From patchwork Thu Jul 23 12:49:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 247076 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp1453847ilg; Thu, 23 Jul 2020 05:49:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBodxMo+7a4sXMAOnZmLXryZkIOQZ88rQBfRWUoqm5HiFwwtEwA4DVBtKcu1vR4mWTDXlH X-Received: by 2002:a17:906:3146:: with SMTP id e6mr4192689eje.2.1595508599524; Thu, 23 Jul 2020 05:49:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595508599; cv=none; d=google.com; s=arc-20160816; b=kdaKQOtcUS7k3RPWakI0CykzrfT6KtEvbU0THIEia728QIZwp7Yln6BNaL9c5QV7ig qqFcCfJK6F2FUDzexrjke/Zxgdk0lPDJdChYB+G3Rw2uHlTBsn++J7FyhTTrBRTWsMhF F6Brqws12/UHwoEO6XfCVaLlc5PWo3ywLz0fBdX7RcmXpADIC6fpriQiwhAVBYNbisrw lnkVuk/G+F4ztFU2BmhXjLugP2fYoQFIbOfnz9NFGLy/ish8IbwEFZ1vBpeLEJ1iAio6 Qe2tvJYNyu0KrAGLAxvMyGyNhobUhDivXs8vQlVCV8MWJ0d1fxNkED5V9hm7YH2chUye 1eVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=6DSXDfSfsN6OK7K8nS1Wt4qQqa9qFp2wRY6kqEWYZo4=; b=D7R+Tz8rLiZc5zCdBF/nmvimOgJqqQhyK77lvXv6tOCTBpy9ftpgWE5eILTMEPLNS2 UVToeDfAV8097RgziV8Ol345DZfHXYH0X2sP8iNzCvdUrpKM/gZhZyiWfBYCAHZnJ1vz /C1gsxRIC7T+46K84NmN2ccG5w7zKlOBCTtJjtng2atMvUnuk7JYJA9cnqaZjOp2YibJ McM7HWvYCc3a2vfCt9rACAC2AkmrQ3W8VdUN9n1kmXF0cu1CzDZbBvwrsofX77vo8L4Q rBG+Ujvnlp1/Q/uPuEOpXMNWsHXE6Us9RLk032dITaly+L0nrtneCe4smgoorTPzI/wt g5dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bKGeaLW7; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id y16si1941031ejq.260.2020.07.23.05.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jul 2020 05:49:59 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bKGeaLW7; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DB77A81BB3; Thu, 23 Jul 2020 14:49:57 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bKGeaLW7"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E624F81C3C; Thu, 23 Jul 2020 14:49:56 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B3A6D81BA8 for ; Thu, 23 Jul 2020 14:49:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-wm1-x342.google.com with SMTP id c80so4862212wme.0 for ; Thu, 23 Jul 2020 05:49:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=6DSXDfSfsN6OK7K8nS1Wt4qQqa9qFp2wRY6kqEWYZo4=; b=bKGeaLW7vaEvfw0y5rHTYbYVlygctSnd8mU4i2AeHyFXT3AD04nc/8Yr3VSMrgWTNJ eG9ywgujd4GhW5jrerb/1mLoS6S0wVhXBO99aH1mJQkhpILxP/WzdcB2PPwCK6O480u0 R0AjBlfFOlbxNRhP4XITO2zqt5HrXlucsCLdW2qDKMRQ9MVZb6BbrhOME6UfxSCnZcPS QZVhPPOsINdL0GQC173McTJ02F7q3oHXw2kSFYLulUCcZts7D5o9M95KfRYMl+PyAuKF NNhNKDlgRHGEce81sWBr8Q7/fSnJvRNtAF8Vnz20q5w+Kmb953jN/grYVweAGZ7gZR8U YlEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=6DSXDfSfsN6OK7K8nS1Wt4qQqa9qFp2wRY6kqEWYZo4=; b=s6UyENZUmKvROdSfIAp5m69rxXPzyBKK9m3HjAopQuAV2jWfKhx1o4AMUX3WIqHlqK HiYUZZaVtXn6o/mLrJouP/SGaXZR7W3Eo1VYqsqEiAXHwKUvT7lxUSvU3gqX2NMM7U/N dMVzGE9Ankd9OzZVGP9vBTduvUSoi/kPksME9XK2BKepuoo8msZyEmiNPVqP4BLHf3Cy 1GQQQyFYe8qc+Vs9P2B4n47OeD+o0MguJ2Z6JYYOpAsMtozFGgVZBsay1IsZvSlGAk9d DBBDuq6Wpu/pG7krvLD1goLGL/tYie1cjiiE6nREGKP2XDszMDtH5IrN3mj7qDEEM+XL eP9A== X-Gm-Message-State: AOAM530LrN0uIXn/cTPouYoBho1GI48UzRaWXtPuUGhnnBl1lAjn69xX gfd/6LkBtZBm/iWTfd5eicmZSEG+YE4= X-Received: by 2002:a1c:9c0b:: with SMTP id f11mr3987011wme.0.1595508592521; Thu, 23 Jul 2020 05:49:52 -0700 (PDT) Received: from apalos.home ([2a02:587:460d:e29f:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id y11sm4021371wrs.80.2020.07.23.05.49.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jul 2020 05:49:52 -0700 (PDT) From: Ilias Apalodimas To: u-boot@lists.denx.de, xypron.glpk@gmx.de Cc: agraf@csgraf.de, Ilias Apalodimas Subject: [PATCH v2] efi_loader: Enable run-time variable support for tee based variables Date: Thu, 23 Jul 2020 15:49:49 +0300 Message-Id: <20200723124949.762219-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.28.0.rc1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean We recently added functions for storing/restoring variables from a file to a memory backed buffer marked as __efi_runtime_data commit f1f990a8c958 ("efi_loader: memory buffer for variables") commit 5f7dcf079de8 ("efi_loader: UEFI variable persistence") Using the same idea we now can support GetVariable() and GetNextVariable() on the OP-TEE based variables as well. So let's re-arrange the code a bit and move the commmon code for accessing variables out of efi_variable.c. Create common functions for reading variables from memory that both implementations can use on run-time. Then just use those functions in the run-time variants of the OP-TEE based EFI variable implementation and initialize the memory buffer on ExitBootServices() Signed-off-by: Ilias Apalodimas --- Fixes since v1: - Better describe efi_var_collect() and it's args - Check the the StMM provided buffer is big enough for some variables, instead of just > 2 - Merged runtime functions for GetVariable() and GetNextVariable() since they were identical across the 2 implementations include/efi_variable.h | 74 ++++++++++++++++++++++ lib/efi_loader/Makefile | 2 +- lib/efi_loader/efi_var_common.c | 22 +++++++ lib/efi_loader/efi_var_file.c | 25 +++----- lib/efi_loader/efi_var_mem.c | 70 ++++++++++++++++++++- lib/efi_loader/efi_variable.c | 101 +----------------------------- lib/efi_loader/efi_variable_tee.c | 81 +++++++++++++----------- 7 files changed, 221 insertions(+), 154 deletions(-) -- 2.28.0.rc1 Reviewed-by: Heinrich Schuchardt diff --git a/include/efi_variable.h b/include/efi_variable.h index 2c629e4dca92..60491cb64025 100644 --- a/include/efi_variable.h +++ b/include/efi_variable.h @@ -142,6 +142,22 @@ struct efi_var_file { */ efi_status_t efi_var_to_file(void); +/** + * efi_var_collect() - collect variables in buffer + * + * A buffer is allocated and filled with variables in a format ready to be + * written to disk. + * + * @bufp: pointer to pointer of buffer with collected variables + * @lenp: pointer to length of buffer + * @check_attr_mask: bitmask with required attributes of variables to be collected. + * variables are only collected if all of the required + * attributes are set. + * Return: status code + */ +efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *lenp, + u32 check_attr_mask); + /** * efi_var_restore() - restore EFI variables from buffer * @@ -233,4 +249,62 @@ efi_status_t efi_init_secure_state(void); */ enum efi_auth_var_type efi_auth_var_get_type(u16 *name, const efi_guid_t *guid); +/** + * efi_get_next_variable_name_mem() - Runtime common code across efi variable + * implementations for GetNextVariable() + * from the cached memory copy + * @variable_name_size: size of variable_name buffer in byte + * @variable_name: name of uefi variable's name in u16 + * @vendor: vendor's guid + * + * Return: status code + */ +efi_status_t __efi_runtime +efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name, + efi_guid_t *vendor); +/** + * efi_get_variable_mem() - Runtime common code across efi variable + * implementations for GetVariable() from + * the cached memory copy + * + * @variable_name: name of the variable + * @vendor: vendor GUID + * @attributes: attributes of the variable + * @data_size: size of the buffer to which the variable value is copied + * @data: buffer to which the variable value is copied + * @timep: authentication time (seconds since start of epoch) + * Return: status code + + */ +efi_status_t __efi_runtime +efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, + efi_uintn_t *data_size, void *data, u64 *timep); + +/** + * efi_get_variable_runtime() - runtime implementation of GetVariable() + * + * @variable_name: name of the variable + * @guid: vendor GUID + * @attributes: attributes of the variable + * @data_size: size of the buffer to which the variable value is copied + * @data: buffer to which the variable value is copied + * Return: status code + */ +efi_status_t __efi_runtime EFIAPI +efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid, + u32 *attributes, efi_uintn_t *data_size, void *data); + +/** + * efi_get_next_variable_name_runtime() - runtime implementation of + * GetNextVariable() + * + * @variable_name_size: size of variable_name buffer in byte + * @variable_name: name of uefi variable's name in u16 + * @guid: vendor's guid + * Return: status code + */ +efi_status_t __efi_runtime EFIAPI +efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size, + u16 *variable_name, efi_guid_t *guid); + #endif diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 441ac9432e99..9bad1d159b03 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -37,11 +37,11 @@ obj-y += efi_setup.o obj-$(CONFIG_EFI_UNICODE_COLLATION_PROTOCOL2) += efi_unicode_collation.o obj-y += efi_var_common.o obj-y += efi_var_mem.o +obj-y += efi_var_file.o ifeq ($(CONFIG_EFI_MM_COMM_TEE),y) obj-y += efi_variable_tee.o else obj-y += efi_variable.o -obj-y += efi_var_file.o obj-$(CONFIG_EFI_VARIABLES_PRESEED) += efi_var_seed.o endif obj-y += efi_watchdog.o diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index ee2e67bc8cbf..453cbce5c83a 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -166,6 +166,28 @@ efi_status_t EFIAPI efi_query_variable_info( return EFI_EXIT(ret); } +efi_status_t __efi_runtime EFIAPI +efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid, + u32 *attributes, efi_uintn_t *data_size, void *data) +{ + efi_status_t ret; + + ret = efi_get_variable_mem(variable_name, guid, attributes, data_size, data, NULL); + + /* Remove EFI_VARIABLE_READ_ONLY flag */ + if (attributes) + *attributes &= EFI_VARIABLE_MASK; + + return ret; +} + +efi_status_t __efi_runtime EFIAPI +efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size, + u16 *variable_name, efi_guid_t *guid) +{ + return efi_get_next_variable_name_mem(variable_name_size, variable_name, guid); +} + /** * efi_set_secure_state - modify secure boot state variables * @secure_boot: value of SecureBoot diff --git a/lib/efi_loader/efi_var_file.c b/lib/efi_loader/efi_var_file.c index 6f9d76f2a2d5..b171d2d1a8f7 100644 --- a/lib/efi_loader/efi_var_file.c +++ b/lib/efi_loader/efi_var_file.c @@ -46,18 +46,8 @@ static efi_status_t __maybe_unused efi_set_blk_dev_to_system_partition(void) return EFI_SUCCESS; } -/** - * efi_var_collect() - collect non-volatile variables in buffer - * - * A buffer is allocated and filled with all non-volatile variables in a - * format ready to be written to disk. - * - * @bufp: pointer to pointer of buffer with collected variables - * @lenp: pointer to length of buffer - * Return: status code - */ -static efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, - loff_t *lenp) +efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *lenp, + u32 check_attr_mask) { size_t len = EFI_VAR_BUF_SIZE; struct efi_var_file *buf; @@ -102,11 +92,10 @@ static efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, free(buf); return ret; } - if (!(var->attr & EFI_VARIABLE_NON_VOLATILE)) - continue; - var->length = data_length; - var = (struct efi_var_entry *) - ALIGN((uintptr_t)data + data_length, 8); + if ((var->attr & check_attr_mask) == check_attr_mask) { + var->length = data_length; + var = (struct efi_var_entry *)ALIGN((uintptr_t)data + data_length, 8); + } } buf->reserved = 0; @@ -137,7 +126,7 @@ efi_status_t efi_var_to_file(void) loff_t actlen; int r; - ret = efi_var_collect(&buf, &len); + ret = efi_var_collect(&buf, &len, EFI_VARIABLE_NON_VOLATILE); if (ret != EFI_SUCCESS) goto error; diff --git a/lib/efi_loader/efi_var_mem.c b/lib/efi_loader/efi_var_mem.c index 7a2dba7dc263..fd97d5b56300 100644 --- a/lib/efi_loader/efi_var_mem.c +++ b/lib/efi_loader/efi_var_mem.c @@ -10,7 +10,7 @@ #include #include -static struct efi_var_file __efi_runtime_data *efi_var_buf; +struct efi_var_file __efi_runtime_data *efi_var_buf; static struct efi_var_entry __efi_runtime_data *efi_current_var; /** @@ -264,3 +264,71 @@ efi_status_t efi_var_mem_init(void) return ret; return ret; } + +efi_status_t __efi_runtime +efi_get_variable_mem(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, + efi_uintn_t *data_size, void *data, u64 *timep) +{ + efi_uintn_t old_size; + struct efi_var_entry *var; + u16 *pdata; + + if (!variable_name || !vendor || !data_size) + return EFI_INVALID_PARAMETER; + var = efi_var_mem_find(vendor, variable_name, NULL); + if (!var) + return EFI_NOT_FOUND; + + if (attributes) + *attributes = var->attr; + if (timep) + *timep = var->time; + + old_size = *data_size; + *data_size = var->length; + if (old_size < var->length) + return EFI_BUFFER_TOO_SMALL; + + if (!data) + return EFI_INVALID_PARAMETER; + + for (pdata = var->name; *pdata; ++pdata) + ; + ++pdata; + + efi_memcpy_runtime(data, pdata, var->length); + + return EFI_SUCCESS; +} + +efi_status_t __efi_runtime +efi_get_next_variable_name_mem(efi_uintn_t *variable_name_size, u16 *variable_name, + efi_guid_t *vendor) +{ + struct efi_var_entry *var; + efi_uintn_t old_size; + u16 *pdata; + + if (!variable_name_size || !variable_name || !vendor) + return EFI_INVALID_PARAMETER; + + efi_var_mem_find(vendor, variable_name, &var); + + if (!var) + return EFI_NOT_FOUND; + + for (pdata = var->name; *pdata; ++pdata) + ; + ++pdata; + + old_size = *variable_name_size; + *variable_name_size = (uintptr_t)pdata - (uintptr_t)var->name; + + if (old_size < *variable_name_size) + return EFI_BUFFER_TOO_SMALL; + + efi_memcpy_runtime(variable_name, var->name, *variable_name_size); + efi_memcpy_runtime(vendor, &var->guid, sizeof(efi_guid_t)); + + return EFI_SUCCESS; +} diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 39a848290380..e509d6dbf0cf 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -282,68 +282,14 @@ efi_get_variable_int(u16 *variable_name, const efi_guid_t *vendor, u32 *attributes, efi_uintn_t *data_size, void *data, u64 *timep) { - efi_uintn_t old_size; - struct efi_var_entry *var; - u16 *pdata; - - if (!variable_name || !vendor || !data_size) - return EFI_INVALID_PARAMETER; - var = efi_var_mem_find(vendor, variable_name, NULL); - if (!var) - return EFI_NOT_FOUND; - - if (attributes) - *attributes = var->attr; - if (timep) - *timep = var->time; - - old_size = *data_size; - *data_size = var->length; - if (old_size < var->length) - return EFI_BUFFER_TOO_SMALL; - - if (!data) - return EFI_INVALID_PARAMETER; - - for (pdata = var->name; *pdata; ++pdata) - ; - ++pdata; - - efi_memcpy_runtime(data, pdata, var->length); - - return EFI_SUCCESS; + return efi_get_variable_mem(variable_name, vendor, attributes, data_size, data, timep); } efi_status_t __efi_runtime efi_get_next_variable_name_int(efi_uintn_t *variable_name_size, u16 *variable_name, efi_guid_t *vendor) { - struct efi_var_entry *var; - efi_uintn_t old_size; - u16 *pdata; - - if (!variable_name_size || !variable_name || !vendor) - return EFI_INVALID_PARAMETER; - - efi_var_mem_find(vendor, variable_name, &var); - - if (!var) - return EFI_NOT_FOUND; - - for (pdata = var->name; *pdata; ++pdata) - ; - ++pdata; - - old_size = *variable_name_size; - *variable_name_size = (uintptr_t)pdata - (uintptr_t)var->name; - - if (old_size < *variable_name_size) - return EFI_BUFFER_TOO_SMALL; - - efi_memcpy_runtime(variable_name, var->name, *variable_name_size); - efi_memcpy_runtime(vendor, &var->guid, sizeof(efi_guid_t)); - - return EFI_SUCCESS; + return efi_get_next_variable_name_mem(variable_name_size, variable_name, vendor); } efi_status_t efi_set_variable_int(u16 *variable_name, const efi_guid_t *vendor, @@ -504,49 +450,6 @@ efi_status_t __efi_runtime EFIAPI efi_query_variable_info_runtime( return EFI_UNSUPPORTED; } -/** - * efi_get_variable_runtime() - runtime implementation of GetVariable() - * - * @variable_name: name of the variable - * @vendor: vendor GUID - * @attributes: attributes of the variable - * @data_size: size of the buffer to which the variable value is copied - * @data: buffer to which the variable value is copied - * Return: status code - */ -static efi_status_t __efi_runtime EFIAPI -efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *vendor, - u32 *attributes, efi_uintn_t *data_size, void *data) -{ - efi_status_t ret; - - ret = efi_get_variable_int(variable_name, vendor, attributes, - data_size, data, NULL); - - /* Remove EFI_VARIABLE_READ_ONLY flag */ - if (attributes) - *attributes &= EFI_VARIABLE_MASK; - - return ret; -} - -/** - * efi_get_next_variable_name_runtime() - runtime implementation of - * GetNextVariable() - * - * @variable_name_size: size of variable_name buffer in byte - * @variable_name: name of uefi variable's name in u16 - * @vendor: vendor's guid - * Return: status code - */ -static efi_status_t __efi_runtime EFIAPI -efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size, - u16 *variable_name, efi_guid_t *vendor) -{ - return efi_get_next_variable_name_int(variable_name_size, variable_name, - vendor); -} - /** * efi_set_variable_runtime() - runtime implementation of SetVariable() * diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c index 9920351a403e..8a3ff8c59386 100644 --- a/lib/efi_loader/efi_variable_tee.c +++ b/lib/efi_loader/efi_variable_tee.c @@ -15,6 +15,8 @@ #include #include +#define OPTEE_PAGE_SIZE BIT(12) +extern struct efi_var_file __efi_runtime_data *efi_var_buf; static efi_uintn_t max_buffer_size; /* comm + var + func + data */ static efi_uintn_t max_payload_size; /* func + data */ @@ -237,8 +239,31 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size) if (ret != EFI_SUCCESS) goto out; + /* Make sure the buffer is big enough for storing variables i.e en-US. */ + if (var_payload->size < MM_VARIABLE_ACCESS_HEADER_SIZE + 0x20) { + ret = EFI_DEVICE_ERROR; + goto out; + } *size = var_payload->size; - + /* + * Although the max payload is configurable on StMM, we only share a single + * page from OP-TEE for the non-secure buffer used to communicate with StMM. + * Since OP-TEE will reject to map anything bigger than that, make sure we are + * in bounds. + */ + if (*size > OPTEE_PAGE_SIZE) + *size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE - + MM_VARIABLE_COMMUNICATE_SIZE; + /* + * There seems to be a bug in EDK2 miscalculating the boundaries and size + * checks, so deduct 2 more bytes to fulfill this requirement. Fix it up here + * to ensure backwards compatibility with older versions. + * Ref: StandaloneMmPkg/Drivers/StandaloneMmCpu/AArch64/EventHandle.c + * sizeof (EFI_MM_COMMUNICATE_HEADER) instead the size minus the flexible + * array member + * This is guaranteed to be > 2 due to checks on the beggining. + */ + *size -= 2; out: free(comm_buf); return ret; @@ -592,39 +617,6 @@ out: return ret; } -/** - * efi_get_variable_runtime() - runtime implementation of GetVariable() - * - * @variable_name: name of the variable - * @guid: vendor GUID - * @attributes: attributes of the variable - * @data_size: size of the buffer to which the variable value is copied - * @data: buffer to which the variable value is copied - * Return: status code - */ -static efi_status_t __efi_runtime EFIAPI -efi_get_variable_runtime(u16 *variable_name, const efi_guid_t *guid, - u32 *attributes, efi_uintn_t *data_size, void *data) -{ - return EFI_UNSUPPORTED; -} - -/** - * efi_get_next_variable_name_runtime() - runtime implementation of - * GetNextVariable() - * - * @variable_name_size: size of variable_name buffer in byte - * @variable_name: name of uefi variable's name in u16 - * @guid: vendor's guid - * Return: status code - */ -static efi_status_t __efi_runtime EFIAPI -efi_get_next_variable_name_runtime(efi_uintn_t *variable_name_size, - u16 *variable_name, efi_guid_t *guid) -{ - return EFI_UNSUPPORTED; -} - /** * efi_query_variable_info() - get information about EFI variables * @@ -674,8 +666,10 @@ efi_set_variable_runtime(u16 *variable_name, const efi_guid_t *guid, */ void efi_variables_boot_exit_notify(void) { - u8 *comm_buf; efi_status_t ret; + u8 *comm_buf; + loff_t len; + struct efi_var_file *var_buf; comm_buf = setup_mm_hdr(NULL, 0, SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE, &ret); @@ -688,6 +682,18 @@ void efi_variables_boot_exit_notify(void) log_err("Unable to notify StMM for ExitBootServices\n"); free(comm_buf); + /* + * Populate the list for runtime variables. + * asking EFI_VARIABLE_RUNTIME_ACCESS is redundant, since + * efi_var_mem_notify_exit_boot_services will clean those, but that's fine + */ + ret = efi_var_collect(&var_buf, &len, EFI_VARIABLE_RUNTIME_ACCESS); + if (ret != EFI_SUCCESS) + log_err("Can't populate EFI variables. No runtime variables will be available\n"); + else + memcpy(efi_var_buf, var_buf, len); + free(var_buf); + /* Update runtime service table */ efi_runtime_services.query_variable_info = efi_query_variable_info_runtime; @@ -707,6 +713,11 @@ efi_status_t efi_init_variables(void) { efi_status_t ret; + /* Create a cached copy of the variables that will be enabled on ExitBootServices() */ + ret = efi_var_mem_init(); + if (ret != EFI_SUCCESS) + return ret; + ret = get_max_payload(&max_payload_size); if (ret != EFI_SUCCESS) return ret;