From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id D09A294002B for ; Wed, 8 May 2024 02:50:46 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=KvWX3fVvLGeK/GZ0f9isbmFFK0RxylLUVDGEBub+aPQ=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type; s=20240206; t=1715136645; v=1; b=QDWs8LRBbj6m8/xDWIGiLIAe4TqHjBEszgJdAqgewviZLLvziM2oATDQhFdhiv+ZzeJXAAU5 4sa7htysz3B55TCRHP95d++FKaTf4yX5FtbBF7iWlG47N0dUXWMbPuA/G83P3Sl74pkeK9gQeQM dVm46eArbnkUR1RD/vEmuwlgJL4UdwOf6IZcmTD38dRdHhOL4rqaV9SUlKm0UafHBvbhE16eEKm j6RPT6DFXCkKrBOvBUAABKDB2ZJlbSXxD+M6Q3JV0atqD4lcx0scmkkew2yaJdjAMP88kAmjUK/ /Qt09icwD6VcClVRPU+qv45ZcHJyqvNA3wMhgyJPBt84A== X-Received: by 127.0.0.2 with SMTP id LLJgYY7687511xYwFHdO48Ii; Tue, 07 May 2024 19:50:45 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) by mx.groups.io with SMTP id smtpd.web11.3439.1715136644366042851 for ; Tue, 07 May 2024 19:50:44 -0700 X-CSE-ConnectionGUID: 7uM/sFpcTueFldLU+YXWAQ== X-CSE-MsgGUID: b33Z1tiAT5OiK5wAM/J5Dw== X-IronPort-AV: E=McAfee;i="6600,9927,11066"; a="11101132" X-IronPort-AV: E=Sophos;i="6.08,143,1712646000"; d="scan'208,217";a="11101132" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2024 19:50:44 -0700 X-CSE-ConnectionGUID: uIkQHZ4wSQCHSdNUSpsViA== X-CSE-MsgGUID: 654SRgMAR36bds58qgYYFA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,143,1712646000"; d="scan'208,217";a="66158715" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 07 May 2024 19:50:44 -0700 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 7 May 2024 19:50:43 -0700 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 7 May 2024 19:50:43 -0700 X-Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.41) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 7 May 2024 19:50:42 -0700 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by CH3PR11MB8518.namprd11.prod.outlook.com (2603:10b6:610:1b8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.43; Wed, 8 May 2024 02:50:34 +0000 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::41a4:c775:32e6:76a8]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::41a4:c775:32e6:76a8%4]) with mapi id 15.20.7544.041; Wed, 8 May 2024 02:50:34 +0000 From: "Ni, Ray" To: "Xie, Yuanhao" , "devel@edk2.groups.io" CC: Liming Gao , "Wu, Jiaxin" Subject: Re: [edk2-devel] [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c. Thread-Topic: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c. Thread-Index: AQHaoEUopVkDegkefUqN7b9P8+k/rrGMpFtY Date: Wed, 8 May 2024 02:50:34 +0000 Message-ID: References: <20240507060910.1687-1-yuanhao.xie@intel.com> <20240507060910.1687-3-yuanhao.xie@intel.com> In-Reply-To: <20240507060910.1687-3-yuanhao.xie@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|CH3PR11MB8518:EE_ x-ms-office365-filtering-correlation-id: 88ee9b09-2005-4b08-8abf-08dc6f09a250 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: =?us-ascii?Q?U928Jm1yxLDNshc3A92UzkpDYQAFLvHyilocnPLIMpQsiOlsTvBVg6XfFkgG?= =?us-ascii?Q?xLfshu1JOxnzUIsRwbA3wZzDggiss8jw6aTnPwpnpOTZ4NMcwBxjOKsG87lp?= =?us-ascii?Q?Tix4zH5sSNpQj/2jXMM7wFZJ7KUmr911yQoHskBa4/ldbaLUO7gekUWgQuXU?= =?us-ascii?Q?hjDIcpocGuNvNmKrWqTdVcgk0EYUvDA6ng+4vHkz6zAedy0FuU3yxwWVKfCl?= =?us-ascii?Q?JsTgZ6jWjfOHel9s6Ng3CL4YNQjFwPfrpTqCN6j3Zbe/1gYkb9/hjvLCNBfg?= =?us-ascii?Q?MaXOdklDAIiUWLzAe5c0Wfoq7PdtAgCWpk/xwpqgMD2f3+arVm/cx+JXnuZS?= =?us-ascii?Q?RBn/zXTQ/6UDa6RJ2HDp7wZ8HWl9xRVGarwPF1KU6+C88C+9l0wzE6uRIx3t?= =?us-ascii?Q?HJIoNpNwrSZbba6fvPhmLxSTIe8giTvTl45H/j+dMp9TxnR4HbODSF3W+4nI?= =?us-ascii?Q?/Frs1O1e0T85FU+fmsnhqYT5pA5rNrPDHBGPArL8a9PUarzp0VOQfajkPHYx?= =?us-ascii?Q?KbMdRbaEq4hZEVcznht04w8g0mYFnnPZ2yJiitqCjIibkndWztMkoM3XqoUC?= =?us-ascii?Q?xkg8FoKsGHf0n8/r0CLBlWVHxnbFSkxkxaHLo+lD308hDO/8URevmJTT7XT4?= =?us-ascii?Q?zEhqO6bobkJ+oLX4cSuKVVPEhWbBqmUzAP8ZBSvE2414EnMcpMToQ4qsvGMr?= =?us-ascii?Q?gdOrn3Ebev39ll4R61Xe9nZtEywxpptI5UMdOrhKvqbAXbXiP6Qdpk6gFYV2?= =?us-ascii?Q?1DtFo0JJr5aJl10wZgAIRizA+cF4x3iV+Hw56PR156yzgcTyN71LCvfJVkoR?= =?us-ascii?Q?ddVZjfOCjfm1x/CvQkcdOs/iSJjuFX7IyKInU2w6JFHtOIAAxx+MgI/vnndR?= =?us-ascii?Q?YmNPq6M5S7wb9I75gVeedM3+bSWlzokU3XKP6Glw32eDtSYsklG68+mRpTJ+?= =?us-ascii?Q?7Y0v7idMw7vCoUXXpQgf7vBE0ZiSIQgE/x/8Udl/RVqc90zSOrFiY2aLcHM6?= =?us-ascii?Q?Xt2WmbmIi9dcYYWdcja3UWaTKZTBs+eNG4WBJjbS65sFMEqj6FO50LS02/SI?= =?us-ascii?Q?wOeGZ6sOQY3qSRWY5APuo4NK2SEhxQ4ZIBIeEv8VxdEWw3xPUmutfRp5HYc8?= =?us-ascii?Q?mcZHNNhkbHHdv38RJtVIHTGofvEaLhn0jROcCC7nw2J5iGKwkUXNgfjAXktd?= =?us-ascii?Q?FX7B9lM5fnkW0P68kNlLApBwyoAnPY/qAJtzVMJ9Ycoq/TfM4YM76iEaRScm?= =?us-ascii?Q?wFOs/1SywllNwhFaav3wvjw7w3e2zkFKwMki2j8pwCBS1wBY2Ygkgh4oE8fo?= =?us-ascii?Q?Z9dlsoMpGiWUArOlXVw3TMXgFI8ralY/pEzsNQ0hxdqw+Q=3D=3D?= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?fvTUWFXszr7Pnu+OTXz4PCpAFoY9VEzP/YwnpMzfyAB3lnz4Nhv4WgM7+tTI?= =?us-ascii?Q?NsMmQcCLXFcV8qsFPiqC3a1eEk9ctYFddXl+ogKkH26yasigKXfJdlo3G3By?= =?us-ascii?Q?W3vg/xv1zby0y4I84f8ev9Lpn0CyONhq/OjmSpXkO7NSe+7iOkOz0w7UNW5j?= =?us-ascii?Q?zIoXNRKfUhIHfYEU+YxRHc78QF4ietBRtYCJyW8Z09CpvaQMTBcJkL6PsMHQ?= =?us-ascii?Q?kOLrWbKFRc5vXOMFPW5dPL12PoBvumHrHH/ieN21tJjSIsAtL75NQVaZW4nm?= =?us-ascii?Q?1iKWJ/SVSeVx7v+EIj2+FWnP3mYfQZTLu/EExXVBdGfHLOwOn5egby0P3F9s?= =?us-ascii?Q?IhFP9j645pkVvo2pwBQq1bI/E/JqbmWXAkeL4M+t7KONw4U6eb5mrAmPetMU?= =?us-ascii?Q?kvySRDNVPmju3IIuwiG+r3+xjnGPPWU8ZuD5F1O98TA7FBKIGsHMWvCL2isL?= =?us-ascii?Q?8Cy7ndukR/hBjujxGKwo7diq3hyJU65o5KMjKg4N4HObZQZvrcvgTPk8uuA8?= =?us-ascii?Q?c5X80OIp/u2U6GljeXU6xZUoq0GJMpgndD+hcD6ll+gPknuL/p8/Jg0EOWT3?= =?us-ascii?Q?0syuah4IBXqWVO2bDLUW1vM95dYpPOIgk/PIuB3crmnFi8NyO0d81tcWfZSl?= =?us-ascii?Q?hoPgL7Ctfhh941sZH/8eSx+MXL24I06rX2zrZgVhcpX/oVYRBC8pASBkISMu?= =?us-ascii?Q?2FtKeTrQM9zgUpipofraU1dZl4xilfoafatmepiHkV4Vb3zcpGjkP7Dylj06?= =?us-ascii?Q?NJN7l/RNIcCW9b5Fh5iuAkfri9MYmN5hl862HbWR0pCEME6ibdnzV7Pn+8NF?= =?us-ascii?Q?YLaefZacLlduNm2J64kcBVkDtLHZvpS4MKC2uNV4aWo6KqSywtYUyefwS5aH?= =?us-ascii?Q?XpmZkuBRG+RzTJYYAUQf2cw3yhPth1jKGTUzUa5QgNKZCNBj72aWG7N3OJoa?= =?us-ascii?Q?BaCxumQFKlmAPi22VA8uVqVFYX414/o6hTOHAuIHe5zDON3JK2kM/LddqZ/z?= =?us-ascii?Q?FfFEkeKfwuSB1T/mf1D4JCZqU74OslDgAUIv+iJpYZb060V/kOLwyT8oVFQy?= =?us-ascii?Q?n+gKkhXvbIqJSIe+ozP8tIG9QcBNaZGgvRIJMYXmSe9Wa0SZahtNlVOJymVl?= =?us-ascii?Q?fqZ2lTngiOTXHFF3+ttNvHA9s66r3XRbTyh0+ci1QvD+UaE6asdOAozd4Ivq?= =?us-ascii?Q?gfi53pXcxNNrk8i4VQHSFCqfY2bhgXVdIZi64am0CcsZX6o6B8F7/Vu2u3x5?= =?us-ascii?Q?63RyTk09O4/7io1Vfx8582/dyJEvgA2ZbOgtpoBYXnKlnJ8y5z7wuEs1DQpl?= =?us-ascii?Q?aNxLQXmCzqGondJ8yITWkqm11Rn96rjJLI75/Cuf9Omjui8j+Tz415sL3D5M?= =?us-ascii?Q?UgtXwMDPT9rJAT84uRhZdfoXBG28fTUZ/mr/DGlvwAmzWadjsIlYH1f9wHz5?= =?us-ascii?Q?m5C/kj8Z1lv2aNlMwDQJmdwbmMpHc2cMZHqLalD3XsOg61mNO4LGp/y6k4dS?= =?us-ascii?Q?IBcIYYrD2uGOKTTXdh45jO5XAAebeO+DVaeqPaS5pHP04MrswR0zC24IcjnG?= =?us-ascii?Q?PoGNO1ouS2Zu2ABJUhs=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 88ee9b09-2005-4b08-8abf-08dc6f09a250 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2024 02:50:34.7862 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3Hvcz/DJFX6M4FIzjjAsUbo3u2UcXzrI7BYopq8lZUP+dszbjr9/WiYVKZ5Yysq2XAhmpEUaposD/wwNBpjQew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8518 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 07 May 2024 19:50:44 -0700 Resent-From: ray.ni@intel.com Reply-To: devel@edk2.groups.io,ray.ni@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: PKbudnO8jJ5MF5ARQHuDToxfx7686176AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MN6PR11MB82449FCF1C86F7CBD27856AE8CE52MN6PR11MB8244namp_" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=QDWs8LRB; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --_000_MN6PR11MB82449FCF1C86F7CBD27856AE8CE52MN6PR11MB8244namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni Thanks, Ray ________________________________ From: Xie, Yuanhao Sent: Tuesday, May 7, 2024 14:09 To: devel@edk2.groups.io Cc: Liming Gao ; Wu, Jiaxin = ; Ni, Ray ; Xie, Yuanhao Subject: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c. The Lockbox Driver allows sensitive data to be securely stored in a designated area, thus protected against unauthorized access. This patch does not introduce any functional modifications. It refactors the existing logic into a common component to facilitates the integration of the Standalone MM Lockbox Driver in an upcoming patch Cc: Liming Gao Cc: Jiaxin Wu Cc: Ray Ni Signed-off-by: Yuanhao Xie --- MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c | 361 +++++++= +++++----------------------------------------------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ------------------------------------------------------ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf | 4 +++- MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c | 384 +++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++ MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h | 148 +++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 547 insertions(+), 350 deletions(-) diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c b/MdeMo= dulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c index c1e15c596b..2774979c34 100644 --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c @@ -9,7 +9,7 @@ SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), SmmLockBox= Save() will receive untrusted input and do basic validation. -Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -31,360 +31,24 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include -BOOLEAN mLocked =3D FALSE; +#include "SmmLockBoxCommon.h" /** - Dispatch function for SMM lock box save. + This function is an abstraction layer for implementation specific Mm buf= fer validation routine. - Caution: This function may receive untrusted input. - Restore buffer and length are external input, so this function will vali= date - it is in SMRAM. + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. - @param LockBoxParameterSave parameter of lock box save + @retval TRUE This buffer is valid per processor architecture and not ov= erlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlap with SMRAM. **/ -VOID -SmmLockBoxSave ( - IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length ) { - EFI_STATUS Status; - EFI_SMM_LOCK_BOX_PARAMETER_SAVE TempLockBoxParameterSave; - - // - // Sanity check - // - if (mLocked) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); - LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DENIE= D; - return; - } - - CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof (EFI_SM= M_LOCK_BOX_PARAMETER_SAVE)); - - // - // Sanity check - // - if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterSave.Buffer,= (UINTN)TempLockBoxParameterSave.Length)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in SMRAM or buffer overf= low!\n")); - LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DENIE= D; - return; - } - - // - // The SpeculationBarrier() call here is to ensure the above range check= for - // the CommBuffer have been completed before calling into SaveLockBox(). - // - SpeculationBarrier (); - - // - // Save data - // - Status =3D SaveLockBox ( - &TempLockBoxParameterSave.Guid, - (VOID *)(UINTN)TempLockBoxParameterSave.Buffer, - (UINTN)TempLockBoxParameterSave.Length - ); - LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status; - return; -} - -/** - Dispatch function for SMM lock box set attributes. - - @param LockBoxParameterSetAttributes parameter of lock box set attribut= es -**/ -VOID -SmmLockBoxSetAttributes ( - IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttrib= utes - ) -{ - EFI_STATUS Status; - EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES TempLockBoxParameterSetAttrib= utes; - - // - // Sanity check - // - if (mLocked) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); - LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)EFI_ACC= ESS_DENIED; - return; - } - - CopyMem (&TempLockBoxParameterSetAttributes, LockBoxParameterSetAttribut= es, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)); - - // - // Update data - // - Status =3D SetLockBoxAttributes ( - &TempLockBoxParameterSetAttributes.Guid, - TempLockBoxParameterSetAttributes.Attributes - ); - LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)Status; - return; -} - -/** - Dispatch function for SMM lock box update. - - Caution: This function may receive untrusted input. - Restore buffer and length are external input, so this function will vali= date - it is in SMRAM. - - @param LockBoxParameterUpdate parameter of lock box update -**/ -VOID -SmmLockBoxUpdate ( - IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate - ) -{ - EFI_STATUS Status; - EFI_SMM_LOCK_BOX_PARAMETER_UPDATE TempLockBoxParameterUpdate; - - // - // Sanity check - // - if (mLocked) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); - LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DEN= IED; - return; - } - - CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, sizeof (EF= I_SMM_LOCK_BOX_PARAMETER_UPDATE)); - - // - // Sanity check - // - if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterUpdate.Buffe= r, (UINTN)TempLockBoxParameterUpdate.Length)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in SMRAM or buffer ove= rflow!\n")); - LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DEN= IED; - return; - } - - // - // The SpeculationBarrier() call here is to ensure the above range check= for - // the CommBuffer have been completed before calling into UpdateLockBox(= ). - // - SpeculationBarrier (); - - // - // Update data - // - Status =3D UpdateLockBox ( - &TempLockBoxParameterUpdate.Guid, - (UINTN)TempLockBoxParameterUpdate.Offset, - (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer, - (UINTN)TempLockBoxParameterUpdate.Length - ); - LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status; - return; -} - -/** - Dispatch function for SMM lock box restore. - - Caution: This function may receive untrusted input. - Restore buffer and length are external input, so this function will vali= date - it is in SMRAM. - - @param LockBoxParameterRestore parameter of lock box restore -**/ -VOID -SmmLockBoxRestore ( - IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore - ) -{ - EFI_STATUS Status; - EFI_SMM_LOCK_BOX_PARAMETER_RESTORE TempLockBoxParameterRestore; - - CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore, sizeof (= EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)); - - // - // Sanity check - // - if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterRestore.Buff= er, (UINTN)TempLockBoxParameterRestore.Length)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address in SMRAM or buffer ov= erflow!\n")); - LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DE= NIED; - return; - } - - // - // Restore data - // - if ((TempLockBoxParameterRestore.Length =3D=3D 0) && (TempLockBoxParamet= erRestore.Buffer =3D=3D 0)) { - Status =3D RestoreLockBox ( - &TempLockBoxParameterRestore.Guid, - NULL, - NULL - ); - } else { - Status =3D RestoreLockBox ( - &TempLockBoxParameterRestore.Guid, - (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer, - (UINTN *)&TempLockBoxParameterRestore.Length - ); - if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D=3D EFI_SUCCESS= )) { - // - // Return the actual Length value. - // - LockBoxParameterRestore->Length =3D TempLockBoxParameterRestore.Leng= th; - } - } - - LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status; - return; -} - -/** - Dispatch function for SMM lock box restore all in place. - - @param LockBoxParameterRestoreAllInPlace parameter of lock box restore = all in place -**/ -VOID -SmmLockBoxRestoreAllInPlace ( - IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRes= toreAllInPlace - ) -{ - EFI_STATUS Status; - - Status =3D RestoreAllLoc= kBoxInPlace (); - LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D (UINT64)Statu= s; - return; -} - -/** - Dispatch function for a Software SMI handler. - - Caution: This function may receive untrusted input. - Communicate buffer and buffer size are external input, so this function = will do basic validation. - - @param DispatchHandle The unique handle assigned to this handler by Smi= HandlerRegister(). - @param Context Points to an optional handler context which was s= pecified when the - handler was registered. - @param CommBuffer A pointer to a collection of data in memory that = will - be conveyed from a non-SMM environment into an SM= M environment. - @param CommBufferSize The size of the CommBuffer. - - @retval EFI_SUCCESS Command is handled successfully. - -**/ -EFI_STATUS -EFIAPI -SmmLockBoxHandler ( - IN EFI_HANDLE DispatchHandle, - IN CONST VOID *Context OPTIONAL, - IN OUT VOID *CommBuffer OPTIONAL, - IN OUT UINTN *CommBufferSize OPTIONAL - ) -{ - EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader; - UINTN TempCommBufferSize; - - DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n")); - - // - // If input is invalid, stop processing this SMI - // - if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) { - return EFI_SUCCESS; - } - - TempCommBufferSize =3D *CommBufferSize; - - // - // Sanity check - // - if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size invalid!\n")); - return EFI_SUCCESS; - } - - if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize))= { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in SMRAM or overflow!\= n")); - return EFI_SUCCESS; - } - - LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER *)((UINTN)= CommBuffer); - - LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1; - - DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n", (UINTN)L= ockBoxParameterHeader)); - - DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", (UINTN)LockBoxParameter= Header->Command)); - - switch (LockBoxParameterHeader->Command) { - case EFI_SMM_LOCK_BOX_COMMAND_SAVE: - if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SAVE inva= lid!\n")); - break; - } - - SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)(UINTN)LockBoxPar= ameterHeader); - break; - case EFI_SMM_LOCK_BOX_COMMAND_UPDATE: - if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE))= { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for UPDATE in= valid!\n")); - break; - } - - SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)LockBo= xParameterHeader); - break; - case EFI_SMM_LOCK_BOX_COMMAND_RESTORE: - if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)= ) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for RESTORE i= nvalid!\n")); - break; - } - - SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)(UINTN)Lock= BoxParameterHeader); - break; - case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES: - if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTR= IBUTES)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SET_ATTRI= BUTES invalid!\n")); - break; - } - - SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES = *)(UINTN)LockBoxParameterHeader); - break; - case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE: - if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_= ALL_IN_PLACE)) { - DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for RESTORE_A= LL_IN_PLACE invalid!\n")); - break; - } - - SmmLockBoxRestoreAllInPlace ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL= _IN_PLACE *)(UINTN)LockBoxParameterHeader); - break; - default: - DEBUG ((DEBUG_ERROR, "SmmLockBox Command invalid!\n")); - break; - } - - LockBoxParameterHeader->Command =3D (UINT32)-1; - - DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n")); - - return EFI_SUCCESS; -} - -/** - Smm Ready To Lock event notification handler. - - It sets a flag indicating that SMRAM has been locked. - - @param[in] Protocol Points to the protocol's unique identifier. - @param[in] Interface Points to the interface instance. - @param[in] Handle The handle on which the interface was installed. - - @retval EFI_SUCCESS Notification handler runs successfully. - **/ -EFI_STATUS -EFIAPI -SmmReadyToLockEventNotify ( - IN CONST EFI_GUID *Protocol, - IN VOID *Interface, - IN EFI_HANDLE Handle - ) -{ - mLocked =3D TRUE; - return EFI_SUCCESS; + return SmmIsBufferOutsideSmmValid (Buffer, Length); } /** @@ -438,6 +102,5 @@ SmmLockBoxEntryPoint ( NULL ); ASSERT_EFI_ERROR (Status); - return Status; } diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf b/Mde= ModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf index 5081b2d7f2..f279706e90 100644 --- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf @@ -6,7 +6,7 @@ # This external input must be validated carefully to avoid security issue= like # buffer overflow, integer overflow. # -# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -30,6 +30,8 @@ [Sources] SmmLockBox.c + SmmLockBoxCommon.c + SmmLockBoxCommon.h [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c b= /MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c new file mode 100644 index 0000000000..5c6eae05af --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c @@ -0,0 +1,384 @@ +/** @file + LockBox SMM/MM driver. + + Caution: This module requires additional review when modified. + This driver will have external input - communicate buffer in SMM mode. + This external input must be validated carefully to avoid security issue = like + buffer overflow, integer overflow. + + SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), SmmLockBox= Save() + will receive untrusted input and do basic validation. + +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include "SmmLockBoxCommon.h" + +BOOLEAN mLocked =3D FALSE; + +/** + Dispatch function for SMM lock box save. + + Caution: This function may receive untrusted input. + Restore buffer and length are external input, so this function will vali= date + it is in SMRAM. + + @param LockBoxParameterSave parameter of lock box save +**/ +VOID +SmmLockBoxSave ( + IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave + ) +{ + EFI_STATUS Status; + EFI_SMM_LOCK_BOX_PARAMETER_SAVE TempLockBoxParameterSave; + + // + // Sanity check + // + if (mLocked) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); + LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DENIE= D; + return; + } + + CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeof (EFI_SM= M_LOCK_BOX_PARAMETER_SAVE)); + + // + // Sanity check + // + if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterSave.Buffer, (UI= NTN)TempLockBoxParameterSave.Length)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in SMRAM or buffer overf= low!\n")); + LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DENIE= D; + return; + } + + // + // The SpeculationBarrier() call here is to ensure the above range check= for + // the CommBuffer have been completed before calling into SaveLockBox(). + // + SpeculationBarrier (); + + // + // Save data + // + Status =3D SaveLockBox ( + &TempLockBoxParameterSave.Guid, + (VOID *)(UINTN)TempLockBoxParameterSave.Buffer, + (UINTN)TempLockBoxParameterSave.Length + ); + LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status; + return; +} + +/** + Dispatch function for SMM lock box set attributes. + + @param LockBoxParameterSetAttributes parameter of lock box set attribut= es +**/ +VOID +SmmLockBoxSetAttributes ( + IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttrib= utes + ) +{ + EFI_STATUS Status; + EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES TempLockBoxParameterSetAttrib= utes; + + // + // Sanity check + // + if (mLocked) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); + LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)EFI_ACC= ESS_DENIED; + return; + } + + CopyMem (&TempLockBoxParameterSetAttributes, LockBoxParameterSetAttribut= es, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)); + + // + // Update data + // + Status =3D SetLockBoxAttributes ( + &TempLockBoxParameterSetAttributes.Guid, + TempLockBoxParameterSetAttributes.Attributes + ); + LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)Status; + return; +} + +/** + Dispatch function for SMM lock box update. + + Caution: This function may receive untrusted input. + Restore buffer and length are external input, so this function will vali= date + it is in SMRAM. + + @param LockBoxParameterUpdate parameter of lock box update +**/ +VOID +SmmLockBoxUpdate ( + IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate + ) +{ + EFI_STATUS Status; + EFI_SMM_LOCK_BOX_PARAMETER_UPDATE TempLockBoxParameterUpdate; + + // + // Sanity check + // + if (mLocked) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n")); + LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DEN= IED; + return; + } + + CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, sizeof (EF= I_SMM_LOCK_BOX_PARAMETER_UPDATE)); + + // + // Sanity check + // + if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterUpdate.Buffer, (= UINTN)TempLockBoxParameterUpdate.Length)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in SMRAM or buffer ove= rflow!\n")); + LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DEN= IED; + return; + } + + // + // The SpeculationBarrier() call here is to ensure the above range check= for + // the CommBuffer have been completed before calling into UpdateLockBox(= ). + // + SpeculationBarrier (); + + // + // Update data + // + Status =3D UpdateLockBox ( + &TempLockBoxParameterUpdate.Guid, + (UINTN)TempLockBoxParameterUpdate.Offset, + (VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer, + (UINTN)TempLockBoxParameterUpdate.Length + ); + LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status; + return; +} + +/** + Dispatch function for SMM lock box restore. + + Caution: This function may receive untrusted input. + Restore buffer and length are external input, so this function will vali= date + it is in SMRAM. + + @param LockBoxParameterRestore parameter of lock box restore +**/ +VOID +SmmLockBoxRestore ( + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore + ) +{ + EFI_STATUS Status; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE TempLockBoxParameterRestore; + + CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore, sizeof (= EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)); + + // + // Sanity check + // + if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterRestore.Buffer, = (UINTN)TempLockBoxParameterRestore.Length)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address in SMRAM or buffer ov= erflow!\n")); + LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)EFI_ACCESS_DE= NIED; + return; + } + + // + // Restore data + // + if ((TempLockBoxParameterRestore.Length =3D=3D 0) && (TempLockBoxParamet= erRestore.Buffer =3D=3D 0)) { + Status =3D RestoreLockBox ( + &TempLockBoxParameterRestore.Guid, + NULL, + NULL + ); + } else { + Status =3D RestoreLockBox ( + &TempLockBoxParameterRestore.Guid, + (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer, + (UINTN *)&TempLockBoxParameterRestore.Length + ); + if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D=3D EFI_SUCCESS= )) { + // + // Return the actual Length value. + // + LockBoxParameterRestore->Length =3D TempLockBoxParameterRestore.Leng= th; + } + } + + LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status; + return; +} + +/** + Dispatch function for SMM lock box restore all in place. + + @param LockBoxParameterRestoreAllInPlace parameter of lock box restore = all in place +**/ +VOID +SmmLockBoxRestoreAllInPlace ( + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRes= toreAllInPlace + ) +{ + EFI_STATUS Status; + + Status =3D RestoreAllLoc= kBoxInPlace (); + LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D (UINT64)Statu= s; + return; +} + +/** + Dispatch function for a Software SMI handler. + + Caution: This function may receive untrusted input. + Communicate buffer and buffer size are external input, so this function = will do basic validation. + + @param DispatchHandle The unique handle assigned to this handler by Smi= HandlerRegister(). + @param Context Points to an optional handler context which was s= pecified when the + handler was registered. + @param CommBuffer A pointer to a collection of data in memory that = will + be conveyed from a non-SMM environment into an SM= M environment. + @param CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS Command is handled successfully. + +**/ +EFI_STATUS +EFIAPI +SmmLockBoxHandler ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL + ) +{ + EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader; + UINTN TempCommBufferSize; + + DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n")); + + // + // If input is invalid, stop processing this SMI + // + if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) { + return EFI_SUCCESS; + } + + TempCommBufferSize =3D *CommBufferSize; + + // + // Sanity check + // + if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_HEADER)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size invalid!\n")); + return EFI_SUCCESS; + } + + if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in SMRAM or overflow!\= n")); + return EFI_SUCCESS; + } + + LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER *)((UINTN)= CommBuffer); + + LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1; + + DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n", (UINTN)L= ockBoxParameterHeader)); + + DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", (UINTN)LockBoxParameter= Header->Command)); + + switch (LockBoxParameterHeader->Command) { + case EFI_SMM_LOCK_BOX_COMMAND_SAVE: + if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SAVE)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SAVE inva= lid!\n")); + break; + } + + SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)(UINTN)LockBoxPar= ameterHeader); + break; + case EFI_SMM_LOCK_BOX_COMMAND_UPDATE: + if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE))= { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for UPDATE in= valid!\n")); + break; + } + + SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)LockBo= xParameterHeader); + break; + case EFI_SMM_LOCK_BOX_COMMAND_RESTORE: + if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)= ) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for RESTORE i= nvalid!\n")); + break; + } + + SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)(UINTN)Lock= BoxParameterHeader); + break; + case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES: + if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTR= IBUTES)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for SET_ATTRI= BUTES invalid!\n")); + break; + } + + SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES = *)(UINTN)LockBoxParameterHeader); + break; + case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE: + if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_= ALL_IN_PLACE)) { + DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Size for RESTORE_A= LL_IN_PLACE invalid!\n")); + break; + } + + SmmLockBoxRestoreAllInPlace ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL= _IN_PLACE *)(UINTN)LockBoxParameterHeader); + break; + default: + DEBUG ((DEBUG_ERROR, "SmmLockBox Command invalid!\n")); + break; + } + + LockBoxParameterHeader->Command =3D (UINT32)-1; + + DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n")); + + return EFI_SUCCESS; +} + +/** + Smm Ready To Lock event notification handler. + + It sets a flag indicating that SMRAM has been locked. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification handler runs successfully. + **/ +EFI_STATUS +EFIAPI +SmmReadyToLockEventNotify ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + mLocked =3D TRUE; + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h b= /MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h new file mode 100644 index 0000000000..2205c4fb3b --- /dev/null +++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h @@ -0,0 +1,148 @@ +/** @file + LockBox SMM/MM driver. + + Caution: This module requires additional review when modified. + This driver will have external input - communicate buffer in SMM mode. + This external input must be validated carefully to avoid security issue = like + buffer overflow, integer overflow. + + SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), SmmLockBox= Save() + will receive untrusted input and do basic validation. + +Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.
+ +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +/** + This function is an abstraction layer for implementation specific Mm buf= fer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not ov= erlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or ove= rlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ); + +/** + Dispatch function for SMM lock box save. + + Caution: This function may receive untrusted input. + Restore buffer and length are external input, so this function will vali= date + it is in SMRAM. + + @param LockBoxParameterSave parameter of lock box save +**/ +VOID +SmmLockBoxSave ( + IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave + ); + +/** + Dispatch function for SMM lock box set attributes. + + @param LockBoxParameterSetAttributes parameter of lock box set attribut= es +**/ +VOID +SmmLockBoxSetAttributes ( + IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttrib= utes + ); + +/** + Dispatch function for SMM lock box update. + + Caution: This function may receive untrusted input. + Restore buffer and length are external input, so this function will vali= date + it is in SMRAM. + + @param LockBoxParameterUpdate parameter of lock box update +**/ +VOID +SmmLockBoxUpdate ( + IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate + ); + +/** + Dispatch function for SMM lock box restore. + + Caution: This function may receive untrusted input. + Restore buffer and length are external input, so this function will vali= date + it is in SMRAM. + + @param LockBoxParameterRestore parameter of lock box restore +**/ +VOID +SmmLockBoxRestore ( + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore + ); + +/** + Dispatch function for SMM lock box restore all in place. + + @param LockBoxParameterRestoreAllInPlace parameter of lock box restore = all in place +**/ +VOID +SmmLockBoxRestoreAllInPlace ( + IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRes= toreAllInPlace + ); + +/** + Dispatch function for a Software SMI handler. + + Caution: This function may receive untrusted input. + Communicate buffer and buffer size are external input, so this function = will do basic validation. + + @param DispatchHandle The unique handle assigned to this handler by Smi= HandlerRegister(). + @param Context Points to an optional handler context which was s= pecified when the + handler was registered. + @param CommBuffer A pointer to a collection of data in memory that = will + be conveyed from a non-SMM environment into an SM= M environment. + @param CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS Command is handled successfully. + +**/ +EFI_STATUS +EFIAPI +SmmLockBoxHandler ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL + ); + +/** + Smm Ready To Lock event notification handler. + + It sets a flag indicating that SMRAM has been locked. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification handler runs successfully. + **/ +EFI_STATUS +EFIAPI +SmmReadyToLockEventNotify ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ); -- 2.39.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118654): https://edk2.groups.io/g/devel/message/118654 Mute This Topic: https://groups.io/mt/105955700/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_MN6PR11MB82449FCF1C86F7CBD27856AE8CE52MN6PR11MB8244namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Reviewed-by: Ray Ni <ray.ni@intel.com>

Thanks,
Ray
From: Xie, Yuanhao <yuan= hao.xie@intel.com>
Sent: Tuesday, May 7, 2024 14:09
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Liming Gao <gaoliming@byosoft.com.cn>; Wu, Jiaxin <jiax= in.wu@intel.com>; Ni, Ray <ray.ni@intel.com>; Xie, Yuanhao <yua= nhao.xie@intel.com>
Subject: [PATCH 2/3] MdeModulePkg: Refactors SmmLockBox.c.
 
The Lockbox Driver allows sensitive data to be sec= urely stored in a
designated area, thus protected against unauthorized access.

This patch does not introduce any functional modifications.
It refactors the existing logic into a common component to facilitates
the integration of the Standalone MM Lockbox Driver in an upcoming patch
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>

Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
---
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c  &nb= sp;    | 361 ++++++++++++-----------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= ---------------------------------------------------------------------------= --------------
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf  &= nbsp;  |   4 +++-
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c | 384 ++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h | 148 ++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 547 insertions(+), 350 deletions(-)

diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c b/MdeMo= dulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
index c1e15c596b..2774979c34 100644
--- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
@@ -9,7 +9,7 @@
   SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), = SmmLockBoxSave()
   will receive untrusted input and do basic validation.
 
-Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR&g= t;
+Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR&g= t;
 
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -31,360 +31,24 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Protocol/LockBox.h>
 #include <Guid/SmmLockBox.h>
 
-BOOLEAN  mLocked =3D FALSE;
+#include "SmmLockBoxCommon.h"
 
 /**
-  Dispatch function for SMM lock box save.
+  This function is an abstraction layer for implementation specific M= m buffer validation routine.
 
-  Caution: This function may receive untrusted input.
-  Restore buffer and length are external input, so this function will= validate
-  it is in SMRAM.
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
 
-  @param LockBoxParameterSave  parameter of lock box save
+  @retval TRUE  This buffer is valid per processor architecture = and not overlap with SMRAM.
+  @retval FALSE This buffer is not valid per processor architecture o= r overlap with SMRAM.
 **/
-VOID
-SmmLockBoxSave (
-  IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE  *LockBoxParameterSave
+BOOLEAN
+IsBufferOutsideMmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64         &nbs= p;      Length
   )
 {
-  EFI_STATUS         &nb= sp;            = Status;
-  EFI_SMM_LOCK_BOX_PARAMETER_SAVE  TempLockBoxParameterSave;
-
-  //
-  // Sanity check
-  //
-  if (mLocked) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"))= ;
-    LockBoxParameterSave->Header.ReturnStatus =3D (UINT6= 4)EFI_ACCESS_DENIED;
-    return;
-  }
-
-  CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeo= f (EFI_SMM_LOCK_BOX_PARAMETER_SAVE));
-
-  //
-  // Sanity check
-  //
-  if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterSave.Bu= ffer, (UINTN)TempLockBoxParameterSave.Length)) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in S= MRAM or buffer overflow!\n"));
-    LockBoxParameterSave->Header.ReturnStatus =3D (UINT6= 4)EFI_ACCESS_DENIED;
-    return;
-  }
-
-  //
-  // The SpeculationBarrier() call here is to ensure the above range = check for
-  // the CommBuffer have been completed before calling into SaveLockB= ox().
-  //
-  SpeculationBarrier ();
-
-  //
-  // Save data
-  //
-  Status =3D SaveLockBox (
-             &= amp;TempLockBoxParameterSave.Guid,
-             (= VOID *)(UINTN)TempLockBoxParameterSave.Buffer,
-             (= UINTN)TempLockBoxParameterSave.Length
-             )= ;
-  LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status; -  return;
-}
-
-/**
-  Dispatch function for SMM lock box set attributes.
-
-  @param LockBoxParameterSetAttributes  parameter of lock box se= t attributes
-**/
-VOID
-SmmLockBoxSetAttributes (
-  IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES  *LockBoxParamete= rSetAttributes
-  )
-{
-  EFI_STATUS         &nb= sp;            =            Status;
-  EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES  TempLockBoxParamete= rSetAttributes;
-
-  //
-  // Sanity check
-  //
-  if (mLocked) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"))= ;
-    LockBoxParameterSetAttributes->Header.ReturnStatus = =3D (UINT64)EFI_ACCESS_DENIED;
-    return;
-  }
-
-  CopyMem (&TempLockBoxParameterSetAttributes, LockBoxParameterSe= tAttributes, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES));
-
-  //
-  // Update data
-  //
-  Status =3D SetLockBoxAttributes (
-             &= amp;TempLockBoxParameterSetAttributes.Guid,
-             T= empLockBoxParameterSetAttributes.Attributes
-             )= ;
-  LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)S= tatus;
-  return;
-}
-
-/**
-  Dispatch function for SMM lock box update.
-
-  Caution: This function may receive untrusted input.
-  Restore buffer and length are external input, so this function will= validate
-  it is in SMRAM.
-
-  @param LockBoxParameterUpdate  parameter of lock box update -**/
-VOID
-SmmLockBoxUpdate (
-  IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  *LockBoxParameterUpdate<= br> -  )
-{
-  EFI_STATUS         &nb= sp;            =    Status;
-  EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  TempLockBoxParameterUpdate;=
-
-  //
-  // Sanity check
-  //
-  if (mLocked) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"))= ;
-    LockBoxParameterUpdate->Header.ReturnStatus =3D (UIN= T64)EFI_ACCESS_DENIED;
-    return;
-  }
-
-  CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, s= izeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE));
-
-  //
-  // Sanity check
-  //
-  if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterUpdate.= Buffer, (UINTN)TempLockBoxParameterUpdate.Length)) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in= SMRAM or buffer overflow!\n"));
-    LockBoxParameterUpdate->Header.ReturnStatus =3D (UIN= T64)EFI_ACCESS_DENIED;
-    return;
-  }
-
-  //
-  // The SpeculationBarrier() call here is to ensure the above range = check for
-  // the CommBuffer have been completed before calling into UpdateLoc= kBox().
-  //
-  SpeculationBarrier ();
-
-  //
-  // Update data
-  //
-  Status =3D UpdateLockBox (
-             &= amp;TempLockBoxParameterUpdate.Guid,
-             (= UINTN)TempLockBoxParameterUpdate.Offset,
-             (= VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer,
-             (= UINTN)TempLockBoxParameterUpdate.Length
-             )= ;
-  LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status;<= br> -  return;
-}
-
-/**
-  Dispatch function for SMM lock box restore.
-
-  Caution: This function may receive untrusted input.
-  Restore buffer and length are external input, so this function will= validate
-  it is in SMRAM.
-
-  @param LockBoxParameterRestore  parameter of lock box restore<= br> -**/
-VOID
-SmmLockBoxRestore (
-  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE  *LockBoxParameterRestor= e
-  )
-{
-  EFI_STATUS         &nb= sp;            =     Status;
-  EFI_SMM_LOCK_BOX_PARAMETER_RESTORE  TempLockBoxParameterRestor= e;
-
-  CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore,= sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE));
-
-  //
-  // Sanity check
-  //
-  if (!SmmIsBufferOutsideSmmValid ((UINTN)TempLockBoxParameterRestore= .Buffer, (UINTN)TempLockBoxParameterRestore.Length)) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address i= n SMRAM or buffer overflow!\n"));
-    LockBoxParameterRestore->Header.ReturnStatus =3D (UI= NT64)EFI_ACCESS_DENIED;
-    return;
-  }
-
-  //
-  // Restore data
-  //
-  if ((TempLockBoxParameterRestore.Length =3D=3D 0) && (TempL= ockBoxParameterRestore.Buffer =3D=3D 0)) {
-    Status =3D RestoreLockBox (
-            &n= bsp;  &TempLockBoxParameterRestore.Guid,
-            &n= bsp;  NULL,
-            &n= bsp;  NULL
-            &n= bsp;  );
-  } else {
-    Status =3D RestoreLockBox (
-            &n= bsp;  &TempLockBoxParameterRestore.Guid,
-            &n= bsp;  (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,
-            &n= bsp;  (UINTN *)&TempLockBoxParameterRestore.Length
-            &n= bsp;  );
-    if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D= =3D EFI_SUCCESS)) {
-      //
-      // Return the actual Length value.
-      //
-      LockBoxParameterRestore->Length =3D Temp= LockBoxParameterRestore.Length;
-    }
-  }
-
-  LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status;=
-  return;
-}
-
-/**
-  Dispatch function for SMM lock box restore all in place.
-
-  @param LockBoxParameterRestoreAllInPlace  parameter of lock bo= x restore all in place
-**/
-VOID
-SmmLockBoxRestoreAllInPlace (
-  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE  *LockBoxPa= rameterRestoreAllInPlace
-  )
-{
-  EFI_STATUS  Status;
-
-  Status          &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; =3D RestoreAllLockBoxInPlace ();
-  LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D (UINT= 64)Status;
-  return;
-}
-
-/**
-  Dispatch function for a Software SMI handler.
-
-  Caution: This function may receive untrusted input.
-  Communicate buffer and buffer size are external input, so this func= tion will do basic validation.
-
-  @param DispatchHandle  The unique handle assigned to this hand= ler by SmiHandlerRegister().
-  @param Context         Poin= ts to an optional handler context which was specified when the
-            &n= bsp;            hand= ler was registered.
-  @param CommBuffer      A pointer to a coll= ection of data in memory that will
-            &n= bsp;            be c= onveyed from a non-SMM environment into an SMM environment.
-  @param CommBufferSize  The size of the CommBuffer.
-
-  @retval EFI_SUCCESS Command is handled successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-SmmLockBoxHandler (
-  IN EFI_HANDLE  DispatchHandle,
-  IN CONST VOID  *Context      &nb= sp;  OPTIONAL,
-  IN OUT VOID    *CommBuffer    &n= bsp; OPTIONAL,
-  IN OUT UINTN   *CommBufferSize  OPTIONAL
-  )
-{
-  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  *LockBoxParameterHeader; -  UINTN          &n= bsp;            = ;       TempCommBufferSize;
-
-  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n"= ;));
-
-  //
-  // If input is invalid, stop processing this SMI
-  //
-  if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) {
-    return EFI_SUCCESS;
-  }
-
-  TempCommBufferSize =3D *CommBufferSize;
-
-  //
-  // Sanity check
-  //
-  if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_HEAD= ER)) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Si= ze invalid!\n"));
-    return EFI_SUCCESS;
-  }
-
-  if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferS= ize)) {
-    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in= SMRAM or overflow!\n"));
-    return EFI_SUCCESS;
-  }
-
-  LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER *)((U= INTN)CommBuffer);
-
-  LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1;
-
-  DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n&= quot;, (UINTN)LockBoxParameterHeader));
-
-  DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", (UINTN)L= ockBoxParameterHeader->Command));
-
-  switch (LockBoxParameterHeader->Command) {
-    case EFI_SMM_LOCK_BOX_COMMAND_SAVE:
-      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_SAVE)) {
-        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for SAVE invalid!\n"));
-        break;
-      }
-
-      SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER= _SAVE *)(UINTN)LockBoxParameterHeader);
-      break;
-    case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:
-      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_UPDATE)) {
-        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for UPDATE invalid!\n"));
-        break;
-      }
-
-      SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMET= ER_UPDATE *)(UINTN)LockBoxParameterHeader);
-      break;
-    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:
-      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_RESTORE)) {
-        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for RESTORE invalid!\n"));
-        break;
-      }
-
-      SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAME= TER_RESTORE *)(UINTN)LockBoxParameterHeader);
-      break;
-    case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:
-      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) {
-        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for SET_ATTRIBUTES invalid!\n"));
-        break;
-      }
-
-      SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_= PARAMETER_SET_ATTRIBUTES *)(UINTN)LockBoxParameterHeader);
-      break;
-    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:
-      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) {
-        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for RESTORE_ALL_IN_PLACE invalid!\n"));
-        break;
-      }
-
-      SmmLockBoxRestoreAllInPlace ((EFI_SMM_LOCK_= BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)(UINTN)LockBoxParameterHeader);
-      break;
-    default:
-      DEBUG ((DEBUG_ERROR, "SmmLockBox Comma= nd invalid!\n"));
-      break;
-  }
-
-  LockBoxParameterHeader->Command =3D (UINT32)-1;
-
-  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n"= ));
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Smm Ready To Lock event notification handler.
-
-  It sets a flag indicating that SMRAM has been locked.
-
-  @param[in] Protocol   Points to the protocol's unique ide= ntifier.
-  @param[in] Interface  Points to the interface instance.
-  @param[in] Handle     The handle on which the i= nterface was installed.
-
-  @retval EFI_SUCCESS   Notification handler runs successfu= lly.
- **/
-EFI_STATUS
-EFIAPI
-SmmReadyToLockEventNotify (
-  IN CONST EFI_GUID  *Protocol,
-  IN VOID          =   *Interface,
-  IN EFI_HANDLE      Handle
-  )
-{
-  mLocked =3D TRUE;
-  return EFI_SUCCESS;
+  return SmmIsBufferOutsideSmmValid (Buffer, Length);
 }
 
 /**
@@ -438,6 +102,5 @@ SmmLockBoxEntryPoint (
            &nb= sp;           NULL
            &nb= sp;           );
   ASSERT_EFI_ERROR (Status);
-
   return Status;
 }
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf b/Mde= ModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
index 5081b2d7f2..f279706e90 100644
--- a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
@@ -6,7 +6,7 @@
 #  This external input must be validated carefully to avoid secu= rity issue like
 #  buffer overflow, integer overflow.
 #
-#  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.= <BR>
+#  Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.= <BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -30,6 +30,8 @@
 
 [Sources]
   SmmLockBox.c
+  SmmLockBoxCommon.c
+  SmmLockBoxCommon.h
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c b= /MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c
new file mode 100644
index 0000000000..5c6eae05af
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.c
@@ -0,0 +1,384 @@
+/** @file
+  LockBox SMM/MM driver.
+
+  Caution: This module requires additional review when modified.
+  This driver will have external input - communicate buffer in SMM mo= de.
+  This external input must be validated carefully to avoid security i= ssue like
+  buffer overflow, integer overflow.
+
+  SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), SmmLo= ckBoxSave()
+  will receive untrusted input and do basic validation.
+
+Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR&g= t;
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiSmm.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/LockBoxLib.h>
+
+#include <Protocol/SmmReadyToLock.h>
+#include <Protocol/SmmCommunication.h>
+#include <Protocol/LockBox.h>
+#include <Guid/SmmLockBox.h>
+#include "SmmLockBoxCommon.h"
+
+BOOLEAN  mLocked =3D FALSE;
+
+/**
+  Dispatch function for SMM lock box save.
+
+  Caution: This function may receive untrusted input.
+  Restore buffer and length are external input, so this function will= validate
+  it is in SMRAM.
+
+  @param LockBoxParameterSave  parameter of lock box save
+**/
+VOID
+SmmLockBoxSave (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE  *LockBoxParameterSave
+  )
+{
+  EFI_STATUS         &nb= sp;            = Status;
+  EFI_SMM_LOCK_BOX_PARAMETER_SAVE  TempLockBoxParameterSave;
+
+  //
+  // Sanity check
+  //
+  if (mLocked) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"))= ;
+    LockBoxParameterSave->Header.ReturnStatus =3D (UINT6= 4)EFI_ACCESS_DENIED;
+    return;
+  }
+
+  CopyMem (&TempLockBoxParameterSave, LockBoxParameterSave, sizeo= f (EFI_SMM_LOCK_BOX_PARAMETER_SAVE));
+
+  //
+  // Sanity check
+  //
+  if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterSave.Buffer= , (UINTN)TempLockBoxParameterSave.Length)) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Save address in S= MRAM or buffer overflow!\n"));
+    LockBoxParameterSave->Header.ReturnStatus =3D (UINT6= 4)EFI_ACCESS_DENIED;
+    return;
+  }
+
+  //
+  // The SpeculationBarrier() call here is to ensure the above range = check for
+  // the CommBuffer have been completed before calling into SaveLockB= ox().
+  //
+  SpeculationBarrier ();
+
+  //
+  // Save data
+  //
+  Status =3D SaveLockBox (
+             &= amp;TempLockBoxParameterSave.Guid,
+             (= VOID *)(UINTN)TempLockBoxParameterSave.Buffer,
+             (= UINTN)TempLockBoxParameterSave.Length
+             )= ;
+  LockBoxParameterSave->Header.ReturnStatus =3D (UINT64)Status; +  return;
+}
+
+/**
+  Dispatch function for SMM lock box set attributes.
+
+  @param LockBoxParameterSetAttributes  parameter of lock box se= t attributes
+**/
+VOID
+SmmLockBoxSetAttributes (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES  *LockBoxParamete= rSetAttributes
+  )
+{
+  EFI_STATUS         &nb= sp;            =            Status;
+  EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES  TempLockBoxParamete= rSetAttributes;
+
+  //
+  // Sanity check
+  //
+  if (mLocked) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"))= ;
+    LockBoxParameterSetAttributes->Header.ReturnStatus = =3D (UINT64)EFI_ACCESS_DENIED;
+    return;
+  }
+
+  CopyMem (&TempLockBoxParameterSetAttributes, LockBoxParameterSe= tAttributes, sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES));
+
+  //
+  // Update data
+  //
+  Status =3D SetLockBoxAttributes (
+             &= amp;TempLockBoxParameterSetAttributes.Guid,
+             T= empLockBoxParameterSetAttributes.Attributes
+             )= ;
+  LockBoxParameterSetAttributes->Header.ReturnStatus =3D (UINT64)S= tatus;
+  return;
+}
+
+/**
+  Dispatch function for SMM lock box update.
+
+  Caution: This function may receive untrusted input.
+  Restore buffer and length are external input, so this function will= validate
+  it is in SMRAM.
+
+  @param LockBoxParameterUpdate  parameter of lock box update +**/
+VOID
+SmmLockBoxUpdate (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  *LockBoxParameterUpdate<= br> +  )
+{
+  EFI_STATUS         &nb= sp;            =    Status;
+  EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  TempLockBoxParameterUpdate;=
+
+  //
+  // Sanity check
+  //
+  if (mLocked) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Locked!\n"))= ;
+    LockBoxParameterUpdate->Header.ReturnStatus =3D (UIN= T64)EFI_ACCESS_DENIED;
+    return;
+  }
+
+  CopyMem (&TempLockBoxParameterUpdate, LockBoxParameterUpdate, s= izeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE));
+
+  //
+  // Sanity check
+  //
+  if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterUpdate.Buff= er, (UINTN)TempLockBoxParameterUpdate.Length)) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Update address in= SMRAM or buffer overflow!\n"));
+    LockBoxParameterUpdate->Header.ReturnStatus =3D (UIN= T64)EFI_ACCESS_DENIED;
+    return;
+  }
+
+  //
+  // The SpeculationBarrier() call here is to ensure the above range = check for
+  // the CommBuffer have been completed before calling into UpdateLoc= kBox().
+  //
+  SpeculationBarrier ();
+
+  //
+  // Update data
+  //
+  Status =3D UpdateLockBox (
+             &= amp;TempLockBoxParameterUpdate.Guid,
+             (= UINTN)TempLockBoxParameterUpdate.Offset,
+             (= VOID *)(UINTN)TempLockBoxParameterUpdate.Buffer,
+             (= UINTN)TempLockBoxParameterUpdate.Length
+             )= ;
+  LockBoxParameterUpdate->Header.ReturnStatus =3D (UINT64)Status;<= br> +  return;
+}
+
+/**
+  Dispatch function for SMM lock box restore.
+
+  Caution: This function may receive untrusted input.
+  Restore buffer and length are external input, so this function will= validate
+  it is in SMRAM.
+
+  @param LockBoxParameterRestore  parameter of lock box restore<= br> +**/
+VOID
+SmmLockBoxRestore (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE  *LockBoxParameterRestor= e
+  )
+{
+  EFI_STATUS         &nb= sp;            =     Status;
+  EFI_SMM_LOCK_BOX_PARAMETER_RESTORE  TempLockBoxParameterRestor= e;
+
+  CopyMem (&TempLockBoxParameterRestore, LockBoxParameterRestore,= sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE));
+
+  //
+  // Sanity check
+  //
+  if (!IsBufferOutsideMmValid ((UINTN)TempLockBoxParameterRestore.Buf= fer, (UINTN)TempLockBoxParameterRestore.Length)) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Restore address i= n SMRAM or buffer overflow!\n"));
+    LockBoxParameterRestore->Header.ReturnStatus =3D (UI= NT64)EFI_ACCESS_DENIED;
+    return;
+  }
+
+  //
+  // Restore data
+  //
+  if ((TempLockBoxParameterRestore.Length =3D=3D 0) && (TempL= ockBoxParameterRestore.Buffer =3D=3D 0)) {
+    Status =3D RestoreLockBox (
+            &n= bsp;  &TempLockBoxParameterRestore.Guid,
+            &n= bsp;  NULL,
+            &n= bsp;  NULL
+            &n= bsp;  );
+  } else {
+    Status =3D RestoreLockBox (
+            &n= bsp;  &TempLockBoxParameterRestore.Guid,
+            &n= bsp;  (VOID *)(UINTN)TempLockBoxParameterRestore.Buffer,
+            &n= bsp;  (UINTN *)&TempLockBoxParameterRestore.Length
+            &n= bsp;  );
+    if ((Status =3D=3D EFI_BUFFER_TOO_SMALL) || (Status =3D= =3D EFI_SUCCESS)) {
+      //
+      // Return the actual Length value.
+      //
+      LockBoxParameterRestore->Length =3D Temp= LockBoxParameterRestore.Length;
+    }
+  }
+
+  LockBoxParameterRestore->Header.ReturnStatus =3D (UINT64)Status;=
+  return;
+}
+
+/**
+  Dispatch function for SMM lock box restore all in place.
+
+  @param LockBoxParameterRestoreAllInPlace  parameter of lock bo= x restore all in place
+**/
+VOID
+SmmLockBoxRestoreAllInPlace (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE  *LockBoxPa= rameterRestoreAllInPlace
+  )
+{
+  EFI_STATUS  Status;
+
+  Status          &= nbsp;           &nbs= p;            &= nbsp;           &nbs= p; =3D RestoreAllLockBoxInPlace ();
+  LockBoxParameterRestoreAllInPlace->Header.ReturnStatus =3D (UINT= 64)Status;
+  return;
+}
+
+/**
+  Dispatch function for a Software SMI handler.
+
+  Caution: This function may receive untrusted input.
+  Communicate buffer and buffer size are external input, so this func= tion will do basic validation.
+
+  @param DispatchHandle  The unique handle assigned to this hand= ler by SmiHandlerRegister().
+  @param Context         Poin= ts to an optional handler context which was specified when the
+            &n= bsp;            hand= ler was registered.
+  @param CommBuffer      A pointer to a coll= ection of data in memory that will
+            &n= bsp;            be c= onveyed from a non-SMM environment into an SMM environment.
+  @param CommBufferSize  The size of the CommBuffer.
+
+  @retval EFI_SUCCESS Command is handled successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxHandler (
+  IN EFI_HANDLE  DispatchHandle,
+  IN CONST VOID  *Context      &nb= sp;  OPTIONAL,
+  IN OUT VOID    *CommBuffer    &n= bsp; OPTIONAL,
+  IN OUT UINTN   *CommBufferSize  OPTIONAL
+  )
+{
+  EFI_SMM_LOCK_BOX_PARAMETER_HEADER  *LockBoxParameterHeader; +  UINTN          &n= bsp;            = ;       TempCommBufferSize;
+
+  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Enter\n"= ;));
+
+  //
+  // If input is invalid, stop processing this SMI
+  //
+  if ((CommBuffer =3D=3D NULL) || (CommBufferSize =3D=3D NULL)) {
+    return EFI_SUCCESS;
+  }
+
+  TempCommBufferSize =3D *CommBufferSize;
+
+  //
+  // Sanity check
+  //
+  if (TempCommBufferSize < sizeof (EFI_SMM_LOCK_BOX_PARAMETER_HEAD= ER)) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer Si= ze invalid!\n"));
+    return EFI_SUCCESS;
+  }
+
+  if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)= ) {
+    DEBUG ((DEBUG_ERROR, "SmmLockBox Command Buffer in= SMRAM or overflow!\n"));
+    return EFI_SUCCESS;
+  }
+
+  LockBoxParameterHeader =3D (EFI_SMM_LOCK_BOX_PARAMETER_HEADER *)((U= INTN)CommBuffer);
+
+  LockBoxParameterHeader->ReturnStatus =3D (UINT64)-1;
+
+  DEBUG ((DEBUG_INFO, "SmmLockBox LockBoxParameterHeader - %x\n&= quot;, (UINTN)LockBoxParameterHeader));
+
+  DEBUG ((DEBUG_INFO, "SmmLockBox Command - %x\n", (UINTN)L= ockBoxParameterHeader->Command));
+
+  switch (LockBoxParameterHeader->Command) {
+    case EFI_SMM_LOCK_BOX_COMMAND_SAVE:
+      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_SAVE)) {
+        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for SAVE invalid!\n"));
+        break;
+      }
+
+      SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER= _SAVE *)(UINTN)LockBoxParameterHeader);
+      break;
+    case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:
+      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_UPDATE)) {
+        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for UPDATE invalid!\n"));
+        break;
+      }
+
+      SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMET= ER_UPDATE *)(UINTN)LockBoxParameterHeader);
+      break;
+    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:
+      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_RESTORE)) {
+        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for RESTORE invalid!\n"));
+        break;
+      }
+
+      SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAME= TER_RESTORE *)(UINTN)LockBoxParameterHeader);
+      break;
+    case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:
+      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_SET_ATTRIBUTES)) {
+        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for SET_ATTRIBUTES invalid!\n"));
+        break;
+      }
+
+      SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_= PARAMETER_SET_ATTRIBUTES *)(UINTN)LockBoxParameterHeader);
+      break;
+    case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:
+      if (TempCommBufferSize < sizeof (EFI_SMM= _LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)) {
+        DEBUG ((DEBUG_ERROR, "SmmL= ockBox Command Buffer Size for RESTORE_ALL_IN_PLACE invalid!\n"));
+        break;
+      }
+
+      SmmLockBoxRestoreAllInPlace ((EFI_SMM_LOCK_= BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)(UINTN)LockBoxParameterHeader);
+      break;
+    default:
+      DEBUG ((DEBUG_ERROR, "SmmLockBox Comma= nd invalid!\n"));
+      break;
+  }
+
+  LockBoxParameterHeader->Command =3D (UINT32)-1;
+
+  DEBUG ((DEBUG_INFO, "SmmLockBox SmmLockBoxHandler Exit\n"= ));
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Smm Ready To Lock event notification handler.
+
+  It sets a flag indicating that SMRAM has been locked.
+
+  @param[in] Protocol   Points to the protocol's unique ide= ntifier.
+  @param[in] Interface  Points to the interface instance.
+  @param[in] Handle     The handle on which the i= nterface was installed.
+
+  @retval EFI_SUCCESS   Notification handler runs successfu= lly.
+ **/
+EFI_STATUS
+EFIAPI
+SmmReadyToLockEventNotify (
+  IN CONST EFI_GUID  *Protocol,
+  IN VOID          =   *Interface,
+  IN EFI_HANDLE      Handle
+  )
+{
+  mLocked =3D TRUE;
+  return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h b= /MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h
new file mode 100644
index 0000000000..2205c4fb3b
--- /dev/null
+++ b/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBoxCommon.h
@@ -0,0 +1,148 @@
+/** @file
+  LockBox SMM/MM driver.
+
+  Caution: This module requires additional review when modified.
+  This driver will have external input - communicate buffer in SMM mo= de.
+  This external input must be validated carefully to avoid security i= ssue like
+  buffer overflow, integer overflow.
+
+  SmmLockBoxHandler(), SmmLockBoxRestore(), SmmLockBoxUpdate(), SmmLo= ckBoxSave()
+  will receive untrusted input and do basic validation.
+
+Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR&g= t;
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiSmm.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/LockBoxLib.h>
+
+#include <Protocol/SmmReadyToLock.h>
+#include <Protocol/SmmCommunication.h>
+#include <Protocol/LockBox.h>
+#include <Guid/SmmLockBox.h>
+
+/**
+  This function is an abstraction layer for implementation specific M= m buffer validation routine.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid per processor architecture = and not overlap with SMRAM.
+  @retval FALSE This buffer is not valid per processor architecture o= r overlap with SMRAM.
+**/
+BOOLEAN
+IsBufferOutsideMmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64         &nbs= p;      Length
+  );
+
+/**
+  Dispatch function for SMM lock box save.
+
+  Caution: This function may receive untrusted input.
+  Restore buffer and length are external input, so this function will= validate
+  it is in SMRAM.
+
+  @param LockBoxParameterSave  parameter of lock box save
+**/
+VOID
+SmmLockBoxSave (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE  *LockBoxParameterSave
+  );
+
+/**
+  Dispatch function for SMM lock box set attributes.
+
+  @param LockBoxParameterSetAttributes  parameter of lock box se= t attributes
+**/
+VOID
+SmmLockBoxSetAttributes (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES  *LockBoxParamete= rSetAttributes
+  );
+
+/**
+  Dispatch function for SMM lock box update.
+
+  Caution: This function may receive untrusted input.
+  Restore buffer and length are external input, so this function will= validate
+  it is in SMRAM.
+
+  @param LockBoxParameterUpdate  parameter of lock box update +**/
+VOID
+SmmLockBoxUpdate (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE  *LockBoxParameterUpdate<= br> +  );
+
+/**
+  Dispatch function for SMM lock box restore.
+
+  Caution: This function may receive untrusted input.
+  Restore buffer and length are external input, so this function will= validate
+  it is in SMRAM.
+
+  @param LockBoxParameterRestore  parameter of lock box restore<= br> +**/
+VOID
+SmmLockBoxRestore (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE  *LockBoxParameterRestor= e
+  );
+
+/**
+  Dispatch function for SMM lock box restore all in place.
+
+  @param LockBoxParameterRestoreAllInPlace  parameter of lock bo= x restore all in place
+**/
+VOID
+SmmLockBoxRestoreAllInPlace (
+  IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE  *LockBoxPa= rameterRestoreAllInPlace
+  );
+
+/**
+  Dispatch function for a Software SMI handler.
+
+  Caution: This function may receive untrusted input.
+  Communicate buffer and buffer size are external input, so this func= tion will do basic validation.
+
+  @param DispatchHandle  The unique handle assigned to this hand= ler by SmiHandlerRegister().
+  @param Context         Poin= ts to an optional handler context which was specified when the
+            &n= bsp;            hand= ler was registered.
+  @param CommBuffer      A pointer to a coll= ection of data in memory that will
+            &n= bsp;            be c= onveyed from a non-SMM environment into an SMM environment.
+  @param CommBufferSize  The size of the CommBuffer.
+
+  @retval EFI_SUCCESS Command is handled successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+SmmLockBoxHandler (
+  IN EFI_HANDLE  DispatchHandle,
+  IN CONST VOID  *Context      &nb= sp;  OPTIONAL,
+  IN OUT VOID    *CommBuffer    &n= bsp; OPTIONAL,
+  IN OUT UINTN   *CommBufferSize  OPTIONAL
+  );
+
+/**
+  Smm Ready To Lock event notification handler.
+
+  It sets a flag indicating that SMRAM has been locked.
+
+  @param[in] Protocol   Points to the protocol's unique ide= ntifier.
+  @param[in] Interface  Points to the interface instance.
+  @param[in] Handle     The handle on which the i= nterface was installed.
+
+  @retval EFI_SUCCESS   Notification handler runs successfu= lly.
+ **/
+EFI_STATUS
+EFIAPI
+SmmReadyToLockEventNotify (
+  IN CONST EFI_GUID  *Protocol,
+  IN VOID          =   *Interface,
+  IN EFI_HANDLE      Handle
+  );
--
2.39.1.windows.1

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#118654) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--_000_MN6PR11MB82449FCF1C86F7CBD27856AE8CE52MN6PR11MB8244namp_--