tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg: Add MorLock to variable driver. 

This patch adds MorLock function to Variable main function.
It also updates corresponding INF file to pass build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
Reviewed-by: "Zeng, Star" <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19690 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Yao, Jiewen 2016-01-19 13:22:05 +00:00 committed by jyao1
parent a0994dbe3c
commit 2f6aa774fe
3 changed files with 69 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
View File

@ -16,7 +16,7 @@
VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow, VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
integer overflow. It should also check attribute to avoid authentication bypass. integer overflow. It should also check attribute to avoid authentication bypass.
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -111,6 +111,43 @@ SecureBootHook (
IN EFI_GUID *VendorGuid IN EFI_GUID *VendorGuid
); );
/**
Initialization for MOR Lock Control.
@retval EFI_SUCEESS MorLock initialization success.
@return Others Some error occurs.
**/
EFI_STATUS
MorLockInit (
VOID
);
/**
This service is an MOR/MorLock checker handler for the SetVariable().
@param VariableName the name of the vendor's variable, as a
Null-Terminated Unicode String
@param VendorGuid Unify identifier for vendor.
@param Attributes Point to memory location to return the attributes of variable. If the point
is NULL, the parameter would be ignored.
@param DataSize The size in bytes of Data-Buffer.
@param Data Point to the content of the variable.
@retval EFI_SUCCESS The MOR/MorLock check pass, and Variable driver can store the variable data.
@retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or attributes is not allowed for MOR variable.
@retval EFI_ACCESS_DENIED The MOR/MorLock is locked.
@retval EFI_ALREADY_STARTED The MorLock variable is handled inside this function.
Variable driver can just return EFI_SUCCESS.
**/
EFI_STATUS
SetVariableCheckHandlerMor (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
);
/** /**
Routine used to track statistical information about variable usage. Routine used to track statistical information about variable usage.
The data is stored in the EFI system table so it can be accessed later. The data is stored in the EFI system table so it can be accessed later.
@ -3192,6 +3229,21 @@ VariableServiceSetVariable (
} }
} }
//
// Special Handling for MOR Lock variable.
//
Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
if (Status == EFI_ALREADY_STARTED) {
//
// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor().
// Variable driver can just return SUCCESS.
//
return EFI_SUCCESS;
}
if (EFI_ERROR (Status)) {
return Status;
}
Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource); Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize (
} }
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock); ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
//
// Initialize MOR Lock variable.
//
MorLockInit ();
return Status; return Status;
} }

6
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
View File

@ -9,7 +9,7 @@
# This external input must be validated carefully to avoid security issues such as # This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow. # buffer overflow or integer overflow.
# #
# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -42,6 +42,7 @@
VariableDxe.c VariableDxe.c
Variable.h Variable.h
Measurement.c Measurement.c
TcgMorLockDxe.c
VarCheck.c VarCheck.c
VariableExLib.c VariableExLib.c
@ -95,6 +96,9 @@
## SOMETIMES_PRODUCES ## Variable:L"Lang" ## SOMETIMES_PRODUCES ## Variable:L"Lang"
gEfiGlobalVariableGuid gEfiGlobalVariableGuid
gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event

6
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
View File

@ -18,7 +18,7 @@
# may not be modified without authorization. If platform fails to protect these resources, # may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined. # the authentication service provided in this driver will be broken, and the behavior is undefined.
# #
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
@ -52,6 +52,7 @@
VarCheck.c VarCheck.c
Variable.h Variable.h
VariableExLib.c VariableExLib.c
TcgMorLockSmm.c
[Packages] [Packages]
MdePkg/MdePkg.dec MdePkg/MdePkg.dec
@ -103,6 +104,9 @@
## SOMETIMES_PRODUCES ## Variable:L"Lang" ## SOMETIMES_PRODUCES ## Variable:L"Lang"
gEfiGlobalVariableGuid gEfiGlobalVariableGuid
gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB