[edk2,5/6] MdeModulePkg/VariableRuntimeDxe: factor out boot service accesses

Message ID 20190103182825.32231-7-ard.biesheuvel@linaro.org
State New
Headers show
Series
  • implement standalone MM versions of the variable runtime drivers
Related show

Commit Message

Ard Biesheuvel Jan. 3, 2019, 6:28 p.m.
In preparation of providing a standalone MM based variable runtime
driver, move the existing SMM driver to the new MM services table,
and factor out some pieces that are specific to the traditional
driver, mainly related to the use of UEFI boot services, which are
not accessible to standalone MM drivers.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

---
 MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c         |  18 +---
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h              |  50 +++++++++
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c           |  59 ++++------
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf         |   5 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c | 114 ++++++++++++++++++++
 5 files changed, 187 insertions(+), 59 deletions(-)

-- 
2.17.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Comments

Laszlo Ersek Jan. 8, 2019, 3:38 p.m. | #1
On 01/03/19 19:28, Ard Biesheuvel wrote:
> In preparation of providing a standalone MM based variable runtime

> driver, move the existing SMM driver to the new MM services table,

> and factor out some pieces that are specific to the traditional

> driver, mainly related to the use of UEFI boot services, which are

> not accessible to standalone MM drivers.

> 

> Contributed-under: TianoCore Contribution Agreement 1.1

> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> ---

>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c         |  18 +---

>  MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h              |  50 +++++++++

>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c           |  59 ++++------

>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf         |   5 +-

>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c | 114 ++++++++++++++++++++

>  5 files changed, 187 insertions(+), 59 deletions(-)


I *vaguely* feel like we should extract the new functions to
"PrivilegePolymorphic.h", rather than to "Variable.h".

Please see initial commit 00663d047fc9
("MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new
header", 2017-10-10), and other commits that touched that file.

I realize this is not a 100% "constructive" suggestion, and I feel
appropriately bad about that. It's just that "Variable.h" has so many
internals that I feel it's not a good dumping ground for these new
functions. And the other header we have, looks closer in purpose.

For example, MorLockInitAtEndOfDxe() is already declared in
"PrivilegePolymorphic.h" (see commit f1304280435f,
"MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe()
hook", 2017-10-10).

Admittedly, now that we're going to have three separate builds of this
driver, dedicating a separate header file to each "shared between A and
B" relationship is getting a bit too complex. In retrospect, introducing
"PrivilegePolymorphic.h" may not have been a "scalable" idea, after all,
and I should have just dumped those functions all in "Variable.h".

IOW, I think
- targeting "Variable.h" now is inconsistent with earlier code,
- extending "PrivilegePolymorphic.h" is also suboptimal (although still
better than the previous option),
- adding yet another header might be technically correct, but it would
be over-engineering,
- asking you to merge "PrivilegePolymorphic.h" back into "Variable.h"
feels awkward, especially after I argued *for* "PrivilegePolymorphic.h"
at length, when I originally introduced it. :/

Sigh. Can the variable driver maintainers comment please?

(I still plan to regression-test this series, but I feel like I should
force myself to at least skim the variable driver patches, beyond
testing them. Because, next time I can't avoid working with this very
complex driver, I wouldn't like to be *completely* lost.)

Thanks,
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Wang, Jian J Jan. 10, 2019, 2:33 a.m. | #2
Laszlo,

Regards,
Jian

> -----Original Message-----

> From: Laszlo Ersek [mailto:lersek@redhat.com]

> Sent: Tuesday, January 08, 2019 11:38 PM

> To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; edk2-devel@lists.01.org

> Cc: Leif Lindholm <leif.lindholm@linaro.org>; Kinney, Michael D

> <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>; Wang,

> Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Jagadeesh

> Ujja <jagadeesh.ujja@arm.com>; Achin Gupta <Achin.Gupta@arm.com>;

> Thomas Panakamattam Abraham <thomas.abraham@arm.com>; Sami Mujawar

> <Sami.Mujawar@arm.com>

> Subject: Re: [PATCH 5/6] MdeModulePkg/VariableRuntimeDxe: factor out boot

> service accesses

> 

> On 01/03/19 19:28, Ard Biesheuvel wrote:

> > In preparation of providing a standalone MM based variable runtime

> > driver, move the existing SMM driver to the new MM services table,

> > and factor out some pieces that are specific to the traditional

> > driver, mainly related to the use of UEFI boot services, which are

> > not accessible to standalone MM drivers.

> >

> > Contributed-under: TianoCore Contribution Agreement 1.1

> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> > ---

> >  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c         |  18

> +---

> >  MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h              |  50

> +++++++++

> >  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c           |  59

> ++++------

> >  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf         |   5 +-

> >  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c |

> 114 ++++++++++++++++++++

> >  5 files changed, 187 insertions(+), 59 deletions(-)

> 

> I *vaguely* feel like we should extract the new functions to

> "PrivilegePolymorphic.h", rather than to "Variable.h".

> 

> Please see initial commit 00663d047fc9

> ("MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new

> header", 2017-10-10), and other commits that touched that file.

> 

> I realize this is not a 100% "constructive" suggestion, and I feel

> appropriately bad about that. It's just that "Variable.h" has so many

> internals that I feel it's not a good dumping ground for these new

> functions. And the other header we have, looks closer in purpose.

> 

> For example, MorLockInitAtEndOfDxe() is already declared in

> "PrivilegePolymorphic.h" (see commit f1304280435f,

> "MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe()

> hook", 2017-10-10).

> 

> Admittedly, now that we're going to have three separate builds of this

> driver, dedicating a separate header file to each "shared between A and

> B" relationship is getting a bit too complex. In retrospect, introducing

> "PrivilegePolymorphic.h" may not have been a "scalable" idea, after all,

> and I should have just dumped those functions all in "Variable.h".

> 

> IOW, I think

> - targeting "Variable.h" now is inconsistent with earlier code,

> - extending "PrivilegePolymorphic.h" is also suboptimal (although still

> better than the previous option),

> - adding yet another header might be technically correct, but it would

> be over-engineering,

> - asking you to merge "PrivilegePolymorphic.h" back into "Variable.h"

> feels awkward, especially after I argued *for* "PrivilegePolymorphic.h"

> at length, when I originally introduced it. :/

> 

> Sigh. Can the variable driver maintainers comment please?

> 

> (I still plan to regression-test this series, but I feel like I should

> force myself to at least skim the variable driver patches, beyond

> testing them. Because, next time I can't avoid working with this very

> complex driver, I wouldn't like to be *completely* lost.)

> 


I agree "PrivilegePolymorphic.h" is more appropriate place for them.
Maybe Star have different opinion.

> Thanks,

> Laszlo

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Zeng, Star Jan. 10, 2019, 7:17 a.m. | #3
On 2019/1/10 10:33, Wang, Jian J wrote:
> Laszlo,

> 

> Regards,

> Jian

> 

>> -----Original Message-----

>> From: Laszlo Ersek [mailto:lersek@redhat.com]

>> Sent: Tuesday, January 08, 2019 11:38 PM

>> To: Ard Biesheuvel <ard.biesheuvel@linaro.org>; edk2-devel@lists.01.org

>> Cc: Leif Lindholm <leif.lindholm@linaro.org>; Kinney, Michael D

>> <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>; Wang,

>> Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Jagadeesh

>> Ujja <jagadeesh.ujja@arm.com>; Achin Gupta <Achin.Gupta@arm.com>;

>> Thomas Panakamattam Abraham <thomas.abraham@arm.com>; Sami Mujawar

>> <Sami.Mujawar@arm.com>

>> Subject: Re: [PATCH 5/6] MdeModulePkg/VariableRuntimeDxe: factor out boot

>> service accesses

>>

>> On 01/03/19 19:28, Ard Biesheuvel wrote:

>>> In preparation of providing a standalone MM based variable runtime

>>> driver, move the existing SMM driver to the new MM services table,

>>> and factor out some pieces that are specific to the traditional

>>> driver, mainly related to the use of UEFI boot services, which are

>>> not accessible to standalone MM drivers.

>>>

>>> Contributed-under: TianoCore Contribution Agreement 1.1

>>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

>>> ---

>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c         |  18

>> +---

>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h              |  50

>> +++++++++

>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c           |  59

>> ++++------

>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf         |   5 +-

>>>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c |

>> 114 ++++++++++++++++++++

>>>   5 files changed, 187 insertions(+), 59 deletions(-)

>>

>> I *vaguely* feel like we should extract the new functions to

>> "PrivilegePolymorphic.h", rather than to "Variable.h".

>>

>> Please see initial commit 00663d047fc9

>> ("MdeModulePkg/Variable/RuntimeDxe: move SecureBootHook() decl to new

>> header", 2017-10-10), and other commits that touched that file.

>>

>> I realize this is not a 100% "constructive" suggestion, and I feel

>> appropriately bad about that. It's just that "Variable.h" has so many

>> internals that I feel it's not a good dumping ground for these new

>> functions. And the other header we have, looks closer in purpose.

>>

>> For example, MorLockInitAtEndOfDxe() is already declared in

>> "PrivilegePolymorphic.h" (see commit f1304280435f,

>> "MdeModulePkg/Variable/RuntimeDxe: introduce MorLockInitAtEndOfDxe()

>> hook", 2017-10-10).

>>

>> Admittedly, now that we're going to have three separate builds of this

>> driver, dedicating a separate header file to each "shared between A and

>> B" relationship is getting a bit too complex. In retrospect, introducing

>> "PrivilegePolymorphic.h" may not have been a "scalable" idea, after all,

>> and I should have just dumped those functions all in "Variable.h".

>>

>> IOW, I think

>> - targeting "Variable.h" now is inconsistent with earlier code,

>> - extending "PrivilegePolymorphic.h" is also suboptimal (although still

>> better than the previous option),

>> - adding yet another header might be technically correct, but it would

>> be over-engineering,

>> - asking you to merge "PrivilegePolymorphic.h" back into "Variable.h"

>> feels awkward, especially after I argued *for* "PrivilegePolymorphic.h"

>> at length, when I originally introduced it. :/

>>

>> Sigh. Can the variable driver maintainers comment please?

>>

>> (I still plan to regression-test this series, but I feel like I should

>> force myself to at least skim the variable driver patches, beyond

>> testing them. Because, next time I can't avoid working with this very

>> complex driver, I wouldn't like to be *completely* lost.)

>>

> 

> I agree "PrivilegePolymorphic.h" is more appropriate place for them.

> Maybe Star have different opinion.


At current situation, I prefer PrivilegePolymorphic.h. :)

Some minor feedback will be added in another reply.

Thanks,
Star

> 

>> Thanks,

>> Laszlo


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Zeng, Star Jan. 10, 2019, 7:19 a.m. | #4
Hi Ard,

Some minor feedback added inline.

On 2019/1/4 2:28, Ard Biesheuvel wrote:
> In preparation of providing a standalone MM based variable runtime

> driver, move the existing SMM driver to the new MM services table,

> and factor out some pieces that are specific to the traditional

> driver, mainly related to the use of UEFI boot services, which are

> not accessible to standalone MM drivers.

> 

> Contributed-under: TianoCore Contribution Agreement 1.1

> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> ---

>   MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c         |  18 +---

>   MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h              |  50 +++++++++

>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c           |  59 ++++------

>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf         |   5 +-

>   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c | 114 ++++++++++++++++++++

>   5 files changed, 187 insertions(+), 59 deletions(-)

> 

> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c

> index 28aa2893c6f8..009d96c3a65e 100644

> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c

> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c

> @@ -21,7 +21,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

>   #include <Library/DebugLib.h>

>   #include <Library/BaseLib.h>

>   #include <Library/BaseMemoryLib.h>

> -#include <Library/UefiBootServicesTableLib.h>

>   #include "Variable.h"

>   

>   typedef struct {

> @@ -419,8 +418,6 @@ MorLockInitAtEndOfDxe (

>   {

>     UINTN      MorSize;

>     EFI_STATUS MorStatus;

> -  EFI_STATUS TcgStatus;

> -  VOID       *TcgInterface;

>   

>     if (!mMorLockInitializationRequired) {

>       //

> @@ -458,20 +455,7 @@ MorLockInitAtEndOfDxe (

>       // can be deduced from the absence of the TCG / TCG2 protocols, as edk2's

>       // MOR implementation depends on (one of) those protocols.

>       //

> -    TcgStatus = gBS->LocateProtocol (

> -                       &gEfiTcg2ProtocolGuid,

> -                       NULL,                     // Registration

> -                       &TcgInterface

> -                       );

> -    if (EFI_ERROR (TcgStatus)) {

> -      TcgStatus = gBS->LocateProtocol (

> -                         &gEfiTcgProtocolGuid,

> -                         NULL,                   // Registration

> -                         &TcgInterface

> -                         );

> -    }

> -

> -    if (!EFI_ERROR (TcgStatus)) {

> +    if (VariableHaveTcgProtocols ()) {

>         //

>         // The MOR variable originates from the platform firmware; set the MOR

>         // Control Lock variable to report the locking capability to the OS.

> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h

> index 938eb5de61fa..11822575ac4d 100644

> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h

> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h

> @@ -924,4 +924,54 @@ VariableExLibAtRuntime (

>     VOID

>     );

>   

> +/**

> +  Notify the system that the SMM variable driver is ready

> +**/

> +VOID

> +VariableNotifySmmReady (

> +  VOID

> +  );

> +

> +/**

> +  Notify the system that the SMM variable write driver is ready

> +**/

> +VOID

> +VariableNotifySmmWriteReady (

> +  VOID

> +  );

> +

> +/**

> +  Variable service MM driver entry point

> +**/

> +EFI_STATUS

> +EFIAPI

> +MmVariableServiceInitialize (

> +  VOID

> +  );

> +

> +/**

> +  This function check if the buffer is valid per processor architecture and not overlap with SMRAM.

> +

> +  @param Buffer  The buffer start address to be checked.

> +  @param Length  The buffer length to be checked.

> +

> +  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.

> +  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.

> +**/

> +BOOLEAN

> +VariableSmmIsBufferOutsideSmmValid (

> +  IN EFI_PHYSICAL_ADDRESS  Buffer,

> +  IN UINT64                Length

> +  );

> +

> +/**

> +  Whether the TCG or TCG2 protocols are installed in the UEFI protocol database.

> +  This information is used by the MorLock code to infer whether an existing

> +  MOR variable is legitimate or not.


Add a line for return description?

> +**/

> +BOOLEAN

> +VariableHaveTcgProtocols (

> +  VOID

> +  );

> +

>   #endif

> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c

> index 8c53f84ff6e8..7245587052df 100644

> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c

> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c

> @@ -15,6 +15,7 @@

>     SmmVariableGetStatistics() should also do validation based on its own knowledge.

>   

>   Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>

> +Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>

>   This program and the accompanying materials

>   are licensed and made available under the terms and conditions of the BSD License

>   which accompanies this distribution.  The full text of the license may be found at

> @@ -28,18 +29,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

>   #include <Protocol/SmmVariable.h>

>   #include <Protocol/SmmFirmwareVolumeBlock.h>

>   #include <Protocol/SmmFaultTolerantWrite.h>

> -#include <Protocol/SmmEndOfDxe.h>

> +#include <Protocol/MmEndOfDxe.h>

>   #include <Protocol/SmmVarCheck.h>

>   

> -#include <Library/SmmServicesTableLib.h>

> -#include <Library/SmmMemLib.h>

> +#include <Library/MmServicesTableLib.h>

>   

>   #include <Guid/SmmVariableCommon.h>

>   #include "Variable.h"

>   

>   extern VARIABLE_INFO_ENTRY                           *gVariableInfo;

> -EFI_HANDLE                                           mSmmVariableHandle      = NULL;

> -EFI_HANDLE                                           mVariableHandle         = NULL;

>   BOOLEAN                                              mAtRuntime              = FALSE;

>   UINT8                                                *mVariableBufferPayload = NULL;

>   UINTN                                                mVariableBufferPayloadSize;

> @@ -218,7 +216,7 @@ GetFtwProtocol (

>     //

>     // Locate Smm Fault Tolerent Write protocol

>     //

> -  Status = gSmst->SmmLocateProtocol (

> +  Status = gMmst->MmLocateProtocol (

>                       &gEfiSmmFaultTolerantWriteProtocolGuid,

>                       NULL,

>                       FtwProtocol

> @@ -248,7 +246,7 @@ GetFvbByHandle (

>     //

>     // To get the SMM FVB protocol interface on the handle

>     //

> -  return gSmst->SmmHandleProtocol (

> +  return gMmst->MmHandleProtocol (

>                     FvBlockHandle,

>                     &gEfiSmmFirmwareVolumeBlockProtocolGuid,

>                     (VOID **) FvBlock

> @@ -287,7 +285,7 @@ GetFvbCountAndBuffer (

>     BufferSize     = 0;

>     *NumberHandles = 0;

>     *Buffer        = NULL;

> -  Status = gSmst->SmmLocateHandle (

> +  Status = gMmst->MmLocateHandle (

>                       ByProtocol,

>                       &gEfiSmmFirmwareVolumeBlockProtocolGuid,

>                       NULL,

> @@ -303,7 +301,7 @@ GetFvbCountAndBuffer (

>       return EFI_OUT_OF_RESOURCES;

>     }

>   

> -  Status = gSmst->SmmLocateHandle (

> +  Status = gMmst->MmLocateHandle (

>                       ByProtocol,

>                       &gEfiSmmFirmwareVolumeBlockProtocolGuid,

>                       NULL,

> @@ -500,7 +498,7 @@ SmmVariableHandler (

>       return EFI_SUCCESS;

>     }

>   

> -  if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {

> +  if (!VariableSmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {

>       DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));

>       return EFI_SUCCESS;

>     }

> @@ -911,13 +909,7 @@ SmmFtwNotificationEvent (

>     //

>     // Notify the variable wrapper driver the variable write service is ready

>     //

> -  Status = gBS->InstallProtocolInterface (

> -                  &mSmmVariableHandle,

> -                  &gSmmVariableWriteGuid,

> -                  EFI_NATIVE_INTERFACE,

> -                  NULL

> -                  );

> -  ASSERT_EFI_ERROR (Status);

> +  VariableNotifySmmWriteReady ();

>   

>     return EFI_SUCCESS;

>   }

> @@ -928,18 +920,11 @@ SmmFtwNotificationEvent (

>     runtime services in the EFI System Table and installs arch protocols

>     for variable read and write services being available. It also registers

>     a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.

> -

> -  @param[in] ImageHandle    The firmware allocated handle for the EFI image.

> -  @param[in] SystemTable    A pointer to the EFI System Table.

> -

> -  @retval EFI_SUCCESS       Variable service successfully initialized.

> -

>   **/

>   EFI_STATUS

>   EFIAPI

> -VariableServiceInitialize (

> -  IN EFI_HANDLE                           ImageHandle,

> -  IN EFI_SYSTEM_TABLE                     *SystemTable

> +MmVariableServiceInitialize (

> +  VOID

>     )

>   {

>     EFI_STATUS                              Status;

> @@ -957,7 +942,7 @@ VariableServiceInitialize (

>     // Install the Smm Variable Protocol on a new handle.

>     //

>     VariableHandle = NULL;

> -  Status = gSmst->SmmInstallProtocolInterface (

> +  Status = gMmst->MmInstallProtocolInterface (

>                       &VariableHandle,

>                       &gEfiSmmVariableProtocolGuid,

>                       EFI_NATIVE_INTERFACE,

> @@ -965,7 +950,7 @@ VariableServiceInitialize (

>                       );

>     ASSERT_EFI_ERROR (Status);

>   

> -  Status = gSmst->SmmInstallProtocolInterface (

> +  Status = gMmst->MmInstallProtocolInterface (

>                       &VariableHandle,

>                       &gEdkiiSmmVarCheckProtocolGuid,

>                       EFI_NATIVE_INTERFACE,

> @@ -976,7 +961,7 @@ VariableServiceInitialize (

>     mVariableBufferPayloadSize = GetMaxVariableSize () +

>                                  OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();

>   

> -  Status = gSmst->SmmAllocatePool (

> +  Status = gMmst->MmAllocatePool (

>                       EfiRuntimeServicesData,

>                       mVariableBufferPayloadSize,

>                       (VOID **)&mVariableBufferPayload

> @@ -987,25 +972,19 @@ VariableServiceInitialize (

>     /// Register SMM variable SMI handler

>     ///

>     VariableHandle = NULL;

> -  Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);

> +  Status = gMmst->MmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);

>     ASSERT_EFI_ERROR (Status);

>   

>     //

>     // Notify the variable wrapper driver the variable service is ready

>     //

> -  Status = SystemTable->BootServices->InstallProtocolInterface (

> -                                        &mVariableHandle,

> -                                        &gEfiSmmVariableProtocolGuid,

> -                                        EFI_NATIVE_INTERFACE,

> -                                        &gSmmVariable

> -                                        );

> -  ASSERT_EFI_ERROR (Status);

> +  VariableNotifySmmReady ();

>   

>     //

>     // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.

>     //

> -  Status = gSmst->SmmRegisterProtocolNotify (

> -                    &gEfiSmmEndOfDxeProtocolGuid,

> +  Status = gMmst->MmRegisterProtocolNotify (

> +                    &gEfiMmEndOfDxeProtocolGuid,

>                       SmmEndOfDxeCallback,

>                       &SmmEndOfDxeRegistration

>                       );

> @@ -1014,7 +993,7 @@ VariableServiceInitialize (

>     //

>     // Register FtwNotificationEvent () notify function.

>     //

> -  Status = gSmst->SmmRegisterProtocolNotify (

> +  Status = gMmst->MmRegisterProtocolNotify (

>                       &gEfiSmmFaultTolerantWriteProtocolGuid,

>                       SmmFtwNotificationEvent,

>                       &SmmFtwRegistration

> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf

> index db7d220e06df..ed7392cbcffc 100644

> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf

> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf

> @@ -48,6 +48,7 @@ [Defines]

>   [Sources]

>     Reclaim.c

>     Variable.c

> +  VariableTraditionalMm.c

>     VariableSmm.c

>     VarCheck.c

>     Variable.h

> @@ -66,7 +67,7 @@ [LibraryClasses]

>     BaseLib

>     SynchronizationLib

>     UefiLib

> -  SmmServicesTableLib

> +  MmServicesTableLib

>     BaseMemoryLib

>     DebugLib

>     DxeServicesTableLib

> @@ -85,7 +86,7 @@ [Protocols]

>     ## PRODUCES

>     ## UNDEFINED # SmiHandlerRegister

>     gEfiSmmVariableProtocolGuid

> -  gEfiSmmEndOfDxeProtocolGuid                   ## NOTIFY

> +  gEfiMmEndOfDxeProtocolGuid                    ## NOTIFY

>     gEdkiiSmmVarCheckProtocolGuid                 ## PRODUCES

>     gEfiTcgProtocolGuid                           ## SOMETIMES_CONSUMES

>     gEfiTcg2ProtocolGuid                          ## SOMETIMES_CONSUMES

> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c

> new file mode 100644

> index 000000000000..2143d3337e87

> --- /dev/null

> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c

> @@ -0,0 +1,114 @@

> +/** @file

> +

> +  Parts of the SMM/MM implementation that are specific to traditional MM

> +

> +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. <BR>

> +Copyright (c) 2018, Linaro, Ltd. All rights reserved. <BR>

> +This program and the accompanying materials

> +are licensed and made available under the terms and conditions of the BSD License

> +which accompanies this distribution.  The full text of the license may be found at

> +http://opensource.org/licenses/bsd-license.php

> +

> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,

> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

> +

> +**/

> +

> +#include <Library/UefiBootServicesTableLib.h>

> +#include <Library/SmmMemLib.h>

> +#include "Variable.h"

> +

> +BOOLEAN

> +VariableSmmIsBufferOutsideSmmValid (

> +  IN EFI_PHYSICAL_ADDRESS  Buffer,

> +  IN UINT64                Length

> +  )

> +{

> +  if (!SmmIsBufferOutsideSmmValid (Buffer, Length)) {

> +    DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));


Remove this debug message printing code?

> +    return FALSE;

> +  }

> +  return TRUE;

> +}


Please add function comment header for it.

> +

> +/**

> +  Notify the system that the SMM variable driver is ready

> +**/

> +VOID

> +VariableNotifySmmReady (

> +  VOID

> +  )

> +{

> +  EFI_STATUS            Status;

> +  EFI_HANDLE            Handle;

> +

> +  Handle = NULL;

> +  Status = gBS->InstallProtocolInterface (

> +                  &Handle,

> +                  &gEfiSmmVariableProtocolGuid,

> +                  EFI_NATIVE_INTERFACE,

> +                  NULL

> +                  );

> +  ASSERT_EFI_ERROR (Status);

> +}

> +

> +/**

> +  Notify the system that the SMM variable write driver is ready

> +**/

> +VOID

> +VariableNotifySmmWriteReady (

> +  VOID

> +  )

> +{

> +  EFI_STATUS            Status;

> +  EFI_HANDLE            Handle;

> +

> +  Handle = NULL;

> +  Status = gBS->InstallProtocolInterface (

> +                  &Handle,

> +                  &gSmmVariableWriteGuid,

> +                  EFI_NATIVE_INTERFACE,

> +                  NULL

> +                  );

> +  ASSERT_EFI_ERROR (Status);

> +}

> +

> +EFI_STATUS

> +EFIAPI

> +VariableServiceInitialize (

> +  IN EFI_HANDLE                           ImageHandle,

> +  IN EFI_SYSTEM_TABLE                     *SystemTable

> +  )

> +{

> +  return MmVariableServiceInitialize ();

> +}


Please add function comment header for it.

> +

> +/**

> +  Whether the TCG or TCG2 protocols are installed in the UEFI protocol database.

> +  This information is used by the MorLock code to infer whether an existing

> +  MOR variable is legitimate or not.


Add a line for return description?


Thanks,
Star

> +**/

> +BOOLEAN

> +VariableHaveTcgProtocols (

> +  VOID

> +  )

> +{

> +  EFI_STATUS            Status;

> +  VOID                  *Interface;

> +

> +  Status = gBS->LocateProtocol (

> +                  &gEfiTcg2ProtocolGuid,

> +                  NULL,                     // Registration

> +                  &Interface

> +                  );

> +  if (!EFI_ERROR (Status)) {

> +    return TRUE;

> +  }

> +

> +  Status = gBS->LocateProtocol (

> +                  &gEfiTcgProtocolGuid,

> +                  NULL,                     // Registration

> +                  &Interface

> +                  );

> +  return !EFI_ERROR (Status);

> +}

> 


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patch

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index 28aa2893c6f8..009d96c3a65e 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -21,7 +21,6 @@  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
-#include <Library/UefiBootServicesTableLib.h>
 #include "Variable.h"
 
 typedef struct {
@@ -419,8 +418,6 @@  MorLockInitAtEndOfDxe (
 {
   UINTN      MorSize;
   EFI_STATUS MorStatus;
-  EFI_STATUS TcgStatus;
-  VOID       *TcgInterface;
 
   if (!mMorLockInitializationRequired) {
     //
@@ -458,20 +455,7 @@  MorLockInitAtEndOfDxe (
     // can be deduced from the absence of the TCG / TCG2 protocols, as edk2's
     // MOR implementation depends on (one of) those protocols.
     //
-    TcgStatus = gBS->LocateProtocol (
-                       &gEfiTcg2ProtocolGuid,
-                       NULL,                     // Registration
-                       &TcgInterface
-                       );
-    if (EFI_ERROR (TcgStatus)) {
-      TcgStatus = gBS->LocateProtocol (
-                         &gEfiTcgProtocolGuid,
-                         NULL,                   // Registration
-                         &TcgInterface
-                         );
-    }
-
-    if (!EFI_ERROR (TcgStatus)) {
+    if (VariableHaveTcgProtocols ()) {
       //
       // The MOR variable originates from the platform firmware; set the MOR
       // Control Lock variable to report the locking capability to the OS.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
index 938eb5de61fa..11822575ac4d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
@@ -924,4 +924,54 @@  VariableExLibAtRuntime (
   VOID
   );
 
+/**
+  Notify the system that the SMM variable driver is ready
+**/
+VOID
+VariableNotifySmmReady (
+  VOID
+  );
+
+/**
+  Notify the system that the SMM variable write driver is ready
+**/
+VOID
+VariableNotifySmmWriteReady (
+  VOID
+  );
+
+/**
+  Variable service MM driver entry point
+**/
+EFI_STATUS
+EFIAPI
+MmVariableServiceInitialize (
+  VOID
+  );
+
+/**
+  This function check if the buffer is valid per processor architecture and not overlap with SMRAM.
+
+  @param Buffer  The buffer start address to be checked.
+  @param Length  The buffer length to be checked.
+
+  @retval TRUE  This buffer is valid per processor architecture and not overlap with SMRAM.
+  @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM.
+**/
+BOOLEAN
+VariableSmmIsBufferOutsideSmmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  );
+
+/**
+  Whether the TCG or TCG2 protocols are installed in the UEFI protocol database.
+  This information is used by the MorLock code to infer whether an existing
+  MOR variable is legitimate or not.
+**/
+BOOLEAN
+VariableHaveTcgProtocols (
+  VOID
+  );
+
 #endif
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index 8c53f84ff6e8..7245587052df 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -15,6 +15,7 @@ 
   SmmVariableGetStatistics() should also do validation based on its own knowledge.
 
 Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -28,18 +29,15 @@  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/SmmVariable.h>
 #include <Protocol/SmmFirmwareVolumeBlock.h>
 #include <Protocol/SmmFaultTolerantWrite.h>
-#include <Protocol/SmmEndOfDxe.h>
+#include <Protocol/MmEndOfDxe.h>
 #include <Protocol/SmmVarCheck.h>
 
-#include <Library/SmmServicesTableLib.h>
-#include <Library/SmmMemLib.h>
+#include <Library/MmServicesTableLib.h>
 
 #include <Guid/SmmVariableCommon.h>
 #include "Variable.h"
 
 extern VARIABLE_INFO_ENTRY                           *gVariableInfo;
-EFI_HANDLE                                           mSmmVariableHandle      = NULL;
-EFI_HANDLE                                           mVariableHandle         = NULL;
 BOOLEAN                                              mAtRuntime              = FALSE;
 UINT8                                                *mVariableBufferPayload = NULL;
 UINTN                                                mVariableBufferPayloadSize;
@@ -218,7 +216,7 @@  GetFtwProtocol (
   //
   // Locate Smm Fault Tolerent Write protocol
   //
-  Status = gSmst->SmmLocateProtocol (
+  Status = gMmst->MmLocateProtocol (
                     &gEfiSmmFaultTolerantWriteProtocolGuid,
                     NULL,
                     FtwProtocol
@@ -248,7 +246,7 @@  GetFvbByHandle (
   //
   // To get the SMM FVB protocol interface on the handle
   //
-  return gSmst->SmmHandleProtocol (
+  return gMmst->MmHandleProtocol (
                   FvBlockHandle,
                   &gEfiSmmFirmwareVolumeBlockProtocolGuid,
                   (VOID **) FvBlock
@@ -287,7 +285,7 @@  GetFvbCountAndBuffer (
   BufferSize     = 0;
   *NumberHandles = 0;
   *Buffer        = NULL;
-  Status = gSmst->SmmLocateHandle (
+  Status = gMmst->MmLocateHandle (
                     ByProtocol,
                     &gEfiSmmFirmwareVolumeBlockProtocolGuid,
                     NULL,
@@ -303,7 +301,7 @@  GetFvbCountAndBuffer (
     return EFI_OUT_OF_RESOURCES;
   }
 
-  Status = gSmst->SmmLocateHandle (
+  Status = gMmst->MmLocateHandle (
                     ByProtocol,
                     &gEfiSmmFirmwareVolumeBlockProtocolGuid,
                     NULL,
@@ -500,7 +498,7 @@  SmmVariableHandler (
     return EFI_SUCCESS;
   }
 
-  if (!SmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
+  if (!VariableSmmIsBufferOutsideSmmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
     DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
     return EFI_SUCCESS;
   }
@@ -911,13 +909,7 @@  SmmFtwNotificationEvent (
   //
   // Notify the variable wrapper driver the variable write service is ready
   //
-  Status = gBS->InstallProtocolInterface (
-                  &mSmmVariableHandle,
-                  &gSmmVariableWriteGuid,
-                  EFI_NATIVE_INTERFACE,
-                  NULL
-                  );
-  ASSERT_EFI_ERROR (Status);
+  VariableNotifySmmWriteReady ();
 
   return EFI_SUCCESS;
 }
@@ -928,18 +920,11 @@  SmmFtwNotificationEvent (
   runtime services in the EFI System Table and installs arch protocols
   for variable read and write services being available. It also registers
   a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
-
-  @param[in] ImageHandle    The firmware allocated handle for the EFI image.
-  @param[in] SystemTable    A pointer to the EFI System Table.
-
-  @retval EFI_SUCCESS       Variable service successfully initialized.
-
 **/
 EFI_STATUS
 EFIAPI
-VariableServiceInitialize (
-  IN EFI_HANDLE                           ImageHandle,
-  IN EFI_SYSTEM_TABLE                     *SystemTable
+MmVariableServiceInitialize (
+  VOID
   )
 {
   EFI_STATUS                              Status;
@@ -957,7 +942,7 @@  VariableServiceInitialize (
   // Install the Smm Variable Protocol on a new handle.
   //
   VariableHandle = NULL;
-  Status = gSmst->SmmInstallProtocolInterface (
+  Status = gMmst->MmInstallProtocolInterface (
                     &VariableHandle,
                     &gEfiSmmVariableProtocolGuid,
                     EFI_NATIVE_INTERFACE,
@@ -965,7 +950,7 @@  VariableServiceInitialize (
                     );
   ASSERT_EFI_ERROR (Status);
 
-  Status = gSmst->SmmInstallProtocolInterface (
+  Status = gMmst->MmInstallProtocolInterface (
                     &VariableHandle,
                     &gEdkiiSmmVarCheckProtocolGuid,
                     EFI_NATIVE_INTERFACE,
@@ -976,7 +961,7 @@  VariableServiceInitialize (
   mVariableBufferPayloadSize = GetMaxVariableSize () +
                                OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();
 
-  Status = gSmst->SmmAllocatePool (
+  Status = gMmst->MmAllocatePool (
                     EfiRuntimeServicesData,
                     mVariableBufferPayloadSize,
                     (VOID **)&mVariableBufferPayload
@@ -987,25 +972,19 @@  VariableServiceInitialize (
   /// Register SMM variable SMI handler
   ///
   VariableHandle = NULL;
-  Status = gSmst->SmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
+  Status = gMmst->MmiHandlerRegister (SmmVariableHandler, &gEfiSmmVariableProtocolGuid, &VariableHandle);
   ASSERT_EFI_ERROR (Status);
 
   //
   // Notify the variable wrapper driver the variable service is ready
   //
-  Status = SystemTable->BootServices->InstallProtocolInterface (
-                                        &mVariableHandle,
-                                        &gEfiSmmVariableProtocolGuid,
-                                        EFI_NATIVE_INTERFACE,
-                                        &gSmmVariable
-                                        );
-  ASSERT_EFI_ERROR (Status);
+  VariableNotifySmmReady ();
 
   //
   // Register EFI_SMM_END_OF_DXE_PROTOCOL_GUID notify function.
   //
-  Status = gSmst->SmmRegisterProtocolNotify (
-                    &gEfiSmmEndOfDxeProtocolGuid,
+  Status = gMmst->MmRegisterProtocolNotify (
+                    &gEfiMmEndOfDxeProtocolGuid,
                     SmmEndOfDxeCallback,
                     &SmmEndOfDxeRegistration
                     );
@@ -1014,7 +993,7 @@  VariableServiceInitialize (
   //
   // Register FtwNotificationEvent () notify function.
   //
-  Status = gSmst->SmmRegisterProtocolNotify (
+  Status = gMmst->MmRegisterProtocolNotify (
                     &gEfiSmmFaultTolerantWriteProtocolGuid,
                     SmmFtwNotificationEvent,
                     &SmmFtwRegistration
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index db7d220e06df..ed7392cbcffc 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -48,6 +48,7 @@  [Defines]
 [Sources]
   Reclaim.c
   Variable.c
+  VariableTraditionalMm.c
   VariableSmm.c
   VarCheck.c
   Variable.h
@@ -66,7 +67,7 @@  [LibraryClasses]
   BaseLib
   SynchronizationLib
   UefiLib
-  SmmServicesTableLib
+  MmServicesTableLib
   BaseMemoryLib
   DebugLib
   DxeServicesTableLib
@@ -85,7 +86,7 @@  [Protocols]
   ## PRODUCES
   ## UNDEFINED # SmiHandlerRegister
   gEfiSmmVariableProtocolGuid
-  gEfiSmmEndOfDxeProtocolGuid                   ## NOTIFY
+  gEfiMmEndOfDxeProtocolGuid                    ## NOTIFY
   gEdkiiSmmVarCheckProtocolGuid                 ## PRODUCES
   gEfiTcgProtocolGuid                           ## SOMETIMES_CONSUMES
   gEfiTcg2ProtocolGuid                          ## SOMETIMES_CONSUMES
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c
new file mode 100644
index 000000000000..2143d3337e87
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableTraditionalMm.c
@@ -0,0 +1,114 @@ 
+/** @file
+
+  Parts of the SMM/MM implementation that are specific to traditional MM
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2018, Linaro, Ltd. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/SmmMemLib.h>
+#include "Variable.h"
+
+BOOLEAN
+VariableSmmIsBufferOutsideSmmValid (
+  IN EFI_PHYSICAL_ADDRESS  Buffer,
+  IN UINT64                Length
+  )
+{
+  if (!SmmIsBufferOutsideSmmValid (Buffer, Length)) {
+    DEBUG ((EFI_D_ERROR, "SmmVariableHandler: SMM communication buffer in SMRAM or overflow!\n"));
+    return FALSE;
+  }
+  return TRUE;
+}
+
+/**
+  Notify the system that the SMM variable driver is ready
+**/
+VOID
+VariableNotifySmmReady (
+  VOID
+  )
+{
+  EFI_STATUS            Status;
+  EFI_HANDLE            Handle;
+
+  Handle = NULL;
+  Status = gBS->InstallProtocolInterface (
+                  &Handle,
+                  &gEfiSmmVariableProtocolGuid,
+                  EFI_NATIVE_INTERFACE,
+                  NULL
+                  );
+  ASSERT_EFI_ERROR (Status);
+}
+
+/**
+  Notify the system that the SMM variable write driver is ready
+**/
+VOID
+VariableNotifySmmWriteReady (
+  VOID
+  )
+{
+  EFI_STATUS            Status;
+  EFI_HANDLE            Handle;
+
+  Handle = NULL;
+  Status = gBS->InstallProtocolInterface (
+                  &Handle,
+                  &gSmmVariableWriteGuid,
+                  EFI_NATIVE_INTERFACE,
+                  NULL
+                  );
+  ASSERT_EFI_ERROR (Status);
+}
+
+EFI_STATUS
+EFIAPI
+VariableServiceInitialize (
+  IN EFI_HANDLE                           ImageHandle,
+  IN EFI_SYSTEM_TABLE                     *SystemTable
+  )
+{
+  return MmVariableServiceInitialize ();
+}
+
+/**
+  Whether the TCG or TCG2 protocols are installed in the UEFI protocol database.
+  This information is used by the MorLock code to infer whether an existing
+  MOR variable is legitimate or not.
+**/
+BOOLEAN
+VariableHaveTcgProtocols (
+  VOID
+  )
+{
+  EFI_STATUS            Status;
+  VOID                  *Interface;
+
+  Status = gBS->LocateProtocol (
+                  &gEfiTcg2ProtocolGuid,
+                  NULL,                     // Registration
+                  &Interface
+                  );
+  if (!EFI_ERROR (Status)) {
+    return TRUE;
+  }
+
+  Status = gBS->LocateProtocol (
+                  &gEfiTcgProtocolGuid,
+                  NULL,                     // Registration
+                  &Interface
+                  );
+  return !EFI_ERROR (Status);
+}