2020-11-09 07:45:11 +01:00
|
|
|
/** @file -- VariablePolicyLib.c
|
|
|
|
Business logic for Variable Policy enforcement.
|
|
|
|
|
|
|
|
Copyright (c) Microsoft Corporation.
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include <Uefi.h>
|
|
|
|
|
|
|
|
#include <Library/SafeIntLib.h>
|
|
|
|
#include <Library/MemoryAllocationLib.h>
|
|
|
|
#include <Library/BaseMemoryLib.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
#include <Library/PcdLib.h>
|
|
|
|
|
|
|
|
#include <Protocol/VariablePolicy.h>
|
|
|
|
#include <Library/VariablePolicyLib.h>
|
|
|
|
|
|
|
|
|
|
|
|
// IMPORTANT NOTE: This library is currently rife with multiple return statements
|
|
|
|
// for error handling. A refactor should remove these at some point.
|
|
|
|
|
|
|
|
//
|
|
|
|
// This library was designed with advanced unit-test features.
|
|
|
|
// This define handles the configuration.
|
|
|
|
#ifdef INTERNAL_UNIT_TEST
|
|
|
|
#undef STATIC
|
|
|
|
#define STATIC // Nothing...
|
|
|
|
#endif
|
|
|
|
|
|
|
|
// An abstracted GetVariable interface that enables configuration regardless of the environment.
|
|
|
|
EFI_GET_VARIABLE mGetVariableHelper = NULL;
|
|
|
|
|
|
|
|
// Master switch to lock this entire interface. Does not stop enforcement,
|
|
|
|
// just prevents the configuration from being changed for the rest of the boot.
|
|
|
|
STATIC BOOLEAN mInterfaceLocked = FALSE;
|
|
|
|
|
|
|
|
// Master switch to disable the entire interface for a single boot.
|
|
|
|
// This will disable all policy enforcement for the duration of the boot.
|
|
|
|
STATIC BOOLEAN mProtectionDisabled = FALSE;
|
|
|
|
|
|
|
|
// Table to hold all the current policies.
|
|
|
|
UINT8 *mPolicyTable = NULL;
|
|
|
|
STATIC UINT32 mCurrentTableSize = 0;
|
|
|
|
STATIC UINT32 mCurrentTableUsage = 0;
|
|
|
|
STATIC UINT32 mCurrentTableCount = 0;
|
|
|
|
|
|
|
|
#define POLICY_TABLE_STEP_SIZE 0x1000
|
|
|
|
|
|
|
|
// NOTE: DO NOT USE THESE MACROS on any structure that has not been validated.
|
|
|
|
// Current table data has already been sanitized.
|
|
|
|
#define GET_NEXT_POLICY(CurPolicy) (VARIABLE_POLICY_ENTRY*)((UINT8*)CurPolicy + CurPolicy->Size)
|
|
|
|
#define GET_POLICY_NAME(CurPolicy) (CHAR16*)((UINTN)CurPolicy + CurPolicy->OffsetToName)
|
|
|
|
|
|
|
|
#define MATCH_PRIORITY_EXACT 0
|
|
|
|
#define MATCH_PRIORITY_MAX MATCH_PRIORITY_EXACT
|
|
|
|
#define MATCH_PRIORITY_MIN MAX_UINT8
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
An extra init hook that enables the RuntimeDxe library instance to
|
|
|
|
register VirtualAddress change callbacks. Among other things.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Everything is good. Continue with init.
|
|
|
|
@retval Others Uh... don't continue.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
VariablePolicyExtraInit (
|
|
|
|
VOID
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
An extra deinit hook that enables the RuntimeDxe library instance to
|
|
|
|
register VirtualAddress change callbacks. Among other things.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Everything is good. Continue with deinit.
|
|
|
|
@retval Others Uh... don't continue.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
VariablePolicyExtraDeinit (
|
|
|
|
VOID
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This helper function determines whether the structure of an incoming policy
|
|
|
|
is valid and internally consistent.
|
|
|
|
|
|
|
|
@param[in] NewPolicy Pointer to the incoming policy structure.
|
|
|
|
|
|
|
|
@retval TRUE
|
|
|
|
@retval FALSE Pointer is NULL, size is wrong, strings are empty, or
|
|
|
|
substructures overlap.
|
|
|
|
|
|
|
|
**/
|
|
|
|
STATIC
|
|
|
|
BOOLEAN
|
|
|
|
IsValidVariablePolicyStructure (
|
|
|
|
IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
UINTN EntryEnd;
|
|
|
|
CHAR16 *CheckChar;
|
|
|
|
UINTN WildcardCount;
|
|
|
|
|
|
|
|
// Sanitize some quick values.
|
|
|
|
if (NewPolicy == NULL || NewPolicy->Size == 0 ||
|
|
|
|
// Structure size should be at least as long as the minumum structure and a NULL string.
|
|
|
|
NewPolicy->Size < sizeof(VARIABLE_POLICY_ENTRY) ||
|
|
|
|
// Check for the known revision.
|
|
|
|
NewPolicy->Version != VARIABLE_POLICY_ENTRY_REVISION) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Calculate the theoretical end of the structure and make sure
|
|
|
|
// that the structure can fit in memory.
|
|
|
|
Status = SafeUintnAdd( (UINTN)NewPolicy, NewPolicy->Size, &EntryEnd );
|
|
|
|
if (EFI_ERROR( Status )) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for a valid Max Size.
|
|
|
|
if (NewPolicy->MaxSize == 0) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for the valid list of lock policies.
|
|
|
|
if (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK &&
|
|
|
|
NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW &&
|
|
|
|
NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE &&
|
|
|
|
NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE)
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the policy type is VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE, make sure that the matching state variable Name
|
|
|
|
// terminates before the OffsetToName for the matching policy variable Name.
|
|
|
|
if (NewPolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
|
|
|
|
// Adjust CheckChar to the offset of the LockPolicy->Name.
|
|
|
|
Status = SafeUintnAdd( (UINTN)NewPolicy + sizeof(VARIABLE_POLICY_ENTRY),
|
|
|
|
sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY),
|
|
|
|
(UINTN*)&CheckChar );
|
|
|
|
if (EFI_ERROR( Status ) || EntryEnd <= (UINTN)CheckChar) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
while (*CheckChar != CHAR_NULL) {
|
|
|
|
if (EntryEnd <= (UINTN)CheckChar) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
CheckChar++;
|
|
|
|
}
|
|
|
|
// At this point we should have either exeeded the structure or be pointing at the last char in LockPolicy->Name.
|
|
|
|
// We should check to make sure that the policy Name comes immediately after this charcter.
|
|
|
|
if ((UINTN)++CheckChar != (UINTN)NewPolicy + NewPolicy->OffsetToName) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
// If the policy type is any other value, make sure that the LockPolicy structure has a zero length.
|
|
|
|
} else {
|
|
|
|
if (NewPolicy->OffsetToName != sizeof(VARIABLE_POLICY_ENTRY)) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check to make sure that the name has a terminating character
|
|
|
|
// before the end of the structure.
|
|
|
|
// We've already checked that the name is within the bounds of the structure.
|
|
|
|
if (NewPolicy->Size != NewPolicy->OffsetToName) {
|
|
|
|
CheckChar = (CHAR16*)((UINTN)NewPolicy + NewPolicy->OffsetToName);
|
|
|
|
WildcardCount = 0;
|
|
|
|
while (*CheckChar != CHAR_NULL) {
|
|
|
|
// Make sure there aren't excessive wildcards.
|
|
|
|
if (*CheckChar == '#') {
|
|
|
|
WildcardCount++;
|
|
|
|
if (WildcardCount > MATCH_PRIORITY_MIN) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Make sure you're still within the bounds of the policy structure.
|
|
|
|
if (EntryEnd <= (UINTN)CheckChar) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
CheckChar++;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Finally, we should be pointed at the very last character in Name, so we should be right
|
|
|
|
// up against the end of the structure.
|
|
|
|
if ((UINTN)++CheckChar != EntryEnd) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This helper function evaluates a policy and determines whether it matches the target
|
|
|
|
variable. If matched, will also return a value corresponding to the priority of the match.
|
|
|
|
|
|
|
|
The rules for "best match" are listed in the Variable Policy Spec.
|
|
|
|
Perfect name matches will return 0.
|
|
|
|
Single wildcard characters will return the number of wildcard characters.
|
|
|
|
Full namespaces will return MAX_UINT8.
|
|
|
|
|
|
|
|
@param[in] EvalEntry Pointer to the policy entry being evaluated.
|
|
|
|
@param[in] VariableName Same as EFI_SET_VARIABLE.
|
|
|
|
@param[in] VendorGuid Same as EFI_SET_VARIABLE.
|
|
|
|
@param[out] MatchPriority [Optional] On finding a match, this value contains the priority of the match.
|
|
|
|
Lower number == higher priority. Only valid if a match found.
|
|
|
|
|
|
|
|
@retval TRUE Current entry matches the target variable.
|
|
|
|
@retval FALSE Current entry does not match at all.
|
|
|
|
|
|
|
|
**/
|
|
|
|
STATIC
|
|
|
|
BOOLEAN
|
|
|
|
EvaluatePolicyMatch (
|
|
|
|
IN CONST VARIABLE_POLICY_ENTRY *EvalEntry,
|
|
|
|
IN CONST CHAR16 *VariableName,
|
|
|
|
IN CONST EFI_GUID *VendorGuid,
|
|
|
|
OUT UINT8 *MatchPriority OPTIONAL
|
|
|
|
)
|
|
|
|
{
|
|
|
|
BOOLEAN Result;
|
|
|
|
CHAR16 *PolicyName;
|
|
|
|
UINT8 CalculatedPriority;
|
|
|
|
UINTN Index;
|
|
|
|
|
|
|
|
Result = FALSE;
|
|
|
|
CalculatedPriority = MATCH_PRIORITY_EXACT;
|
|
|
|
|
|
|
|
// Step 1: If the GUID doesn't match, we're done. No need to evaluate anything else.
|
|
|
|
if (!CompareGuid( &EvalEntry->Namespace, VendorGuid )) {
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the GUID matches, check to see whether there is a Name associated
|
|
|
|
// with the policy. If not, this policy matches the entire namespace.
|
|
|
|
// Missing Name is indicated by size being equal to name.
|
|
|
|
if (EvalEntry->Size == EvalEntry->OffsetToName) {
|
|
|
|
CalculatedPriority = MATCH_PRIORITY_MIN;
|
|
|
|
Result = TRUE;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Now that we know the name exists, get it.
|
|
|
|
PolicyName = GET_POLICY_NAME( EvalEntry );
|
|
|
|
|
|
|
|
// Evaluate the name against the policy name and check for a match.
|
|
|
|
// Account for any wildcards.
|
|
|
|
Index = 0;
|
|
|
|
Result = TRUE;
|
|
|
|
// Keep going until the end of both strings.
|
|
|
|
while (PolicyName[Index] != CHAR_NULL || VariableName[Index] != CHAR_NULL) {
|
|
|
|
// If we don't have a match...
|
|
|
|
if (PolicyName[Index] != VariableName[Index] || PolicyName[Index] == '#') {
|
|
|
|
// If this is a numerical wildcard, we can consider
|
|
|
|
// it a match if we alter the priority.
|
|
|
|
if (PolicyName[Index] == L'#' &&
|
|
|
|
((L'0' <= VariableName[Index] && VariableName[Index] <= L'9') ||
|
|
|
|
(L'A' <= VariableName[Index] && VariableName[Index] <= L'F') ||
|
|
|
|
(L'a' <= VariableName[Index] && VariableName[Index] <= L'f'))) {
|
|
|
|
if (CalculatedPriority < MATCH_PRIORITY_MIN) {
|
|
|
|
CalculatedPriority++;
|
|
|
|
}
|
|
|
|
// Otherwise, not a match.
|
|
|
|
} else {
|
|
|
|
Result = FALSE;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Index++;
|
|
|
|
}
|
|
|
|
|
|
|
|
Exit:
|
|
|
|
if (Result && MatchPriority != NULL) {
|
|
|
|
*MatchPriority = CalculatedPriority;
|
|
|
|
}
|
|
|
|
return Result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This helper function walks the current policy table and returns a pointer
|
|
|
|
to the best match, if any are found. Leverages EvaluatePolicyMatch() to
|
|
|
|
determine "best".
|
|
|
|
|
|
|
|
@param[in] VariableName Same as EFI_SET_VARIABLE.
|
|
|
|
@param[in] VendorGuid Same as EFI_SET_VARIABLE.
|
|
|
|
@param[out] ReturnPriority [Optional] If pointer is provided, return the
|
|
|
|
priority of the match. Same as EvaluatePolicyMatch().
|
|
|
|
Only valid if a match is returned.
|
|
|
|
|
|
|
|
@retval VARIABLE_POLICY_ENTRY* Best match that was found.
|
|
|
|
@retval NULL No match was found.
|
|
|
|
|
|
|
|
**/
|
|
|
|
STATIC
|
|
|
|
VARIABLE_POLICY_ENTRY*
|
|
|
|
GetBestPolicyMatch (
|
|
|
|
IN CONST CHAR16 *VariableName,
|
|
|
|
IN CONST EFI_GUID *VendorGuid,
|
|
|
|
OUT UINT8 *ReturnPriority OPTIONAL
|
|
|
|
)
|
|
|
|
{
|
|
|
|
VARIABLE_POLICY_ENTRY *BestResult;
|
|
|
|
VARIABLE_POLICY_ENTRY *CurrentEntry;
|
|
|
|
UINT8 MatchPriority;
|
|
|
|
UINT8 CurrentPriority;
|
|
|
|
UINTN Index;
|
|
|
|
|
|
|
|
BestResult = NULL;
|
|
|
|
MatchPriority = MATCH_PRIORITY_EXACT;
|
|
|
|
|
|
|
|
// Walk all entries in the table, looking for matches.
|
|
|
|
CurrentEntry = (VARIABLE_POLICY_ENTRY*)mPolicyTable;
|
|
|
|
for (Index = 0; Index < mCurrentTableCount; Index++) {
|
|
|
|
// Check for a match.
|
|
|
|
if (EvaluatePolicyMatch( CurrentEntry, VariableName, VendorGuid, &CurrentPriority )) {
|
|
|
|
// If match is better, take it.
|
|
|
|
if (BestResult == NULL || CurrentPriority < MatchPriority) {
|
|
|
|
BestResult = CurrentEntry;
|
|
|
|
MatchPriority = CurrentPriority;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If you've hit the highest-priority match, can exit now.
|
|
|
|
if (MatchPriority == 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we're still in the loop, move to the next entry.
|
|
|
|
CurrentEntry = GET_NEXT_POLICY( CurrentEntry );
|
|
|
|
}
|
|
|
|
|
|
|
|
// If a return priority was requested, return it.
|
|
|
|
if (ReturnPriority != NULL) {
|
|
|
|
*ReturnPriority = MatchPriority;
|
|
|
|
}
|
|
|
|
|
|
|
|
return BestResult;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function validates and registers a new policy with
|
|
|
|
the policy enforcement engine.
|
|
|
|
|
|
|
|
@param[in] NewPolicy Pointer to the incoming policy structure.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS
|
|
|
|
@retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.
|
|
|
|
@retval EFI_ALREADY_STARTED An identical matching policy already exists.
|
|
|
|
@retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.
|
|
|
|
@retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.
|
|
|
|
@retval EFI_ABORTED A calculation error has prevented this function from completing.
|
|
|
|
@retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.
|
|
|
|
@retval EFI_NOT_READY Library has not yet been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
RegisterVariablePolicy (
|
|
|
|
IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
VARIABLE_POLICY_ENTRY *MatchPolicy;
|
|
|
|
UINT8 MatchPriority;
|
|
|
|
UINT32 NewSize;
|
|
|
|
UINT8 *NewTable;
|
|
|
|
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
return EFI_NOT_READY;
|
|
|
|
}
|
|
|
|
if (mInterfaceLocked) {
|
|
|
|
return EFI_WRITE_PROTECTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!IsValidVariablePolicyStructure( NewPolicy )) {
|
|
|
|
return EFI_INVALID_PARAMETER;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check to see whether an exact matching policy already exists.
|
|
|
|
MatchPolicy = GetBestPolicyMatch( GET_POLICY_NAME( NewPolicy ),
|
|
|
|
&NewPolicy->Namespace,
|
|
|
|
&MatchPriority );
|
|
|
|
if (MatchPolicy != NULL && MatchPriority == MATCH_PRIORITY_EXACT) {
|
|
|
|
return EFI_ALREADY_STARTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If none exists, create it.
|
|
|
|
// If we need more space, allocate that now.
|
|
|
|
Status = SafeUint32Add( mCurrentTableUsage, NewPolicy->Size, &NewSize );
|
|
|
|
if (EFI_ERROR( Status )) {
|
|
|
|
return EFI_ABORTED;
|
|
|
|
}
|
|
|
|
if (NewSize > mCurrentTableSize) {
|
|
|
|
// Use NewSize to calculate the new table size in units of POLICY_TABLE_STEP_SIZE.
|
|
|
|
NewSize = (NewSize % POLICY_TABLE_STEP_SIZE) > 0 ?
|
|
|
|
(NewSize / POLICY_TABLE_STEP_SIZE) + 1 :
|
|
|
|
(NewSize / POLICY_TABLE_STEP_SIZE);
|
|
|
|
// Calculate the new table size in absolute bytes.
|
|
|
|
Status = SafeUint32Mult( NewSize, POLICY_TABLE_STEP_SIZE, &NewSize );
|
|
|
|
if (EFI_ERROR( Status )) {
|
|
|
|
return EFI_ABORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Reallocate and copy the table.
|
2020-11-25 21:13:48 +01:00
|
|
|
NewTable = AllocateRuntimePool( NewSize );
|
2020-11-09 07:45:11 +01:00
|
|
|
if (NewTable == NULL) {
|
|
|
|
return EFI_OUT_OF_RESOURCES;
|
|
|
|
}
|
|
|
|
CopyMem( NewTable, mPolicyTable, mCurrentTableUsage );
|
|
|
|
mCurrentTableSize = NewSize;
|
|
|
|
if (mPolicyTable != NULL) {
|
|
|
|
FreePool( mPolicyTable );
|
|
|
|
}
|
|
|
|
mPolicyTable = NewTable;
|
|
|
|
}
|
|
|
|
// Copy the policy into the table.
|
|
|
|
CopyMem( mPolicyTable + mCurrentTableUsage, NewPolicy, NewPolicy->Size );
|
|
|
|
mCurrentTableUsage += NewPolicy->Size;
|
|
|
|
mCurrentTableCount += 1;
|
|
|
|
|
|
|
|
// We're done here.
|
|
|
|
|
|
|
|
return EFI_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function checks to see whether the parameters to SetVariable would
|
|
|
|
be allowed according to the current variable policies.
|
|
|
|
|
|
|
|
@param[in] VariableName Same as EFI_SET_VARIABLE.
|
|
|
|
@param[in] VendorGuid Same as EFI_SET_VARIABLE.
|
|
|
|
@param[in] Attributes Same as EFI_SET_VARIABLE.
|
|
|
|
@param[in] DataSize Same as EFI_SET_VARIABLE.
|
|
|
|
@param[in] Data Same as EFI_SET_VARIABLE.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS A matching policy allows this update.
|
|
|
|
@retval EFI_SUCCESS There are currently no policies that restrict this update.
|
|
|
|
@retval EFI_SUCCESS The protections have been disable until the next reboot.
|
|
|
|
@retval EFI_WRITE_PROTECTED Variable is currently locked.
|
|
|
|
@retval EFI_INVALID_PARAMETER Attributes or size are invalid.
|
|
|
|
@retval EFI_ABORTED A lock policy exists, but an error prevented evaluation.
|
|
|
|
@retval EFI_NOT_READY Library has not been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
ValidateSetVariable (
|
|
|
|
IN CHAR16 *VariableName,
|
|
|
|
IN EFI_GUID *VendorGuid,
|
|
|
|
IN UINT32 Attributes,
|
|
|
|
IN UINTN DataSize,
|
|
|
|
IN VOID *Data
|
|
|
|
)
|
|
|
|
{
|
|
|
|
BOOLEAN IsDel;
|
|
|
|
VARIABLE_POLICY_ENTRY *ActivePolicy;
|
|
|
|
EFI_STATUS Status;
|
|
|
|
EFI_STATUS ReturnStatus;
|
|
|
|
VARIABLE_LOCK_ON_VAR_STATE_POLICY *StateVarPolicy;
|
|
|
|
CHAR16 *StateVarName;
|
|
|
|
UINTN StateVarSize;
|
|
|
|
UINT8 StateVar;
|
|
|
|
|
|
|
|
ReturnStatus = EFI_SUCCESS;
|
|
|
|
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
ReturnStatus = EFI_NOT_READY;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bail if the protections are currently disabled.
|
|
|
|
if (mProtectionDisabled) {
|
|
|
|
ReturnStatus = EFI_SUCCESS;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine whether this is a delete operation.
|
|
|
|
// If so, it will affect which tests are applied.
|
|
|
|
if ((DataSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
|
|
|
|
IsDel = TRUE;
|
|
|
|
} else {
|
|
|
|
IsDel = FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Find an active policy if one exists.
|
|
|
|
ActivePolicy = GetBestPolicyMatch( VariableName, VendorGuid, NULL );
|
|
|
|
|
|
|
|
// If we have an active policy, check it against the incoming data.
|
|
|
|
if (ActivePolicy != NULL) {
|
|
|
|
//
|
|
|
|
// Only enforce size and attribute constraints when updating data, not deleting.
|
|
|
|
if (!IsDel) {
|
|
|
|
// Check for size constraints.
|
|
|
|
if ((ActivePolicy->MinSize > 0 && DataSize < ActivePolicy->MinSize) ||
|
|
|
|
(ActivePolicy->MaxSize > 0 && DataSize > ActivePolicy->MaxSize)) {
|
|
|
|
ReturnStatus = EFI_INVALID_PARAMETER;
|
|
|
|
DEBUG(( DEBUG_VERBOSE, "%a - Bad Size. 0x%X <> 0x%X-0x%X\n", __FUNCTION__,
|
|
|
|
DataSize, ActivePolicy->MinSize, ActivePolicy->MaxSize ));
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for attribute constraints.
|
|
|
|
if ((ActivePolicy->AttributesMustHave & Attributes) != ActivePolicy->AttributesMustHave ||
|
|
|
|
(ActivePolicy->AttributesCantHave & Attributes) != 0) {
|
|
|
|
ReturnStatus = EFI_INVALID_PARAMETER;
|
|
|
|
DEBUG(( DEBUG_VERBOSE, "%a - Bad Attributes. 0x%X <> 0x%X:0x%X\n", __FUNCTION__,
|
|
|
|
Attributes, ActivePolicy->AttributesMustHave, ActivePolicy->AttributesCantHave ));
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//
|
|
|
|
// Lock policy check.
|
|
|
|
//
|
|
|
|
// Check for immediate lock.
|
|
|
|
if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_NOW) {
|
|
|
|
ReturnStatus = EFI_WRITE_PROTECTED;
|
|
|
|
goto Exit;
|
|
|
|
// Check for lock on create.
|
|
|
|
} else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) {
|
|
|
|
StateVarSize = 0;
|
|
|
|
Status = mGetVariableHelper( VariableName,
|
|
|
|
VendorGuid,
|
|
|
|
NULL,
|
|
|
|
&StateVarSize,
|
|
|
|
NULL );
|
|
|
|
if (Status == EFI_BUFFER_TOO_SMALL) {
|
|
|
|
ReturnStatus = EFI_WRITE_PROTECTED;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
// Check for lock on state variable.
|
|
|
|
} else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
|
|
|
|
StateVarPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY*)((UINT8*)ActivePolicy + sizeof(VARIABLE_POLICY_ENTRY));
|
|
|
|
StateVarName = (CHAR16*)((UINT8*)StateVarPolicy + sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY));
|
|
|
|
StateVarSize = sizeof(StateVar);
|
|
|
|
Status = mGetVariableHelper( StateVarName,
|
|
|
|
&StateVarPolicy->Namespace,
|
|
|
|
NULL,
|
|
|
|
&StateVarSize,
|
|
|
|
&StateVar );
|
|
|
|
|
|
|
|
// If the variable was found, check the state. If matched, this variable is locked.
|
|
|
|
if (!EFI_ERROR( Status )) {
|
|
|
|
if (StateVar == StateVarPolicy->Value) {
|
|
|
|
ReturnStatus = EFI_WRITE_PROTECTED;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
// EFI_NOT_FOUND and EFI_BUFFER_TOO_SMALL indicate that the state doesn't match.
|
|
|
|
} else if (Status != EFI_NOT_FOUND && Status != EFI_BUFFER_TOO_SMALL) {
|
|
|
|
// We don't know what happened, but it isn't good.
|
|
|
|
ReturnStatus = EFI_ABORTED;
|
|
|
|
goto Exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
Exit:
|
|
|
|
DEBUG(( DEBUG_VERBOSE, "%a - Variable (%g:%s) returning %r.\n", __FUNCTION__, VendorGuid, VariableName, ReturnStatus ));
|
|
|
|
return ReturnStatus;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function disables the variable policy enforcement. If it's
|
|
|
|
already been called once, will return EFI_ALREADY_STARTED.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS
|
|
|
|
@retval EFI_ALREADY_STARTED Has already been called once this boot.
|
|
|
|
@retval EFI_WRITE_PROTECTED Interface has been locked until reboot.
|
|
|
|
@retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.
|
|
|
|
@retval EFI_NOT_READY Library has not yet been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
DisableVariablePolicy (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
return EFI_NOT_READY;
|
|
|
|
}
|
|
|
|
if (mProtectionDisabled) {
|
|
|
|
return EFI_ALREADY_STARTED;
|
|
|
|
}
|
|
|
|
if (mInterfaceLocked) {
|
|
|
|
return EFI_WRITE_PROTECTED;
|
|
|
|
}
|
|
|
|
if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {
|
|
|
|
return EFI_WRITE_PROTECTED;
|
|
|
|
}
|
|
|
|
mProtectionDisabled = TRUE;
|
|
|
|
return EFI_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function will dump the entire contents of the variable policy table.
|
|
|
|
|
|
|
|
Similar to GetVariable, the first call can be made with a 0 size and it will return
|
|
|
|
the size of the buffer required to hold the entire table.
|
|
|
|
|
|
|
|
@param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.
|
|
|
|
@param[in,out] Size On input, the size of the output buffer. On output, the size
|
|
|
|
of the data returned.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.
|
|
|
|
@retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.
|
|
|
|
@retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.
|
|
|
|
@retval EFI_NOT_READY Library has not yet been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
DumpVariablePolicy (
|
|
|
|
OUT UINT8 *Policy,
|
|
|
|
IN OUT UINT32 *Size
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
return EFI_NOT_READY;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the parameters.
|
|
|
|
if (Size == NULL || (*Size > 0 && Policy == NULL)) {
|
|
|
|
return EFI_INVALID_PARAMETER;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure the size is sufficient to hold the policy table.
|
|
|
|
if (*Size < mCurrentTableUsage) {
|
|
|
|
*Size = mCurrentTableUsage;
|
|
|
|
return EFI_BUFFER_TOO_SMALL;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we're still here, copy the table and bounce.
|
|
|
|
CopyMem( Policy, mPolicyTable, mCurrentTableUsage );
|
|
|
|
*Size = mCurrentTableUsage;
|
|
|
|
|
|
|
|
return EFI_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function returns whether or not the policy engine is
|
|
|
|
currently being enforced.
|
|
|
|
|
|
|
|
@retval TRUE
|
|
|
|
@retval FALSE
|
|
|
|
@retval FALSE Library has not yet been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
IsVariablePolicyEnabled (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
return !mProtectionDisabled;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function locks the interface so that no more policy updates
|
|
|
|
can be performed or changes made to the enforcement until the next boot.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS
|
|
|
|
@retval EFI_NOT_READY Library has not yet been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
LockVariablePolicy (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
return EFI_NOT_READY;
|
|
|
|
}
|
|
|
|
if (mInterfaceLocked) {
|
|
|
|
return EFI_WRITE_PROTECTED;
|
|
|
|
}
|
|
|
|
mInterfaceLocked = TRUE;
|
|
|
|
return EFI_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This API function returns whether or not the policy interface is locked
|
|
|
|
for the remainder of the boot.
|
|
|
|
|
|
|
|
@retval TRUE
|
|
|
|
@retval FALSE
|
|
|
|
@retval FALSE Library has not yet been initialized.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
IsVariablePolicyInterfaceLocked (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (!IsVariablePolicyLibInitialized()) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
return mInterfaceLocked;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This helper function initializes the library and sets
|
|
|
|
up any required internal structures or handlers.
|
|
|
|
|
|
|
|
Also registers the internal pointer for the GetVariable helper.
|
|
|
|
|
|
|
|
@param[in] GetVariableHelper A function pointer matching the EFI_GET_VARIABLE prototype that will be used to
|
|
|
|
check policy criteria that involve the existence of other variables.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS
|
|
|
|
@retval EFI_ALREADY_STARTED The initialize function has been called more than once without a call to
|
|
|
|
deinitialize.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
InitVariablePolicyLib (
|
|
|
|
IN EFI_GET_VARIABLE GetVariableHelper
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
|
|
|
|
Status = EFI_SUCCESS;
|
|
|
|
|
|
|
|
if (mGetVariableHelper != NULL) {
|
|
|
|
return EFI_ALREADY_STARTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!EFI_ERROR( Status )) {
|
|
|
|
Status = VariablePolicyExtraInit();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!EFI_ERROR( Status )) {
|
|
|
|
// Save an internal pointer to the GetVariableHelper.
|
|
|
|
mGetVariableHelper = GetVariableHelper;
|
|
|
|
|
|
|
|
// Initialize the global state.
|
|
|
|
mInterfaceLocked = FALSE;
|
|
|
|
mProtectionDisabled = FALSE;
|
|
|
|
mPolicyTable = NULL;
|
|
|
|
mCurrentTableSize = 0;
|
|
|
|
mCurrentTableUsage = 0;
|
|
|
|
mCurrentTableCount = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This helper function returns whether or not the library is currently initialized.
|
|
|
|
|
|
|
|
@retval TRUE
|
|
|
|
@retval FALSE
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
IsVariablePolicyLibInitialized (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return (mGetVariableHelper != NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
This helper function tears down the library.
|
|
|
|
|
|
|
|
Should generally only be used for test harnesses.
|
|
|
|
|
|
|
|
@retval EFI_SUCCESS
|
|
|
|
@retval EFI_NOT_READY Deinitialize was called without first calling initialize.
|
|
|
|
|
|
|
|
**/
|
|
|
|
EFI_STATUS
|
|
|
|
EFIAPI
|
|
|
|
DeinitVariablePolicyLib (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
EFI_STATUS Status;
|
|
|
|
|
|
|
|
Status = EFI_SUCCESS;
|
|
|
|
|
|
|
|
if (mGetVariableHelper == NULL) {
|
|
|
|
return EFI_NOT_READY;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!EFI_ERROR( Status )) {
|
|
|
|
Status = VariablePolicyExtraDeinit();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!EFI_ERROR( Status )) {
|
|
|
|
mGetVariableHelper = NULL;
|
|
|
|
mInterfaceLocked = FALSE;
|
|
|
|
mProtectionDisabled = FALSE;
|
|
|
|
mCurrentTableSize = 0;
|
|
|
|
mCurrentTableUsage = 0;
|
|
|
|
mCurrentTableCount = 0;
|
|
|
|
|
|
|
|
if (mPolicyTable != NULL) {
|
|
|
|
FreePool( mPolicyTable );
|
|
|
|
mPolicyTable = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return Status;
|
|
|
|
}
|