mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-21 20:54:29 +02:00
SecurityPkg OpalPasswordSmm: Consume SmmIoLib.
Update code to consume SmmIoLib to check Mmio validation. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Eric Dong <eric.dong@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
parent
1674fc5ab4
commit
50e6bb98ee
@ -1022,34 +1022,6 @@ GetAhciBarSize (
|
|||||||
return Size;
|
return Size;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
This function check if the memory region is in GCD MMIO region.
|
|
||||||
|
|
||||||
@param Addr The memory region start address to be checked.
|
|
||||||
@param Size The memory region length to be checked.
|
|
||||||
|
|
||||||
@retval TRUE This memory region is in GCD MMIO region.
|
|
||||||
@retval FALSE This memory region is not in GCD MMIO region.
|
|
||||||
**/
|
|
||||||
BOOLEAN
|
|
||||||
EFIAPI
|
|
||||||
OpalIsValidMmioSpace (
|
|
||||||
IN EFI_PHYSICAL_ADDRESS Addr,
|
|
||||||
IN UINTN Size
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UINTN Index;
|
|
||||||
EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
|
|
||||||
|
|
||||||
for (Index = 0; Index < mNumberOfDescriptors; Index ++) {
|
|
||||||
Desc = &mGcdMemSpace[Index];
|
|
||||||
if ((Desc->GcdMemoryType == EfiGcdMemoryTypeMemoryMappedIo) && (Addr >= Desc->BaseAddress) && ((Addr + Size) <= (Desc->BaseAddress + Desc->Length))) {
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
/**
|
/**
|
||||||
Get AHCI mode base address registers' Value.
|
Get AHCI mode base address registers' Value.
|
||||||
|
|
||||||
@ -1083,7 +1055,7 @@ GetAhciBaseAddress (
|
|||||||
//
|
//
|
||||||
// Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM.
|
// Check if the AHCI Bar region is in SMRAM to avoid malicious attack by modifying MMIO Bar to point to SMRAM.
|
||||||
//
|
//
|
||||||
if (!OpalIsValidMmioSpace ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size)) {
|
if (!SmmIsMmioValid ((EFI_PHYSICAL_ADDRESS)mAhciBar, Size, NULL)) {
|
||||||
return EFI_UNSUPPORTED;
|
return EFI_UNSUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -61,9 +61,6 @@ VOID *mBuffer = NULL; // DMA can not read/write Data to smram, s
|
|||||||
// NVME
|
// NVME
|
||||||
NVME_CONTEXT mNvmeContext;
|
NVME_CONTEXT mNvmeContext;
|
||||||
|
|
||||||
EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace = NULL;
|
|
||||||
UINTN mNumberOfDescriptors = 0;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Add new bridge node or nvme device info to the device list.
|
Add new bridge node or nvme device info to the device list.
|
||||||
|
|
||||||
@ -647,44 +644,6 @@ S3SleepEntryCallBack (
|
|||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
OpalPassword Notification for SMM EndOfDxe protocol.
|
|
||||||
|
|
||||||
@param[in] Protocol Points to the protocol's unique identifier.
|
|
||||||
@param[in] Interface Points to the interface instance.
|
|
||||||
@param[in] Handle The handle on which the interface was installed.
|
|
||||||
|
|
||||||
@retval EFI_SUCCESS Notification runs successfully.
|
|
||||||
**/
|
|
||||||
EFI_STATUS
|
|
||||||
EFIAPI
|
|
||||||
OpalPasswordEndOfDxeNotification (
|
|
||||||
IN CONST EFI_GUID *Protocol,
|
|
||||||
IN VOID *Interface,
|
|
||||||
IN EFI_HANDLE Handle
|
|
||||||
)
|
|
||||||
{
|
|
||||||
UINTN NumberOfDescriptors;
|
|
||||||
EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemSpaceMap;
|
|
||||||
EFI_STATUS Status;
|
|
||||||
|
|
||||||
Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemSpaceMap);
|
|
||||||
if (EFI_ERROR (Status)) {
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
mGcdMemSpace = AllocateCopyPool (NumberOfDescriptors * sizeof (EFI_GCD_MEMORY_SPACE_DESCRIPTOR), MemSpaceMap);
|
|
||||||
if (EFI_ERROR (Status)) {
|
|
||||||
gBS->FreePool (MemSpaceMap);
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
mNumberOfDescriptors = NumberOfDescriptors;
|
|
||||||
gBS->FreePool (MemSpaceMap);
|
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Main entry for this driver.
|
Main entry for this driver.
|
||||||
|
|
||||||
@ -711,7 +670,6 @@ OpalPasswordSmmInit (
|
|||||||
EFI_SMM_VARIABLE_PROTOCOL *SmmVariable;
|
EFI_SMM_VARIABLE_PROTOCOL *SmmVariable;
|
||||||
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
|
OPAL_EXTRA_INFO_VAR OpalExtraInfo;
|
||||||
UINTN DataSize;
|
UINTN DataSize;
|
||||||
EFI_EVENT EndOfDxeEvent;
|
|
||||||
EFI_PHYSICAL_ADDRESS Address;
|
EFI_PHYSICAL_ADDRESS Address;
|
||||||
|
|
||||||
mBuffer = NULL;
|
mBuffer = NULL;
|
||||||
@ -820,15 +778,6 @@ OpalPasswordSmmInit (
|
|||||||
//
|
//
|
||||||
mSwSmiValue = (UINT8) Context.SwSmiInputValue;
|
mSwSmiValue = (UINT8) Context.SwSmiInputValue;
|
||||||
|
|
||||||
//
|
|
||||||
// Create event to record GCD descriptors at end of dxe for judging AHCI/NVMe PCI Bar
|
|
||||||
// is in MMIO space to avoid attack.
|
|
||||||
//
|
|
||||||
Status = gSmst->SmmRegisterProtocolNotify (&gEfiSmmEndOfDxeProtocolGuid, OpalPasswordEndOfDxeNotification, &EndOfDxeEvent);
|
|
||||||
if (EFI_ERROR (Status)) {
|
|
||||||
DEBUG((DEBUG_ERROR, "OpalPasswordSmm: Register SmmEndOfDxe fail, Status: %r\n", Status));
|
|
||||||
goto EXIT;
|
|
||||||
}
|
|
||||||
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);
|
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&SmmVariable);
|
||||||
if (!EFI_ERROR (Status)) {
|
if (!EFI_ERROR (Status)) {
|
||||||
DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
|
DataSize = sizeof (OPAL_EXTRA_INFO_VAR);
|
||||||
|
@ -45,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||||||
#include <Library/S3BootScriptLib.h>
|
#include <Library/S3BootScriptLib.h>
|
||||||
#include <Library/DevicePathLib.h>
|
#include <Library/DevicePathLib.h>
|
||||||
#include <Library/DxeServicesTableLib.h>
|
#include <Library/DxeServicesTableLib.h>
|
||||||
|
#include <Library/SmmIoLib.h>
|
||||||
|
|
||||||
#include <IndustryStandard/Pci22.h>
|
#include <IndustryStandard/Pci22.h>
|
||||||
|
|
||||||
@ -70,8 +71,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|||||||
|
|
||||||
extern VOID *mBuffer;
|
extern VOID *mBuffer;
|
||||||
|
|
||||||
extern EFI_GCD_MEMORY_SPACE_DESCRIPTOR *mGcdMemSpace;
|
|
||||||
extern UINTN mNumberOfDescriptors;
|
|
||||||
#pragma pack(1)
|
#pragma pack(1)
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
|
@ -58,6 +58,7 @@
|
|||||||
DxeServicesTableLib
|
DxeServicesTableLib
|
||||||
DevicePathLib
|
DevicePathLib
|
||||||
OpalPasswordSupportLib
|
OpalPasswordSupportLib
|
||||||
|
SmmIoLib
|
||||||
|
|
||||||
[Guids]
|
[Guids]
|
||||||
gOpalExtraInfoVariableGuid ## CONSUMES ## GUID
|
gOpalExtraInfoVariableGuid ## CONSUMES ## GUID
|
||||||
@ -69,7 +70,6 @@
|
|||||||
gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES
|
gEfiSmmSxDispatch2ProtocolGuid ## CONSUMES
|
||||||
gEfiSmmVariableProtocolGuid ## CONSUMES
|
gEfiSmmVariableProtocolGuid ## CONSUMES
|
||||||
gEfiStorageSecurityCommandProtocolGuid ## CONSUMES
|
gEfiStorageSecurityCommandProtocolGuid ## CONSUMES
|
||||||
gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
|
|
||||||
|
|
||||||
[Depex]
|
[Depex]
|
||||||
gEfiSmmSwDispatch2ProtocolGuid AND
|
gEfiSmmSwDispatch2ProtocolGuid AND
|
||||||
|
Loading…
x
Reference in New Issue
Block a user