From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 62841AC0701 for ; Wed, 8 May 2024 02:53:58 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=DhIDc2D60tA2VjbFWxQJ9sh2VXnHpWk3uYAbCrcp3Xs=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type; s=20240206; t=1715136836; v=1; b=mVKAkQC1l3CzRdFtDz63Py9IZGmaEOEELGyfYlHvmSmIDAwtcwKgUAqvAH8nivUos1vk9WV0 4bt+DY6D+V2QJ83F/7lf/4hR18OWp/Sz1JiWkIz2iZ/ZQxa0Zo1JexOUYQmFa3Yu9gyVtWXkPqR 3wkDgIQOawll0hwSzy9dDJSt7w/Y/mrMR1HtRcT7p9D1yVTKNHTScjcwCjqCU++Ee+LMiWPXBWU nBfzA8d+n/BhCCgPn9doD9z9d/IvLTsSqZaI8ZSdEnMTaiVrg0GFM4kM9XQ76ku+4ZlHVm9/TnO mDPl+jSgZB2sF+4t2yguH7EerAaSuGgX+O2L4VkyGJ5+g== X-Received: by 127.0.0.2 with SMTP id 93QRYY7687511xQD1d4vr86s; Tue, 07 May 2024 19:53:56 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) by mx.groups.io with SMTP id smtpd.web11.3483.1715136835963780952 for ; Tue, 07 May 2024 19:53:55 -0700 X-CSE-ConnectionGUID: 6Vy7gmN9RXSDuvAeLJ4+QQ== X-CSE-MsgGUID: ShwzJfpwS6W25m3mwkjcBg== X-IronPort-AV: E=McAfee;i="6600,9927,11066"; a="13920640" X-IronPort-AV: E=Sophos;i="6.08,143,1712646000"; d="scan'208,217";a="13920640" X-Received: from fmviesa009.fm.intel.com ([10.60.135.149]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2024 19:53:55 -0700 X-CSE-ConnectionGUID: M1fmdpRhSmCA1dqhgWw+dA== X-CSE-MsgGUID: AWAIg6LJSt+q03Va4Fz+gQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,143,1712646000"; d="scan'208,217";a="28717985" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmviesa009.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 07 May 2024 19:53:56 -0700 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 7 May 2024 19:53:54 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 7 May 2024 19:53:53 -0700 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 7 May 2024 19:53:53 -0700 X-Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.41) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 7 May 2024 19:53:52 -0700 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by MN0PR11MB5964.namprd11.prod.outlook.com (2603:10b6:208:373::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.45; Wed, 8 May 2024 02:53:50 +0000 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::41a4:c775:32e6:76a8]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::41a4:c775:32e6:76a8%4]) with mapi id 15.20.7544.041; Wed, 8 May 2024 02:53:50 +0000 From: "Ni, Ray" To: "Xie, Yuanhao" , "devel@edk2.groups.io" CC: Liming Gao , "Wu, Jiaxin" Subject: Re: [edk2-devel] [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver. Thread-Topic: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver. Thread-Index: AQHaoEUpTbc1je5PR0uwbbcrlN5UhLGMpOsP Date: Wed, 8 May 2024 02:53:50 +0000 Message-ID: References: <20240507060910.1687-1-yuanhao.xie@intel.com> <20240507060910.1687-4-yuanhao.xie@intel.com> In-Reply-To: <20240507060910.1687-4-yuanhao.xie@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|MN0PR11MB5964:EE_ x-ms-office365-filtering-correlation-id: 39c68fdb-1ad6-4696-89d9-08dc6f0a16fc x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?spFQLMHpiS2+o1pb9trnx6p8MHjiF4BkaIeJBCR8c1njiJOw1ALIMP4PpUVB?= =?us-ascii?Q?UODP0b1k1KGOK93OPqiMMFRF8aqV4aP9ytKKRIWXViY8ACCLlVJp1eME1Mmn?= =?us-ascii?Q?JagxL8dXTZjZaJMs8QHjU3ByWfWeZbIW86WJt3tUmeTIaDMd++QRXb5w+QzZ?= =?us-ascii?Q?PF1YfioWEI6M73Q0bMZp+jlY55TtSm8CrytZKrHZNT1obzFwHI8gvwdgIXHg?= =?us-ascii?Q?BheEVxscAlBt/U5nen1UCy1i6QZplESWjWXta/wbkvfugYOdSac0Kkl7zstZ?= =?us-ascii?Q?6mw2KoqduL5IGPCC1ME6iZiKXecZkCNphxDDO4Rt9C65TdkbjvZXV1ZQ653D?= =?us-ascii?Q?SbjEobLzXwR7N9Tbun6KGDWjUvZGXHjWJgJ5p4SHXpkNniQhv9mMfQoEIdM+?= =?us-ascii?Q?WooiwUVl5KqulI+vzLAOpd7JI5Xp/2b3b4RI4DMIEbfqCyd1TahyMoS6W4BH?= =?us-ascii?Q?b6YWoWTSecajx2JQosrin+rI3r0Iwrj400jZEb7HAdtte2UVLbFx1bEzUjGZ?= =?us-ascii?Q?RyH+zvLoE+cfWsFBIvs3rZMZQZ97XJA8LnSq9sdXz3Rut4DaQA811yQwf9su?= =?us-ascii?Q?TO8AifCTzZzz7aMZjJJML4EDnz23ojPEu0XVYRXWJgJprHb4Y2tjCWlb3pwJ?= =?us-ascii?Q?fqDxK3M3kD9IseRphJBthYVATi8qGtPzI8GETDpYBD2PG8a24wnu+sOza82M?= =?us-ascii?Q?OWwJMxXUh0M00NSYwkSWO0IywbZj2FHcBi1cGPdfSvr6un6z4GR8FzFzECrG?= =?us-ascii?Q?ohfjBNgoGCy39FgTN+lIG226ln6i1h6PGeoKCM4Oh/s69NU64/mE4MD2bMNh?= =?us-ascii?Q?E0NwJXt7V25mBnNAAGtE0vVRQ74oSv5IvcV41ekZT8rgfpL3j5+aliL0uGS3?= =?us-ascii?Q?So/Tw0yr/oGDp6F49Zxto/SbTD4Cg95rq2IJxQmyX9qQcVMG2kfpteFZZbHW?= =?us-ascii?Q?ZnTLx1KMLfX8YlJu8jeGWaVWvRm4eWa6N+CeQyQhHUq+lBGFp1uLzXgriaQW?= =?us-ascii?Q?rHMnCj+9GiqkDu85j5JgnJAyMGbNc7XLyQhxMrtYXzHabomLij8WG1nuCgms?= =?us-ascii?Q?d7Ko2TGClKRbFYUG28pC/BNbZGqcrXls1u+dRMqOvLBB1BAoA7aRugAQHpmF?= =?us-ascii?Q?pHHnu1GYtvrwVJQMOCiW5haonUSqLeUTide4WeS8FML/SE1z4XDjtZOGuCDT?= =?us-ascii?Q?4GT9U0Fj68NGZLRkLSePeSCZwLGEtpXkCQCvpaOCzE0TLVEe+Pv0FQWcEEJt?= =?us-ascii?Q?qAic0rSsWPWBOmEIbSk5CNx/F8nFED0OAli8Txrv6Gc81DY0VkY+Da8yV5zV?= =?us-ascii?Q?Y4gINE0RfFvWiFJHs5djsOGMs9s2sFexNGyZbwlOgJoaow=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?SY1fDBbNc0MXBFu7lZzwYHqir/h2nR7xptepLeA4IkIJq04tvxs55KpGQiyN?= =?us-ascii?Q?9ILXcsX9yJ+R9GAiKbFGtdoJcsnlsTtFOc2Agx54+kdNRfMnGttrXBkN5NZ3?= =?us-ascii?Q?nekknaZ5FKSZrZ5IVBLKphOf+GKd7io7UJinlJllFU/GxySWcYvg4GIgEmGd?= =?us-ascii?Q?BGQGQ74YeFnuZHOL6rVFPz4dekMbLX+vAiKp2HvSPWIQRUJtefCIAu4tQFHY?= =?us-ascii?Q?ALJ1W8AtPoK71rILtffJ/EkRNjxuLaKSPESN7CGZlZ8BHQGozxWrcXuJ/UPw?= =?us-ascii?Q?uSOjN5Grv6leCAKijQ2vVQwEECarfIN4of6nEGlMIcZvUiQ+9tcUzHvaGe/M?= =?us-ascii?Q?YjFvPaa5PHLLpXUS/7tYn58mY2+pY9MfGcXcPb4EvaMUqY9mveGmm2VdCUo1?= =?us-ascii?Q?FU6u+NW8H52GkHFSmck3BbtXzb2s5PXi4kcfNfwj12jmJHvCqTFXfqihxb0z?= =?us-ascii?Q?s6K/uyf9v/CiI1oW4a7pNVE3c0gSeRx51ZpWSoQOh7ubxzS17JRrb/PP442y?= =?us-ascii?Q?NrpVyICQ6NsEA3NszFBYY7VAF6aq1U1LEwFPQWd2CgLuuFBdUqP+7Gt42wLw?= =?us-ascii?Q?gV29dYRiHEwfUnYZz0XEIngvRXwzYfMhFPd0IT02zcvNew46kQIb5Gfj5LNd?= =?us-ascii?Q?bgJV+USOlElbN/k+UAXOTp5dpWISXnG4HHPtnIk74jlHJQw7QeuurPdo+r38?= =?us-ascii?Q?XOb+SBHw2UvilC5QpZnbnQu860DtfYYdZ4B6ptAOVUzaFR9USy0gCjUoFgFF?= =?us-ascii?Q?mnmutCIzYiBK/CvTCJit9N2gJ6m7Qrnrh8QFT4K6v5fHICXzQALatkMLxnnC?= =?us-ascii?Q?u+JLgRk3Enu6+fyW0yz14jMmuEXy9cgdROVMWo2xQgUKLk2vSOPVvLQ3U6bv?= =?us-ascii?Q?St+Kezl24dNrlWJLDPcABg8QCLuJfdcpaa2CenPuG5wqWT1nIydMnJ18YhhF?= =?us-ascii?Q?Ebk7vN4qCp4YiENyAJrUQMr5CjGUav4VyDPkIbwdrQwP6oHYWtJAUA6CH3sE?= =?us-ascii?Q?ObQ/nMjJCaETPVMv56mgLTssMfHL5k1YGqIPkfgny4gRLOulsf7VWOzGVu/c?= =?us-ascii?Q?5xiB0soXdBrbPSFZg3vDPQgOyuq/lmH2iIEnmczLRgvFizSU1HL1s9038UsX?= =?us-ascii?Q?20Iuh/UoxXovLLbK7AEi/NY2Njve0lgNDmERf31vChTKsRHQs24707ChVnRE?= =?us-ascii?Q?7ap1MdopkR8Ddyv4dI3b/bywqdL72ArlEV5V0XjWWalLVaEIIgb5scBckQHH?= =?us-ascii?Q?Gs66KMzwaUAiDQPXqFoHVjhx3fXhoVMoZ5N7bg69VfMjq8VpyKdUVlP6cD6Z?= =?us-ascii?Q?9FioUDsINH53bPgpSbwxiNUfj1iHlpeg1JygDo3z3TH+HY5FNK/LvebDkk/W?= =?us-ascii?Q?S2UDQ8CvQPqIJixl8GNRGw2wIp2LHPRa0/Tg2i6kvp8CvlIPgsqiRnPK7ccN?= =?us-ascii?Q?kRBhc+jIqo3dwCaqzsbsdatRBINsBbk90aFFJfWadRa1hyKrjJf0iqjQh5Q+?= =?us-ascii?Q?SlUQFiMoeBBARY5XEOGGprZEqAoHaKIycOcrlw0hwe1Lzc4Vj4JDMsCVd5Rp?= =?us-ascii?Q?EAcX4DlT5iamB41jxnU=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 39c68fdb-1ad6-4696-89d9-08dc6f0a16fc X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2024 02:53:50.5266 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: EjJVe34NyjuC3b9ap+dPuYSVG/eK83ISBsJXjZs75cxMeXZbDu0PoaoXiJj9GhVShyjXtHDQIjSw160Jdf5nyw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR11MB5964 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 07 May 2024 19:53:56 -0700 Resent-From: ray.ni@intel.com Reply-To: devel@edk2.groups.io,ray.ni@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: yAZUQVDqqODYoTWSNUHcXJbIx7686176AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MN6PR11MB8244836E27F664043D6FD1588CE52MN6PR11MB8244namp_" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=mVKAkQC1; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --_000_MN6PR11MB8244836E27F664043D6FD1588CE52MN6PR11MB8244namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni Thanks, Ray ________________________________ From: Xie, Yuanhao Sent: Tuesday, May 7, 2024 14:09 To: devel@edk2.groups.io Cc: Liming Gao ; Wu, Jiaxin = ; Ni, Ray ; Xie, Yuanhao Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver. The Lockbox Driver allows sensitive data to be securely stored in a designated area, thus protected against unauthorized access. This patch adds a Standalone MM Lockbox Driver with main modifications: 1. Separating shared code between the Standalone MM driver and the DXE MM Driver. 2. Utilizing services from the SMM Services Table (gSmst) as opposed to relying on Boot Services. Cc: Liming Gao Cc: Jiaxin Wu Cc: Ray Ni Signed-off-by: Yuanhao Xie --- MdeModulePkg/MdeModulePkg.dsc = | 1 + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c = | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++++++++++++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf = | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni = | 14 ++++++++++++++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra.uni = | 14 ++++++++++++++ 5 files changed, 169 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 6bed9205ea..f0f02f180f 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -500,6 +500,7 @@ MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouter= Smm.inf MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouter= StandaloneMm.inf MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAllocationPr= ofileLib.inf MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocat= ionProfileLib.inf MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocat= ionLib.inf diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= Mm.c b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c new file mode 100644 index 0000000000..503be7efa8 --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c @@ -0,0 +1,84 @@ +/** @file + LockBox MM driver. + +Copyright (c) 2024, Intel Corporation. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "SmmLockBoxCommon.h" + +/** + This function is an abstraction layer for implementation specific Mm buf= fer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not ov= erlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} + +/** + Entry Point for LockBox MM driver. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxStandaloneMmEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE DispatchHandle; + VOID *Registration; + + // + // Register LockBox communication handler + // + Status =3D gMmst->MmiHandlerRegister ( + SmmLockBoxHandler, + &gEfiSmmLockBoxCommunicationGuid, + &DispatchHandle + ); + ASSERT_EFI_ERROR (Status); + + // + // Register SMM Ready To Lock Protocol notification + // + Status =3D gMmst->MmRegisterProtocolNotify ( + &gEfiSmmReadyToLockProtocolGuid, + SmmReadyToLockEventNotify, + &Registration + ); + ASSERT_EFI_ERROR (Status); + return Status; +} diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= Mm.inf b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.i= nf new file mode 100644 index 0000000000..544c87790c --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf @@ -0,0 +1,56 @@ +## @file +# LockBox MM driver. +# +# Copyright (c) 2024, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D SmmLockBoxStandaloneMm + MODULE_UNI_FILE =3D SmmLockBoxStandaloneMm.uni + FILE_GUID =3D a83a87a0-8a3e-482d-86c8-84a139f6ded0 + MODULE_TYPE =3D MM_STANDALONE + VERSION_STRING =3D 1.0 + PI_SPECIFICATION_VERSION =3D 0x00010032 + ENTRY_POINT =3D SmmLockBoxStandaloneMmEntryPoint + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + SmmLockBoxStandaloneMm.c + SmmLockBoxCommon.c + SmmLockBoxCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + MmServicesTableLib + BaseLib + BaseMemoryLib + DebugLib + LockBoxLib + MemLib + StandaloneMmDriverEntryPoint + +[Guids] + gEfiSmmLockBoxCommunicationGuid ## PRODUCES ## GUID # SmiHandlerRegist= er + +[Protocols] + gEfiSmmReadyToLockProtocolGuid ## NOTIFY + gEfiLockBoxProtocolGuid ## PRODUCES + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + SmmLockBoxStandaloneMm.uni diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= Mm.uni b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.u= ni new file mode 100644 index 0000000000..7f6218102f --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni @@ -0,0 +1,14 @@ +// /** @file +// LockBox MM driver. +// +// Copyright (c) 2024, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "LockBox MM driver= ." + +#string STR_MODULE_DESCRIPTION #language en-US "LockBox MM driver= ." + diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= MmExtra.uni b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalon= eMmExtra.uni new file mode 100644 index 0000000000..a5443ca5f9 --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra= .uni @@ -0,0 +1,14 @@ +// /** @file +// SmmLockBox Localized Strings and Content +// +// Copyright (c) 2024, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + +#string STR_PROPERTIES_MODULE_NAME +#language en-US +"MM Lock Box Driver" + + -- 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118655): https://edk2.groups.io/g/devel/message/118655 Mute This Topic: https://groups.io/mt/105955701/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_MN6PR11MB8244836E27F664043D6FD1588CE52MN6PR11MB8244namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Reviewed-by: Ray Ni <ray.ni@intel.com>

Thanks,
Ray

From: Xie, Yuanhao <yuan= hao.xie@intel.com>
Sent: Tuesday, May 7, 2024 14:09
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Liming Gao <gaoliming@byosoft.com.cn>; Wu, Jiaxin <jiax= in.wu@intel.com>; Ni, Ray <ray.ni@intel.com>; Xie, Yuanhao <yua= nhao.xie@intel.com>
Subject: [PATCH 3/3] MdeModulePkg: Add Standalone MM Lockbox Driver.=
 
The Lockbox Driver allows sensitive data to be sec= urely stored in a
designated area, thus protected against unauthorized access.

This patch adds a Standalone MM Lockbox Driver with main modifications:
1. Separating shared code between the Standalone MM driver and the
DXE MM Driver.
2. Utilizing services from the SMM Services Table (gSmst) as opposed to
 relying on Boot Services.

Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>

Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
---
 MdeModulePkg/MdeModulePkg.dsc      &nbs= p;            &= nbsp;           &nbs= p;             = |  1 +
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c&nb= sp;       | 84 ++++++++++++++++++++++++++++++= ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf&= nbsp;     | 56 ++++++++++++++++++++++++++++++++++++++++= ++++++++++++++++
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni&= nbsp;     | 14 ++++++++++++++
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra= .uni | 14 ++++++++++++++
 5 files changed, 169 insertions(+)

diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc<= br> index 6bed9205ea..f0f02f180f 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -500,6 +500,7 @@
   MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatus= CodeRouterSmm.inf
   MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatus= CodeRouterStandaloneMm.inf
   MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
+  MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.in= f
   MdeModulePkg/Library/SmmMemoryAllocationProfileLib/SmmMemoryAl= locationProfileLib.inf
   MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMem= oryAllocationProfileLib.inf
   MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMem= oryAllocationLib.inf
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= Mm.c b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c new file mode 100644
index 0000000000..503be7efa8
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.c @@ -0,0 +1,84 @@
+/** @file
+  LockBox MM driver.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiSmm.h>
+#include <Library/StandaloneMmDriverEntryPoint.h>
+#include <Library/MmServicesTableLib.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/StandaloneMmMemLib.h>
+#include <Library/LockBoxLib.h>
+
+#include <Protocol/SmmReadyToLock.h>
+#include <Protocol/SmmCommunication.h>
+#include <Protocol/LockBox.h>
+#include <Guid/SmmLockBox.h>
+
+#include "SmmLockBoxCommon.h"
+
+/**
+  This function is an abstraction layer for implementation specific M= m buffer validation routine.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid per processor architecture = and not overlap with SMRAM.
+  @retval FALSE This buffer is not valid per processor architecture o= r overlap with SMRAM.
+**/
+BOOLEAN
+IsBufferOutsideMmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64         &nbs= p;      Length
+  )
+{
+  return MmIsBufferOutsideMmValid (Buffer, Length);
+}
+
+/**
+  Entry Point for LockBox MM driver.
+
+  @param[in] ImageHandle  Image handle of this driver.
+  @param[in] SystemTable  A Pointer to the EFI System Table.
+
+  @retval EFI_SUCEESS
+  @return Others         = ; Some error occurs.
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxStandaloneMmEntryPoint (
+  IN EFI_HANDLE         =   ImageHandle,
+  IN EFI_MM_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS  Status;
+  EFI_HANDLE  DispatchHandle;
+  VOID        *Registration;
+
+  //
+  // Register LockBox communication handler
+  //
+  Status =3D gMmst->MmiHandlerRegister (
+            &n= bsp;       SmmLockBoxHandler,
+            &n= bsp;       &gEfiSmmLockBoxCommunicationGu= id,
+            &n= bsp;       &DispatchHandle
+            &n= bsp;       );
+  ASSERT_EFI_ERROR (Status);
+
+  //
+  // Register SMM Ready To Lock Protocol notification
+  //
+  Status =3D gMmst->MmRegisterProtocolNotify (
+            &n= bsp;       &gEfiSmmReadyToLockProtocolGui= d,
+            &n= bsp;       SmmReadyToLockEventNotify,
+            &n= bsp;       &Registration
+            &n= bsp;       );
+  ASSERT_EFI_ERROR (Status);
+  return Status;
+}
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= Mm.inf b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.i= nf
new file mode 100644
index 0000000000..544c87790c
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.inf<= br> @@ -0,0 +1,56 @@
+## @file
+#  LockBox MM driver.
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> +#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION         &n= bsp;          =3D 0x00010005 +  BASE_NAME         &nbs= p;            =3D Sm= mLockBoxStandaloneMm
+  MODULE_UNI_FILE        &nbs= p;       =3D SmmLockBoxStandaloneMm.uni
+  FILE_GUID         &nbs= p;            =3D a8= 3a87a0-8a3e-482d-86c8-84a139f6ded0
+  MODULE_TYPE         &n= bsp;          =3D MM_STANDALON= E
+  VERSION_STRING         = ;        =3D 1.0
+  PI_SPECIFICATION_VERSION       =3D 0x= 00010032
+  ENTRY_POINT         &n= bsp;          =3D SmmLockBoxSt= andaloneMmEntryPoint
+
+#
+# The following information is for reference only and not required by the = build tools.
+#
+#  VALID_ARCHITECTURES        = ;   =3D IA32 X64
+#
+
+[Sources]
+  SmmLockBoxStandaloneMm.c
+  SmmLockBoxCommon.c
+  SmmLockBoxCommon.h
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  StandaloneMmPkg/StandaloneMmPkg.dec
+
+[LibraryClasses]
+  MmServicesTableLib
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  LockBoxLib
+  MemLib
+  StandaloneMmDriverEntryPoint
+
+[Guids]
+  gEfiSmmLockBoxCommunicationGuid   ## PRODUCES ## GUID # S= miHandlerRegister
+
+[Protocols]
+  gEfiSmmReadyToLockProtocolGuid    ## NOTIFY
+  gEfiLockBoxProtocolGuid       &n= bsp;   ## PRODUCES
+
+[Depex]
+  TRUE
+
+[UserExtensions.TianoCore."ExtraFiles"]
+  SmmLockBoxStandaloneMm.uni
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= Mm.uni b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.u= ni
new file mode 100644
index 0000000000..7f6218102f
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMm.uni<= br> @@ -0,0 +1,14 @@
+// /** @file
+// LockBox MM driver.
+//
+// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> +//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT        = ;     #language en-US "LockBox MM driver." +
+#string STR_MODULE_DESCRIPTION       &n= bsp;  #language en-US "LockBox MM driver."
+
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalone= MmExtra.uni b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandalon= eMmExtra.uni
new file mode 100644
index 0000000000..a5443ca5f9
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxStandaloneMmExtra= .uni
@@ -0,0 +1,14 @@
+// /** @file
+// SmmLockBox Localized Strings and Content
+//
+// Copyright (c) 2024, Intel Corporation. All rights reserved.<BR> +//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"MM Lock Box Driver"
+
+
--
2.39.1.windows.1

_._,_._,_

Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#118655) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--_000_MN6PR11MB8244836E27F664043D6FD1588CE52MN6PR11MB8244namp_--