SecurityPkg OpalPasswordSmm: Consume SmmIoLib.

Update code to consume SmmIoLib to check Mmio validation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2017-05-03 09:22:26 +08:00 · 2017-05-03 09:22:26 +08:00 · 50e6bb98ee
parent 1674fc5ab4
commit 50e6bb98ee
4 changed files with 3 additions and 83 deletions
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalAhciMode.c
@ -1022,34 +1022,6 @@ GetAhciBarSize (
  return Size;
 }

-/**
-  This function check if the memory region is in GCD MMIO region.
-
-  @param Addr  The memory region start address to be checked.
-  @param Size  The memory region length to be checked.
-
-  @retval TRUE  This memory region is in GCD MMIO region.
-  @retval FALSE This memory region is not in GCD MMIO region.
-**/
-BOOLEAN
-EFIAPI
-OpalIsValidMmioSpace (
-  IN  EFI_PHYSICAL_ADDRESS       Addr,
-  IN  UINTN                      Size
-  )
-{
-  UINTN                           Index;
-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
-
-  for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
-    Desc = &mGcdMemSpace[Index];
-    if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) {
-      return TRUE;
-    }
-  }
-
-  return FALSE;
-}
 /**
  Get AHCI mode base address registers' Value.

@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
  //
  // Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM.
  //
-  if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
+  if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
    return EFI_UNSUPPORTED;
  }

--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.c
@ -61,9 +61,6 @@ VOID                 *mBuffer = NULL; // DMA can not read/write Data to smram, s
 // NVME
 NVME_CONTEXT         mNvmeContext;

-EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace        = NULL;
-UINTN                             mNumberOfDescriptors = 0;
-
 /**
  Add new bridge node or nvme device info to the device list.

@ -647,44 +644,6 @@ S3SleepEntryCallBack (
  return Status;
 }

-/**
-  OpalPassword Notification for SMM EndOfDxe protocol.
-
-  @param[in] Protocol   Points to the protocol's unique identifier.
-  @param[in] Interface  Points to the interface instance.
-  @param[in] Handle     The handle on which the interface was installed.
-
-  @retval EFI_SUCCESS   Notification runs successfully.
-**/
-EFI_STATUS
-EFIAPI
-OpalPasswordEndOfDxeNotification (
-  IN CONST EFI_GUID  *Protocol,
-  IN VOID            *Interface,
-  IN EFI_HANDLE      Handle
-  )
-{
-  UINTN                            NumberOfDescriptors;
-  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *MemSpaceMap;
-  EFI_STATUS                       Status;
-
-  Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);
-  if (EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
-  if (EFI_ERROR (Status)) {
-    gBS->FreePool (MemSpaceMap);
-    return Status;
-  }
-
-  mNumberOfDescriptors = NumberOfDescriptors;
-  gBS->FreePool (MemSpaceMap);
-
-  return EFI_SUCCESS;
-}
-
 /**
  Main entry for this driver.

@ -711,7 +670,6 @@ OpalPasswordSmmInit (
  EFI_SMM_VARIABLE_PROTOCOL             *SmmVariable;
  OPAL_EXTRA_INFO_VAR                   OpalExtraInfo;
  UINTN                                 DataSize;
-  EFI_EVENT                             EndOfDxeEvent;
  EFI_PHYSICAL_ADDRESS                  Address;

  mBuffer            = NULL;
@ -820,15 +778,6 @@ OpalPasswordSmmInit (
  //
  mSwSmiValue = (UINT8) Context.SwSmiInputValue;

-  //
-  // Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar
-  // is in MMIO space to avoid attack.
-  //
-  Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent);
-  if (EFI_ERROR (Status)) {
-    DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status));
-    goto EXIT;
-  }
  Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);
  if (!EFI_ERROR (Status)) {
    DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.h
@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/S3BootScriptLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/DxeServicesTableLib.h>
+#include <Library/SmmIoLib.h>

 #include <IndustryStandard/Pci22.h>

@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

 extern VOID                              *mBuffer;

-extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR   *mGcdMemSpace;
-extern UINTN                             mNumberOfDescriptors;
 #pragma pack(1)

 typedef struct {
--- a/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
+++ b/SecurityPkg/Tcg/Opal/OpalPasswordSmm/OpalPasswordSmm.inf
@ -58,6 +58,7 @@
  DxeServicesTableLib
  DevicePathLib
  OpalPasswordSupportLib
+  SmmIoLib

 [Guids]
  gOpalExtraInfoVariableGuid                    ## CONSUMES ## GUID
@ -69,7 +70,6 @@
  gEfiSmmSxDispatch2ProtocolGuid                ## CONSUMES
  gEfiSmmVariableProtocolGuid                   ## CONSUMES
  gEfiStorageSecurityCommandProtocolGuid        ## CONSUMES
-  gEfiSmmEndOfDxeProtocolGuid                   ## CONSUMES

 [Depex]
  gEfiSmmSwDispatch2ProtocolGuid AND