public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
@ 2021-08-24  2:28 Qi Zhang
  2021-08-26  1:24 ` Yao, Jiewen
  2021-08-27 13:44 ` Yao, Jiewen
  0 siblings, 2 replies; 4+ messages in thread
From: Qi Zhang @ 2021-08-24  2:28 UTC (permalink / raw)
  To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar, Ray Ni

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583

TcgMorLockSmm is only for secure MOR V1.
VariableSmm covers secure MOR V1 and V2.

Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
---
 SecurityPkg/SecurityPkg.dsc                   |   1 -
 .../TcgMorLock.c                              | 191 ------------------
 .../TcgMorLock.h                              | 131 ------------
 .../TcgMorLock.uni                            |  16 --
 .../TcgMorLockExtra.uni                       |  14 --
 .../TcgMorLockSmm.c                           | 152 --------------
 .../TcgMorLockSmm.inf                         |  65 ------
 7 files changed, 570 deletions(-)
 delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
 delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
 delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
 delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
 delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
 delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 64157e20f9..7898fe4282 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -338,7 +338,6 @@
 
 [Components.IA32, Components.X64]
 
-  SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
   SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
   SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
   SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
deleted file mode 100644
index aa230eeefa..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/** @file
-  TCG MOR (Memory Overwrite Request) Lock Control Driver.
-
-  This driver initializes MemoryOverwriteRequestControlLock variable.
-  This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <PiDxe.h>
-#include <Guid/MemoryOverwriteControl.h>
-#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include "TcgMorLock.h"
-
-typedef struct {
-  CHAR16                                 *VariableName;
-  EFI_GUID                               *VendorGuid;
-} VARIABLE_TYPE;
-
-VARIABLE_TYPE  mMorVariableType[] = {
-  {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,      &gEfiMemoryOverwriteControlDataGuid},
-  {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,  &gEfiMemoryOverwriteRequestControlLockGuid},
-};
-
-/**
-  Returns if this is MOR related variable.
-
-  @param  VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-
-  @retval  TRUE            The variable is MOR related.
-  @retval  FALSE           The variable is NOT MOR related.
-**/
-BOOLEAN
-IsAnyMorVariable (
-  IN CHAR16                                 *VariableName,
-  IN EFI_GUID                               *VendorGuid
-  )
-{
-  UINTN   Index;
-
-  for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
-    if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
-        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
-      return TRUE;
-    }
-  }
-  return FALSE;
-}
-
-/**
-  Returns if this is MOR lock variable.
-
-  @param  VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-
-  @retval  TRUE            The variable is MOR lock variable.
-  @retval  FALSE           The variable is NOT MOR lock variable.
-**/
-BOOLEAN
-IsMorLockVariable (
-  IN CHAR16                                 *VariableName,
-  IN EFI_GUID                               *VendorGuid
-  )
-{
-  if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
-      (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
-    return TRUE;
-  }
-  return FALSE;
-}
-
-/**
-  This service is a checker handler for the UEFI Runtime Service SetVariable()
-
-  @param  VariableName the name of the vendor's variable, as a
-                       Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-  @param  Attributes   Point to memory location to return the attributes of variable. If the point
-                       is NULL, the parameter would be ignored.
-  @param  DataSize     The size in bytes of Data-Buffer.
-  @param  Data         Point to the content of the variable.
-
-  @retval  EFI_SUCCESS            The firmware has successfully stored the variable and its data as
-                                  defined by the Attributes.
-  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was supplied, or the
-                                  DataSize exceeds the maximum allowed.
-  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
-  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the variable and its data.
-  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
-  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
-  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
-                                  set but the AuthInfo does NOT pass the validation check carried
-                                  out by the firmware.
-  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-SetVariableCheckHandlerMor (
-  IN CHAR16     *VariableName,
-  IN EFI_GUID   *VendorGuid,
-  IN UINT32     Attributes,
-  IN UINTN      DataSize,
-  IN VOID       *Data
-  )
-{
-  UINTN       MorLockDataSize;
-  BOOLEAN     MorLock;
-  EFI_STATUS  Status;
-
-  //
-  // do not handle non-MOR variable
-  //
-  if (!IsAnyMorVariable (VariableName, VendorGuid)) {
-    return EFI_SUCCESS;
-  }
-
-  MorLockDataSize = sizeof(MorLock);
-  Status = InternalGetVariable (
-             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
-             &gEfiMemoryOverwriteRequestControlLockGuid,
-             NULL,
-             &MorLockDataSize,
-             &MorLock
-             );
-  if (!EFI_ERROR (Status) && MorLock) {
-    //
-    // If lock, deny access
-    //
-    return EFI_INVALID_PARAMETER;
-  }
-
-  //
-  // Delete not OK
-  //
-  if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  //
-  // check format
-  //
-  if (IsMorLockVariable(VariableName, VendorGuid)) {
-    //
-    // set to any other value not OK
-    //
-    if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
-      return EFI_INVALID_PARAMETER;
-    }
-  }
-  //
-  // Or grant access
-  //
-  return EFI_SUCCESS;
-}
-
-/**
-  Entry Point for MOR Lock Control driver.
-
-  @param[in] ImageHandle  Image handle of this driver.
-  @param[in] SystemTable  A Pointer to the EFI System Table.
-
-  @retval EFI_SUCCESS
-  @return Others          Some error occurs.
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverInit (
-  VOID
-  )
-{
-  EFI_STATUS  Status;
-  UINT8       Data;
-
-  Data = 0;
-  Status = InternalSetVariable (
-             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
-             &gEfiMemoryOverwriteRequestControlLockGuid,
-             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
-             1,
-             &Data
-             );
-  return Status;
-}
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
deleted file mode 100644
index 5a6658c158..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/** @file
-   TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _EFI_TCG_MOR_LOCK_H_
-#define _EFI_TCG_MOR_LOCK_H_
-
-/**
-  This service is a wrapper for the UEFI Runtime Service GetVariable().
-
-  @param  VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-  @param  Attributes   Point to memory location to return the attributes of variable. If the point
-                       is NULL, the parameter would be ignored.
-  @param  DataSize     As input, point to the maximum size of return Data-Buffer.
-                       As output, point to the actual size of the returned Data-Buffer.
-  @param  Data         Point to return Data-Buffer.
-
-  @retval  EFI_SUCCESS            The function completed successfully.
-  @retval  EFI_NOT_FOUND          The variable was not found.
-  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result. DataSize has
-                                  been updated with the size needed to complete the request.
-  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
-  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
-  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
-  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and Data is NULL.
-  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due to a hardware error.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
-**/
-EFI_STATUS
-EFIAPI
-InternalGetVariable (
-  IN      CHAR16                   *VariableName,
-  IN      EFI_GUID                 *VendorGuid,
-  OUT     UINT32                   *Attributes OPTIONAL,
-  IN OUT  UINTN                    *DataSize,
-  OUT     VOID                     *Data
-  );
-
-/**
-  This service is a wrapper for the UEFI Runtime Service SetVariable()
-
-  @param  VariableName the name of the vendor's variable, as a
-                       Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-  @param  Attributes   Point to memory location to return the attributes of variable. If the point
-                       is NULL, the parameter would be ignored.
-  @param  DataSize     The size in bytes of Data-Buffer.
-  @param  Data         Point to the content of the variable.
-
-  @retval  EFI_SUCCESS            The firmware has successfully stored the variable and its data as
-                                  defined by the Attributes.
-  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was supplied, or the
-                                  DataSize exceeds the maximum allowed.
-  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
-  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the variable and its data.
-  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
-  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
-  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
-                                  set but the AuthInfo does NOT pass the validation check carried
-                                  out by the firmware.
-  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalSetVariable (
-  IN CHAR16                       *VariableName,
-  IN EFI_GUID                     *VendorGuid,
-  IN UINT32                       Attributes,
-  IN UINTN                        DataSize,
-  IN VOID                         *Data
-  );
-
-/**
-  This service is a checker handler for the UEFI Runtime Service SetVariable()
-
-  @param  VariableName the name of the vendor's variable, as a
-                       Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-  @param  Attributes   Point to memory location to return the attributes of variable. If the point
-                       is NULL, the parameter would be ignored.
-  @param  DataSize     The size in bytes of Data-Buffer.
-  @param  Data         Point to the content of the variable.
-
-  @retval  EFI_SUCCESS            The firmware has successfully stored the variable and its data as
-                                  defined by the Attributes.
-  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was supplied, or the
-                                  DataSize exceeds the maximum allowed.
-  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
-  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the variable and its data.
-  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
-  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
-  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
-                                  set but the AuthInfo does NOT pass the validation check carried
-                                  out by the firmware.
-  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-SetVariableCheckHandlerMor (
-  IN CHAR16     *VariableName,
-  IN EFI_GUID   *VendorGuid,
-  IN UINT32     Attributes,
-  IN UINTN      DataSize,
-  IN VOID       *Data
-  );
-
-/**
-  Entry Point for MOR Lock Control driver.
-
-  @param[in] ImageHandle  Image handle of this driver.
-  @param[in] SystemTable  A Pointer to the EFI System Table.
-
-  @retval EFI_SUCCESS
-  @return Others          Some error occurs.
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverInit (
-  VOID
-  );
-
-#endif
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
deleted file mode 100644
index 711b37d866..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
+++ /dev/null
@@ -1,16 +0,0 @@
-// /** @file
-// Initializes MemoryOverwriteRequestControlLock variable
-//
-// This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-//
-// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT             #language en-US "Initializes MemoryOverwriteRequestControlLock variable"
-
-#string STR_MODULE_DESCRIPTION          #language en-US "This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once."
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
deleted file mode 100644
index 2679c08c86..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
+++ /dev/null
@@ -1,14 +0,0 @@
-// /** @file
-// TcgMorLock Localized Strings and Content
-//
-// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TCG (Trusted Computing Group) MOR Lock"
-
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
deleted file mode 100644
index 8c92317313..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/** @file
-   TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <PiSmm.h>
-#include <Library/SmmServicesTableLib.h>
-#include <Library/DebugLib.h>
-#include <Protocol/SmmVarCheck.h>
-#include <Protocol/SmmVariable.h>
-#include "TcgMorLock.h"
-
-EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
-
-/**
-  This service is a wrapper for the UEFI Runtime Service GetVariable().
-
-  @param  VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-  @param  Attributes   Point to memory location to return the attributes of variable. If the point
-                       is NULL, the parameter would be ignored.
-  @param  DataSize     As input, point to the maximum size of return Data-Buffer.
-                       As output, point to the actual size of the returned Data-Buffer.
-  @param  Data         Point to return Data-Buffer.
-
-  @retval  EFI_SUCCESS            The function completed successfully.
-  @retval  EFI_NOT_FOUND          The variable was not found.
-  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result. DataSize has
-                                  been updated with the size needed to complete the request.
-  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
-  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
-  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
-  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and Data is NULL.
-  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due to a hardware error.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
-**/
-EFI_STATUS
-EFIAPI
-InternalGetVariable (
-  IN      CHAR16                   *VariableName,
-  IN      EFI_GUID                 *VendorGuid,
-  OUT     UINT32                   *Attributes OPTIONAL,
-  IN OUT  UINTN                    *DataSize,
-  OUT     VOID                     *Data
-  )
-{
-  return mSmmVariable->SmmGetVariable (
-                         VariableName,
-                         VendorGuid,
-                         Attributes,
-                         DataSize,
-                         Data
-                         );
-}
-
-/**
-  This service is a wrapper for the UEFI Runtime Service SetVariable()
-
-  @param  VariableName the name of the vendor's variable, as a
-                       Null-Terminated Unicode String
-  @param  VendorGuid   Unify identifier for vendor.
-  @param  Attributes   Point to memory location to return the attributes of variable. If the point
-                       is NULL, the parameter would be ignored.
-  @param  DataSize     The size in bytes of Data-Buffer.
-  @param  Data         Point to the content of the variable.
-
-  @retval  EFI_SUCCESS            The firmware has successfully stored the variable and its data as
-                                  defined by the Attributes.
-  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits was supplied, or the
-                                  DataSize exceeds the maximum allowed.
-  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
-  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold the variable and its data.
-  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a hardware failure.
-  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
-  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
-  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
-                                  set but the AuthInfo does NOT pass the validation check carried
-                                  out by the firmware.
-  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalSetVariable (
-  IN CHAR16                       *VariableName,
-  IN EFI_GUID                     *VendorGuid,
-  IN UINT32                       Attributes,
-  IN UINTN                        DataSize,
-  IN VOID                         *Data
-  )
-{
-  return mSmmVariable->SmmSetVariable (
-                         VariableName,
-                         VendorGuid,
-                         Attributes,
-                         DataSize,
-                         Data
-                         );
-}
-
-/**
-  Entry Point for MOR Lock Control driver.
-
-  @param[in] ImageHandle    The firmware allocated handle for the EFI image.
-  @param[in] SystemTable    A pointer to the EFI System Table.
-
-  @retval EFI_SUCCESS       EntryPoint runs successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverEntryPointSmm (
-  IN EFI_HANDLE         ImageHandle,
-  IN EFI_SYSTEM_TABLE   *SystemTable
-  )
-{
-  EFI_STATUS                    Status;
-  EDKII_SMM_VAR_CHECK_PROTOCOL  *SmmVarCheck;
-
-  //
-  // This driver link to Smm Variable driver
-  //
-  DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
-
-  Status = gSmst->SmmLocateProtocol (
-                  &gEfiSmmVariableProtocolGuid,
-                  NULL,
-                  (VOID **) &mSmmVariable
-                  );
-  ASSERT_EFI_ERROR (Status);
-
-  Status = gSmst->SmmLocateProtocol (
-                  &gEdkiiSmmVarCheckProtocolGuid,
-                  NULL,
-                  (VOID **) &SmmVarCheck
-                  );
-  ASSERT_EFI_ERROR (Status);
-
-  Status = MorLockDriverInit ();
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler (SetVariableCheckHandlerMor);
-  ASSERT_EFI_ERROR (Status);
-
-  return Status;
-}
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
deleted file mode 100644
index 875c1e5f3a..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+++ /dev/null
@@ -1,65 +0,0 @@
-## @file
-#  Initializes MemoryOverwriteRequestControlLock variable
-#
-#  This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-#
-#  NOTE: This module only handles secure MOR V1 and is deprecated.
-#  The secure MOR V2 is handled inside of variable driver.
-#
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
-  INF_VERSION                    = 0x00010005
-  BASE_NAME                      = TcgMorLockSmm
-  MODULE_UNI_FILE                = TcgMorLock.uni
-  FILE_GUID                      = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
-  MODULE_TYPE                    = DXE_SMM_DRIVER
-  VERSION_STRING                 = 1.0
-  PI_SPECIFICATION_VERSION       = 0x0001000A
-  ENTRY_POINT                    = MorLockDriverEntryPointSmm
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-#  VALID_ARCHITECTURES           = IA32 X64 EBC
-#
-
-[Sources]
-  TcgMorLock.h
-  TcgMorLock.c
-  TcgMorLockSmm.c
-
-[Packages]
-  MdePkg/MdePkg.dec
-  MdeModulePkg/MdeModulePkg.dec
-  SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
-  UefiDriverEntryPoint
-  SmmServicesTableLib
-  DebugLib
-  BaseLib
-  BaseMemoryLib
-
-[Guids]
-  ## SOMETIMES_CONSUMES      ## Variable:L"MemoryOverwriteRequestControl"
-  gEfiMemoryOverwriteControlDataGuid
-
-  ## SOMETIMES_CONSUMES      ## Variable:L"MemoryOverwriteRequestControlLock"
-  ## PRODUCES                ## Variable:L"MemoryOverwriteRequestControlLock"
-  gEfiMemoryOverwriteRequestControlLockGuid
-
-[Protocols]
-  gEdkiiSmmVarCheckProtocolGuid           ## CONSUMES
-  gEfiSmmVariableProtocolGuid             ## CONSUMES
-
-[Depex]
-  gEfiSmmVariableProtocolGuid AND
-  gSmmVariableWriteGuid AND
-  ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
-
-[UserExtensions.TianoCore."ExtraFiles"]
-  TcgMorLockExtra.uni
-- 
2.26.2.windows.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
  2021-08-24  2:28 [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver Qi Zhang
@ 2021-08-26  1:24 ` Yao, Jiewen
  2021-08-27 13:44 ` Yao, Jiewen
  1 sibling, 0 replies; 4+ messages in thread
From: Yao, Jiewen @ 2021-08-26  1:24 UTC (permalink / raw)
  To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Kumar, Rahul1, Ni, Ray

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 24, 2021 10:28 AM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
> 
> TcgMorLockSmm is only for secure MOR V1.
> VariableSmm covers secure MOR V1 and V2.
> 
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
>  SecurityPkg/SecurityPkg.dsc                   |   1 -
>  .../TcgMorLock.c                              | 191 ------------------
>  .../TcgMorLock.h                              | 131 ------------
>  .../TcgMorLock.uni                            |  16 --
>  .../TcgMorLockExtra.uni                       |  14 --
>  .../TcgMorLockSmm.c                           | 152 --------------
>  .../TcgMorLockSmm.inf                         |  65 ------
>  7 files changed, 570 deletions(-)
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> 
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 64157e20f9..7898fe4282 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -338,7 +338,6 @@
> 
> 
>  [Components.IA32, Components.X64]
> 
> 
> 
> -  SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> 
>    SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
> 
>    SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
> 
>    SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> deleted file mode 100644
> index aa230eeefa..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> +++ /dev/null
> @@ -1,191 +0,0 @@
> -/** @file
> 
> -  TCG MOR (Memory Overwrite Request) Lock Control Driver.
> 
> -
> 
> -  This driver initializes MemoryOverwriteRequestControlLock variable.
> 
> -  This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
> 
> -
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include <PiDxe.h>
> 
> -#include <Guid/MemoryOverwriteControl.h>
> 
> -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
> 
> -#include <Library/DebugLib.h>
> 
> -#include <Library/BaseLib.h>
> 
> -#include <Library/BaseMemoryLib.h>
> 
> -#include "TcgMorLock.h"
> 
> -
> 
> -typedef struct {
> 
> -  CHAR16                                 *VariableName;
> 
> -  EFI_GUID                               *VendorGuid;
> 
> -} VARIABLE_TYPE;
> 
> -
> 
> -VARIABLE_TYPE  mMorVariableType[] = {
> 
> -  {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
> &gEfiMemoryOverwriteControlDataGuid},
> 
> -  {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> &gEfiMemoryOverwriteRequestControlLockGuid},
> 
> -};
> 
> -
> 
> -/**
> 
> -  Returns if this is MOR related variable.
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -
> 
> -  @retval  TRUE            The variable is MOR related.
> 
> -  @retval  FALSE           The variable is NOT MOR related.
> 
> -**/
> 
> -BOOLEAN
> 
> -IsAnyMorVariable (
> 
> -  IN CHAR16                                 *VariableName,
> 
> -  IN EFI_GUID                               *VendorGuid
> 
> -  )
> 
> -{
> 
> -  UINTN   Index;
> 
> -
> 
> -  for (Index = 0; Index <
> sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
> 
> -    if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0)
> &&
> 
> -        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
> 
> -      return TRUE;
> 
> -    }
> 
> -  }
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Returns if this is MOR lock variable.
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -
> 
> -  @retval  TRUE            The variable is MOR lock variable.
> 
> -  @retval  FALSE           The variable is NOT MOR lock variable.
> 
> -**/
> 
> -BOOLEAN
> 
> -IsMorLockVariable (
> 
> -  IN CHAR16                                 *VariableName,
> 
> -  IN EFI_GUID                               *VendorGuid
> 
> -  )
> 
> -{
> 
> -  if ((StrCmp (VariableName,
> MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
> 
> -      (CompareGuid (VendorGuid,
> &gEfiMemoryOverwriteRequestControlLockGuid))) {
> 
> -    return TRUE;
> 
> -  }
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  This service is a checker handler for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -SetVariableCheckHandlerMor (
> 
> -  IN CHAR16     *VariableName,
> 
> -  IN EFI_GUID   *VendorGuid,
> 
> -  IN UINT32     Attributes,
> 
> -  IN UINTN      DataSize,
> 
> -  IN VOID       *Data
> 
> -  )
> 
> -{
> 
> -  UINTN       MorLockDataSize;
> 
> -  BOOLEAN     MorLock;
> 
> -  EFI_STATUS  Status;
> 
> -
> 
> -  //
> 
> -  // do not handle non-MOR variable
> 
> -  //
> 
> -  if (!IsAnyMorVariable (VariableName, VendorGuid)) {
> 
> -    return EFI_SUCCESS;
> 
> -  }
> 
> -
> 
> -  MorLockDataSize = sizeof(MorLock);
> 
> -  Status = InternalGetVariable (
> 
> -             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> 
> -             &gEfiMemoryOverwriteRequestControlLockGuid,
> 
> -             NULL,
> 
> -             &MorLockDataSize,
> 
> -             &MorLock
> 
> -             );
> 
> -  if (!EFI_ERROR (Status) && MorLock) {
> 
> -    //
> 
> -    // If lock, deny access
> 
> -    //
> 
> -    return EFI_INVALID_PARAMETER;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // Delete not OK
> 
> -  //
> 
> -  if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
> 
> -    return EFI_INVALID_PARAMETER;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // check format
> 
> -  //
> 
> -  if (IsMorLockVariable(VariableName, VendorGuid)) {
> 
> -    //
> 
> -    // set to any other value not OK
> 
> -    //
> 
> -    if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
> 
> -      return EFI_INVALID_PARAMETER;
> 
> -    }
> 
> -  }
> 
> -  //
> 
> -  // Or grant access
> 
> -  //
> 
> -  return EFI_SUCCESS;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Entry Point for MOR Lock Control driver.
> 
> -
> 
> -  @param[in] ImageHandle  Image handle of this driver.
> 
> -  @param[in] SystemTable  A Pointer to the EFI System Table.
> 
> -
> 
> -  @retval EFI_SUCCESS
> 
> -  @return Others          Some error occurs.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -MorLockDriverInit (
> 
> -  VOID
> 
> -  )
> 
> -{
> 
> -  EFI_STATUS  Status;
> 
> -  UINT8       Data;
> 
> -
> 
> -  Data = 0;
> 
> -  Status = InternalSetVariable (
> 
> -             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> 
> -             &gEfiMemoryOverwriteRequestControlLockGuid,
> 
> -             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
> | EFI_VARIABLE_RUNTIME_ACCESS,
> 
> -             1,
> 
> -             &Data
> 
> -             );
> 
> -  return Status;
> 
> -}
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> deleted file mode 100644
> index 5a6658c158..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> +++ /dev/null
> @@ -1,131 +0,0 @@
> -/** @file
> 
> -   TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
> 
> -
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#ifndef _EFI_TCG_MOR_LOCK_H_
> 
> -#define _EFI_TCG_MOR_LOCK_H_
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service GetVariable().
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     As input, point to the maximum size of return Data-Buffer.
> 
> -                       As output, point to the actual size of the returned Data-Buffer.
> 
> -  @param  Data         Point to return Data-Buffer.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The function completed successfully.
> 
> -  @retval  EFI_NOT_FOUND          The variable was not found.
> 
> -  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result.
> DataSize has
> 
> -                                  been updated with the size needed to complete the request.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and Data is
> NULL.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due to a
> hardware error.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalGetVariable (
> 
> -  IN      CHAR16                   *VariableName,
> 
> -  IN      EFI_GUID                 *VendorGuid,
> 
> -  OUT     UINT32                   *Attributes OPTIONAL,
> 
> -  IN OUT  UINTN                    *DataSize,
> 
> -  OUT     VOID                     *Data
> 
> -  );
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalSetVariable (
> 
> -  IN CHAR16                       *VariableName,
> 
> -  IN EFI_GUID                     *VendorGuid,
> 
> -  IN UINT32                       Attributes,
> 
> -  IN UINTN                        DataSize,
> 
> -  IN VOID                         *Data
> 
> -  );
> 
> -
> 
> -/**
> 
> -  This service is a checker handler for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -SetVariableCheckHandlerMor (
> 
> -  IN CHAR16     *VariableName,
> 
> -  IN EFI_GUID   *VendorGuid,
> 
> -  IN UINT32     Attributes,
> 
> -  IN UINTN      DataSize,
> 
> -  IN VOID       *Data
> 
> -  );
> 
> -
> 
> -/**
> 
> -  Entry Point for MOR Lock Control driver.
> 
> -
> 
> -  @param[in] ImageHandle  Image handle of this driver.
> 
> -  @param[in] SystemTable  A Pointer to the EFI System Table.
> 
> -
> 
> -  @retval EFI_SUCCESS
> 
> -  @return Others          Some error occurs.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -MorLockDriverInit (
> 
> -  VOID
> 
> -  );
> 
> -
> 
> -#endif
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> deleted file mode 100644
> index 711b37d866..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -// /** @file
> 
> -// Initializes MemoryOverwriteRequestControlLock variable
> 
> -//
> 
> -// This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
> 
> -//
> 
> -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> 
> -//
> 
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -//
> 
> -// **/
> 
> -
> 
> -
> 
> -#string STR_MODULE_ABSTRACT             #language en-US "Initializes
> MemoryOverwriteRequestControlLock variable"
> 
> -
> 
> -#string STR_MODULE_DESCRIPTION          #language en-US "This module will
> add Variable Hook and allow MemoryOverwriteRequestControlLock variable set
> only once."
> 
> -
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> deleted file mode 100644
> index 2679c08c86..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -// /** @file
> 
> -// TcgMorLock Localized Strings and Content
> 
> -//
> 
> -// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -//
> 
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -//
> 
> -// **/
> 
> -
> 
> -#string STR_PROPERTIES_MODULE_NAME
> 
> -#language en-US
> 
> -"TCG (Trusted Computing Group) MOR Lock"
> 
> -
> 
> -
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> deleted file mode 100644
> index 8c92317313..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> +++ /dev/null
> @@ -1,152 +0,0 @@
> -/** @file
> 
> -   TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
> 
> -
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include <PiSmm.h>
> 
> -#include <Library/SmmServicesTableLib.h>
> 
> -#include <Library/DebugLib.h>
> 
> -#include <Protocol/SmmVarCheck.h>
> 
> -#include <Protocol/SmmVariable.h>
> 
> -#include "TcgMorLock.h"
> 
> -
> 
> -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service GetVariable().
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     As input, point to the maximum size of return Data-Buffer.
> 
> -                       As output, point to the actual size of the returned Data-Buffer.
> 
> -  @param  Data         Point to return Data-Buffer.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The function completed successfully.
> 
> -  @retval  EFI_NOT_FOUND          The variable was not found.
> 
> -  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result.
> DataSize has
> 
> -                                  been updated with the size needed to complete the request.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and Data is
> NULL.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due to a
> hardware error.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalGetVariable (
> 
> -  IN      CHAR16                   *VariableName,
> 
> -  IN      EFI_GUID                 *VendorGuid,
> 
> -  OUT     UINT32                   *Attributes OPTIONAL,
> 
> -  IN OUT  UINTN                    *DataSize,
> 
> -  OUT     VOID                     *Data
> 
> -  )
> 
> -{
> 
> -  return mSmmVariable->SmmGetVariable (
> 
> -                         VariableName,
> 
> -                         VendorGuid,
> 
> -                         Attributes,
> 
> -                         DataSize,
> 
> -                         Data
> 
> -                         );
> 
> -}
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalSetVariable (
> 
> -  IN CHAR16                       *VariableName,
> 
> -  IN EFI_GUID                     *VendorGuid,
> 
> -  IN UINT32                       Attributes,
> 
> -  IN UINTN                        DataSize,
> 
> -  IN VOID                         *Data
> 
> -  )
> 
> -{
> 
> -  return mSmmVariable->SmmSetVariable (
> 
> -                         VariableName,
> 
> -                         VendorGuid,
> 
> -                         Attributes,
> 
> -                         DataSize,
> 
> -                         Data
> 
> -                         );
> 
> -}
> 
> -
> 
> -/**
> 
> -  Entry Point for MOR Lock Control driver.
> 
> -
> 
> -  @param[in] ImageHandle    The firmware allocated handle for the EFI image.
> 
> -  @param[in] SystemTable    A pointer to the EFI System Table.
> 
> -
> 
> -  @retval EFI_SUCCESS       EntryPoint runs successfully.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -MorLockDriverEntryPointSmm (
> 
> -  IN EFI_HANDLE         ImageHandle,
> 
> -  IN EFI_SYSTEM_TABLE   *SystemTable
> 
> -  )
> 
> -{
> 
> -  EFI_STATUS                    Status;
> 
> -  EDKII_SMM_VAR_CHECK_PROTOCOL  *SmmVarCheck;
> 
> -
> 
> -  //
> 
> -  // This driver link to Smm Variable driver
> 
> -  //
> 
> -  DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
> 
> -
> 
> -  Status = gSmst->SmmLocateProtocol (
> 
> -                  &gEfiSmmVariableProtocolGuid,
> 
> -                  NULL,
> 
> -                  (VOID **) &mSmmVariable
> 
> -                  );
> 
> -  ASSERT_EFI_ERROR (Status);
> 
> -
> 
> -  Status = gSmst->SmmLocateProtocol (
> 
> -                  &gEdkiiSmmVarCheckProtocolGuid,
> 
> -                  NULL,
> 
> -                  (VOID **) &SmmVarCheck
> 
> -                  );
> 
> -  ASSERT_EFI_ERROR (Status);
> 
> -
> 
> -  Status = MorLockDriverInit ();
> 
> -  if (EFI_ERROR (Status)) {
> 
> -    return Status;
> 
> -  }
> 
> -
> 
> -  Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler
> (SetVariableCheckHandlerMor);
> 
> -  ASSERT_EFI_ERROR (Status);
> 
> -
> 
> -  return Status;
> 
> -}
> 
> -
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> deleted file mode 100644
> index 875c1e5f3a..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> +++ /dev/null
> @@ -1,65 +0,0 @@
> -## @file
> 
> -#  Initializes MemoryOverwriteRequestControlLock variable
> 
> -#
> 
> -#  This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
> 
> -#
> 
> -#  NOTE: This module only handles secure MOR V1 and is deprecated.
> 
> -#  The secure MOR V2 is handled inside of variable driver.
> 
> -#
> 
> -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -#
> 
> -##
> 
> -
> 
> -[Defines]
> 
> -  INF_VERSION                    = 0x00010005
> 
> -  BASE_NAME                      = TcgMorLockSmm
> 
> -  MODULE_UNI_FILE                = TcgMorLock.uni
> 
> -  FILE_GUID                      = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
> 
> -  MODULE_TYPE                    = DXE_SMM_DRIVER
> 
> -  VERSION_STRING                 = 1.0
> 
> -  PI_SPECIFICATION_VERSION       = 0x0001000A
> 
> -  ENTRY_POINT                    = MorLockDriverEntryPointSmm
> 
> -
> 
> -#
> 
> -# The following information is for reference only and not required by the build
> tools.
> 
> -#
> 
> -#  VALID_ARCHITECTURES           = IA32 X64 EBC
> 
> -#
> 
> -
> 
> -[Sources]
> 
> -  TcgMorLock.h
> 
> -  TcgMorLock.c
> 
> -  TcgMorLockSmm.c
> 
> -
> 
> -[Packages]
> 
> -  MdePkg/MdePkg.dec
> 
> -  MdeModulePkg/MdeModulePkg.dec
> 
> -  SecurityPkg/SecurityPkg.dec
> 
> -
> 
> -[LibraryClasses]
> 
> -  UefiDriverEntryPoint
> 
> -  SmmServicesTableLib
> 
> -  DebugLib
> 
> -  BaseLib
> 
> -  BaseMemoryLib
> 
> -
> 
> -[Guids]
> 
> -  ## SOMETIMES_CONSUMES      ##
> Variable:L"MemoryOverwriteRequestControl"
> 
> -  gEfiMemoryOverwriteControlDataGuid
> 
> -
> 
> -  ## SOMETIMES_CONSUMES      ##
> Variable:L"MemoryOverwriteRequestControlLock"
> 
> -  ## PRODUCES                ## Variable:L"MemoryOverwriteRequestControlLock"
> 
> -  gEfiMemoryOverwriteRequestControlLockGuid
> 
> -
> 
> -[Protocols]
> 
> -  gEdkiiSmmVarCheckProtocolGuid           ## CONSUMES
> 
> -  gEfiSmmVariableProtocolGuid             ## CONSUMES
> 
> -
> 
> -[Depex]
> 
> -  gEfiSmmVariableProtocolGuid AND
> 
> -  gSmmVariableWriteGuid AND
> 
> -  ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
> 
> -
> 
> -[UserExtensions.TianoCore."ExtraFiles"]
> 
> -  TcgMorLockExtra.uni
> 
> --
> 2.26.2.windows.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
  2021-08-24  2:28 [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver Qi Zhang
  2021-08-26  1:24 ` Yao, Jiewen
@ 2021-08-27 13:44 ` Yao, Jiewen
  2021-08-28  6:44   ` Qi Zhang
  1 sibling, 1 reply; 4+ messages in thread
From: Yao, Jiewen @ 2021-08-27 13:44 UTC (permalink / raw)
  To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Kumar, Rahul1, Ni, Ray

Hi
This patch failed in CI - https://github.com/tianocore/edk2/pull/1922

Please take a look and submit patch again.

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 24, 2021 10:28 AM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
> 
> TcgMorLockSmm is only for secure MOR V1.
> VariableSmm covers secure MOR V1 and V2.
> 
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
>  SecurityPkg/SecurityPkg.dsc                   |   1 -
>  .../TcgMorLock.c                              | 191 ------------------
>  .../TcgMorLock.h                              | 131 ------------
>  .../TcgMorLock.uni                            |  16 --
>  .../TcgMorLockExtra.uni                       |  14 --
>  .../TcgMorLockSmm.c                           | 152 --------------
>  .../TcgMorLockSmm.inf                         |  65 ------
>  7 files changed, 570 deletions(-)
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
>  delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> 
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 64157e20f9..7898fe4282 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -338,7 +338,6 @@
> 
> 
>  [Components.IA32, Components.X64]
> 
> 
> 
> -  SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> 
>    SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
> 
>    SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
> 
>    SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> deleted file mode 100644
> index aa230eeefa..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> +++ /dev/null
> @@ -1,191 +0,0 @@
> -/** @file
> 
> -  TCG MOR (Memory Overwrite Request) Lock Control Driver.
> 
> -
> 
> -  This driver initializes MemoryOverwriteRequestControlLock variable.
> 
> -  This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
> 
> -
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include <PiDxe.h>
> 
> -#include <Guid/MemoryOverwriteControl.h>
> 
> -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
> 
> -#include <Library/DebugLib.h>
> 
> -#include <Library/BaseLib.h>
> 
> -#include <Library/BaseMemoryLib.h>
> 
> -#include "TcgMorLock.h"
> 
> -
> 
> -typedef struct {
> 
> -  CHAR16                                 *VariableName;
> 
> -  EFI_GUID                               *VendorGuid;
> 
> -} VARIABLE_TYPE;
> 
> -
> 
> -VARIABLE_TYPE  mMorVariableType[] = {
> 
> -  {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
> &gEfiMemoryOverwriteControlDataGuid},
> 
> -  {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> &gEfiMemoryOverwriteRequestControlLockGuid},
> 
> -};
> 
> -
> 
> -/**
> 
> -  Returns if this is MOR related variable.
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -
> 
> -  @retval  TRUE            The variable is MOR related.
> 
> -  @retval  FALSE           The variable is NOT MOR related.
> 
> -**/
> 
> -BOOLEAN
> 
> -IsAnyMorVariable (
> 
> -  IN CHAR16                                 *VariableName,
> 
> -  IN EFI_GUID                               *VendorGuid
> 
> -  )
> 
> -{
> 
> -  UINTN   Index;
> 
> -
> 
> -  for (Index = 0; Index <
> sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
> 
> -    if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0)
> &&
> 
> -        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
> 
> -      return TRUE;
> 
> -    }
> 
> -  }
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Returns if this is MOR lock variable.
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -
> 
> -  @retval  TRUE            The variable is MOR lock variable.
> 
> -  @retval  FALSE           The variable is NOT MOR lock variable.
> 
> -**/
> 
> -BOOLEAN
> 
> -IsMorLockVariable (
> 
> -  IN CHAR16                                 *VariableName,
> 
> -  IN EFI_GUID                               *VendorGuid
> 
> -  )
> 
> -{
> 
> -  if ((StrCmp (VariableName,
> MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
> 
> -      (CompareGuid (VendorGuid,
> &gEfiMemoryOverwriteRequestControlLockGuid))) {
> 
> -    return TRUE;
> 
> -  }
> 
> -  return FALSE;
> 
> -}
> 
> -
> 
> -/**
> 
> -  This service is a checker handler for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -SetVariableCheckHandlerMor (
> 
> -  IN CHAR16     *VariableName,
> 
> -  IN EFI_GUID   *VendorGuid,
> 
> -  IN UINT32     Attributes,
> 
> -  IN UINTN      DataSize,
> 
> -  IN VOID       *Data
> 
> -  )
> 
> -{
> 
> -  UINTN       MorLockDataSize;
> 
> -  BOOLEAN     MorLock;
> 
> -  EFI_STATUS  Status;
> 
> -
> 
> -  //
> 
> -  // do not handle non-MOR variable
> 
> -  //
> 
> -  if (!IsAnyMorVariable (VariableName, VendorGuid)) {
> 
> -    return EFI_SUCCESS;
> 
> -  }
> 
> -
> 
> -  MorLockDataSize = sizeof(MorLock);
> 
> -  Status = InternalGetVariable (
> 
> -             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> 
> -             &gEfiMemoryOverwriteRequestControlLockGuid,
> 
> -             NULL,
> 
> -             &MorLockDataSize,
> 
> -             &MorLock
> 
> -             );
> 
> -  if (!EFI_ERROR (Status) && MorLock) {
> 
> -    //
> 
> -    // If lock, deny access
> 
> -    //
> 
> -    return EFI_INVALID_PARAMETER;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // Delete not OK
> 
> -  //
> 
> -  if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
> 
> -    return EFI_INVALID_PARAMETER;
> 
> -  }
> 
> -
> 
> -  //
> 
> -  // check format
> 
> -  //
> 
> -  if (IsMorLockVariable(VariableName, VendorGuid)) {
> 
> -    //
> 
> -    // set to any other value not OK
> 
> -    //
> 
> -    if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
> 
> -      return EFI_INVALID_PARAMETER;
> 
> -    }
> 
> -  }
> 
> -  //
> 
> -  // Or grant access
> 
> -  //
> 
> -  return EFI_SUCCESS;
> 
> -}
> 
> -
> 
> -/**
> 
> -  Entry Point for MOR Lock Control driver.
> 
> -
> 
> -  @param[in] ImageHandle  Image handle of this driver.
> 
> -  @param[in] SystemTable  A Pointer to the EFI System Table.
> 
> -
> 
> -  @retval EFI_SUCCESS
> 
> -  @return Others          Some error occurs.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -MorLockDriverInit (
> 
> -  VOID
> 
> -  )
> 
> -{
> 
> -  EFI_STATUS  Status;
> 
> -  UINT8       Data;
> 
> -
> 
> -  Data = 0;
> 
> -  Status = InternalSetVariable (
> 
> -             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> 
> -             &gEfiMemoryOverwriteRequestControlLockGuid,
> 
> -             EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
> | EFI_VARIABLE_RUNTIME_ACCESS,
> 
> -             1,
> 
> -             &Data
> 
> -             );
> 
> -  return Status;
> 
> -}
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> deleted file mode 100644
> index 5a6658c158..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> +++ /dev/null
> @@ -1,131 +0,0 @@
> -/** @file
> 
> -   TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
> 
> -
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#ifndef _EFI_TCG_MOR_LOCK_H_
> 
> -#define _EFI_TCG_MOR_LOCK_H_
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service GetVariable().
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     As input, point to the maximum size of return Data-Buffer.
> 
> -                       As output, point to the actual size of the returned Data-Buffer.
> 
> -  @param  Data         Point to return Data-Buffer.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The function completed successfully.
> 
> -  @retval  EFI_NOT_FOUND          The variable was not found.
> 
> -  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result.
> DataSize has
> 
> -                                  been updated with the size needed to complete the request.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and Data is
> NULL.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due to a
> hardware error.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalGetVariable (
> 
> -  IN      CHAR16                   *VariableName,
> 
> -  IN      EFI_GUID                 *VendorGuid,
> 
> -  OUT     UINT32                   *Attributes OPTIONAL,
> 
> -  IN OUT  UINTN                    *DataSize,
> 
> -  OUT     VOID                     *Data
> 
> -  );
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalSetVariable (
> 
> -  IN CHAR16                       *VariableName,
> 
> -  IN EFI_GUID                     *VendorGuid,
> 
> -  IN UINT32                       Attributes,
> 
> -  IN UINTN                        DataSize,
> 
> -  IN VOID                         *Data
> 
> -  );
> 
> -
> 
> -/**
> 
> -  This service is a checker handler for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -SetVariableCheckHandlerMor (
> 
> -  IN CHAR16     *VariableName,
> 
> -  IN EFI_GUID   *VendorGuid,
> 
> -  IN UINT32     Attributes,
> 
> -  IN UINTN      DataSize,
> 
> -  IN VOID       *Data
> 
> -  );
> 
> -
> 
> -/**
> 
> -  Entry Point for MOR Lock Control driver.
> 
> -
> 
> -  @param[in] ImageHandle  Image handle of this driver.
> 
> -  @param[in] SystemTable  A Pointer to the EFI System Table.
> 
> -
> 
> -  @retval EFI_SUCCESS
> 
> -  @return Others          Some error occurs.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -MorLockDriverInit (
> 
> -  VOID
> 
> -  );
> 
> -
> 
> -#endif
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> deleted file mode 100644
> index 711b37d866..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -// /** @file
> 
> -// Initializes MemoryOverwriteRequestControlLock variable
> 
> -//
> 
> -// This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
> 
> -//
> 
> -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> 
> -//
> 
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -//
> 
> -// **/
> 
> -
> 
> -
> 
> -#string STR_MODULE_ABSTRACT             #language en-US "Initializes
> MemoryOverwriteRequestControlLock variable"
> 
> -
> 
> -#string STR_MODULE_DESCRIPTION          #language en-US "This module will
> add Variable Hook and allow MemoryOverwriteRequestControlLock variable set
> only once."
> 
> -
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> deleted file mode 100644
> index 2679c08c86..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -// /** @file
> 
> -// TcgMorLock Localized Strings and Content
> 
> -//
> 
> -// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -//
> 
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -//
> 
> -// **/
> 
> -
> 
> -#string STR_PROPERTIES_MODULE_NAME
> 
> -#language en-US
> 
> -"TCG (Trusted Computing Group) MOR Lock"
> 
> -
> 
> -
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> deleted file mode 100644
> index 8c92317313..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> +++ /dev/null
> @@ -1,152 +0,0 @@
> -/** @file
> 
> -   TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
> 
> -
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -
> 
> -**/
> 
> -
> 
> -#include <PiSmm.h>
> 
> -#include <Library/SmmServicesTableLib.h>
> 
> -#include <Library/DebugLib.h>
> 
> -#include <Protocol/SmmVarCheck.h>
> 
> -#include <Protocol/SmmVariable.h>
> 
> -#include "TcgMorLock.h"
> 
> -
> 
> -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service GetVariable().
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     As input, point to the maximum size of return Data-Buffer.
> 
> -                       As output, point to the actual size of the returned Data-Buffer.
> 
> -  @param  Data         Point to return Data-Buffer.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The function completed successfully.
> 
> -  @retval  EFI_NOT_FOUND          The variable was not found.
> 
> -  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the result.
> DataSize has
> 
> -                                  been updated with the size needed to complete the request.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
> 
> -  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and Data is
> NULL.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due to a
> hardware error.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalGetVariable (
> 
> -  IN      CHAR16                   *VariableName,
> 
> -  IN      EFI_GUID                 *VendorGuid,
> 
> -  OUT     UINT32                   *Attributes OPTIONAL,
> 
> -  IN OUT  UINTN                    *DataSize,
> 
> -  OUT     VOID                     *Data
> 
> -  )
> 
> -{
> 
> -  return mSmmVariable->SmmGetVariable (
> 
> -                         VariableName,
> 
> -                         VendorGuid,
> 
> -                         Attributes,
> 
> -                         DataSize,
> 
> -                         Data
> 
> -                         );
> 
> -}
> 
> -
> 
> -/**
> 
> -  This service is a wrapper for the UEFI Runtime Service SetVariable()
> 
> -
> 
> -  @param  VariableName the name of the vendor's variable, as a
> 
> -                       Null-Terminated Unicode String
> 
> -  @param  VendorGuid   Unify identifier for vendor.
> 
> -  @param  Attributes   Point to memory location to return the attributes of
> variable. If the point
> 
> -                       is NULL, the parameter would be ignored.
> 
> -  @param  DataSize     The size in bytes of Data-Buffer.
> 
> -  @param  Data         Point to the content of the variable.
> 
> -
> 
> -  @retval  EFI_SUCCESS            The firmware has successfully stored the variable
> and its data as
> 
> -                                  defined by the Attributes.
> 
> -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute bits
> was supplied, or the
> 
> -                                  DataSize exceeds the maximum allowed.
> 
> -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode string.
> 
> -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to hold
> the variable and its data.
> 
> -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> hardware failure.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> 
> -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be deleted.
> 
> -  @retval  EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> 
> -                                  set but the AuthInfo does NOT pass the validation check
> carried
> 
> -                                  out by the firmware.
> 
> -  @retval  EFI_NOT_FOUND          The variable trying to be updated or deleted
> was not found.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -InternalSetVariable (
> 
> -  IN CHAR16                       *VariableName,
> 
> -  IN EFI_GUID                     *VendorGuid,
> 
> -  IN UINT32                       Attributes,
> 
> -  IN UINTN                        DataSize,
> 
> -  IN VOID                         *Data
> 
> -  )
> 
> -{
> 
> -  return mSmmVariable->SmmSetVariable (
> 
> -                         VariableName,
> 
> -                         VendorGuid,
> 
> -                         Attributes,
> 
> -                         DataSize,
> 
> -                         Data
> 
> -                         );
> 
> -}
> 
> -
> 
> -/**
> 
> -  Entry Point for MOR Lock Control driver.
> 
> -
> 
> -  @param[in] ImageHandle    The firmware allocated handle for the EFI image.
> 
> -  @param[in] SystemTable    A pointer to the EFI System Table.
> 
> -
> 
> -  @retval EFI_SUCCESS       EntryPoint runs successfully.
> 
> -
> 
> -**/
> 
> -EFI_STATUS
> 
> -EFIAPI
> 
> -MorLockDriverEntryPointSmm (
> 
> -  IN EFI_HANDLE         ImageHandle,
> 
> -  IN EFI_SYSTEM_TABLE   *SystemTable
> 
> -  )
> 
> -{
> 
> -  EFI_STATUS                    Status;
> 
> -  EDKII_SMM_VAR_CHECK_PROTOCOL  *SmmVarCheck;
> 
> -
> 
> -  //
> 
> -  // This driver link to Smm Variable driver
> 
> -  //
> 
> -  DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
> 
> -
> 
> -  Status = gSmst->SmmLocateProtocol (
> 
> -                  &gEfiSmmVariableProtocolGuid,
> 
> -                  NULL,
> 
> -                  (VOID **) &mSmmVariable
> 
> -                  );
> 
> -  ASSERT_EFI_ERROR (Status);
> 
> -
> 
> -  Status = gSmst->SmmLocateProtocol (
> 
> -                  &gEdkiiSmmVarCheckProtocolGuid,
> 
> -                  NULL,
> 
> -                  (VOID **) &SmmVarCheck
> 
> -                  );
> 
> -  ASSERT_EFI_ERROR (Status);
> 
> -
> 
> -  Status = MorLockDriverInit ();
> 
> -  if (EFI_ERROR (Status)) {
> 
> -    return Status;
> 
> -  }
> 
> -
> 
> -  Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler
> (SetVariableCheckHandlerMor);
> 
> -  ASSERT_EFI_ERROR (Status);
> 
> -
> 
> -  return Status;
> 
> -}
> 
> -
> 
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> deleted file mode 100644
> index 875c1e5f3a..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> +++ /dev/null
> @@ -1,65 +0,0 @@
> -## @file
> 
> -#  Initializes MemoryOverwriteRequestControlLock variable
> 
> -#
> 
> -#  This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
> 
> -#
> 
> -#  NOTE: This module only handles secure MOR V1 and is deprecated.
> 
> -#  The secure MOR V2 is handled inside of variable driver.
> 
> -#
> 
> -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> -#
> 
> -##
> 
> -
> 
> -[Defines]
> 
> -  INF_VERSION                    = 0x00010005
> 
> -  BASE_NAME                      = TcgMorLockSmm
> 
> -  MODULE_UNI_FILE                = TcgMorLock.uni
> 
> -  FILE_GUID                      = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
> 
> -  MODULE_TYPE                    = DXE_SMM_DRIVER
> 
> -  VERSION_STRING                 = 1.0
> 
> -  PI_SPECIFICATION_VERSION       = 0x0001000A
> 
> -  ENTRY_POINT                    = MorLockDriverEntryPointSmm
> 
> -
> 
> -#
> 
> -# The following information is for reference only and not required by the build
> tools.
> 
> -#
> 
> -#  VALID_ARCHITECTURES           = IA32 X64 EBC
> 
> -#
> 
> -
> 
> -[Sources]
> 
> -  TcgMorLock.h
> 
> -  TcgMorLock.c
> 
> -  TcgMorLockSmm.c
> 
> -
> 
> -[Packages]
> 
> -  MdePkg/MdePkg.dec
> 
> -  MdeModulePkg/MdeModulePkg.dec
> 
> -  SecurityPkg/SecurityPkg.dec
> 
> -
> 
> -[LibraryClasses]
> 
> -  UefiDriverEntryPoint
> 
> -  SmmServicesTableLib
> 
> -  DebugLib
> 
> -  BaseLib
> 
> -  BaseMemoryLib
> 
> -
> 
> -[Guids]
> 
> -  ## SOMETIMES_CONSUMES      ##
> Variable:L"MemoryOverwriteRequestControl"
> 
> -  gEfiMemoryOverwriteControlDataGuid
> 
> -
> 
> -  ## SOMETIMES_CONSUMES      ##
> Variable:L"MemoryOverwriteRequestControlLock"
> 
> -  ## PRODUCES                ## Variable:L"MemoryOverwriteRequestControlLock"
> 
> -  gEfiMemoryOverwriteRequestControlLockGuid
> 
> -
> 
> -[Protocols]
> 
> -  gEdkiiSmmVarCheckProtocolGuid           ## CONSUMES
> 
> -  gEfiSmmVariableProtocolGuid             ## CONSUMES
> 
> -
> 
> -[Depex]
> 
> -  gEfiSmmVariableProtocolGuid AND
> 
> -  gSmmVariableWriteGuid AND
> 
> -  ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
> 
> -
> 
> -[UserExtensions.TianoCore."ExtraFiles"]
> 
> -  TcgMorLockExtra.uni
> 
> --
> 2.26.2.windows.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
  2021-08-27 13:44 ` Yao, Jiewen
@ 2021-08-28  6:44   ` Qi Zhang
  0 siblings, 0 replies; 4+ messages in thread
From: Qi Zhang @ 2021-08-28  6:44 UTC (permalink / raw)
  To: Yao, Jiewen, devel@edk2.groups.io; +Cc: Wang, Jian J, Kumar, Rahul1, Ni, Ray

I created a new PR and pass CI.

https://github.com/tianocore/edk2/pull/1924

Thanks!
Qi Zhang

> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Friday, August 27, 2021 9:44 PM
> To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: RE: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
> 
> Hi
> This patch failed in CI - https://github.com/tianocore/edk2/pull/1922
> 
> Please take a look and submit patch again.
> 
> > -----Original Message-----
> > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > Sent: Tuesday, August 24, 2021 10:28 AM
> > To: devel@edk2.groups.io
> > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Kumar,
> > Rahul1 <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> > Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
> >
> > TcgMorLockSmm is only for secure MOR V1.
> > VariableSmm covers secure MOR V1 and V2.
> >
> > Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Rahul Kumar <rahul1.kumar@intel.com>
> > Cc: Ray Ni <ray.ni@intel.com>
> > ---
> >  SecurityPkg/SecurityPkg.dsc                   |   1 -
> >  .../TcgMorLock.c                              | 191 ------------------
> >  .../TcgMorLock.h                              | 131 ------------
> >  .../TcgMorLock.uni                            |  16 --
> >  .../TcgMorLockExtra.uni                       |  14 --
> >  .../TcgMorLockSmm.c                           | 152 --------------
> >  .../TcgMorLockSmm.inf                         |  65 ------
> >  7 files changed, 570 deletions(-)
> >  delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> >  delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> >  delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> >  delete mode 100644
> >
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> >  delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> >  delete mode 100644
> >
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> >
> > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> > index 64157e20f9..7898fe4282 100644
> > --- a/SecurityPkg/SecurityPkg.dsc
> > +++ b/SecurityPkg/SecurityPkg.dsc
> > @@ -338,7 +338,6 @@
> >
> >
> >  [Components.IA32, Components.X64]
> >
> >
> >
> > -
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> >
> >    SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
> >
> >    SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
> >
> >    SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
> >
> > diff --git
> > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > deleted file mode 100644
> > index aa230eeefa..0000000000
> > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > +++ /dev/null
> > @@ -1,191 +0,0 @@
> > -/** @file
> >
> > -  TCG MOR (Memory Overwrite Request) Lock Control Driver.
> >
> > -
> >
> > -  This driver initializes MemoryOverwriteRequestControlLock variable.
> >
> > -  This module will add Variable Hook and allow
> > MemoryOverwriteRequestControlLock variable set only once.
> >
> > -
> >
> > -Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include <PiDxe.h>
> >
> > -#include <Guid/MemoryOverwriteControl.h>
> >
> > -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
> >
> > -#include <Library/DebugLib.h>
> >
> > -#include <Library/BaseLib.h>
> >
> > -#include <Library/BaseMemoryLib.h>
> >
> > -#include "TcgMorLock.h"
> >
> > -
> >
> > -typedef struct {
> >
> > -  CHAR16                                 *VariableName;
> >
> > -  EFI_GUID                               *VendorGuid;
> >
> > -} VARIABLE_TYPE;
> >
> > -
> >
> > -VARIABLE_TYPE  mMorVariableType[] = {
> >
> > -  {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
> > &gEfiMemoryOverwriteControlDataGuid},
> >
> > -  {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> > &gEfiMemoryOverwriteRequestControlLockGuid},
> >
> > -};
> >
> > -
> >
> > -/**
> >
> > -  Returns if this is MOR related variable.
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -
> >
> > -  @retval  TRUE            The variable is MOR related.
> >
> > -  @retval  FALSE           The variable is NOT MOR related.
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -IsAnyMorVariable (
> >
> > -  IN CHAR16                                 *VariableName,
> >
> > -  IN EFI_GUID                               *VendorGuid
> >
> > -  )
> >
> > -{
> >
> > -  UINTN   Index;
> >
> > -
> >
> > -  for (Index = 0; Index <
> > sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
> >
> > -    if ((StrCmp (VariableName, mMorVariableType[Index].VariableName)
> == 0)
> > &&
> >
> > -        (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))
> {
> >
> > -      return TRUE;
> >
> > -    }
> >
> > -  }
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Returns if this is MOR lock variable.
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -
> >
> > -  @retval  TRUE            The variable is MOR lock variable.
> >
> > -  @retval  FALSE           The variable is NOT MOR lock variable.
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -IsMorLockVariable (
> >
> > -  IN CHAR16                                 *VariableName,
> >
> > -  IN EFI_GUID                               *VendorGuid
> >
> > -  )
> >
> > -{
> >
> > -  if ((StrCmp (VariableName,
> > MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
> >
> > -      (CompareGuid (VendorGuid,
> > &gEfiMemoryOverwriteRequestControlLockGuid))) {
> >
> > -    return TRUE;
> >
> > -  }
> >
> > -  return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  This service is a checker handler for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, as a
> >
> > -                       Null-Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -  @param  Attributes   Point to memory location to return the attributes of
> > variable. If the point
> >
> > -                       is NULL, the parameter would be ignored.
> >
> > -  @param  DataSize     The size in bytes of Data-Buffer.
> >
> > -  @param  Data         Point to the content of the variable.
> >
> > -
> >
> > -  @retval  EFI_SUCCESS            The firmware has successfully stored the
> variable
> > and its data as
> >
> > -                                  defined by the Attributes.
> >
> > -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute
> > bits was supplied, or the
> >
> > -                                  DataSize exceeds the maximum allowed.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode
> string.
> >
> > -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to
> hold
> > the variable and its data.
> >
> > -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> > hardware failure.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be
> deleted.
> >
> > -  @retval  EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > -                                  set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > -                                  out by the firmware.
> >
> > -  @retval  EFI_NOT_FOUND          The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -SetVariableCheckHandlerMor (
> >
> > -  IN CHAR16     *VariableName,
> >
> > -  IN EFI_GUID   *VendorGuid,
> >
> > -  IN UINT32     Attributes,
> >
> > -  IN UINTN      DataSize,
> >
> > -  IN VOID       *Data
> >
> > -  )
> >
> > -{
> >
> > -  UINTN       MorLockDataSize;
> >
> > -  BOOLEAN     MorLock;
> >
> > -  EFI_STATUS  Status;
> >
> > -
> >
> > -  //
> >
> > -  // do not handle non-MOR variable
> >
> > -  //
> >
> > -  if (!IsAnyMorVariable (VariableName, VendorGuid)) {
> >
> > -    return EFI_SUCCESS;
> >
> > -  }
> >
> > -
> >
> > -  MorLockDataSize = sizeof(MorLock);
> >
> > -  Status = InternalGetVariable (
> >
> > -             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> >
> > -             &gEfiMemoryOverwriteRequestControlLockGuid,
> >
> > -             NULL,
> >
> > -             &MorLockDataSize,
> >
> > -             &MorLock
> >
> > -             );
> >
> > -  if (!EFI_ERROR (Status) && MorLock) {
> >
> > -    //
> >
> > -    // If lock, deny access
> >
> > -    //
> >
> > -    return EFI_INVALID_PARAMETER;
> >
> > -  }
> >
> > -
> >
> > -  //
> >
> > -  // Delete not OK
> >
> > -  //
> >
> > -  if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes ==
> > 0)) {
> >
> > -    return EFI_INVALID_PARAMETER;
> >
> > -  }
> >
> > -
> >
> > -  //
> >
> > -  // check format
> >
> > -  //
> >
> > -  if (IsMorLockVariable(VariableName, VendorGuid)) {
> >
> > -    //
> >
> > -    // set to any other value not OK
> >
> > -    //
> >
> > -    if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
> >
> > -      return EFI_INVALID_PARAMETER;
> >
> > -    }
> >
> > -  }
> >
> > -  //
> >
> > -  // Or grant access
> >
> > -  //
> >
> > -  return EFI_SUCCESS;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Entry Point for MOR Lock Control driver.
> >
> > -
> >
> > -  @param[in] ImageHandle  Image handle of this driver.
> >
> > -  @param[in] SystemTable  A Pointer to the EFI System Table.
> >
> > -
> >
> > -  @retval EFI_SUCCESS
> >
> > -  @return Others          Some error occurs.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -MorLockDriverInit (
> >
> > -  VOID
> >
> > -  )
> >
> > -{
> >
> > -  EFI_STATUS  Status;
> >
> > -  UINT8       Data;
> >
> > -
> >
> > -  Data = 0;
> >
> > -  Status = InternalSetVariable (
> >
> > -             MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> >
> > -             &gEfiMemoryOverwriteRequestControlLockGuid,
> >
> > -             EFI_VARIABLE_NON_VOLATILE |
> EFI_VARIABLE_BOOTSERVICE_ACCESS
> > | EFI_VARIABLE_RUNTIME_ACCESS,
> >
> > -             1,
> >
> > -             &Data
> >
> > -             );
> >
> > -  return Status;
> >
> > -}
> >
> > diff --git
> > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > deleted file mode 100644
> > index 5a6658c158..0000000000
> > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > +++ /dev/null
> > @@ -1,131 +0,0 @@
> > -/** @file
> >
> > -   TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
> >
> > -
> >
> > -Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#ifndef _EFI_TCG_MOR_LOCK_H_
> >
> > -#define _EFI_TCG_MOR_LOCK_H_
> >
> > -
> >
> > -/**
> >
> > -  This service is a wrapper for the UEFI Runtime Service GetVariable().
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -  @param  Attributes   Point to memory location to return the attributes of
> > variable. If the point
> >
> > -                       is NULL, the parameter would be ignored.
> >
> > -  @param  DataSize     As input, point to the maximum size of return Data-
> Buffer.
> >
> > -                       As output, point to the actual size of the returned Data-Buffer.
> >
> > -  @param  Data         Point to return Data-Buffer.
> >
> > -
> >
> > -  @retval  EFI_SUCCESS            The function completed successfully.
> >
> > -  @retval  EFI_NOT_FOUND          The variable was not found.
> >
> > -  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the
> result.
> > DataSize has
> >
> > -                                  been updated with the size needed to complete the
> request.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
> >
> > -  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
> >
> > -  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and
> > Data is NULL.
> >
> > -  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due
> to a
> > hardware error.
> >
> > -  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved
> > due to an authentication failure.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalGetVariable (
> >
> > -  IN      CHAR16                   *VariableName,
> >
> > -  IN      EFI_GUID                 *VendorGuid,
> >
> > -  OUT     UINT32                   *Attributes OPTIONAL,
> >
> > -  IN OUT  UINTN                    *DataSize,
> >
> > -  OUT     VOID                     *Data
> >
> > -  );
> >
> > -
> >
> > -/**
> >
> > -  This service is a wrapper for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, as a
> >
> > -                       Null-Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -  @param  Attributes   Point to memory location to return the attributes of
> > variable. If the point
> >
> > -                       is NULL, the parameter would be ignored.
> >
> > -  @param  DataSize     The size in bytes of Data-Buffer.
> >
> > -  @param  Data         Point to the content of the variable.
> >
> > -
> >
> > -  @retval  EFI_SUCCESS            The firmware has successfully stored the
> variable
> > and its data as
> >
> > -                                  defined by the Attributes.
> >
> > -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute
> > bits was supplied, or the
> >
> > -                                  DataSize exceeds the maximum allowed.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode
> string.
> >
> > -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to
> hold
> > the variable and its data.
> >
> > -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> > hardware failure.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be
> deleted.
> >
> > -  @retval  EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > -                                  set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > -                                  out by the firmware.
> >
> > -  @retval  EFI_NOT_FOUND          The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalSetVariable (
> >
> > -  IN CHAR16                       *VariableName,
> >
> > -  IN EFI_GUID                     *VendorGuid,
> >
> > -  IN UINT32                       Attributes,
> >
> > -  IN UINTN                        DataSize,
> >
> > -  IN VOID                         *Data
> >
> > -  );
> >
> > -
> >
> > -/**
> >
> > -  This service is a checker handler for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, as a
> >
> > -                       Null-Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -  @param  Attributes   Point to memory location to return the attributes of
> > variable. If the point
> >
> > -                       is NULL, the parameter would be ignored.
> >
> > -  @param  DataSize     The size in bytes of Data-Buffer.
> >
> > -  @param  Data         Point to the content of the variable.
> >
> > -
> >
> > -  @retval  EFI_SUCCESS            The firmware has successfully stored the
> variable
> > and its data as
> >
> > -                                  defined by the Attributes.
> >
> > -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute
> > bits was supplied, or the
> >
> > -                                  DataSize exceeds the maximum allowed.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode
> string.
> >
> > -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to
> hold
> > the variable and its data.
> >
> > -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> > hardware failure.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be
> deleted.
> >
> > -  @retval  EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > -                                  set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > -                                  out by the firmware.
> >
> > -  @retval  EFI_NOT_FOUND          The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -SetVariableCheckHandlerMor (
> >
> > -  IN CHAR16     *VariableName,
> >
> > -  IN EFI_GUID   *VendorGuid,
> >
> > -  IN UINT32     Attributes,
> >
> > -  IN UINTN      DataSize,
> >
> > -  IN VOID       *Data
> >
> > -  );
> >
> > -
> >
> > -/**
> >
> > -  Entry Point for MOR Lock Control driver.
> >
> > -
> >
> > -  @param[in] ImageHandle  Image handle of this driver.
> >
> > -  @param[in] SystemTable  A Pointer to the EFI System Table.
> >
> > -
> >
> > -  @retval EFI_SUCCESS
> >
> > -  @return Others          Some error occurs.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -MorLockDriverInit (
> >
> > -  VOID
> >
> > -  );
> >
> > -
> >
> > -#endif
> >
> > diff --git
> > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > deleted file mode 100644
> > index 711b37d866..0000000000
> > ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > +++ /dev/null
> > @@ -1,16 +0,0 @@
> > -// /** @file
> >
> > -// Initializes MemoryOverwriteRequestControlLock variable
> >
> > -//
> >
> > -// This module will add Variable Hook and allow
> > MemoryOverwriteRequestControlLock variable set only once.
> >
> > -//
> >
> > -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> >
> > -//
> >
> > -// SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -//
> >
> > -// **/
> >
> > -
> >
> > -
> >
> > -#string STR_MODULE_ABSTRACT             #language en-US "Initializes
> > MemoryOverwriteRequestControlLock variable"
> >
> > -
> >
> > -#string STR_MODULE_DESCRIPTION          #language en-US "This module
> will
> > add Variable Hook and allow MemoryOverwriteRequestControlLock
> variable
> > set only once."
> >
> > -
> >
> > diff --git
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.u
> n
> > i
> >
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.
> un
> > i
> > deleted file mode 100644
> > index 2679c08c86..0000000000
> > ---
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.u
> n
> > i
> > +++ /dev/null
> > @@ -1,14 +0,0 @@
> > -// /** @file
> >
> > -// TcgMorLock Localized Strings and Content
> >
> > -//
> >
> > -// Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -//
> >
> > -// SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -//
> >
> > -// **/
> >
> > -
> >
> > -#string STR_PROPERTIES_MODULE_NAME
> >
> > -#language en-US
> >
> > -"TCG (Trusted Computing Group) MOR Lock"
> >
> > -
> >
> > -
> >
> > diff --git
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> >
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> > deleted file mode 100644
> > index 8c92317313..0000000000
> > ---
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> > +++ /dev/null
> > @@ -1,152 +0,0 @@
> > -/** @file
> >
> > -   TCG MOR (Memory Overwrite Request) Lock Control Driver SMM
> wrapper.
> >
> > -
> >
> > -Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include <PiSmm.h>
> >
> > -#include <Library/SmmServicesTableLib.h>
> >
> > -#include <Library/DebugLib.h>
> >
> > -#include <Protocol/SmmVarCheck.h>
> >
> > -#include <Protocol/SmmVariable.h>
> >
> > -#include "TcgMorLock.h"
> >
> > -
> >
> > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
> >
> > -
> >
> > -/**
> >
> > -  This service is a wrapper for the UEFI Runtime Service GetVariable().
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -  @param  Attributes   Point to memory location to return the attributes of
> > variable. If the point
> >
> > -                       is NULL, the parameter would be ignored.
> >
> > -  @param  DataSize     As input, point to the maximum size of return Data-
> Buffer.
> >
> > -                       As output, point to the actual size of the returned Data-Buffer.
> >
> > -  @param  Data         Point to return Data-Buffer.
> >
> > -
> >
> > -  @retval  EFI_SUCCESS            The function completed successfully.
> >
> > -  @retval  EFI_NOT_FOUND          The variable was not found.
> >
> > -  @retval  EFI_BUFFER_TOO_SMALL   The DataSize is too small for the
> result.
> > DataSize has
> >
> > -                                  been updated with the size needed to complete the
> request.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VariableName is NULL.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VendorGuid is NULL.
> >
> > -  @retval  EFI_INVALID_PARAMETER  DataSize is NULL.
> >
> > -  @retval  EFI_INVALID_PARAMETER  The DataSize is not too small and
> > Data is NULL.
> >
> > -  @retval  EFI_DEVICE_ERROR       The variable could not be retrieved due
> to a
> > hardware error.
> >
> > -  @retval  EFI_SECURITY_VIOLATION The variable could not be retrieved
> > due to an authentication failure.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalGetVariable (
> >
> > -  IN      CHAR16                   *VariableName,
> >
> > -  IN      EFI_GUID                 *VendorGuid,
> >
> > -  OUT     UINT32                   *Attributes OPTIONAL,
> >
> > -  IN OUT  UINTN                    *DataSize,
> >
> > -  OUT     VOID                     *Data
> >
> > -  )
> >
> > -{
> >
> > -  return mSmmVariable->SmmGetVariable (
> >
> > -                         VariableName,
> >
> > -                         VendorGuid,
> >
> > -                         Attributes,
> >
> > -                         DataSize,
> >
> > -                         Data
> >
> > -                         );
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  This service is a wrapper for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > -  @param  VariableName the name of the vendor's variable, as a
> >
> > -                       Null-Terminated Unicode String
> >
> > -  @param  VendorGuid   Unify identifier for vendor.
> >
> > -  @param  Attributes   Point to memory location to return the attributes of
> > variable. If the point
> >
> > -                       is NULL, the parameter would be ignored.
> >
> > -  @param  DataSize     The size in bytes of Data-Buffer.
> >
> > -  @param  Data         Point to the content of the variable.
> >
> > -
> >
> > -  @retval  EFI_SUCCESS            The firmware has successfully stored the
> variable
> > and its data as
> >
> > -                                  defined by the Attributes.
> >
> > -  @retval  EFI_INVALID_PARAMETER  An invalid combination of attribute
> > bits was supplied, or the
> >
> > -                                  DataSize exceeds the maximum allowed.
> >
> > -  @retval  EFI_INVALID_PARAMETER  VariableName is an empty Unicode
> string.
> >
> > -  @retval  EFI_OUT_OF_RESOURCES   Not enough storage is available to
> hold
> > the variable and its data.
> >
> > -  @retval  EFI_DEVICE_ERROR       The variable could not be saved due to a
> > hardware failure.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question is read-only.
> >
> > -  @retval  EFI_WRITE_PROTECTED    The variable in question cannot be
> deleted.
> >
> > -  @retval  EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > -                                  set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > -                                  out by the firmware.
> >
> > -  @retval  EFI_NOT_FOUND          The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalSetVariable (
> >
> > -  IN CHAR16                       *VariableName,
> >
> > -  IN EFI_GUID                     *VendorGuid,
> >
> > -  IN UINT32                       Attributes,
> >
> > -  IN UINTN                        DataSize,
> >
> > -  IN VOID                         *Data
> >
> > -  )
> >
> > -{
> >
> > -  return mSmmVariable->SmmSetVariable (
> >
> > -                         VariableName,
> >
> > -                         VendorGuid,
> >
> > -                         Attributes,
> >
> > -                         DataSize,
> >
> > -                         Data
> >
> > -                         );
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > -  Entry Point for MOR Lock Control driver.
> >
> > -
> >
> > -  @param[in] ImageHandle    The firmware allocated handle for the EFI
> image.
> >
> > -  @param[in] SystemTable    A pointer to the EFI System Table.
> >
> > -
> >
> > -  @retval EFI_SUCCESS       EntryPoint runs successfully.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -MorLockDriverEntryPointSmm (
> >
> > -  IN EFI_HANDLE         ImageHandle,
> >
> > -  IN EFI_SYSTEM_TABLE   *SystemTable
> >
> > -  )
> >
> > -{
> >
> > -  EFI_STATUS                    Status;
> >
> > -  EDKII_SMM_VAR_CHECK_PROTOCOL  *SmmVarCheck;
> >
> > -
> >
> > -  //
> >
> > -  // This driver link to Smm Variable driver
> >
> > -  //
> >
> > -  DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
> >
> > -
> >
> > -  Status = gSmst->SmmLocateProtocol (
> >
> > -                  &gEfiSmmVariableProtocolGuid,
> >
> > -                  NULL,
> >
> > -                  (VOID **) &mSmmVariable
> >
> > -                  );
> >
> > -  ASSERT_EFI_ERROR (Status);
> >
> > -
> >
> > -  Status = gSmst->SmmLocateProtocol (
> >
> > -                  &gEdkiiSmmVarCheckProtocolGuid,
> >
> > -                  NULL,
> >
> > -                  (VOID **) &SmmVarCheck
> >
> > -                  );
> >
> > -  ASSERT_EFI_ERROR (Status);
> >
> > -
> >
> > -  Status = MorLockDriverInit ();
> >
> > -  if (EFI_ERROR (Status)) {
> >
> > -    return Status;
> >
> > -  }
> >
> > -
> >
> > -  Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler
> > (SetVariableCheckHandlerMor);
> >
> > -  ASSERT_EFI_ERROR (Status);
> >
> > -
> >
> > -  return Status;
> >
> > -}
> >
> > -
> >
> > diff --git
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i
> nf
> >
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i
> nf
> > deleted file mode 100644
> > index 875c1e5f3a..0000000000
> > ---
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i
> nf
> > +++ /dev/null
> > @@ -1,65 +0,0 @@
> > -## @file
> >
> > -#  Initializes MemoryOverwriteRequestControlLock variable
> >
> > -#
> >
> > -#  This module will add Variable Hook and allow
> > MemoryOverwriteRequestControlLock variable set only once.
> >
> > -#
> >
> > -#  NOTE: This module only handles secure MOR V1 and is deprecated.
> >
> > -#  The secure MOR V2 is handled inside of variable driver.
> >
> > -#
> >
> > -# Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -# SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -#
> >
> > -##
> >
> > -
> >
> > -[Defines]
> >
> > -  INF_VERSION                    = 0x00010005
> >
> > -  BASE_NAME                      = TcgMorLockSmm
> >
> > -  MODULE_UNI_FILE                = TcgMorLock.uni
> >
> > -  FILE_GUID                      = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
> >
> > -  MODULE_TYPE                    = DXE_SMM_DRIVER
> >
> > -  VERSION_STRING                 = 1.0
> >
> > -  PI_SPECIFICATION_VERSION       = 0x0001000A
> >
> > -  ENTRY_POINT                    = MorLockDriverEntryPointSmm
> >
> > -
> >
> > -#
> >
> > -# The following information is for reference only and not required by
> > the build tools.
> >
> > -#
> >
> > -#  VALID_ARCHITECTURES           = IA32 X64 EBC
> >
> > -#
> >
> > -
> >
> > -[Sources]
> >
> > -  TcgMorLock.h
> >
> > -  TcgMorLock.c
> >
> > -  TcgMorLockSmm.c
> >
> > -
> >
> > -[Packages]
> >
> > -  MdePkg/MdePkg.dec
> >
> > -  MdeModulePkg/MdeModulePkg.dec
> >
> > -  SecurityPkg/SecurityPkg.dec
> >
> > -
> >
> > -[LibraryClasses]
> >
> > -  UefiDriverEntryPoint
> >
> > -  SmmServicesTableLib
> >
> > -  DebugLib
> >
> > -  BaseLib
> >
> > -  BaseMemoryLib
> >
> > -
> >
> > -[Guids]
> >
> > -  ## SOMETIMES_CONSUMES      ##
> > Variable:L"MemoryOverwriteRequestControl"
> >
> > -  gEfiMemoryOverwriteControlDataGuid
> >
> > -
> >
> > -  ## SOMETIMES_CONSUMES      ##
> > Variable:L"MemoryOverwriteRequestControlLock"
> >
> > -  ## PRODUCES                ##
> Variable:L"MemoryOverwriteRequestControlLock"
> >
> > -  gEfiMemoryOverwriteRequestControlLockGuid
> >
> > -
> >
> > -[Protocols]
> >
> > -  gEdkiiSmmVarCheckProtocolGuid           ## CONSUMES
> >
> > -  gEfiSmmVariableProtocolGuid             ## CONSUMES
> >
> > -
> >
> > -[Depex]
> >
> > -  gEfiSmmVariableProtocolGuid AND
> >
> > -  gSmmVariableWriteGuid AND
> >
> > -  ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
> >
> > -
> >
> > -[UserExtensions.TianoCore."ExtraFiles"]
> >
> > -  TcgMorLockExtra.uni
> >
> > --
> > 2.26.2.windows.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-08-28  6:44 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-24  2:28 [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver Qi Zhang
2021-08-26  1:24 ` Yao, Jiewen
2021-08-27 13:44 ` Yao, Jiewen
2021-08-28  6:44   ` Qi Zhang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox