From patchwork Mon Jan 14 13:27:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 155494 Delivered-To: patch@linaro.org Received: by 2002:a02:48:0:0:0:0:0 with SMTP id 69csp3658864jaa; Mon, 14 Jan 2019 05:28:47 -0800 (PST) X-Google-Smtp-Source: ALg8bN7hQ1zT+ik6EBwPiBwlGB55w9yrewv1sNMnmddWBeInouByos2BuguOTNAig4WAShlBR/ZU X-Received: by 2002:a63:f141:: with SMTP id o1mr23069712pgk.134.1547472527143; Mon, 14 Jan 2019 05:28:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547472527; cv=none; d=google.com; s=arc-20160816; b=yMdVqRM/Lg2UJIplCYIzjaxD2fO9KC7jI4MY9zZhuoBXD/K9AMwOoSrxBVwhtonPhp JyAFlHRzLnVpVnrxnAn0O0eUAEis5Boix6J9LxZwLcYgpR0B/YV0E7ByGWXJdgzrIPat 89ff13qAR2VV+/L3w5DBd/+64O1wHk2IpEXDyDjAjvyqWX7SojAU5Dt1SkDpAP0mjJw5 465RYXKeTKmGk8meOLshgH7E0xmbV2tN7T1ziQQowKmDR7SQgMvOjLe6VXDZOf9rreOT wLnJ/xs2TKwVyXC5EHvV2YcgUZL+WwbI3XIOlUdsSNrwBwsm6vToG2/bnh7XysyfPXIr 0bWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=VcwLgKClHyw4HQ85x47P51jsGL3hBIeFOrmE2n8Y67o=; b=wWKKk8ZiVSfZYevZ0hPWG9mGHP12z8l+94VvOgz9hMKOMmO03X4/FX/ioXA5zICRwS L4gGeLjOAQZUDJa0qG8Oz/Jqyw63M1iaQ7JoLpb+aEKzv49V/s6vAG7bQVFA2u/LI0f7 d//q2WcYGUb95FPnr340ShB0SXcxBAZ7TG96k0M4nhA8fUU9xXjgEL/PMRt1+F8oBCrJ cqu7Yj10c6mEnib21WuvYmQptn1cDNFMrzKoLWw46b7/wCwEHZJMDx1vCKMq9PjLpP9i WNhxf1BgiQxzDQuJ4zSjAAzcukmWCwc9YScmomLzB+2FrQUzXy8mLwR3PC4e2SF71Uo2 mT0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=VsNvBqaK; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id e7si290870pgv.499.2019.01.14.05.28.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Jan 2019 05:28:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=VsNvBqaK; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 8DAD8211B76D0; Mon, 14 Jan 2019 05:28:26 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2a00:1450:4864:20::436; helo=mail-wr1-x436.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9A351211B5082 for ; Mon, 14 Jan 2019 05:28:25 -0800 (PST) Received: by mail-wr1-x436.google.com with SMTP id p4so22842632wrt.7 for ; Mon, 14 Jan 2019 05:28:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7VO9wOcEYQCvzyFXLfQZHElR06+/GMl9CWV/43Zvfdc=; b=VsNvBqaKIiU/g+kexHPlfAsGfMwJJd7kpgz/DsDXBe546WBpp2WCWPpRqHLZjYiQZ9 0GRBVUDADERm6b55L2HZNml8Fzk7vAXuQJn097JNgmrFQRc8SnhDJyiRbgwuG+B5nu7/ 5Vv4b8/hfQWqhzS8JX9HF5+MOdhBa7yIkw1RY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7VO9wOcEYQCvzyFXLfQZHElR06+/GMl9CWV/43Zvfdc=; b=RLjlvS2PJ21EBUGNS6ycL8j6ZYy4Je+TstR37DfNo+feJDH4sPOZJl+zkS7X67vshg mPQvRqCyNqDFGFKJLuQoM22q2dsGDHOHO1AQNgTqzCAWzrowWKkSTj3cH9Kf1vFGT3D1 B/PrWxsdC6nKYZaD0tq7VYBo9JRELtVHheaMC18dmj+VweMu4U/U61qLBIcBQzUwtrgx Mb/ClP8ZAJ3zwDHshfxEbHMaMpyzhXEsaPXaEb8ri5jgsr8eyvcUXMpLpp+JtZfpZCf2 s2pURYMFOvdHQUnHk1+i4TPY9X93h6hl5r7aJtAwW4M+UEFuamfyVAnwem8E6vKPea+N njmQ== X-Gm-Message-State: AJcUukcbEAWD4ANeLtKK3Y1ePnsCHU14imjjAy973zeKOM52hBkpLdOK U//SyR/srgMJm9MIOkZM6pnwvHcH0Hw= X-Received: by 2002:a5d:548d:: with SMTP id h13mr23129798wrv.80.1547472503760; Mon, 14 Jan 2019 05:28:23 -0800 (PST) Received: from localhost.localdomain (aputeaux-684-1-19-62.w90-86.abo.wanadoo.fr. [90.86.222.62]) by smtp.gmail.com with ESMTPSA id 202sm33446560wmt.8.2019.01.14.05.28.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Jan 2019 05:28:22 -0800 (PST) From: Ard Biesheuvel To: edk2-devel@lists.01.org Date: Mon, 14 Jan 2019 14:27:49 +0100 Message-Id: <20190114132758.24054-9-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190114132758.24054-1-ard.biesheuvel@linaro.org> References: <20190114132758.24054-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Subject: [edk2] [PATCH v2 08/17] MdeModulePkg/VariableRuntimeDxe: implement standalone MM version X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hao Wu , Liming Gao , Michael D Kinney , Laszlo Ersek , Star Zeng Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" Reuse most of the existing code to implement a variable runtime driver that will be able to execute in the context of standalone MM. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel Reviewed-by: Jian J Wang Reviewed-by: Star Zeng --- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf | 136 ++++++++++++++++++++ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c | 89 +++++++++++++ 2 files changed, 225 insertions(+) -- 2.20.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf new file mode 100644 index 000000000000..efb84ed87832 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf @@ -0,0 +1,136 @@ +## @file +# Provides SMM variable service. +# +# This module installs SMM variable protocol into SMM protocol database, +# which can be used by SMM driver, and installs SMM variable protocol +# into BS protocol database, which can be used to notify the SMM Runtime +# Dxe driver that the SMM variable service is ready. +# This module should be used with SMM Runtime DXE module together. The +# SMM Runtime DXE module would install variable arch protocol and variable +# write arch protocol based on SMM variable module. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable data and communicate buffer in SMM mode. +# This external input must be validated carefully to avoid security issues such as +# buffer overflow or integer overflow. +# The whole SMM authentication variable design relies on the integrity of flash part and SMM. +# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory +# may not be modified without authorization. If platform fails to protect these resources, +# the authentication service provided in this driver will be broken, and the behavior is undefined. +# +# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x0001001B + BASE_NAME = VariableStandaloneMm + FILE_GUID = 7ee2c0c1-c21a-4113-a53a-66824a95696f + MODULE_TYPE = MM_STANDALONE + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + ENTRY_POINT = VariableServiceInitialize + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 +# + + +[Sources] + Reclaim.c + Variable.c + VariableSmm.c + VariableStandaloneMm.c + VarCheck.c + Variable.h + PrivilegePolymorphic.h + VariableExLib.c + TcgMorLockSmm.c + SpeculationBarrierSmm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + AuthVariableLib + BaseLib + BaseMemoryLib + DebugLib + HobLib + MemoryAllocationLib + MmServicesTableLib + StandaloneMmDriverEntryPoint + SynchronizationLib + VarCheckLib + +[Protocols] + gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES + ## CONSUMES + ## NOTIFY + gEfiSmmFaultTolerantWriteProtocolGuid + ## PRODUCES + ## UNDEFINED # SmiHandlerRegister + gEfiSmmVariableProtocolGuid + gEfiMmEndOfDxeProtocolGuid ## NOTIFY + gEdkiiSmmVarCheckProtocolGuid ## PRODUCES + +[Guids] + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiAuthenticatedVariableGuid + + ## SOMETIMES_CONSUMES ## GUID # Signature of Variable store header + ## SOMETIMES_PRODUCES ## GUID # Signature of Variable store header + ## SOMETIMES_CONSUMES ## HOB + ## SOMETIMES_PRODUCES ## SystemTable + gEfiVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" + ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" + ## SOMETIMES_CONSUMES ## Variable:L"Lang" + ## SOMETIMES_PRODUCES ## Variable:L"Lang" + gEfiGlobalVariableGuid + + gEfiMemoryOverwriteControlDataGuid ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteRequestControlLockGuid ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" + + gEfiSystemNvDataFvGuid ## CONSUMES ## GUID + gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB + + ## SOMETIMES_CONSUMES ## Variable:L"VarErrorFlag" + ## SOMETIMES_PRODUCES ## Variable:L"VarErrorFlag" + gEdkiiVarErrorFlagGuid + +[FixedPcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVolatileVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. + gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang + +[Depex] + TRUE diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c new file mode 100644 index 000000000000..51e21c599560 --- /dev/null +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.c @@ -0,0 +1,89 @@ +/** @file + + Parts of the SMM/MM implementation that are specific to standalone MM + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2018, Linaro, Ltd. All rights reserved.
+This program and the accompanying materials +are licensed and made available under the terms and conditions of the BSD License +which accompanies this distribution. The full text of the license may be found at +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include "Variable.h" + +/** + This function checks if the buffer is valid per processor architecture and + does not overlap with SMRAM. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and does not + overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlaps + with SMRAM. +**/ +BOOLEAN +VariableSmmIsBufferOutsideSmmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return TRUE; +} + +/** + Notify the system that the SMM variable driver is ready +**/ +VOID +VariableNotifySmmReady ( + VOID + ) +{ +} + +/** + Notify the system that the SMM variable write driver is ready +**/ +VOID +VariableNotifySmmWriteReady ( + VOID + ) +{ +} + +/** + Variable service MM driver entry point +**/ +EFI_STATUS +EFIAPI +VariableServiceInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *MmSystemTable + ) +{ + return MmVariableServiceInitialize (); +} + +/** + Whether the TCG or TCG2 protocols are installed in the UEFI protocol database. + This information is used by the MorLock code to infer whether an existing + MOR variable is legitimate or not. + + @retval TRUE Either the TCG or TCG2 protocol is installed in the UEFI + protocol database + @retval FALSE Neither the TCG nor the TCG2 protocol is installed in the UEFI + protocol database +**/ +BOOLEAN +VariableHaveTcgProtocols ( + VOID + ) +{ + return FALSE; +}