tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg: Add MorLock to variable driver. 

This patch adds MorLock function to Variable main function.
It also updates corresponding INF file to pass build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com>
Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com>
Reviewed-by: "Zeng, Star" <star.zeng@intel.com>


git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19690 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Yao, Jiewen 2016-01-19 13:22:05 +00:00 committed by jyao1
parent a0994dbe3c
commit 2f6aa774fe
3 changed files with 69 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
View File

@ -16,7 +16,7 @@
VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
integer overflow. It should also check attribute to avoid authentication bypass.
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -111,6 +111,43 @@ SecureBootHook (
IN EFI_GUID *VendorGuid
);
/**
Initialization for MOR Lock Control.
@retval EFI_SUCEESS MorLock initialization success.
@return Others Some error occurs.
**/
EFI_STATUS
MorLockInit (
VOID
);
/**
This service is an MOR/MorLock checker handler for the SetVariable().
@param VariableName the name of the vendor's variable, as a
Null-Terminated Unicode String
@param VendorGuid Unify identifier for vendor.
@param Attributes Point to memory location to return the attributes of variable. If the point
is NULL, the parameter would be ignored.
@param DataSize The size in bytes of Data-Buffer.
@param Data Point to the content of the variable.
@retval EFI_SUCCESS The MOR/MorLock check pass, and Variable driver can store the variable data.
@retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or attributes is not allowed for MOR variable.
@retval EFI_ACCESS_DENIED The MOR/MorLock is locked.
@retval EFI_ALREADY_STARTED The MorLock variable is handled inside this function.
Variable driver can just return EFI_SUCCESS.
**/
EFI_STATUS
SetVariableCheckHandlerMor (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
);
/**
Routine used to track statistical information about variable usage.
The data is stored in the EFI system table so it can be accessed later.
@ -3192,6 +3229,21 @@ VariableServiceSetVariable (
}
}
//
// Special Handling for MOR Lock variable.
//
Status = SetVariableCheckHandlerMor (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
if (Status == EFI_ALREADY_STARTED) {
//
// EFI_ALREADY_STARTED means the SetVariable() action is handled inside of SetVariableCheckHandlerMor().
// Variable driver can just return SUCCESS.
//
return EFI_SUCCESS;
}
if (EFI_ERROR (Status)) {
return Status;
}
Status = VarCheckLibSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize), mRequestSource);
if (EFI_ERROR (Status)) {
return Status;
@ -3966,6 +4018,12 @@ VariableWriteServiceInitialize (
}
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
//
// Initialize MOR Lock variable.
//
MorLockInit ();
return Status;
}

6
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
View File

@ -9,7 +9,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -42,6 +42,7 @@
VariableDxe.c
Variable.h
Measurement.c
TcgMorLockDxe.c
VarCheck.c
VariableExLib.c
@ -95,6 +96,9 @@
## SOMETIMES_PRODUCES ## Variable:L"Lang"
gEfiGlobalVariableGuid
gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event

6
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
View File

@ -18,7 +18,7 @@
# may not be modified without authorization. If platform fails to protect these resources,
# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -52,6 +52,7 @@
VarCheck.c
Variable.h
VariableExLib.c
TcgMorLockSmm.c
[Packages]
MdePkg/MdePkg.dec
@ -103,6 +104,9 @@
## SOMETIMES_PRODUCES ## Variable:L"Lang"
gEfiGlobalVariableGuid
gEfiMemoryOverwriteControlDataGuid ## CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
gEfiMemoryOverwriteRequestControlLockGuid ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB