* [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
@ 2021-08-24 2:28 Qi Zhang
2021-08-26 1:24 ` Yao, Jiewen
2021-08-27 13:44 ` Yao, Jiewen
0 siblings, 2 replies; 4+ messages in thread
From: Qi Zhang @ 2021-08-24 2:28 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar, Ray Ni
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
TcgMorLockSmm is only for secure MOR V1.
VariableSmm covers secure MOR V1 and V2.
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 1 -
.../TcgMorLock.c | 191 ------------------
.../TcgMorLock.h | 131 ------------
.../TcgMorLock.uni | 16 --
| 14 --
.../TcgMorLockSmm.c | 152 --------------
.../TcgMorLockSmm.inf | 65 ------
7 files changed, 570 deletions(-)
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
delete mode 100644 SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 64157e20f9..7898fe4282 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -338,7 +338,6 @@
[Components.IA32, Components.X64]
- SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
deleted file mode 100644
index aa230eeefa..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/** @file
- TCG MOR (Memory Overwrite Request) Lock Control Driver.
-
- This driver initializes MemoryOverwriteRequestControlLock variable.
- This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <PiDxe.h>
-#include <Guid/MemoryOverwriteControl.h>
-#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
-#include <Library/DebugLib.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include "TcgMorLock.h"
-
-typedef struct {
- CHAR16 *VariableName;
- EFI_GUID *VendorGuid;
-} VARIABLE_TYPE;
-
-VARIABLE_TYPE mMorVariableType[] = {
- {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid},
- {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid},
-};
-
-/**
- Returns if this is MOR related variable.
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
-
- @retval TRUE The variable is MOR related.
- @retval FALSE The variable is NOT MOR related.
-**/
-BOOLEAN
-IsAnyMorVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
- if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
- (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- Returns if this is MOR lock variable.
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
-
- @retval TRUE The variable is MOR lock variable.
- @retval FALSE The variable is NOT MOR lock variable.
-**/
-BOOLEAN
-IsMorLockVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
- (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- This service is a checker handler for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-SetVariableCheckHandlerMor (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- UINTN MorLockDataSize;
- BOOLEAN MorLock;
- EFI_STATUS Status;
-
- //
- // do not handle non-MOR variable
- //
- if (!IsAnyMorVariable (VariableName, VendorGuid)) {
- return EFI_SUCCESS;
- }
-
- MorLockDataSize = sizeof(MorLock);
- Status = InternalGetVariable (
- MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
- &gEfiMemoryOverwriteRequestControlLockGuid,
- NULL,
- &MorLockDataSize,
- &MorLock
- );
- if (!EFI_ERROR (Status) && MorLock) {
- //
- // If lock, deny access
- //
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Delete not OK
- //
- if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // check format
- //
- if (IsMorLockVariable(VariableName, VendorGuid)) {
- //
- // set to any other value not OK
- //
- if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
- return EFI_INVALID_PARAMETER;
- }
- }
- //
- // Or grant access
- //
- return EFI_SUCCESS;
-}
-
-/**
- Entry Point for MOR Lock Control driver.
-
- @param[in] ImageHandle Image handle of this driver.
- @param[in] SystemTable A Pointer to the EFI System Table.
-
- @retval EFI_SUCCESS
- @return Others Some error occurs.
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverInit (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT8 Data;
-
- Data = 0;
- Status = InternalSetVariable (
- MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
- &gEfiMemoryOverwriteRequestControlLockGuid,
- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
- 1,
- &Data
- );
- return Status;
-}
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
deleted file mode 100644
index 5a6658c158..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/** @file
- TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef _EFI_TCG_MOR_LOCK_H_
-#define _EFI_TCG_MOR_LOCK_H_
-
-/**
- This service is a wrapper for the UEFI Runtime Service GetVariable().
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize As input, point to the maximum size of return Data-Buffer.
- As output, point to the actual size of the returned Data-Buffer.
- @param Data Point to return Data-Buffer.
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NOT_FOUND The variable was not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
- been updated with the size needed to complete the request.
- @retval EFI_INVALID_PARAMETER VariableName is NULL.
- @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
- @retval EFI_INVALID_PARAMETER DataSize is NULL.
- @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
- @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
- @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
-**/
-EFI_STATUS
-EFIAPI
-InternalGetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT UINT32 *Attributes OPTIONAL,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- );
-
-/**
- This service is a wrapper for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalSetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- );
-
-/**
- This service is a checker handler for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-SetVariableCheckHandlerMor (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- );
-
-/**
- Entry Point for MOR Lock Control driver.
-
- @param[in] ImageHandle Image handle of this driver.
- @param[in] SystemTable A Pointer to the EFI System Table.
-
- @retval EFI_SUCCESS
- @return Others Some error occurs.
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverInit (
- VOID
- );
-
-#endif
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
deleted file mode 100644
index 711b37d866..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
+++ /dev/null
@@ -1,16 +0,0 @@
-// /** @file
-// Initializes MemoryOverwriteRequestControlLock variable
-//
-// This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-//
-// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Initializes MemoryOverwriteRequestControlLock variable"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once."
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
deleted file mode 100644
index 2679c08c86..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
+++ /dev/null
@@ -1,14 +0,0 @@
-// /** @file
-// TcgMorLock Localized Strings and Content
-//
-// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TCG (Trusted Computing Group) MOR Lock"
-
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
deleted file mode 100644
index 8c92317313..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/** @file
- TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
-
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <PiSmm.h>
-#include <Library/SmmServicesTableLib.h>
-#include <Library/DebugLib.h>
-#include <Protocol/SmmVarCheck.h>
-#include <Protocol/SmmVariable.h>
-#include "TcgMorLock.h"
-
-EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
-
-/**
- This service is a wrapper for the UEFI Runtime Service GetVariable().
-
- @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize As input, point to the maximum size of return Data-Buffer.
- As output, point to the actual size of the returned Data-Buffer.
- @param Data Point to return Data-Buffer.
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_NOT_FOUND The variable was not found.
- @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
- been updated with the size needed to complete the request.
- @retval EFI_INVALID_PARAMETER VariableName is NULL.
- @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
- @retval EFI_INVALID_PARAMETER DataSize is NULL.
- @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
- @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
- @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
-**/
-EFI_STATUS
-EFIAPI
-InternalGetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT UINT32 *Attributes OPTIONAL,
- IN OUT UINTN *DataSize,
- OUT VOID *Data
- )
-{
- return mSmmVariable->SmmGetVariable (
- VariableName,
- VendorGuid,
- Attributes,
- DataSize,
- Data
- );
-}
-
-/**
- This service is a wrapper for the UEFI Runtime Service SetVariable()
-
- @param VariableName the name of the vendor's variable, as a
- Null-Terminated Unicode String
- @param VendorGuid Unify identifier for vendor.
- @param Attributes Point to memory location to return the attributes of variable. If the point
- is NULL, the parameter would be ignored.
- @param DataSize The size in bytes of Data-Buffer.
- @param Data Point to the content of the variable.
-
- @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
- defined by the Attributes.
- @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
- DataSize exceeds the maximum allowed.
- @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
- @retval EFI_WRITE_PROTECTED The variable in question is read-only.
- @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
- @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
- set but the AuthInfo does NOT pass the validation check carried
- out by the firmware.
- @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
-
-**/
-EFI_STATUS
-EFIAPI
-InternalSetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
- )
-{
- return mSmmVariable->SmmSetVariable (
- VariableName,
- VendorGuid,
- Attributes,
- DataSize,
- Data
- );
-}
-
-/**
- Entry Point for MOR Lock Control driver.
-
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
- @param[in] SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS EntryPoint runs successfully.
-
-**/
-EFI_STATUS
-EFIAPI
-MorLockDriverEntryPointSmm (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
- EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck;
-
- //
- // This driver link to Smm Variable driver
- //
- DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
-
- Status = gSmst->SmmLocateProtocol (
- &gEfiSmmVariableProtocolGuid,
- NULL,
- (VOID **) &mSmmVariable
- );
- ASSERT_EFI_ERROR (Status);
-
- Status = gSmst->SmmLocateProtocol (
- &gEdkiiSmmVarCheckProtocolGuid,
- NULL,
- (VOID **) &SmmVarCheck
- );
- ASSERT_EFI_ERROR (Status);
-
- Status = MorLockDriverInit ();
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler (SetVariableCheckHandlerMor);
- ASSERT_EFI_ERROR (Status);
-
- return Status;
-}
-
diff --git a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
deleted file mode 100644
index 875c1e5f3a..0000000000
--- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+++ /dev/null
@@ -1,65 +0,0 @@
-## @file
-# Initializes MemoryOverwriteRequestControlLock variable
-#
-# This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
-#
-# NOTE: This module only handles secure MOR V1 and is deprecated.
-# The secure MOR V2 is handled inside of variable driver.
-#
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TcgMorLockSmm
- MODULE_UNI_FILE = TcgMorLock.uni
- FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
- MODULE_TYPE = DXE_SMM_DRIVER
- VERSION_STRING = 1.0
- PI_SPECIFICATION_VERSION = 0x0001000A
- ENTRY_POINT = MorLockDriverEntryPointSmm
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 EBC
-#
-
-[Sources]
- TcgMorLock.h
- TcgMorLock.c
- TcgMorLockSmm.c
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[LibraryClasses]
- UefiDriverEntryPoint
- SmmServicesTableLib
- DebugLib
- BaseLib
- BaseMemoryLib
-
-[Guids]
- ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
- gEfiMemoryOverwriteControlDataGuid
-
- ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControlLock"
- ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
- gEfiMemoryOverwriteRequestControlLockGuid
-
-[Protocols]
- gEdkiiSmmVarCheckProtocolGuid ## CONSUMES
- gEfiSmmVariableProtocolGuid ## CONSUMES
-
-[Depex]
- gEfiSmmVariableProtocolGuid AND
- gSmmVariableWriteGuid AND
- ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TcgMorLockExtra.uni
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
2021-08-24 2:28 [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver Qi Zhang
@ 2021-08-26 1:24 ` Yao, Jiewen
2021-08-27 13:44 ` Yao, Jiewen
1 sibling, 0 replies; 4+ messages in thread
From: Yao, Jiewen @ 2021-08-26 1:24 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Kumar, Rahul1, Ni, Ray
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 24, 2021 10:28 AM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
>
> TcgMorLockSmm is only for secure MOR V1.
> VariableSmm covers secure MOR V1 and V2.
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
> SecurityPkg/SecurityPkg.dsc | 1 -
> .../TcgMorLock.c | 191 ------------------
> .../TcgMorLock.h | 131 ------------
> .../TcgMorLock.uni | 16 --
> .../TcgMorLockExtra.uni | 14 --
> .../TcgMorLockSmm.c | 152 --------------
> .../TcgMorLockSmm.inf | 65 ------
> 7 files changed, 570 deletions(-)
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 64157e20f9..7898fe4282 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -338,7 +338,6 @@
>
>
> [Components.IA32, Components.X64]
>
>
>
> - SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
>
> SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
>
> SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
>
> SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> deleted file mode 100644
> index aa230eeefa..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> +++ /dev/null
> @@ -1,191 +0,0 @@
> -/** @file
>
> - TCG MOR (Memory Overwrite Request) Lock Control Driver.
>
> -
>
> - This driver initializes MemoryOverwriteRequestControlLock variable.
>
> - This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
>
> -
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include <PiDxe.h>
>
> -#include <Guid/MemoryOverwriteControl.h>
>
> -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
>
> -#include <Library/DebugLib.h>
>
> -#include <Library/BaseLib.h>
>
> -#include <Library/BaseMemoryLib.h>
>
> -#include "TcgMorLock.h"
>
> -
>
> -typedef struct {
>
> - CHAR16 *VariableName;
>
> - EFI_GUID *VendorGuid;
>
> -} VARIABLE_TYPE;
>
> -
>
> -VARIABLE_TYPE mMorVariableType[] = {
>
> - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
> &gEfiMemoryOverwriteControlDataGuid},
>
> - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> &gEfiMemoryOverwriteRequestControlLockGuid},
>
> -};
>
> -
>
> -/**
>
> - Returns if this is MOR related variable.
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> -
>
> - @retval TRUE The variable is MOR related.
>
> - @retval FALSE The variable is NOT MOR related.
>
> -**/
>
> -BOOLEAN
>
> -IsAnyMorVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid
>
> - )
>
> -{
>
> - UINTN Index;
>
> -
>
> - for (Index = 0; Index <
> sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
>
> - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0)
> &&
>
> - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
>
> - return TRUE;
>
> - }
>
> - }
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Returns if this is MOR lock variable.
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> -
>
> - @retval TRUE The variable is MOR lock variable.
>
> - @retval FALSE The variable is NOT MOR lock variable.
>
> -**/
>
> -BOOLEAN
>
> -IsMorLockVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid
>
> - )
>
> -{
>
> - if ((StrCmp (VariableName,
> MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
>
> - (CompareGuid (VendorGuid,
> &gEfiMemoryOverwriteRequestControlLockGuid))) {
>
> - return TRUE;
>
> - }
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - This service is a checker handler for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -SetVariableCheckHandlerMor (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - )
>
> -{
>
> - UINTN MorLockDataSize;
>
> - BOOLEAN MorLock;
>
> - EFI_STATUS Status;
>
> -
>
> - //
>
> - // do not handle non-MOR variable
>
> - //
>
> - if (!IsAnyMorVariable (VariableName, VendorGuid)) {
>
> - return EFI_SUCCESS;
>
> - }
>
> -
>
> - MorLockDataSize = sizeof(MorLock);
>
> - Status = InternalGetVariable (
>
> - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
>
> - &gEfiMemoryOverwriteRequestControlLockGuid,
>
> - NULL,
>
> - &MorLockDataSize,
>
> - &MorLock
>
> - );
>
> - if (!EFI_ERROR (Status) && MorLock) {
>
> - //
>
> - // If lock, deny access
>
> - //
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> -
>
> - //
>
> - // Delete not OK
>
> - //
>
> - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> -
>
> - //
>
> - // check format
>
> - //
>
> - if (IsMorLockVariable(VariableName, VendorGuid)) {
>
> - //
>
> - // set to any other value not OK
>
> - //
>
> - if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> - }
>
> - //
>
> - // Or grant access
>
> - //
>
> - return EFI_SUCCESS;
>
> -}
>
> -
>
> -/**
>
> - Entry Point for MOR Lock Control driver.
>
> -
>
> - @param[in] ImageHandle Image handle of this driver.
>
> - @param[in] SystemTable A Pointer to the EFI System Table.
>
> -
>
> - @retval EFI_SUCCESS
>
> - @return Others Some error occurs.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -MorLockDriverInit (
>
> - VOID
>
> - )
>
> -{
>
> - EFI_STATUS Status;
>
> - UINT8 Data;
>
> -
>
> - Data = 0;
>
> - Status = InternalSetVariable (
>
> - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
>
> - &gEfiMemoryOverwriteRequestControlLockGuid,
>
> - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
> | EFI_VARIABLE_RUNTIME_ACCESS,
>
> - 1,
>
> - &Data
>
> - );
>
> - return Status;
>
> -}
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> deleted file mode 100644
> index 5a6658c158..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> +++ /dev/null
> @@ -1,131 +0,0 @@
> -/** @file
>
> - TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
>
> -
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#ifndef _EFI_TCG_MOR_LOCK_H_
>
> -#define _EFI_TCG_MOR_LOCK_H_
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service GetVariable().
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize As input, point to the maximum size of return Data-Buffer.
>
> - As output, point to the actual size of the returned Data-Buffer.
>
> - @param Data Point to return Data-Buffer.
>
> -
>
> - @retval EFI_SUCCESS The function completed successfully.
>
> - @retval EFI_NOT_FOUND The variable was not found.
>
> - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.
> DataSize has
>
> - been updated with the size needed to complete the request.
>
> - @retval EFI_INVALID_PARAMETER VariableName is NULL.
>
> - @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
>
> - @retval EFI_INVALID_PARAMETER DataSize is NULL.
>
> - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is
> NULL.
>
> - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a
> hardware error.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalGetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - OUT UINT32 *Attributes OPTIONAL,
>
> - IN OUT UINTN *DataSize,
>
> - OUT VOID *Data
>
> - );
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalSetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - );
>
> -
>
> -/**
>
> - This service is a checker handler for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -SetVariableCheckHandlerMor (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - );
>
> -
>
> -/**
>
> - Entry Point for MOR Lock Control driver.
>
> -
>
> - @param[in] ImageHandle Image handle of this driver.
>
> - @param[in] SystemTable A Pointer to the EFI System Table.
>
> -
>
> - @retval EFI_SUCCESS
>
> - @return Others Some error occurs.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -MorLockDriverInit (
>
> - VOID
>
> - );
>
> -
>
> -#endif
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> deleted file mode 100644
> index 711b37d866..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -// /** @file
>
> -// Initializes MemoryOverwriteRequestControlLock variable
>
> -//
>
> -// This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
>
> -//
>
> -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
>
> -//
>
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -//
>
> -// **/
>
> -
>
> -
>
> -#string STR_MODULE_ABSTRACT #language en-US "Initializes
> MemoryOverwriteRequestControlLock variable"
>
> -
>
> -#string STR_MODULE_DESCRIPTION #language en-US "This module will
> add Variable Hook and allow MemoryOverwriteRequestControlLock variable set
> only once."
>
> -
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> deleted file mode 100644
> index 2679c08c86..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -// /** @file
>
> -// TcgMorLock Localized Strings and Content
>
> -//
>
> -// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -//
>
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -//
>
> -// **/
>
> -
>
> -#string STR_PROPERTIES_MODULE_NAME
>
> -#language en-US
>
> -"TCG (Trusted Computing Group) MOR Lock"
>
> -
>
> -
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> deleted file mode 100644
> index 8c92317313..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> +++ /dev/null
> @@ -1,152 +0,0 @@
> -/** @file
>
> - TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
>
> -
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include <PiSmm.h>
>
> -#include <Library/SmmServicesTableLib.h>
>
> -#include <Library/DebugLib.h>
>
> -#include <Protocol/SmmVarCheck.h>
>
> -#include <Protocol/SmmVariable.h>
>
> -#include "TcgMorLock.h"
>
> -
>
> -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service GetVariable().
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize As input, point to the maximum size of return Data-Buffer.
>
> - As output, point to the actual size of the returned Data-Buffer.
>
> - @param Data Point to return Data-Buffer.
>
> -
>
> - @retval EFI_SUCCESS The function completed successfully.
>
> - @retval EFI_NOT_FOUND The variable was not found.
>
> - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.
> DataSize has
>
> - been updated with the size needed to complete the request.
>
> - @retval EFI_INVALID_PARAMETER VariableName is NULL.
>
> - @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
>
> - @retval EFI_INVALID_PARAMETER DataSize is NULL.
>
> - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is
> NULL.
>
> - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a
> hardware error.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalGetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - OUT UINT32 *Attributes OPTIONAL,
>
> - IN OUT UINTN *DataSize,
>
> - OUT VOID *Data
>
> - )
>
> -{
>
> - return mSmmVariable->SmmGetVariable (
>
> - VariableName,
>
> - VendorGuid,
>
> - Attributes,
>
> - DataSize,
>
> - Data
>
> - );
>
> -}
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalSetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - )
>
> -{
>
> - return mSmmVariable->SmmSetVariable (
>
> - VariableName,
>
> - VendorGuid,
>
> - Attributes,
>
> - DataSize,
>
> - Data
>
> - );
>
> -}
>
> -
>
> -/**
>
> - Entry Point for MOR Lock Control driver.
>
> -
>
> - @param[in] ImageHandle The firmware allocated handle for the EFI image.
>
> - @param[in] SystemTable A pointer to the EFI System Table.
>
> -
>
> - @retval EFI_SUCCESS EntryPoint runs successfully.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -MorLockDriverEntryPointSmm (
>
> - IN EFI_HANDLE ImageHandle,
>
> - IN EFI_SYSTEM_TABLE *SystemTable
>
> - )
>
> -{
>
> - EFI_STATUS Status;
>
> - EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck;
>
> -
>
> - //
>
> - // This driver link to Smm Variable driver
>
> - //
>
> - DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
>
> -
>
> - Status = gSmst->SmmLocateProtocol (
>
> - &gEfiSmmVariableProtocolGuid,
>
> - NULL,
>
> - (VOID **) &mSmmVariable
>
> - );
>
> - ASSERT_EFI_ERROR (Status);
>
> -
>
> - Status = gSmst->SmmLocateProtocol (
>
> - &gEdkiiSmmVarCheckProtocolGuid,
>
> - NULL,
>
> - (VOID **) &SmmVarCheck
>
> - );
>
> - ASSERT_EFI_ERROR (Status);
>
> -
>
> - Status = MorLockDriverInit ();
>
> - if (EFI_ERROR (Status)) {
>
> - return Status;
>
> - }
>
> -
>
> - Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler
> (SetVariableCheckHandlerMor);
>
> - ASSERT_EFI_ERROR (Status);
>
> -
>
> - return Status;
>
> -}
>
> -
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> deleted file mode 100644
> index 875c1e5f3a..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> +++ /dev/null
> @@ -1,65 +0,0 @@
> -## @file
>
> -# Initializes MemoryOverwriteRequestControlLock variable
>
> -#
>
> -# This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
>
> -#
>
> -# NOTE: This module only handles secure MOR V1 and is deprecated.
>
> -# The secure MOR V2 is handled inside of variable driver.
>
> -#
>
> -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -#
>
> -##
>
> -
>
> -[Defines]
>
> - INF_VERSION = 0x00010005
>
> - BASE_NAME = TcgMorLockSmm
>
> - MODULE_UNI_FILE = TcgMorLock.uni
>
> - FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
>
> - MODULE_TYPE = DXE_SMM_DRIVER
>
> - VERSION_STRING = 1.0
>
> - PI_SPECIFICATION_VERSION = 0x0001000A
>
> - ENTRY_POINT = MorLockDriverEntryPointSmm
>
> -
>
> -#
>
> -# The following information is for reference only and not required by the build
> tools.
>
> -#
>
> -# VALID_ARCHITECTURES = IA32 X64 EBC
>
> -#
>
> -
>
> -[Sources]
>
> - TcgMorLock.h
>
> - TcgMorLock.c
>
> - TcgMorLockSmm.c
>
> -
>
> -[Packages]
>
> - MdePkg/MdePkg.dec
>
> - MdeModulePkg/MdeModulePkg.dec
>
> - SecurityPkg/SecurityPkg.dec
>
> -
>
> -[LibraryClasses]
>
> - UefiDriverEntryPoint
>
> - SmmServicesTableLib
>
> - DebugLib
>
> - BaseLib
>
> - BaseMemoryLib
>
> -
>
> -[Guids]
>
> - ## SOMETIMES_CONSUMES ##
> Variable:L"MemoryOverwriteRequestControl"
>
> - gEfiMemoryOverwriteControlDataGuid
>
> -
>
> - ## SOMETIMES_CONSUMES ##
> Variable:L"MemoryOverwriteRequestControlLock"
>
> - ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
>
> - gEfiMemoryOverwriteRequestControlLockGuid
>
> -
>
> -[Protocols]
>
> - gEdkiiSmmVarCheckProtocolGuid ## CONSUMES
>
> - gEfiSmmVariableProtocolGuid ## CONSUMES
>
> -
>
> -[Depex]
>
> - gEfiSmmVariableProtocolGuid AND
>
> - gSmmVariableWriteGuid AND
>
> - ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
>
> -
>
> -[UserExtensions.TianoCore."ExtraFiles"]
>
> - TcgMorLockExtra.uni
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
2021-08-24 2:28 [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver Qi Zhang
2021-08-26 1:24 ` Yao, Jiewen
@ 2021-08-27 13:44 ` Yao, Jiewen
2021-08-28 6:44 ` Qi Zhang
1 sibling, 1 reply; 4+ messages in thread
From: Yao, Jiewen @ 2021-08-27 13:44 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Kumar, Rahul1, Ni, Ray
Hi
This patch failed in CI - https://github.com/tianocore/edk2/pull/1922
Please take a look and submit patch again.
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 24, 2021 10:28 AM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
>
> TcgMorLockSmm is only for secure MOR V1.
> VariableSmm covers secure MOR V1 and V2.
>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
> SecurityPkg/SecurityPkg.dsc | 1 -
> .../TcgMorLock.c | 191 ------------------
> .../TcgMorLock.h | 131 ------------
> .../TcgMorLock.uni | 16 --
> .../TcgMorLockExtra.uni | 14 --
> .../TcgMorLockSmm.c | 152 --------------
> .../TcgMorLockSmm.inf | 65 ------
> 7 files changed, 570 deletions(-)
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> delete mode 100644
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 64157e20f9..7898fe4282 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -338,7 +338,6 @@
>
>
> [Components.IA32, Components.X64]
>
>
>
> - SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
>
> SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
>
> SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
>
> SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> deleted file mode 100644
> index aa230eeefa..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> +++ /dev/null
> @@ -1,191 +0,0 @@
> -/** @file
>
> - TCG MOR (Memory Overwrite Request) Lock Control Driver.
>
> -
>
> - This driver initializes MemoryOverwriteRequestControlLock variable.
>
> - This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
>
> -
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include <PiDxe.h>
>
> -#include <Guid/MemoryOverwriteControl.h>
>
> -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
>
> -#include <Library/DebugLib.h>
>
> -#include <Library/BaseLib.h>
>
> -#include <Library/BaseMemoryLib.h>
>
> -#include "TcgMorLock.h"
>
> -
>
> -typedef struct {
>
> - CHAR16 *VariableName;
>
> - EFI_GUID *VendorGuid;
>
> -} VARIABLE_TYPE;
>
> -
>
> -VARIABLE_TYPE mMorVariableType[] = {
>
> - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
> &gEfiMemoryOverwriteControlDataGuid},
>
> - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> &gEfiMemoryOverwriteRequestControlLockGuid},
>
> -};
>
> -
>
> -/**
>
> - Returns if this is MOR related variable.
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> -
>
> - @retval TRUE The variable is MOR related.
>
> - @retval FALSE The variable is NOT MOR related.
>
> -**/
>
> -BOOLEAN
>
> -IsAnyMorVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid
>
> - )
>
> -{
>
> - UINTN Index;
>
> -
>
> - for (Index = 0; Index <
> sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
>
> - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0)
> &&
>
> - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
>
> - return TRUE;
>
> - }
>
> - }
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - Returns if this is MOR lock variable.
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> -
>
> - @retval TRUE The variable is MOR lock variable.
>
> - @retval FALSE The variable is NOT MOR lock variable.
>
> -**/
>
> -BOOLEAN
>
> -IsMorLockVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid
>
> - )
>
> -{
>
> - if ((StrCmp (VariableName,
> MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
>
> - (CompareGuid (VendorGuid,
> &gEfiMemoryOverwriteRequestControlLockGuid))) {
>
> - return TRUE;
>
> - }
>
> - return FALSE;
>
> -}
>
> -
>
> -/**
>
> - This service is a checker handler for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -SetVariableCheckHandlerMor (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - )
>
> -{
>
> - UINTN MorLockDataSize;
>
> - BOOLEAN MorLock;
>
> - EFI_STATUS Status;
>
> -
>
> - //
>
> - // do not handle non-MOR variable
>
> - //
>
> - if (!IsAnyMorVariable (VariableName, VendorGuid)) {
>
> - return EFI_SUCCESS;
>
> - }
>
> -
>
> - MorLockDataSize = sizeof(MorLock);
>
> - Status = InternalGetVariable (
>
> - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
>
> - &gEfiMemoryOverwriteRequestControlLockGuid,
>
> - NULL,
>
> - &MorLockDataSize,
>
> - &MorLock
>
> - );
>
> - if (!EFI_ERROR (Status) && MorLock) {
>
> - //
>
> - // If lock, deny access
>
> - //
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> -
>
> - //
>
> - // Delete not OK
>
> - //
>
> - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> -
>
> - //
>
> - // check format
>
> - //
>
> - if (IsMorLockVariable(VariableName, VendorGuid)) {
>
> - //
>
> - // set to any other value not OK
>
> - //
>
> - if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
>
> - return EFI_INVALID_PARAMETER;
>
> - }
>
> - }
>
> - //
>
> - // Or grant access
>
> - //
>
> - return EFI_SUCCESS;
>
> -}
>
> -
>
> -/**
>
> - Entry Point for MOR Lock Control driver.
>
> -
>
> - @param[in] ImageHandle Image handle of this driver.
>
> - @param[in] SystemTable A Pointer to the EFI System Table.
>
> -
>
> - @retval EFI_SUCCESS
>
> - @return Others Some error occurs.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -MorLockDriverInit (
>
> - VOID
>
> - )
>
> -{
>
> - EFI_STATUS Status;
>
> - UINT8 Data;
>
> -
>
> - Data = 0;
>
> - Status = InternalSetVariable (
>
> - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
>
> - &gEfiMemoryOverwriteRequestControlLockGuid,
>
> - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
> | EFI_VARIABLE_RUNTIME_ACCESS,
>
> - 1,
>
> - &Data
>
> - );
>
> - return Status;
>
> -}
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> deleted file mode 100644
> index 5a6658c158..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> +++ /dev/null
> @@ -1,131 +0,0 @@
> -/** @file
>
> - TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
>
> -
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#ifndef _EFI_TCG_MOR_LOCK_H_
>
> -#define _EFI_TCG_MOR_LOCK_H_
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service GetVariable().
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize As input, point to the maximum size of return Data-Buffer.
>
> - As output, point to the actual size of the returned Data-Buffer.
>
> - @param Data Point to return Data-Buffer.
>
> -
>
> - @retval EFI_SUCCESS The function completed successfully.
>
> - @retval EFI_NOT_FOUND The variable was not found.
>
> - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.
> DataSize has
>
> - been updated with the size needed to complete the request.
>
> - @retval EFI_INVALID_PARAMETER VariableName is NULL.
>
> - @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
>
> - @retval EFI_INVALID_PARAMETER DataSize is NULL.
>
> - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is
> NULL.
>
> - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a
> hardware error.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalGetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - OUT UINT32 *Attributes OPTIONAL,
>
> - IN OUT UINTN *DataSize,
>
> - OUT VOID *Data
>
> - );
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalSetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - );
>
> -
>
> -/**
>
> - This service is a checker handler for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -SetVariableCheckHandlerMor (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - );
>
> -
>
> -/**
>
> - Entry Point for MOR Lock Control driver.
>
> -
>
> - @param[in] ImageHandle Image handle of this driver.
>
> - @param[in] SystemTable A Pointer to the EFI System Table.
>
> -
>
> - @retval EFI_SUCCESS
>
> - @return Others Some error occurs.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -MorLockDriverInit (
>
> - VOID
>
> - );
>
> -
>
> -#endif
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> deleted file mode 100644
> index 711b37d866..0000000000
> --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> +++ /dev/null
> @@ -1,16 +0,0 @@
> -// /** @file
>
> -// Initializes MemoryOverwriteRequestControlLock variable
>
> -//
>
> -// This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
>
> -//
>
> -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
>
> -//
>
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -//
>
> -// **/
>
> -
>
> -
>
> -#string STR_MODULE_ABSTRACT #language en-US "Initializes
> MemoryOverwriteRequestControlLock variable"
>
> -
>
> -#string STR_MODULE_DESCRIPTION #language en-US "This module will
> add Variable Hook and allow MemoryOverwriteRequestControlLock variable set
> only once."
>
> -
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> deleted file mode 100644
> index 2679c08c86..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -// /** @file
>
> -// TcgMorLock Localized Strings and Content
>
> -//
>
> -// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -//
>
> -// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -//
>
> -// **/
>
> -
>
> -#string STR_PROPERTIES_MODULE_NAME
>
> -#language en-US
>
> -"TCG (Trusted Computing Group) MOR Lock"
>
> -
>
> -
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> deleted file mode 100644
> index 8c92317313..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> +++ /dev/null
> @@ -1,152 +0,0 @@
> -/** @file
>
> - TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
>
> -
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -
>
> -**/
>
> -
>
> -#include <PiSmm.h>
>
> -#include <Library/SmmServicesTableLib.h>
>
> -#include <Library/DebugLib.h>
>
> -#include <Protocol/SmmVarCheck.h>
>
> -#include <Protocol/SmmVariable.h>
>
> -#include "TcgMorLock.h"
>
> -
>
> -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service GetVariable().
>
> -
>
> - @param VariableName the name of the vendor's variable, it's a Null-
> Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize As input, point to the maximum size of return Data-Buffer.
>
> - As output, point to the actual size of the returned Data-Buffer.
>
> - @param Data Point to return Data-Buffer.
>
> -
>
> - @retval EFI_SUCCESS The function completed successfully.
>
> - @retval EFI_NOT_FOUND The variable was not found.
>
> - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result.
> DataSize has
>
> - been updated with the size needed to complete the request.
>
> - @retval EFI_INVALID_PARAMETER VariableName is NULL.
>
> - @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
>
> - @retval EFI_INVALID_PARAMETER DataSize is NULL.
>
> - @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is
> NULL.
>
> - @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a
> hardware error.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to
> an authentication failure.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalGetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - OUT UINT32 *Attributes OPTIONAL,
>
> - IN OUT UINTN *DataSize,
>
> - OUT VOID *Data
>
> - )
>
> -{
>
> - return mSmmVariable->SmmGetVariable (
>
> - VariableName,
>
> - VendorGuid,
>
> - Attributes,
>
> - DataSize,
>
> - Data
>
> - );
>
> -}
>
> -
>
> -/**
>
> - This service is a wrapper for the UEFI Runtime Service SetVariable()
>
> -
>
> - @param VariableName the name of the vendor's variable, as a
>
> - Null-Terminated Unicode String
>
> - @param VendorGuid Unify identifier for vendor.
>
> - @param Attributes Point to memory location to return the attributes of
> variable. If the point
>
> - is NULL, the parameter would be ignored.
>
> - @param DataSize The size in bytes of Data-Buffer.
>
> - @param Data Point to the content of the variable.
>
> -
>
> - @retval EFI_SUCCESS The firmware has successfully stored the variable
> and its data as
>
> - defined by the Attributes.
>
> - @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits
> was supplied, or the
>
> - DataSize exceeds the maximum allowed.
>
> - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
>
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the variable and its data.
>
> - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> hardware failure.
>
> - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
>
> - @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
>
> - @retval EFI_SECURITY_VIOLATION The variable could not be written due to
> EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
>
> - set but the AuthInfo does NOT pass the validation check
> carried
>
> - out by the firmware.
>
> - @retval EFI_NOT_FOUND The variable trying to be updated or deleted
> was not found.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -InternalSetVariable (
>
> - IN CHAR16 *VariableName,
>
> - IN EFI_GUID *VendorGuid,
>
> - IN UINT32 Attributes,
>
> - IN UINTN DataSize,
>
> - IN VOID *Data
>
> - )
>
> -{
>
> - return mSmmVariable->SmmSetVariable (
>
> - VariableName,
>
> - VendorGuid,
>
> - Attributes,
>
> - DataSize,
>
> - Data
>
> - );
>
> -}
>
> -
>
> -/**
>
> - Entry Point for MOR Lock Control driver.
>
> -
>
> - @param[in] ImageHandle The firmware allocated handle for the EFI image.
>
> - @param[in] SystemTable A pointer to the EFI System Table.
>
> -
>
> - @retval EFI_SUCCESS EntryPoint runs successfully.
>
> -
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -MorLockDriverEntryPointSmm (
>
> - IN EFI_HANDLE ImageHandle,
>
> - IN EFI_SYSTEM_TABLE *SystemTable
>
> - )
>
> -{
>
> - EFI_STATUS Status;
>
> - EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck;
>
> -
>
> - //
>
> - // This driver link to Smm Variable driver
>
> - //
>
> - DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
>
> -
>
> - Status = gSmst->SmmLocateProtocol (
>
> - &gEfiSmmVariableProtocolGuid,
>
> - NULL,
>
> - (VOID **) &mSmmVariable
>
> - );
>
> - ASSERT_EFI_ERROR (Status);
>
> -
>
> - Status = gSmst->SmmLocateProtocol (
>
> - &gEdkiiSmmVarCheckProtocolGuid,
>
> - NULL,
>
> - (VOID **) &SmmVarCheck
>
> - );
>
> - ASSERT_EFI_ERROR (Status);
>
> -
>
> - Status = MorLockDriverInit ();
>
> - if (EFI_ERROR (Status)) {
>
> - return Status;
>
> - }
>
> -
>
> - Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler
> (SetVariableCheckHandlerMor);
>
> - ASSERT_EFI_ERROR (Status);
>
> -
>
> - return Status;
>
> -}
>
> -
>
> diff --git
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> deleted file mode 100644
> index 875c1e5f3a..0000000000
> ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> +++ /dev/null
> @@ -1,65 +0,0 @@
> -## @file
>
> -# Initializes MemoryOverwriteRequestControlLock variable
>
> -#
>
> -# This module will add Variable Hook and allow
> MemoryOverwriteRequestControlLock variable set only once.
>
> -#
>
> -# NOTE: This module only handles secure MOR V1 and is deprecated.
>
> -# The secure MOR V2 is handled inside of variable driver.
>
> -#
>
> -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> -# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> -#
>
> -##
>
> -
>
> -[Defines]
>
> - INF_VERSION = 0x00010005
>
> - BASE_NAME = TcgMorLockSmm
>
> - MODULE_UNI_FILE = TcgMorLock.uni
>
> - FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
>
> - MODULE_TYPE = DXE_SMM_DRIVER
>
> - VERSION_STRING = 1.0
>
> - PI_SPECIFICATION_VERSION = 0x0001000A
>
> - ENTRY_POINT = MorLockDriverEntryPointSmm
>
> -
>
> -#
>
> -# The following information is for reference only and not required by the build
> tools.
>
> -#
>
> -# VALID_ARCHITECTURES = IA32 X64 EBC
>
> -#
>
> -
>
> -[Sources]
>
> - TcgMorLock.h
>
> - TcgMorLock.c
>
> - TcgMorLockSmm.c
>
> -
>
> -[Packages]
>
> - MdePkg/MdePkg.dec
>
> - MdeModulePkg/MdeModulePkg.dec
>
> - SecurityPkg/SecurityPkg.dec
>
> -
>
> -[LibraryClasses]
>
> - UefiDriverEntryPoint
>
> - SmmServicesTableLib
>
> - DebugLib
>
> - BaseLib
>
> - BaseMemoryLib
>
> -
>
> -[Guids]
>
> - ## SOMETIMES_CONSUMES ##
> Variable:L"MemoryOverwriteRequestControl"
>
> - gEfiMemoryOverwriteControlDataGuid
>
> -
>
> - ## SOMETIMES_CONSUMES ##
> Variable:L"MemoryOverwriteRequestControlLock"
>
> - ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
>
> - gEfiMemoryOverwriteRequestControlLockGuid
>
> -
>
> -[Protocols]
>
> - gEdkiiSmmVarCheckProtocolGuid ## CONSUMES
>
> - gEfiSmmVariableProtocolGuid ## CONSUMES
>
> -
>
> -[Depex]
>
> - gEfiSmmVariableProtocolGuid AND
>
> - gSmmVariableWriteGuid AND
>
> - ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
>
> -
>
> -[UserExtensions.TianoCore."ExtraFiles"]
>
> - TcgMorLockExtra.uni
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
2021-08-27 13:44 ` Yao, Jiewen
@ 2021-08-28 6:44 ` Qi Zhang
0 siblings, 0 replies; 4+ messages in thread
From: Qi Zhang @ 2021-08-28 6:44 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io; +Cc: Wang, Jian J, Kumar, Rahul1, Ni, Ray
I created a new PR and pass CI.
https://github.com/tianocore/edk2/pull/1924
Thanks!
Qi Zhang
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Friday, August 27, 2021 9:44 PM
> To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Kumar, Rahul1
> <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: RE: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
>
> Hi
> This patch failed in CI - https://github.com/tianocore/edk2/pull/1922
>
> Please take a look and submit patch again.
>
> > -----Original Message-----
> > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > Sent: Tuesday, August 24, 2021 10:28 AM
> > To: devel@edk2.groups.io
> > Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen
> > <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Kumar,
> > Rahul1 <rahul1.kumar@intel.com>; Ni, Ray <ray.ni@intel.com>
> > Subject: [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3583
> >
> > TcgMorLockSmm is only for secure MOR V1.
> > VariableSmm covers secure MOR V1 and V2.
> >
> > Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Rahul Kumar <rahul1.kumar@intel.com>
> > Cc: Ray Ni <ray.ni@intel.com>
> > ---
> > SecurityPkg/SecurityPkg.dsc | 1 -
> > .../TcgMorLock.c | 191 ------------------
> > .../TcgMorLock.h | 131 ------------
> > .../TcgMorLock.uni | 16 --
> > .../TcgMorLockExtra.uni | 14 --
> > .../TcgMorLockSmm.c | 152 --------------
> > .../TcgMorLockSmm.inf | 65 ------
> > 7 files changed, 570 deletions(-)
> > delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > delete mode 100644
> >
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni
> > delete mode 100644
> > SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> > delete mode 100644
> >
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> >
> > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> > index 64157e20f9..7898fe4282 100644
> > --- a/SecurityPkg/SecurityPkg.dsc
> > +++ b/SecurityPkg/SecurityPkg.dsc
> > @@ -338,7 +338,6 @@
> >
> >
> > [Components.IA32, Components.X64]
> >
> >
> >
> > -
> SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
> >
> > SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
> >
> > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf
> >
> > SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf
> >
> > diff --git
> > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > deleted file mode 100644
> > index aa230eeefa..0000000000
> > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
> > +++ /dev/null
> > @@ -1,191 +0,0 @@
> > -/** @file
> >
> > - TCG MOR (Memory Overwrite Request) Lock Control Driver.
> >
> > -
> >
> > - This driver initializes MemoryOverwriteRequestControlLock variable.
> >
> > - This module will add Variable Hook and allow
> > MemoryOverwriteRequestControlLock variable set only once.
> >
> > -
> >
> > -Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include <PiDxe.h>
> >
> > -#include <Guid/MemoryOverwriteControl.h>
> >
> > -#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
> >
> > -#include <Library/DebugLib.h>
> >
> > -#include <Library/BaseLib.h>
> >
> > -#include <Library/BaseMemoryLib.h>
> >
> > -#include "TcgMorLock.h"
> >
> > -
> >
> > -typedef struct {
> >
> > - CHAR16 *VariableName;
> >
> > - EFI_GUID *VendorGuid;
> >
> > -} VARIABLE_TYPE;
> >
> > -
> >
> > -VARIABLE_TYPE mMorVariableType[] = {
> >
> > - {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
> > &gEfiMemoryOverwriteControlDataGuid},
> >
> > - {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> > &gEfiMemoryOverwriteRequestControlLockGuid},
> >
> > -};
> >
> > -
> >
> > -/**
> >
> > - Returns if this is MOR related variable.
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > -
> >
> > - @retval TRUE The variable is MOR related.
> >
> > - @retval FALSE The variable is NOT MOR related.
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -IsAnyMorVariable (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid
> >
> > - )
> >
> > -{
> >
> > - UINTN Index;
> >
> > -
> >
> > - for (Index = 0; Index <
> > sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
> >
> > - if ((StrCmp (VariableName, mMorVariableType[Index].VariableName)
> == 0)
> > &&
> >
> > - (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))
> {
> >
> > - return TRUE;
> >
> > - }
> >
> > - }
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Returns if this is MOR lock variable.
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > -
> >
> > - @retval TRUE The variable is MOR lock variable.
> >
> > - @retval FALSE The variable is NOT MOR lock variable.
> >
> > -**/
> >
> > -BOOLEAN
> >
> > -IsMorLockVariable (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid
> >
> > - )
> >
> > -{
> >
> > - if ((StrCmp (VariableName,
> > MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
> >
> > - (CompareGuid (VendorGuid,
> > &gEfiMemoryOverwriteRequestControlLockGuid))) {
> >
> > - return TRUE;
> >
> > - }
> >
> > - return FALSE;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - This service is a checker handler for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, as a
> >
> > - Null-Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > - @param Attributes Point to memory location to return the attributes of
> > variable. If the point
> >
> > - is NULL, the parameter would be ignored.
> >
> > - @param DataSize The size in bytes of Data-Buffer.
> >
> > - @param Data Point to the content of the variable.
> >
> > -
> >
> > - @retval EFI_SUCCESS The firmware has successfully stored the
> variable
> > and its data as
> >
> > - defined by the Attributes.
> >
> > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute
> > bits was supplied, or the
> >
> > - DataSize exceeds the maximum allowed.
> >
> > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode
> string.
> >
> > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to
> hold
> > the variable and its data.
> >
> > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> > hardware failure.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question cannot be
> deleted.
> >
> > - @retval EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > - set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > - out by the firmware.
> >
> > - @retval EFI_NOT_FOUND The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -SetVariableCheckHandlerMor (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid,
> >
> > - IN UINT32 Attributes,
> >
> > - IN UINTN DataSize,
> >
> > - IN VOID *Data
> >
> > - )
> >
> > -{
> >
> > - UINTN MorLockDataSize;
> >
> > - BOOLEAN MorLock;
> >
> > - EFI_STATUS Status;
> >
> > -
> >
> > - //
> >
> > - // do not handle non-MOR variable
> >
> > - //
> >
> > - if (!IsAnyMorVariable (VariableName, VendorGuid)) {
> >
> > - return EFI_SUCCESS;
> >
> > - }
> >
> > -
> >
> > - MorLockDataSize = sizeof(MorLock);
> >
> > - Status = InternalGetVariable (
> >
> > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> >
> > - &gEfiMemoryOverwriteRequestControlLockGuid,
> >
> > - NULL,
> >
> > - &MorLockDataSize,
> >
> > - &MorLock
> >
> > - );
> >
> > - if (!EFI_ERROR (Status) && MorLock) {
> >
> > - //
> >
> > - // If lock, deny access
> >
> > - //
> >
> > - return EFI_INVALID_PARAMETER;
> >
> > - }
> >
> > -
> >
> > - //
> >
> > - // Delete not OK
> >
> > - //
> >
> > - if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes ==
> > 0)) {
> >
> > - return EFI_INVALID_PARAMETER;
> >
> > - }
> >
> > -
> >
> > - //
> >
> > - // check format
> >
> > - //
> >
> > - if (IsMorLockVariable(VariableName, VendorGuid)) {
> >
> > - //
> >
> > - // set to any other value not OK
> >
> > - //
> >
> > - if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) {
> >
> > - return EFI_INVALID_PARAMETER;
> >
> > - }
> >
> > - }
> >
> > - //
> >
> > - // Or grant access
> >
> > - //
> >
> > - return EFI_SUCCESS;
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Entry Point for MOR Lock Control driver.
> >
> > -
> >
> > - @param[in] ImageHandle Image handle of this driver.
> >
> > - @param[in] SystemTable A Pointer to the EFI System Table.
> >
> > -
> >
> > - @retval EFI_SUCCESS
> >
> > - @return Others Some error occurs.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -MorLockDriverInit (
> >
> > - VOID
> >
> > - )
> >
> > -{
> >
> > - EFI_STATUS Status;
> >
> > - UINT8 Data;
> >
> > -
> >
> > - Data = 0;
> >
> > - Status = InternalSetVariable (
> >
> > - MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
> >
> > - &gEfiMemoryOverwriteRequestControlLockGuid,
> >
> > - EFI_VARIABLE_NON_VOLATILE |
> EFI_VARIABLE_BOOTSERVICE_ACCESS
> > | EFI_VARIABLE_RUNTIME_ACCESS,
> >
> > - 1,
> >
> > - &Data
> >
> > - );
> >
> > - return Status;
> >
> > -}
> >
> > diff --git
> > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > deleted file mode 100644
> > index 5a6658c158..0000000000
> > --- a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
> > +++ /dev/null
> > @@ -1,131 +0,0 @@
> > -/** @file
> >
> > - TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
> >
> > -
> >
> > -Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#ifndef _EFI_TCG_MOR_LOCK_H_
> >
> > -#define _EFI_TCG_MOR_LOCK_H_
> >
> > -
> >
> > -/**
> >
> > - This service is a wrapper for the UEFI Runtime Service GetVariable().
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > - @param Attributes Point to memory location to return the attributes of
> > variable. If the point
> >
> > - is NULL, the parameter would be ignored.
> >
> > - @param DataSize As input, point to the maximum size of return Data-
> Buffer.
> >
> > - As output, point to the actual size of the returned Data-Buffer.
> >
> > - @param Data Point to return Data-Buffer.
> >
> > -
> >
> > - @retval EFI_SUCCESS The function completed successfully.
> >
> > - @retval EFI_NOT_FOUND The variable was not found.
> >
> > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the
> result.
> > DataSize has
> >
> > - been updated with the size needed to complete the
> request.
> >
> > - @retval EFI_INVALID_PARAMETER VariableName is NULL.
> >
> > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
> >
> > - @retval EFI_INVALID_PARAMETER DataSize is NULL.
> >
> > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and
> > Data is NULL.
> >
> > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due
> to a
> > hardware error.
> >
> > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved
> > due to an authentication failure.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalGetVariable (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid,
> >
> > - OUT UINT32 *Attributes OPTIONAL,
> >
> > - IN OUT UINTN *DataSize,
> >
> > - OUT VOID *Data
> >
> > - );
> >
> > -
> >
> > -/**
> >
> > - This service is a wrapper for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, as a
> >
> > - Null-Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > - @param Attributes Point to memory location to return the attributes of
> > variable. If the point
> >
> > - is NULL, the parameter would be ignored.
> >
> > - @param DataSize The size in bytes of Data-Buffer.
> >
> > - @param Data Point to the content of the variable.
> >
> > -
> >
> > - @retval EFI_SUCCESS The firmware has successfully stored the
> variable
> > and its data as
> >
> > - defined by the Attributes.
> >
> > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute
> > bits was supplied, or the
> >
> > - DataSize exceeds the maximum allowed.
> >
> > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode
> string.
> >
> > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to
> hold
> > the variable and its data.
> >
> > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> > hardware failure.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question cannot be
> deleted.
> >
> > - @retval EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > - set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > - out by the firmware.
> >
> > - @retval EFI_NOT_FOUND The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalSetVariable (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid,
> >
> > - IN UINT32 Attributes,
> >
> > - IN UINTN DataSize,
> >
> > - IN VOID *Data
> >
> > - );
> >
> > -
> >
> > -/**
> >
> > - This service is a checker handler for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, as a
> >
> > - Null-Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > - @param Attributes Point to memory location to return the attributes of
> > variable. If the point
> >
> > - is NULL, the parameter would be ignored.
> >
> > - @param DataSize The size in bytes of Data-Buffer.
> >
> > - @param Data Point to the content of the variable.
> >
> > -
> >
> > - @retval EFI_SUCCESS The firmware has successfully stored the
> variable
> > and its data as
> >
> > - defined by the Attributes.
> >
> > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute
> > bits was supplied, or the
> >
> > - DataSize exceeds the maximum allowed.
> >
> > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode
> string.
> >
> > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to
> hold
> > the variable and its data.
> >
> > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> > hardware failure.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question cannot be
> deleted.
> >
> > - @retval EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > - set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > - out by the firmware.
> >
> > - @retval EFI_NOT_FOUND The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -SetVariableCheckHandlerMor (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid,
> >
> > - IN UINT32 Attributes,
> >
> > - IN UINTN DataSize,
> >
> > - IN VOID *Data
> >
> > - );
> >
> > -
> >
> > -/**
> >
> > - Entry Point for MOR Lock Control driver.
> >
> > -
> >
> > - @param[in] ImageHandle Image handle of this driver.
> >
> > - @param[in] SystemTable A Pointer to the EFI System Table.
> >
> > -
> >
> > - @retval EFI_SUCCESS
> >
> > - @return Others Some error occurs.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -MorLockDriverInit (
> >
> > - VOID
> >
> > - );
> >
> > -
> >
> > -#endif
> >
> > diff --git
> > a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > deleted file mode 100644
> > index 711b37d866..0000000000
> > ---
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni
> > +++ /dev/null
> > @@ -1,16 +0,0 @@
> > -// /** @file
> >
> > -// Initializes MemoryOverwriteRequestControlLock variable
> >
> > -//
> >
> > -// This module will add Variable Hook and allow
> > MemoryOverwriteRequestControlLock variable set only once.
> >
> > -//
> >
> > -// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> >
> > -//
> >
> > -// SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -//
> >
> > -// **/
> >
> > -
> >
> > -
> >
> > -#string STR_MODULE_ABSTRACT #language en-US "Initializes
> > MemoryOverwriteRequestControlLock variable"
> >
> > -
> >
> > -#string STR_MODULE_DESCRIPTION #language en-US "This module
> will
> > add Variable Hook and allow MemoryOverwriteRequestControlLock
> variable
> > set only once."
> >
> > -
> >
> > diff --git
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.u
> n
> > i
> >
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.
> un
> > i
> > deleted file mode 100644
> > index 2679c08c86..0000000000
> > ---
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.u
> n
> > i
> > +++ /dev/null
> > @@ -1,14 +0,0 @@
> > -// /** @file
> >
> > -// TcgMorLock Localized Strings and Content
> >
> > -//
> >
> > -// Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -//
> >
> > -// SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -//
> >
> > -// **/
> >
> > -
> >
> > -#string STR_PROPERTIES_MODULE_NAME
> >
> > -#language en-US
> >
> > -"TCG (Trusted Computing Group) MOR Lock"
> >
> > -
> >
> > -
> >
> > diff --git
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> >
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> > deleted file mode 100644
> > index 8c92317313..0000000000
> > ---
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
> > +++ /dev/null
> > @@ -1,152 +0,0 @@
> > -/** @file
> >
> > - TCG MOR (Memory Overwrite Request) Lock Control Driver SMM
> wrapper.
> >
> > -
> >
> > -Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -
> >
> > -**/
> >
> > -
> >
> > -#include <PiSmm.h>
> >
> > -#include <Library/SmmServicesTableLib.h>
> >
> > -#include <Library/DebugLib.h>
> >
> > -#include <Protocol/SmmVarCheck.h>
> >
> > -#include <Protocol/SmmVariable.h>
> >
> > -#include "TcgMorLock.h"
> >
> > -
> >
> > -EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
> >
> > -
> >
> > -/**
> >
> > - This service is a wrapper for the UEFI Runtime Service GetVariable().
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, it's a
> > Null- Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > - @param Attributes Point to memory location to return the attributes of
> > variable. If the point
> >
> > - is NULL, the parameter would be ignored.
> >
> > - @param DataSize As input, point to the maximum size of return Data-
> Buffer.
> >
> > - As output, point to the actual size of the returned Data-Buffer.
> >
> > - @param Data Point to return Data-Buffer.
> >
> > -
> >
> > - @retval EFI_SUCCESS The function completed successfully.
> >
> > - @retval EFI_NOT_FOUND The variable was not found.
> >
> > - @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the
> result.
> > DataSize has
> >
> > - been updated with the size needed to complete the
> request.
> >
> > - @retval EFI_INVALID_PARAMETER VariableName is NULL.
> >
> > - @retval EFI_INVALID_PARAMETER VendorGuid is NULL.
> >
> > - @retval EFI_INVALID_PARAMETER DataSize is NULL.
> >
> > - @retval EFI_INVALID_PARAMETER The DataSize is not too small and
> > Data is NULL.
> >
> > - @retval EFI_DEVICE_ERROR The variable could not be retrieved due
> to a
> > hardware error.
> >
> > - @retval EFI_SECURITY_VIOLATION The variable could not be retrieved
> > due to an authentication failure.
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalGetVariable (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid,
> >
> > - OUT UINT32 *Attributes OPTIONAL,
> >
> > - IN OUT UINTN *DataSize,
> >
> > - OUT VOID *Data
> >
> > - )
> >
> > -{
> >
> > - return mSmmVariable->SmmGetVariable (
> >
> > - VariableName,
> >
> > - VendorGuid,
> >
> > - Attributes,
> >
> > - DataSize,
> >
> > - Data
> >
> > - );
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - This service is a wrapper for the UEFI Runtime Service
> > SetVariable()
> >
> > -
> >
> > - @param VariableName the name of the vendor's variable, as a
> >
> > - Null-Terminated Unicode String
> >
> > - @param VendorGuid Unify identifier for vendor.
> >
> > - @param Attributes Point to memory location to return the attributes of
> > variable. If the point
> >
> > - is NULL, the parameter would be ignored.
> >
> > - @param DataSize The size in bytes of Data-Buffer.
> >
> > - @param Data Point to the content of the variable.
> >
> > -
> >
> > - @retval EFI_SUCCESS The firmware has successfully stored the
> variable
> > and its data as
> >
> > - defined by the Attributes.
> >
> > - @retval EFI_INVALID_PARAMETER An invalid combination of attribute
> > bits was supplied, or the
> >
> > - DataSize exceeds the maximum allowed.
> >
> > - @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode
> string.
> >
> > - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to
> hold
> > the variable and its data.
> >
> > - @retval EFI_DEVICE_ERROR The variable could not be saved due to a
> > hardware failure.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question is read-only.
> >
> > - @retval EFI_WRITE_PROTECTED The variable in question cannot be
> deleted.
> >
> > - @retval EFI_SECURITY_VIOLATION The variable could not be written
> > due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
> >
> > - set but the AuthInfo does NOT pass the validation check
> > carried
> >
> > - out by the firmware.
> >
> > - @retval EFI_NOT_FOUND The variable trying to be updated or
> deleted
> > was not found.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -InternalSetVariable (
> >
> > - IN CHAR16 *VariableName,
> >
> > - IN EFI_GUID *VendorGuid,
> >
> > - IN UINT32 Attributes,
> >
> > - IN UINTN DataSize,
> >
> > - IN VOID *Data
> >
> > - )
> >
> > -{
> >
> > - return mSmmVariable->SmmSetVariable (
> >
> > - VariableName,
> >
> > - VendorGuid,
> >
> > - Attributes,
> >
> > - DataSize,
> >
> > - Data
> >
> > - );
> >
> > -}
> >
> > -
> >
> > -/**
> >
> > - Entry Point for MOR Lock Control driver.
> >
> > -
> >
> > - @param[in] ImageHandle The firmware allocated handle for the EFI
> image.
> >
> > - @param[in] SystemTable A pointer to the EFI System Table.
> >
> > -
> >
> > - @retval EFI_SUCCESS EntryPoint runs successfully.
> >
> > -
> >
> > -**/
> >
> > -EFI_STATUS
> >
> > -EFIAPI
> >
> > -MorLockDriverEntryPointSmm (
> >
> > - IN EFI_HANDLE ImageHandle,
> >
> > - IN EFI_SYSTEM_TABLE *SystemTable
> >
> > - )
> >
> > -{
> >
> > - EFI_STATUS Status;
> >
> > - EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck;
> >
> > -
> >
> > - //
> >
> > - // This driver link to Smm Variable driver
> >
> > - //
> >
> > - DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
> >
> > -
> >
> > - Status = gSmst->SmmLocateProtocol (
> >
> > - &gEfiSmmVariableProtocolGuid,
> >
> > - NULL,
> >
> > - (VOID **) &mSmmVariable
> >
> > - );
> >
> > - ASSERT_EFI_ERROR (Status);
> >
> > -
> >
> > - Status = gSmst->SmmLocateProtocol (
> >
> > - &gEdkiiSmmVarCheckProtocolGuid,
> >
> > - NULL,
> >
> > - (VOID **) &SmmVarCheck
> >
> > - );
> >
> > - ASSERT_EFI_ERROR (Status);
> >
> > -
> >
> > - Status = MorLockDriverInit ();
> >
> > - if (EFI_ERROR (Status)) {
> >
> > - return Status;
> >
> > - }
> >
> > -
> >
> > - Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler
> > (SetVariableCheckHandlerMor);
> >
> > - ASSERT_EFI_ERROR (Status);
> >
> > -
> >
> > - return Status;
> >
> > -}
> >
> > -
> >
> > diff --git
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i
> nf
> >
> b/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i
> nf
> > deleted file mode 100644
> > index 875c1e5f3a..0000000000
> > ---
> >
> a/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.i
> nf
> > +++ /dev/null
> > @@ -1,65 +0,0 @@
> > -## @file
> >
> > -# Initializes MemoryOverwriteRequestControlLock variable
> >
> > -#
> >
> > -# This module will add Variable Hook and allow
> > MemoryOverwriteRequestControlLock variable set only once.
> >
> > -#
> >
> > -# NOTE: This module only handles secure MOR V1 and is deprecated.
> >
> > -# The secure MOR V2 is handled inside of variable driver.
> >
> > -#
> >
> > -# Copyright (c) 2015 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> >
> > -# SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > -#
> >
> > -##
> >
> > -
> >
> > -[Defines]
> >
> > - INF_VERSION = 0x00010005
> >
> > - BASE_NAME = TcgMorLockSmm
> >
> > - MODULE_UNI_FILE = TcgMorLock.uni
> >
> > - FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
> >
> > - MODULE_TYPE = DXE_SMM_DRIVER
> >
> > - VERSION_STRING = 1.0
> >
> > - PI_SPECIFICATION_VERSION = 0x0001000A
> >
> > - ENTRY_POINT = MorLockDriverEntryPointSmm
> >
> > -
> >
> > -#
> >
> > -# The following information is for reference only and not required by
> > the build tools.
> >
> > -#
> >
> > -# VALID_ARCHITECTURES = IA32 X64 EBC
> >
> > -#
> >
> > -
> >
> > -[Sources]
> >
> > - TcgMorLock.h
> >
> > - TcgMorLock.c
> >
> > - TcgMorLockSmm.c
> >
> > -
> >
> > -[Packages]
> >
> > - MdePkg/MdePkg.dec
> >
> > - MdeModulePkg/MdeModulePkg.dec
> >
> > - SecurityPkg/SecurityPkg.dec
> >
> > -
> >
> > -[LibraryClasses]
> >
> > - UefiDriverEntryPoint
> >
> > - SmmServicesTableLib
> >
> > - DebugLib
> >
> > - BaseLib
> >
> > - BaseMemoryLib
> >
> > -
> >
> > -[Guids]
> >
> > - ## SOMETIMES_CONSUMES ##
> > Variable:L"MemoryOverwriteRequestControl"
> >
> > - gEfiMemoryOverwriteControlDataGuid
> >
> > -
> >
> > - ## SOMETIMES_CONSUMES ##
> > Variable:L"MemoryOverwriteRequestControlLock"
> >
> > - ## PRODUCES ##
> Variable:L"MemoryOverwriteRequestControlLock"
> >
> > - gEfiMemoryOverwriteRequestControlLockGuid
> >
> > -
> >
> > -[Protocols]
> >
> > - gEdkiiSmmVarCheckProtocolGuid ## CONSUMES
> >
> > - gEfiSmmVariableProtocolGuid ## CONSUMES
> >
> > -
> >
> > -[Depex]
> >
> > - gEfiSmmVariableProtocolGuid AND
> >
> > - gSmmVariableWriteGuid AND
> >
> > - ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid )
> >
> > -
> >
> > -[UserExtensions.TianoCore."ExtraFiles"]
> >
> > - TcgMorLockExtra.uni
> >
> > --
> > 2.26.2.windows.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-08-28 6:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-24 2:28 [PATCH] SecurityPkg/Tcg: remove TcgMorLockSmm driver Qi Zhang
2021-08-26 1:24 ` Yao, Jiewen
2021-08-27 13:44 ` Yao, Jiewen
2021-08-28 6:44 ` Qi Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox