tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg: Add SMM LockBox 

This includes:
* LockBox protocol definition
* LockBoxLib library interface definition
* SmmLockBox GUID
* LockBoxNullLib library implementation
* 2 SmmLockBoxLib library implementations
* SmmLockBox SMM driver

Signed-off-by: jljusten
Reviewed-by: mdkinney
Reviewed-by: geekboy15a
Reviewed-by: jyao1
Reviewed-by: lgao4

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12029 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
jljusten 2011-07-19 20:47:28 +00:00
parent 9fba8e7d3d
commit 1c837cd545
14 changed files with 2010 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
MdeModulePkg/Include/Guid/SmmLockBox.h Normal file
View File

@ -0,0 +1,73 @@
/** @file
SmmLockBox guid header file.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _SMM_LOCK_BOX_GUID_H_
#define _SMM_LOCK_BOX_GUID_H_
#define EFI_SMM_LOCK_BOX_COMMUNICATION_GUID \
{0x2a3cfebd, 0x27e8, 0x4d0a, {0x8b, 0x79, 0xd6, 0x88, 0xc2, 0xa3, 0xe1, 0xc0}}
//
// Below data structure is used for communication between PEI/DXE to SMM.
//
#define EFI_SMM_LOCK_BOX_COMMAND_SAVE 0x1
#define EFI_SMM_LOCK_BOX_COMMAND_UPDATE 0x2
#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE 0x3
#define EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES 0x4
#define EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE 0x5
typedef struct {
UINT32 Command;
UINT32 DataLength;
UINT64 ReturnStatus;
} EFI_SMM_LOCK_BOX_PARAMETER_HEADER;
typedef struct {
EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;
GUID Guid;
PHYSICAL_ADDRESS Buffer;
UINT64 Length;
} EFI_SMM_LOCK_BOX_PARAMETER_SAVE;
typedef struct {
EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;
GUID Guid;
UINT64 Offset;
PHYSICAL_ADDRESS Buffer;
UINT64 Length;
} EFI_SMM_LOCK_BOX_PARAMETER_UPDATE;
typedef struct {
EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;
GUID Guid;
PHYSICAL_ADDRESS Buffer;
UINT64 Length;
} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE;
typedef struct {
EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;
GUID Guid;
UINT64 Attributes;
} EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES;
typedef struct {
EFI_SMM_LOCK_BOX_PARAMETER_HEADER Header;
} EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE;
extern EFI_GUID gEfiSmmLockBoxCommunicationGuid;
#endif

133
MdeModulePkg/Include/Library/LockBoxLib.h Normal file
View File

@ -0,0 +1,133 @@
/** @file
This library is only intended to be used by DXE modules that need save
confidential information to LockBox and get it by PEI modules in S3 phase.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _LOCK_BOX_LIB_H_
#define _LOCK_BOX_LIB_H_
/**
This function will save confidential information to lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the confidential information
@param Length the length of the confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0
@retval RETURN_ALREADY_STARTED the requested GUID already exist.
@retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SaveLockBox (
IN GUID *Guid,
IN VOID *Buffer,
IN UINTN Length
);
/**
This function will set lockbox attributes.
@param Guid the guid to identify the confidential information
@param Attributes the attributes of the lockbox
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER attributes is invalid.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SetLockBoxAttributes (
IN GUID *Guid,
IN UINT64 Attributes
);
//
// With this flag, this LockBox can be restored to this Buffer with RestoreAllLockBoxInPlace()
//
#define LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE BIT0
/**
This function will update confidential information to lockbox.
@param Guid the guid to identify the original confidential information
@param Offset the offset of the original confidential information
@param Buffer the address of the updated confidential information
@param Length the length of the updated confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
UpdateLockBox (
IN GUID *Guid,
IN UINTN Offset,
IN VOID *Buffer,
IN UINTN Length
);
/**
This function will restore confidential information from lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the restored confidential information
NULL means restored to original address, Length MUST be NULL at same time.
@param Length the length of the restored confidential information
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.
@retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no
LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.
@retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_ACCESS_DENIED not allow to restore to the address
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreLockBox (
IN GUID *Guid,
IN VOID *Buffer, OPTIONAL
IN OUT UINTN *Length OPTIONAL
);
/**
This function will restore confidential information from all lockbox which have RestoreInPlace attribute.
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreAllLockBoxInPlace (
VOID
);
#endif

31
MdeModulePkg/Include/Protocol/LockBox.h Normal file
View File

@ -0,0 +1,31 @@
/** @file
LockBox protocol header file.
This is used to resolve dependency problem. The LockBox implementation
install this to broadcast that LockBox API is ready. The driver who will
use LockBox at its ENTRYPOINT should add this dependency.
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _LOCK_BOX_PROTOCOL_H_
#define _LOCK_BOX_PROTOCOL_H_
///
/// Global ID for the EFI LOCK BOX Protocol.
///
#define EFI_LOCK_BOX_PROTOCOL_GUID \
{ 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }}
extern EFI_GUID gEfiLockBoxProtocolGuid;
#endif

139
MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.c Normal file
View File

@ -0,0 +1,139 @@
/** @file
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <Uefi.h>
#include <Library/DebugLib.h>
/**
This function will save confidential information to lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the confidential information
@param Length the length of the confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0
@retval RETURN_ALREADY_STARTED the requested GUID already exist.
@retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SaveLockBox (
IN GUID *Guid,
IN VOID *Buffer,
IN UINTN Length
)
{
return RETURN_SUCCESS;
}
/**
This function will set lockbox attributes.
@param Guid the guid to identify the confidential information
@param Attributes the attributes of the lockbox
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER attributes is invalid.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SetLockBoxAttributes (
IN GUID *Guid,
IN UINT64 Attributes
)
{
return RETURN_SUCCESS;
}
/**
This function will update confidential information to lockbox.
@param Guid the guid to identify the original confidential information
@param Offset the offset of the original confidential information
@param Buffer the address of the updated confidential information
@param Length the length of the updated confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
UpdateLockBox (
IN GUID *Guid,
IN UINTN Offset,
IN VOID *Buffer,
IN UINTN Length
)
{
return RETURN_SUCCESS;
}
/**
This function will restore confidential information from lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the restored confidential information
NULL means restored to original address, Length MUST be NULL at same time.
@param Length the length of the restored confidential information
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.
@retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no
LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.
@retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_ACCESS_DENIED not allow to restore to the address
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreLockBox (
IN GUID *Guid,
IN VOID *Buffer, OPTIONAL
IN OUT UINTN *Length OPTIONAL
)
{
return RETURN_SUCCESS;
}
/**
This function will restore confidential information from all lockbox which have RestoreInPlace attribute.
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreAllLockBoxInPlace (
VOID
)
{
return RETURN_SUCCESS;
}

41
MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf Normal file
View File

@ -0,0 +1,41 @@
## @file
# Component description file for LockBox library.
#
# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions
# of the BSD License which accompanies this distribution. The
# full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = LockBoxNullLib
FILE_GUID = 0BA38EBD-E190-4df7-8EC4-0A6E2B43772D
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = LockBoxLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION DXE_SMM_DRIVER
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
LockBoxNullLib.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
BaseLib

455
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c Normal file
View File

@ -0,0 +1,455 @@
/** @file
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <PiDxe.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/LockBoxLib.h>
#include <Library/DebugLib.h>
#include <Protocol/SmmCommunication.h>
#include <Guid/SmmLockBox.h>
#include "SmmLockBoxLibPrivate.h"
/**
This function will save confidential information to lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the confidential information
@param Length the length of the confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0
@retval RETURN_ALREADY_STARTED the requested GUID already exist.
@retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SaveLockBox (
IN GUID *Guid,
IN VOID *Buffer,
IN UINTN Length
)
{
EFI_STATUS Status;
EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;
EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave;
EFI_SMM_COMMUNICATE_HEADER *CommHeader;
UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE)];
UINTN CommSize;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SaveLockBox - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {
return EFI_INVALID_PARAMETER;
}
//
// Get needed resource
//
Status = gBS->LocateProtocol (
&gEfiSmmCommunicationProtocolGuid,
NULL,
(VOID **)&SmmCommunication
);
if (EFI_ERROR (Status)) {
return EFI_NOT_STARTED;
}
//
// Prepare parameter
//
CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];
CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));
CommHeader->MessageLength = sizeof(*LockBoxParameterSave);
LockBoxParameterSave = (EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];
LockBoxParameterSave->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SAVE;
LockBoxParameterSave->Header.DataLength = sizeof(*LockBoxParameterSave);
LockBoxParameterSave->Header.ReturnStatus = (UINT64)-1;
CopyMem (&LockBoxParameterSave->Guid, Guid, sizeof(*Guid));
LockBoxParameterSave->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;
LockBoxParameterSave->Length = (UINT64)Length;
//
// Send command
//
CommSize = sizeof(CommBuffer);
Status = SmmCommunication->Communicate (
SmmCommunication,
&CommBuffer[0],
&CommSize
);
ASSERT_EFI_ERROR (Status);
Status = (EFI_STATUS)LockBoxParameterSave->Header.ReturnStatus;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SaveLockBox - Exit (%r)\n", Status));
//
// Done
//
return Status;
}
/**
This function will set lockbox attributes.
@param Guid the guid to identify the confidential information
@param Attributes the attributes of the lockbox
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER attributes is invalid.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SetLockBoxAttributes (
IN GUID *Guid,
IN UINT64 Attributes
)
{
EFI_STATUS Status;
EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;
EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttributes;
EFI_SMM_COMMUNICATE_HEADER *CommHeader;
UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)];
UINTN CommSize;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) ||
((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {
return EFI_INVALID_PARAMETER;
}
//
// Get needed resource
//
Status = gBS->LocateProtocol (
&gEfiSmmCommunicationProtocolGuid,
NULL,
(VOID **)&SmmCommunication
);
if (EFI_ERROR (Status)) {
return EFI_NOT_STARTED;
}
//
// Prepare parameter
//
CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];
CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));
CommHeader->MessageLength = sizeof(*LockBoxParameterSetAttributes);
LockBoxParameterSetAttributes = (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];
LockBoxParameterSetAttributes->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES;
LockBoxParameterSetAttributes->Header.DataLength = sizeof(*LockBoxParameterSetAttributes);
LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)-1;
CopyMem (&LockBoxParameterSetAttributes->Guid, Guid, sizeof(*Guid));
LockBoxParameterSetAttributes->Attributes = (UINT64)Attributes;
//
// Send command
//
CommSize = sizeof(CommBuffer);
Status = SmmCommunication->Communicate (
SmmCommunication,
&CommBuffer[0],
&CommSize
);
ASSERT_EFI_ERROR (Status);
Status = (EFI_STATUS)LockBoxParameterSetAttributes->Header.ReturnStatus;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Exit (%r)\n", Status));
//
// Done
//
return Status;
}
/**
This function will update confidential information to lockbox.
@param Guid the guid to identify the original confidential information
@param Offset the offset of the original confidential information
@param Buffer the address of the updated confidential information
@param Length the length of the updated confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
UpdateLockBox (
IN GUID *Guid,
IN UINTN Offset,
IN VOID *Buffer,
IN UINTN Length
)
{
EFI_STATUS Status;
EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;
EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate;
EFI_SMM_COMMUNICATE_HEADER *CommHeader;
UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)];
UINTN CommSize;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib UpdateLockBox - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {
return EFI_INVALID_PARAMETER;
}
//
// Get needed resource
//
Status = gBS->LocateProtocol (
&gEfiSmmCommunicationProtocolGuid,
NULL,
(VOID **)&SmmCommunication
);
if (EFI_ERROR (Status)) {
return EFI_NOT_STARTED;
}
//
// Prepare parameter
//
CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];
CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));
CommHeader->MessageLength = sizeof(*LockBoxParameterUpdate);
LockBoxParameterUpdate = (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];
LockBoxParameterUpdate->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_UPDATE;
LockBoxParameterUpdate->Header.DataLength = sizeof(*LockBoxParameterUpdate);
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)-1;
CopyMem (&LockBoxParameterUpdate->Guid, Guid, sizeof(*Guid));
LockBoxParameterUpdate->Offset = (UINT64)Offset;
LockBoxParameterUpdate->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;
LockBoxParameterUpdate->Length = (UINT64)Length;
//
// Send command
//
CommSize = sizeof(CommBuffer);
Status = SmmCommunication->Communicate (
SmmCommunication,
&CommBuffer[0],
&CommSize
);
ASSERT_EFI_ERROR (Status);
Status = (EFI_STATUS)LockBoxParameterUpdate->Header.ReturnStatus;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib UpdateLockBox - Exit (%r)\n", Status));
//
// Done
//
return Status;
}
/**
This function will restore confidential information from lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the restored confidential information
NULL means restored to original address, Length MUST be NULL at same time.
@param Length the length of the restored confidential information
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.
@retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no
LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.
@retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_ACCESS_DENIED not allow to restore to the address
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreLockBox (
IN GUID *Guid,
IN VOID *Buffer, OPTIONAL
IN OUT UINTN *Length OPTIONAL
)
{
EFI_STATUS Status;
EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;
EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore;
EFI_SMM_COMMUNICATE_HEADER *CommHeader;
UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)];
UINTN CommSize;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreLockBox - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) ||
((Buffer == NULL) && (Length != NULL)) ||
((Buffer != NULL) && (Length == NULL))) {
return EFI_INVALID_PARAMETER;
}
//
// Get needed resource
//
Status = gBS->LocateProtocol (
&gEfiSmmCommunicationProtocolGuid,
NULL,
(VOID **)&SmmCommunication
);
if (EFI_ERROR (Status)) {
return EFI_NOT_STARTED;
}
//
// Prepare parameter
//
CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];
CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));
CommHeader->MessageLength = sizeof(*LockBoxParameterRestore);
LockBoxParameterRestore = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];
LockBoxParameterRestore->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE;
LockBoxParameterRestore->Header.DataLength = sizeof(*LockBoxParameterRestore);
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)-1;
CopyMem (&LockBoxParameterRestore->Guid, Guid, sizeof(*Guid));
LockBoxParameterRestore->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;
if (Length != NULL) {
LockBoxParameterRestore->Length = (EFI_PHYSICAL_ADDRESS)*Length;
} else {
LockBoxParameterRestore->Length = 0;
}
//
// Send command
//
CommSize = sizeof(CommBuffer);
Status = SmmCommunication->Communicate (
SmmCommunication,
&CommBuffer[0],
&CommSize
);
ASSERT_EFI_ERROR (Status);
if (Length != NULL) {
*Length = (UINTN)LockBoxParameterRestore->Length;
}
Status = (EFI_STATUS)LockBoxParameterRestore->Header.ReturnStatus;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreLockBox - Exit (%r)\n", Status));
//
// Done
//
return Status;
}
/**
This function will restore confidential information from all lockbox which have RestoreInPlace attribute.
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreAllLockBoxInPlace (
VOID
)
{
EFI_STATUS Status;
EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication;
EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace;
EFI_SMM_COMMUNICATE_HEADER *CommHeader;
UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)];
UINTN CommSize;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Enter\n"));
//
// Get needed resource
//
Status = gBS->LocateProtocol (
&gEfiSmmCommunicationProtocolGuid,
NULL,
(VOID **)&SmmCommunication
);
if (EFI_ERROR (Status)) {
return EFI_NOT_STARTED;
}
//
// Prepare parameter
//
CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0];
CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid));
CommHeader->MessageLength = sizeof(*LockBoxParameterRestoreAllInPlace);
LockBoxParameterRestoreAllInPlace = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)];
LockBoxParameterRestoreAllInPlace->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE;
LockBoxParameterRestoreAllInPlace->Header.DataLength = sizeof(*LockBoxParameterRestoreAllInPlace);
LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)-1;
//
// Send command
//
CommSize = sizeof(CommBuffer);
Status = SmmCommunication->Communicate (
SmmCommunication,
&CommBuffer[0],
&CommSize
);
ASSERT_EFI_ERROR (Status);
Status = (EFI_STATUS)LockBoxParameterRestoreAllInPlace->Header.ReturnStatus;
DEBUG ((EFI_D_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Exit (%r)\n", Status));
//
// Done
//
return Status;
}

50
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf Normal file
View File

@ -0,0 +1,50 @@
## @file
# Component description file for LockBox library.
#
# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions
# of the BSD License which accompanies this distribution. The
# full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SmmLockBoxDxeLib
FILE_GUID = 4A0054B4-3CA8-4e1b-9339-9B58D5FBB7D2
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = LockBoxLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
SmmLockBoxDxeLib.c
SmmLockBoxLibPrivate.h
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
BaseLib
BaseMemoryLib
DebugLib
[Guids]
gEfiSmmLockBoxCommunicationGuid ## CONSUMED
[Protocols]
gEfiSmmCommunicationProtocolGuid ## CONSUMED

54
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h Normal file
View File

@ -0,0 +1,54 @@
/** @file
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _SMM_LOCK_BOX_LIB_PRIVATE_H_
#define _SMM_LOCK_BOX_LIB_PRIVATE_H_
#include <Uefi.h>
#pragma pack(push, 1)
//
// Below data structure is used for lockbox registration in SMST
//
#define SMM_LOCK_BOX_SIGNATURE_32 SIGNATURE_64 ('L','O','C','K','B','_','3','2')
#define SMM_LOCK_BOX_SIGNATURE_64 SIGNATURE_64 ('L','O','C','K','B','_','6','4')
typedef struct {
UINT64 Signature;
EFI_PHYSICAL_ADDRESS LockBoxDataAddress;
} SMM_LOCK_BOX_CONTEXT;
//
// Below data structure is used for lockbox management
//
#define SMM_LOCK_BOX_DATA_SIGNATURE SIGNATURE_64 ('L','O','C','K','B','O','X','D')
typedef struct {
UINT64 Signature;
EFI_GUID Guid;
EFI_PHYSICAL_ADDRESS Buffer;
UINT64 Length;
UINT64 Attributes;
EFI_PHYSICAL_ADDRESS SmramBuffer;
LIST_ENTRY Link;
} SMM_LOCK_BOX_DATA;
#pragma pack(pop)
#endif

542
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.c Normal file
View File

@ -0,0 +1,542 @@
/** @file
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <PiSmm.h>
#include <Library/SmmServicesTableLib.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/LockBoxLib.h>
#include <Library/DebugLib.h>
#include <Guid/SmmLockBox.h>
#include "SmmLockBoxLibPrivate.h"
/**
We need handle this library carefully. Only one library instance will construct the environment.
Below 2 global variable can only be used in constructor. They should NOT be used in any other library functions.
**/
SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext;
LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue);
/**
This function return SmmLockBox context from SMST.
@return SmmLockBox context from SMST.
**/
SMM_LOCK_BOX_CONTEXT *
InternalGetSmmLockBoxContext (
VOID
)
{
UINTN Index;
//
// Check if gEfiSmmLockBoxCommunicationGuid is installed by someone
//
for (Index = 0; Index < gSmst->NumberOfTableEntries; Index++) {
if (CompareGuid (&gSmst->SmmConfigurationTable[Index].VendorGuid, &gEfiSmmLockBoxCommunicationGuid)) {
//
// Found. That means some other library instance is already run.
// No need to install again, just return.
//
return (SMM_LOCK_BOX_CONTEXT *)gSmst->SmmConfigurationTable[Index].VendorTable;
}
}
//
// Not found.
//
return NULL;
}
/**
Constructor for SmmLockBox library.
This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later.
@param[in] ImageHandle Image handle of this driver.
@param[in] SystemTable A Pointer to the EFI System Table.
@retval EFI_SUCEESS
@return Others Some error occurs.
**/
EFI_STATUS
EFIAPI
SmmLockBoxSmmConstructuor (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Enter\n"));
//
// Check if gEfiSmmLockBoxCommunicationGuid is installed by someone
//
SmmLockBoxContext = InternalGetSmmLockBoxContext ();
if (SmmLockBoxContext != NULL) {
//
// Find it. That means some other library instance is already run.
// No need to install again, just return.
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - already installed\n"));
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n"));
return EFI_SUCCESS;
}
//
// If no one install this, it means this is first instance. Install it.
//
if (sizeof(UINTN) == sizeof(UINT64)) {
mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_64;
} else {
mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_32;
}
mSmmLockBoxContext.LockBoxDataAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)&mLockBoxQueue;
Status = gSmst->SmmInstallConfigurationTable (
gSmst,
&gEfiSmmLockBoxCommunicationGuid,
&mSmmLockBoxContext,
sizeof(mSmmLockBoxContext)
);
ASSERT_EFI_ERROR (Status);
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - %x\n", (UINTN)&mSmmLockBoxContext));
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib LockBoxDataAddress - %x\n", (UINTN)&mLockBoxQueue));
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SmmLockBoxSmmConstructuor - Exit\n"));
return Status;
}
/**
This function return SmmLockBox queue address.
@return SmmLockBox queue address.
**/
LIST_ENTRY *
InternalGetLockBoxQueue (
VOID
)
{
SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext;
SmmLockBoxContext = InternalGetSmmLockBoxContext ();
ASSERT (SmmLockBoxContext != NULL);
if (SmmLockBoxContext == NULL) {
return NULL;
}
return (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress;
}
/**
This function find LockBox by GUID.
@param Guid The guid to indentify the LockBox
@return LockBoxData
**/
SMM_LOCK_BOX_DATA *
InternalFindLockBoxByGuid (
IN EFI_GUID *Guid
)
{
LIST_ENTRY *Link;
SMM_LOCK_BOX_DATA *LockBox;
LIST_ENTRY *LockBoxQueue;
LockBoxQueue = InternalGetLockBoxQueue ();
ASSERT (LockBoxQueue != NULL);
for (Link = LockBoxQueue->ForwardLink;
Link != LockBoxQueue;
Link = Link->ForwardLink) {
LockBox = BASE_CR (
Link,
SMM_LOCK_BOX_DATA,
Link
);
if (CompareGuid (&LockBox->Guid, Guid)) {
return LockBox;
}
}
return NULL;
}
/**
This function will save confidential information to lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the confidential information
@param Length the length of the confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0
@retval RETURN_ALREADY_STARTED the requested GUID already exist.
@retval RETURN_OUT_OF_RESOURCES no enough resource to save the information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SaveLockBox (
IN GUID *Guid,
IN VOID *Buffer,
IN UINTN Length
)
{
SMM_LOCK_BOX_DATA *LockBox;
EFI_PHYSICAL_ADDRESS SmramBuffer;
EFI_STATUS Status;
LIST_ENTRY *LockBoxQueue;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));
return EFI_INVALID_PARAMETER;
}
//
// Find LockBox
//
LockBox = InternalFindLockBoxByGuid (Guid);
if (LockBox != NULL) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_ALREADY_STARTED));
return EFI_ALREADY_STARTED;
}
//
// Allocate SMRAM buffer
//
Status = gSmst->SmmAllocatePages (
AllocateAnyPages,
EfiRuntimeServicesData,
EFI_SIZE_TO_PAGES (Length),
&SmramBuffer
);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));
return EFI_OUT_OF_RESOURCES;
}
//
// Allocate LockBox
//
Status = gSmst->SmmAllocatePool (
EfiRuntimeServicesData,
sizeof(*LockBox),
(VOID **)&LockBox
);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
gSmst->SmmFreePages (SmramBuffer, EFI_SIZE_TO_PAGES (Length));
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES));
return EFI_OUT_OF_RESOURCES;
}
//
// Save data
//
CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)Buffer, Length);
//
// Insert LockBox to queue
//
LockBox->Signature = SMM_LOCK_BOX_DATA_SIGNATURE;
CopyMem (&LockBox->Guid, Guid, sizeof(EFI_GUID));
LockBox->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer;
LockBox->Length = (UINT64)Length;
LockBox->SmramBuffer = SmramBuffer;
LockBoxQueue = InternalGetLockBoxQueue ();
ASSERT (LockBoxQueue != NULL);
InsertTailList (LockBoxQueue, &LockBox->Link);
//
// Done
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_SUCCESS));
return EFI_SUCCESS;
}
/**
This function will set lockbox attributes.
@param Guid the guid to identify the confidential information
@param Attributes the attributes of the lockbox
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER attributes is invalid.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
SetLockBoxAttributes (
IN GUID *Guid,
IN UINT64 Attributes
)
{
SMM_LOCK_BOX_DATA *LockBox;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) ||
((Attributes & ~LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0)) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER));
return EFI_INVALID_PARAMETER;
}
//
// Find LockBox
//
LockBox = InternalFindLockBoxByGuid (Guid);
if (LockBox == NULL) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_NOT_FOUND));
return EFI_NOT_FOUND;
}
//
// Update data
//
LockBox->Attributes = Attributes;
//
// Done
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_SUCCESS));
return EFI_SUCCESS;
}
/**
This function will update confidential information to lockbox.
@param Guid the guid to identify the original confidential information
@param Offset the offset of the original confidential information
@param Buffer the address of the updated confidential information
@param Length the length of the updated confidential information
@retval RETURN_SUCCESS the information is saved successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_BUFFER_TOO_SMALL the original buffer to too small to hold new information.
@retval RETURN_ACCESS_DENIED it is too late to invoke this interface
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
UpdateLockBox (
IN GUID *Guid,
IN UINTN Offset,
IN VOID *Buffer,
IN UINTN Length
)
{
SMM_LOCK_BOX_DATA *LockBox;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Enter\n"));
//
// Basic check
//
if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));
return EFI_INVALID_PARAMETER;
}
//
// Find LockBox
//
LockBox = InternalFindLockBoxByGuid (Guid);
if (LockBox == NULL) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_NOT_FOUND));
return EFI_NOT_FOUND;
}
//
// Update data
//
if (LockBox->Length < Offset + Length) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));
return EFI_BUFFER_TOO_SMALL;
}
CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length);
//
// Done
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_SUCCESS));
return EFI_SUCCESS;
}
/**
This function will restore confidential information from lockbox.
@param Guid the guid to identify the confidential information
@param Buffer the address of the restored confidential information
NULL means restored to original address, Length MUST be NULL at same time.
@param Length the length of the restored confidential information
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL.
@retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no
LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute.
@retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information.
@retval RETURN_NOT_FOUND the requested GUID not found.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_ACCESS_DENIED not allow to restore to the address
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreLockBox (
IN GUID *Guid,
IN VOID *Buffer, OPTIONAL
IN OUT UINTN *Length OPTIONAL
)
{
SMM_LOCK_BOX_DATA *LockBox;
VOID *RestoreBuffer;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Enter\n"));
//
// Restore this, Buffer and Length MUST be both NULL or both non-NULL
//
if ((Guid == NULL) ||
((Buffer == NULL) && (Length != NULL)) ||
((Buffer != NULL) && (Length == NULL))) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER));
return EFI_INVALID_PARAMETER;
}
//
// Find LockBox
//
LockBox = InternalFindLockBoxByGuid (Guid);
if (LockBox == NULL) {
//
// Not found
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_NOT_FOUND));
return EFI_NOT_FOUND;
}
//
// Set RestoreBuffer
//
if (Buffer != NULL) {
//
// restore to new buffer
//
RestoreBuffer = Buffer;
} else {
//
// restore to original buffer
//
if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) {
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_WRITE_PROTECTED));
return EFI_WRITE_PROTECTED;
}
RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer;
}
//
// Set RestoreLength
//
if (Length != NULL) {
if (*Length < (UINTN)LockBox->Length) {
//
// Input buffer is too small to hold all data.
//
*Length = (UINTN)LockBox->Length;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL));
return EFI_BUFFER_TOO_SMALL;
}
*Length = (UINTN)LockBox->Length;
}
//
// Restore data
//
CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);
//
// Done
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_SUCCESS));
return EFI_SUCCESS;
}
/**
This function will restore confidential information from all lockbox which have RestoreInPlace attribute.
@retval RETURN_SUCCESS the information is restored successfully.
@retval RETURN_NOT_STARTED it is too early to invoke this interface
@retval RETURN_UNSUPPORTED the service is not supported by implementaion.
**/
RETURN_STATUS
EFIAPI
RestoreAllLockBoxInPlace (
VOID
)
{
SMM_LOCK_BOX_DATA *LockBox;
LIST_ENTRY *Link;
LIST_ENTRY *LockBoxQueue;
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n"));
LockBoxQueue = InternalGetLockBoxQueue ();
ASSERT (LockBoxQueue != NULL);
//
// Restore all, Buffer and Length MUST be NULL
//
for (Link = LockBoxQueue->ForwardLink;
Link != LockBoxQueue;
Link = Link->ForwardLink) {
LockBox = BASE_CR (
Link,
SMM_LOCK_BOX_DATA,
Link
);
if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) {
//
// Restore data
//
CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length);
}
}
//
// Done
//
DEBUG ((EFI_D_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Exit (%r)\n", EFI_SUCCESS));
return EFI_SUCCESS;
}

46
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf Normal file
View File

@ -0,0 +1,46 @@
## @file
# Component description file for LockBox library.
#
# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions
# of the BSD License which accompanies this distribution. The
# full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SmmLockBoxSmmLib
FILE_GUID = E04894D6-290D-4171-A362-0ACFD939F3C8
MODULE_TYPE = DXE_SMM_DRIVER
VERSION_STRING = 1.0
LIBRARY_CLASS = LockBoxLib|DXE_SMM_DRIVER
CONSTRUCTOR = SmmLockBoxSmmConstructuor
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
SmmLockBoxSmmLib.c
SmmLockBoxLibPrivate.h
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
SmmServicesTableLib
BaseLib
DebugLib
[Guids]
gEfiSmmLockBoxCommunicationGuid ## COMSUMED

7
MdeModulePkg/MdeModulePkg.dec
View File

@ -185,6 +185,9 @@
## Include/Guid/RecoveryDevice.h ## Include/Guid/RecoveryDevice.h
gRecoveryOnDataCdGuid = { 0x5CAC0099, 0x0DC9, 0x48E5, { 0x80, 0x68, 0xBB, 0x95, 0xF5, 0x40, 0x0A, 0x9F }} gRecoveryOnDataCdGuid = { 0x5CAC0099, 0x0DC9, 0x48E5, { 0x80, 0x68, 0xBB, 0x95, 0xF5, 0x40, 0x0A, 0x9F }}
## Include/Guid/SmmLockBox.h
gEfiSmmLockBoxCommunicationGuid = { 0x2a3cfebd, 0x27e8, 0x4d0a, { 0x8b, 0x79, 0xd6, 0x88, 0xc2, 0xa3, 0xe1, 0xc0 }}
[Ppis] [Ppis]
## Include/Ppi/AtaController.h ## Include/Ppi/AtaController.h
gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a, 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }} gPeiAtaControllerPpiGuid = { 0xa45e60d1, 0xc719, 0x44aa, { 0xb0, 0x7a, 0xaa, 0x77, 0x7f, 0x85, 0x90, 0x6d }}
@ -255,6 +258,10 @@
## This protocol allows the error level mask for DEBUG() macros to be adjusted for DXE Phase modules ## This protocol allows the error level mask for DEBUG() macros to be adjusted for DXE Phase modules
# Include/Guid/DebugMask.h # Include/Guid/DebugMask.h
gEfiDebugMaskProtocolGuid = { 0x4c8a2451, 0xc207, 0x405b, {0x96, 0x94, 0x99, 0xea, 0x13, 0x25, 0x13, 0x41} } gEfiDebugMaskProtocolGuid = { 0x4c8a2451, 0xc207, 0x405b, {0x96, 0x94, 0x99, 0xea, 0x13, 0x25, 0x13, 0x41} }
## Include/Protocol/LockBox.h
gEfiLockBoxProtocolGuid = { 0xbd445d79, 0xb7ad, 0x4f04, { 0x9a, 0xd8, 0x29, 0xbd, 0x20, 0x40, 0xeb, 0x3c }}
[PcdsFeatureFlag] [PcdsFeatureFlag]
## Indicate whether platform can support update capsule across a system reset ## Indicate whether platform can support update capsule across a system reset
gEfiMdeModulePkgTokenSpaceGuid.PcdSupportUpdateCapsuleReset|FALSE|BOOLEAN|0x0001001d gEfiMdeModulePkgTokenSpaceGuid.PcdSupportUpdateCapsuleReset|FALSE|BOOLEAN|0x0001001d

7
MdeModulePkg/MdeModulePkg.dsc
View File

@ -107,12 +107,14 @@
[LibraryClasses.common.DXE_DRIVER] [LibraryClasses.common.DXE_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
[LibraryClasses.common.DXE_RUNTIME_DRIVER] [LibraryClasses.common.DXE_RUNTIME_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
[LibraryClasses.common.SMM_CORE] [LibraryClasses.common.SMM_CORE]
MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf MemoryAllocationLib|MdeModulePkg/Library/PiSmmCoreMemoryAllocationLib/PiSmmCoreMemoryAllocationLib.inf
@ -123,11 +125,13 @@
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf
SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf
LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf
[LibraryClasses.common.UEFI_DRIVER] [LibraryClasses.common.UEFI_DRIVER]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
LockBoxLib|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
[LibraryClasses.common.UEFI_APPLICATION] [LibraryClasses.common.UEFI_APPLICATION]
HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
@ -232,6 +236,8 @@
MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf MdeModulePkg/Library/BaseSerialPortLib16550/BaseSerialPortLib16550.inf
MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf MdeModulePkg/Library/BasePlatformHookLibNull/BasePlatformHookLibNull.inf
MdeModulePkg/Library/DxeDebugPrintErrorLevelLib/DxeDebugPrintErrorLevelLib.inf MdeModulePkg/Library/DxeDebugPrintErrorLevelLib/DxeDebugPrintErrorLevelLib.inf
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf
MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf
MdeModulePkg/Universal/CapsulePei/CapsulePei.inf MdeModulePkg/Universal/CapsulePei/CapsulePei.inf
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
@ -309,6 +315,7 @@
MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf
MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf MdeModulePkg/Universal/StatusCodeHandler/Smm/StatusCodeHandlerSmm.inf
MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf MdeModulePkg/Universal/ReportStatusCodeRouter/Smm/ReportStatusCodeRouterSmm.inf
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf
MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.inf MdeModulePkg/Library/SmmCorePerformanceLib/SmmCorePerformanceLib.inf
MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf MdeModulePkg/Library/SmmPerformanceLib/SmmPerformanceLib.inf
MdeModulePkg/Library/DxeSmmPerformanceLib/DxeSmmPerformanceLib.inf MdeModulePkg/Library/DxeSmmPerformanceLib/DxeSmmPerformanceLib.inf

373
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c Normal file
View File

@ -0,0 +1,373 @@
/** @file
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions
of the BSD License which accompanies this distribution. The
full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#include <PiSmm.h>
#include <Library/UefiDriverEntryPoint.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/SmmServicesTableLib.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/LockBoxLib.h>
#include <Protocol/SmmReadyToLock.h>
#include <Protocol/SmmCommunication.h>
#include <Protocol/SmmAccess2.h>
#include <Protocol/LockBox.h>
#include <Guid/SmmLockBox.h>
BOOLEAN mLocked = FALSE;
EFI_SMRAM_DESCRIPTOR *mSmramRanges;
UINTN mSmramRangeCount;
/**
This function check if the address is in SMRAM.
@param Buffer the buffer address to be checked.
@param Length the buffer length to be checked.
@retval TRUE this address is in SMRAM.
@retval FALSE this address is NOT in SMRAM.
**/
BOOLEAN
IsAddressInSmram (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
)
{
UINTN Index;
for (Index = 0; Index < mSmramRangeCount; Index ++) {
if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||
((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {
return TRUE;
}
}
return FALSE;
}
/**
Dispatch function for SMM lock box save.
@param LockBoxParameterSave parameter of lock box save
**/
VOID
SmmLockBoxSave (
IN EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave
)
{
EFI_STATUS Status;
//
// Sanity check
//
if (mLocked) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));
LockBoxParameterSave->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
//
// Save data
//
Status = SaveLockBox (
&LockBoxParameterSave->Guid,
(VOID *)(UINTN)LockBoxParameterSave->Buffer,
(UINTN)LockBoxParameterSave->Length
);
LockBoxParameterSave->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Dispatch function for SMM lock box set attributes.
@param LockBoxParameterSetAttributes parameter of lock box set attributes
**/
VOID
SmmLockBoxSetAttributes (
IN EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttributes
)
{
EFI_STATUS Status;
//
// Sanity check
//
if (mLocked) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));
LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
//
// Update data
//
Status = SetLockBoxAttributes (
&LockBoxParameterSetAttributes->Guid,
LockBoxParameterSetAttributes->Attributes
);
LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Dispatch function for SMM lock box update.
@param LockBoxParameterUpdate parameter of lock box update
**/
VOID
SmmLockBoxUpdate (
IN EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate
)
{
EFI_STATUS Status;
//
// Sanity check
//
if (mLocked) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Locked!\n"));
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
//
// Update data
//
Status = UpdateLockBox (
&LockBoxParameterUpdate->Guid,
(UINTN)LockBoxParameterUpdate->Offset,
(VOID *)(UINTN)LockBoxParameterUpdate->Buffer,
(UINTN)LockBoxParameterUpdate->Length
);
LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Dispatch function for SMM lock box restore.
@param LockBoxParameterRestore parameter of lock box restore
**/
VOID
SmmLockBoxRestore (
IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore
)
{
EFI_STATUS Status;
//
// Sanity check
//
if (IsAddressInSmram (LockBoxParameterRestore->Buffer, LockBoxParameterRestore->Length)) {
DEBUG ((EFI_D_ERROR, "SmmLockBox Restore address in SMRAM!\n"));
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)EFI_ACCESS_DENIED;
return ;
}
//
// Restore data
//
Status = RestoreLockBox (
&LockBoxParameterRestore->Guid,
(VOID *)(UINTN)LockBoxParameterRestore->Buffer,
(UINTN *)&LockBoxParameterRestore->Length
);
LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Dispatch function for SMM lock box restore all in place.
@param LockBoxParameterRestoreAllInPlace parameter of lock box restore all in place
**/
VOID
SmmLockBoxRestoreAllInPlace (
IN EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace
)
{
EFI_STATUS Status;
Status = RestoreAllLockBoxInPlace ();
LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)Status;
return ;
}
/**
Dispatch function for a Software SMI handler.
@param DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().
@param Context Points to an optional handler context which was specified when the
handler was registered.
@param CommBuffer A pointer to a collection of data in memory that will
be conveyed from a non-SMM environment into an SMM environment.
@param CommBufferSize The size of the CommBuffer.
@retval EFI_SUCCESS Command is handled successfully.
**/
EFI_STATUS
EFIAPI
SmmLockBoxHandler (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context OPTIONAL,
IN OUT VOID *CommBuffer OPTIONAL,
IN OUT UINTN *CommBufferSize OPTIONAL
)
{
EFI_SMM_LOCK_BOX_PARAMETER_HEADER *LockBoxParameterHeader;
DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Enter\n"));
LockBoxParameterHeader = (EFI_SMM_LOCK_BOX_PARAMETER_HEADER *)((UINTN)CommBuffer);
LockBoxParameterHeader->ReturnStatus = (UINT64)-1;
DEBUG ((EFI_D_ERROR, "SmmLockBox LockBoxParameterHeader - %x\n", (UINTN)LockBoxParameterHeader));
DEBUG ((EFI_D_ERROR, "SmmLockBox Command - %x\n", (UINTN)LockBoxParameterHeader->Command));
switch (LockBoxParameterHeader->Command) {
case EFI_SMM_LOCK_BOX_COMMAND_SAVE:
SmmLockBoxSave ((EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_UPDATE:
SmmLockBoxUpdate ((EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_RESTORE:
SmmLockBoxRestore ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES:
SmmLockBoxSetAttributes ((EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)(UINTN)LockBoxParameterHeader);
break;
case EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE:
SmmLockBoxRestoreAllInPlace ((EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)(UINTN)LockBoxParameterHeader);
break;
default:
break;
}
LockBoxParameterHeader->Command = (UINT32)-1;
DEBUG ((EFI_D_ERROR, "SmmLockBox SmmLockBoxHandler Exit\n"));
return EFI_SUCCESS;
}
/**
Smm Ready To Lock event notification handler.
It sets a flag indicating that SMRAM has been locked.
@param[in] Protocol Points to the protocol's unique identifier.
@param[in] Interface Points to the interface instance.
@param[in] Handle The handle on which the interface was installed.
@retval EFI_SUCCESS Notification handler runs successfully.
**/
EFI_STATUS
EFIAPI
SmmReadyToLockEventNotify (
IN CONST EFI_GUID *Protocol,
IN VOID *Interface,
IN EFI_HANDLE Handle
)
{
mLocked = TRUE;
return EFI_SUCCESS;
}
/**
Entry Point for LockBox SMM driver.
@param[in] ImageHandle Image handle of this driver.
@param[in] SystemTable A Pointer to the EFI System Table.
@retval EFI_SUCEESS
@return Others Some error occurs.
**/
EFI_STATUS
EFIAPI
SmmLockBoxEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_HANDLE DispatchHandle;
VOID *Registration;
EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;
UINTN Size;
//
// Get SMRAM information
//
Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);
ASSERT_EFI_ERROR (Status);
Size = 0;
Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);
ASSERT (Status == EFI_BUFFER_TOO_SMALL);
Status = gSmst->SmmAllocatePool (
EfiRuntimeServicesData,
Size,
(VOID **)&mSmramRanges
);
ASSERT_EFI_ERROR (Status);
Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);
ASSERT_EFI_ERROR (Status);
mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
//
// Register LockBox communication handler
//
Status = gSmst->SmiHandlerRegister (
SmmLockBoxHandler,
&gEfiSmmLockBoxCommunicationGuid,
&DispatchHandle
);
ASSERT_EFI_ERROR (Status);
//
// Register SMM Ready To Lock Protocol notification
//
Status = gSmst->SmmRegisterProtocolNotify (
&gEfiSmmReadyToLockProtocolGuid,
SmmReadyToLockEventNotify,
&Registration
);
ASSERT_EFI_ERROR (Status);
//
// Install NULL to DXE data base as notify
//
ImageHandle = NULL;
Status = gBS->InstallProtocolInterface (
&ImageHandle,
&gEfiLockBoxProtocolGuid,
EFI_NATIVE_INTERFACE,
NULL
);
ASSERT_EFI_ERROR (Status);
return Status;
}

59
MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.inf Normal file
View File

@ -0,0 +1,59 @@
## @file
# Component description file for LockBox SMM driver.
#
# Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions
# of the BSD License which accompanies this distribution. The
# full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php
#
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = SmmLockBox
FILE_GUID = 33FB3535-F15E-4c17-B303-5EB94595ECB6
MODULE_TYPE = DXE_SMM_DRIVER
VERSION_STRING = 1.0
PI_SPECIFICATION_VERSION = 0x0001000A
ENTRY_POINT = SmmLockBoxEntryPoint
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64
#
[Sources]
SmmLockBox.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
[LibraryClasses]
UefiDriverEntryPoint
UefiBootServicesTableLib
UefiRuntimeServicesTableLib
SmmServicesTableLib
BaseLib
BaseMemoryLib
DebugLib
LockBoxLib
[Guids]
gEfiSmmLockBoxCommunicationGuid ## PRODUCED
[Protocols]
gEfiSmmReadyToLockProtocolGuid ## CONSUMED
gEfiSmmAccess2ProtocolGuid ## CONSUMED
gEfiLockBoxProtocolGuid ## PRODUCED
[Depex]
gEfiSmmSwDispatch2ProtocolGuid