) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); > + LockBoxParameterSave->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > + return; > + } > + > + CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)); > + > + // > + // Sanity check > + // > + if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterSave.Buffer, > (UINTN)TempLockBoxParameterSave.Length)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in SMRAM or buffer > overflow!\n")); > + LockBoxParameterSave->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > + return; > + } > + > + // > + // The SpeculationBarrier() call here is to ensure the above range che= ck for > + // the CommBuffer have been completed before calling into SaveLockBox(= ). > + // > + SpeculationBarrier (); > + > + // > + // Save data > + // > + Status =3D SaveLockBox ( > + &TempLockBoxParameterSave.Guid, > + (VOID *)(UINTN)TempLockBoxParameterSave.Buffer, > + (UINTN)TempLockBoxParameterSave.Length > + ); > + LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status; > + return; > +} > + > +/** > + Dispatch function for SMM lock box set attributes. > + > + @param LockBoxParameterSetAttributes parameter of lock box set > attributes > +**/ > +VOID > +SmmLockBoxSetAttributes ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > *LockBoxParameterSetAttributes > + ) > +{ > + EFI_STATUS Status; > + EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > TempLockBoxParameterSetAttributes; > + > + // > + // Sanity check > + // > + if (mLocked) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); > + LockBoxParameterSetAttributes->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > + return; > + } > + > + CopyMem (&TempLockBoxParameterSetAttributes, > LockBoxParameterSetAttributes, sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)); > + > + // > + // Update data > + // > + Status =3D SetLockBoxAttributes ( > + &TempLockBoxParameterSetAttributes.Guid, > + TempLockBoxParameterSetAttributes.Attributes > + ); > + LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)Status; > + return; > +} > + > +/** > + Dispatch function for SMM lock box update. > + > + Caution: This function may receive untrusted input. > + Restore buffer and length are external input, so this function will va= lidate > + it is in SMRAM. > + > + @param LockBoxParameterUpdate parameter of lock box update > +**/ > +VOID > +SmmLockBoxUpdate ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate > + ) > +{ > + EFI_STATUS Status; > + EFI_SMM_LOCK_BOX_PARAMETER_UPDATE > TempLockBoxParameterUpdate; > + > + // > + // Sanity check > + // > + if (mLocked) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); > + LockBoxParameterUpdate->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > + return; > + } > + > + CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, > sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)); > + > + // > + // Sanity check > + // > + if (!IsBufferOutsideMmValid > ((UINTN)TempLockBoxParameterUpdate.Buffer, > (UINTN)TempLockBoxParameterUpdate.Length)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in SMRAM or > buffer overflow!\n")); > + LockBoxParameterUpdate->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > + return; > + } > + > + // > + // The SpeculationBarrier() call here is to ensure the above range che= ck for > + // the CommBuffer have been completed before calling into > UpdateLockBox(). > + // > + SpeculationBarrier (); > + > + // > + // Update data > + // > + Status =3D UpdateLockBox ( > + &TempLockBoxParameterUpdate.Guid, > + (UINTN)TempLockBoxParameterUpdate.Offset, > + (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer, > + (UINTN)TempLockBoxParameterUpdate.Length > + ); > + LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status; > + return; > +} > + > +/** > + Dispatch function for SMM lock box restore. > + > + Caution: This function may receive untrusted input. > + Restore buffer and length are external input, so this function will va= lidate > + it is in SMRAM. > + > + @param LockBoxParameterRestore parameter of lock box restore > +**/ > +VOID > +SmmLockBoxRestore ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE > *LockBoxParameterRestore > + ) > +{ > + EFI_STATUS Status; > + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE > TempLockBoxParameterRestore; > + > + CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore, > sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)); > + > + // > + // Sanity check > + // > + if (!IsBufferOutsideMmValid > ((UINTN)TempLockBoxParameterRestore.Buffer, > (UINTN)TempLockBoxParameterRestore.Length)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address in SMRAM or > buffer overflow!\n")); > + LockBoxParameterRestore->Header.ReturnStatus =3D > (UINT64)EFI_ACCESS_DENIED; > + return; > + } > + > + // > + // Restore data > + // > + if ((TempLockBoxParameterRestore.Length =3D=3D 0) && > (TempLockBoxParameterRestore.Buffer =3D=3D 0)) { > + Status =3D RestoreLockBox ( > + &TempLockBoxParameterRestore.Guid, > + NULL, > + NULL > + ); > + } else { > + Status =3D RestoreLockBox ( > + &TempLockBoxParameterRestore.Guid, > + (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer, > + (UINTN *)&TempLockBoxParameterRestore.Length > + ); > + if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D=3D EFI_SUCCE= SS)) { > + // > + // Return the actual Length value. > + // > + LockBoxParameterRestore->Length =3D > TempLockBoxParameterRestore.Length; > + } > + } > + > + LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status; > + return; > +} > + > +/** > + Dispatch function for SMM lock box restore all in place. > + > + @param LockBoxParameterRestoreAllInPlace parameter of lock box restor= e > all in place > +**/ > +VOID > +SmmLockBoxRestoreAllInPlace ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE > *LockBoxParameterRestoreAllInPlace > + ) > +{ > + EFI_STATUS Status; > + > + Status =3D RestoreAllL= ockBoxInPlace (); > + LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D > (UINT64)Status; > + return; > +} > + > +/** > + Dispatch function for a Software SMI handler. > + > + Caution: This function may receive untrusted input. > + Communicate buffer and buffer size are external input, so this functio= n will > do basic validation. > + > + @param DispatchHandle The unique handle assigned to this handler by > SmiHandlerRegister(). > + @param Context Points to an optional handler context which was > specified when the > + handler was registered. > + @param CommBuffer A pointer to a collection of data in memory tha= t will > + be conveyed from a non-SMM environment into an = SMM > environment. > + @param CommBufferSize The size of the CommBuffer. > + > + @retval EFI_SUCCESS Command is handled successfully. > + > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxHandler ( > + IN EFI_HANDLE DispatchHandle, > + IN CONST VOID *Context OPTIONAL, > + IN OUT VOID *CommBuffer OPTIONAL, > + IN OUT UINTN *CommBufferSize OPTIONAL > + ) > +{ > + EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader; > + UINTN TempCommBufferSize; > + > + DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n")); > + > + // > + // If input is invalid, stop processing this SMI > + // > + if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) { > + return EFI_SUCCESS; > + } > + > + TempCommBufferSize =3D *CommBufferSize; > + > + // > + // Sanity check > + // > + if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size > invalid!\n")); > + return EFI_SUCCESS; > + } > + > + if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) > { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in SMRAM or > overflow!\n")); > + return EFI_SUCCESS; > + } > + > + LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER > *)((UINTN)CommBuffer); > + > + LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1; > + > + DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n", > (UINTN)LockBoxParameterHeader)); > + > + DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", > (UINTN)LockBoxParameterHeader->Command)); > + > + switch (LockBoxParameterHeader->Command) { > + case EFI_SMM_LOCK_BOX_COMMAND_SAVE: > + if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SAVE > invalid!\n")); > + break; > + } > + > + SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE > *)(UINTN)LockBoxParameterHeader); > + break; > + case EFI_SMM_LOCK_BOX_COMMAND_UPDATE: > + if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > UPDATE invalid!\n")); > + break; > + } > + > + SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE > *)(UINTN)LockBoxParameterHeader); > + break; > + case EFI_SMM_LOCK_BOX_COMMAND_RESTORE: > + if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > RESTORE invalid!\n")); > + break; > + } > + > + SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE > *)(UINTN)LockBoxParameterHeader); > + break; > + case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES: > + if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > SET_ATTRIBUTES invalid!\n")); > + break; > + } > + > + SmmLockBoxSetAttributes > ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > *)(UINTN)LockBoxParameterHeader); > + break; > + case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE: > + if (TempCommBufferSize < sizeof > (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) { > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for > RESTORE_ALL_IN_PLACE invalid!\n")); > + break; > + } > + > + SmmLockBoxRestoreAllInPlace > ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE > *)(UINTN)LockBoxParameterHeader); > + break; > + default: > + DEBUG ((DEBUG_ERROR, "SmmLockBox Command invalid!\n")); > + break; > + } > + > + LockBoxParameterHeader->Command =3D (UINT32)-1; > + > + DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n")); > + > + return EFI_SUCCESS; > +} > + > +/** > + Smm Ready To Lock event notification handler. > + > + It sets a flag indicating that SMRAM has been locked. > + > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. > + > + @retval EFI_SUCCESS Notification handler runs successfully. > + **/ > +EFI_STATUS > +EFIAPI > +SmmReadyToLockEventNotify ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > + ) > +{ > + mLocked =3D TRUE; > + return EFI_SUCCESS; > +} > diff --git > a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h > new file mode 100644 > index 0000000000..2205c4fb3b > --- /dev/null > +++ > b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h > @@ -0,0 +1,148 @@ > +/** @file > + LockBox SMM/MM driver. > + > + Caution: This module requires additional review when modified. > + This driver will have external input - communicate buffer in SMM mode. > + This external input must be validated carefully to avoid security issu= e like > + buffer overflow, integer overflow. > + > + SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), > SmmLockBoxSave() > + will receive untrusted input and do basic validation. > + > +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
> + > +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > + > +#include > +#include > +#include > +#include > + > +/** > + This function is an abstraction layer for implementation specific Mm b= uffer > validation routine. > + > + @param Buffer The buffer start address to be checked. > + @param Length The buffer length to be checked. > + > + @retval TRUE This buffer is valid per processor architecture and not = overlap > with SMRAM. > + @retval FALSE This buffer is not valid per processor architecture or o= verlap > with SMRAM. > +**/ > +BOOLEAN > +IsBufferOutsideMmValid ( > + IN EFI_PHYSICAL_ADDRESS Buffer, > + IN UINT64 Length > + ); > + > +/** > + Dispatch function for SMM lock box save. > + > + Caution: This function may receive untrusted input. > + Restore buffer and length are external input, so this function will va= lidate > + it is in SMRAM. > + > + @param LockBoxParameterSave parameter of lock box save > +**/ > +VOID > +SmmLockBoxSave ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave > + ); > + > +/** > + Dispatch function for SMM lock box set attributes. > + > + @param LockBoxParameterSetAttributes parameter of lock box set > attributes > +**/ > +VOID > +SmmLockBoxSetAttributes ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES > *LockBoxParameterSetAttributes > + ); > + > +/** > + Dispatch function for SMM lock box update. > + > + Caution: This function may receive untrusted input. > + Restore buffer and length are external input, so this function will va= lidate > + it is in SMRAM. > + > + @param LockBoxParameterUpdate parameter of lock box update > +**/ > +VOID > +SmmLockBoxUpdate ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate > + ); > + > +/** > + Dispatch function for SMM lock box restore. > + > + Caution: This function may receive untrusted input. > + Restore buffer and length are external input, so this function will va= lidate > + it is in SMRAM. > + > + @param LockBoxParameterRestore parameter of lock box restore > +**/ > +VOID > +SmmLockBoxRestore ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE > *LockBoxParameterRestore > + ); > + > +/** > + Dispatch function for SMM lock box restore all in place. > + > + @param LockBoxParameterRestoreAllInPlace parameter of lock box restor= e > all in place > +**/ > +VOID > +SmmLockBoxRestoreAllInPlace ( > + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE > *LockBoxParameterRestoreAllInPlace > + ); > + > +/** > + Dispatch function for a Software SMI handler. > + > + Caution: This function may receive untrusted input. > + Communicate buffer and buffer size are external input, so this functio= n will > do basic validation. > + > + @param DispatchHandle The unique handle assigned to this handler by > SmiHandlerRegister(). > + @param Context Points to an optional handler context which was > specified when the > + handler was registered. > + @param CommBuffer A pointer to a collection of data in memory tha= t will > + be conveyed from a non-SMM environment into an = SMM > environment. > + @param CommBufferSize The size of the CommBuffer. > + > + @retval EFI_SUCCESS Command is handled successfully. > + > +**/ > +EFI_STATUS > +EFIAPI > +SmmLockBoxHandler ( > + IN EFI_HANDLE DispatchHandle, > + IN CONST VOID *Context OPTIONAL, > + IN OUT VOID *CommBuffer OPTIONAL, > + IN OUT UINTN *CommBufferSize OPTIONAL > + ); > + > +/** > + Smm Ready To Lock event notification handler. > + > + It sets a flag indicating that SMRAM has been locked. > + > + @param[in] Protocol Points to the protocol's unique identifier. > + @param[in] Interface Points to the interface instance. > + @param[in] Handle The handle on which the interface was installed. > + > + @retval EFI_SUCCESS Notification handler runs successfully. > + **/ > +EFI_STATUS > +EFIAPI > +SmmReadyToLockEventNotify ( > + IN CONST EFI_GUID *Protocol, > + IN VOID *Interface, > + IN EFI_HANDLE Handle > + ); > -- > 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118709): https://edk2.groups.io/g/devel/message/118709 Mute This Topic: https://groups.io/mt/105955700/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-