mirror of https://github.com/acidanthera/audk.git
Add Secure MOR implementation.
Add a new module MemoryOverwriteRequestControlLock to register VarCheck handler to enforce MorLock Policy. Only SMM version is added because MOR is only supported in SMM variable case. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Chao Zhang" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18092 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
5c61c5cfc8
commit
70c7664cd3
|
@ -0,0 +1,43 @@
|
|||
/** @file
|
||||
Support for Microsoft Secure MOR implementation, defined at
|
||||
Microsoft Secure MOR implementation.
|
||||
https://msdn.microsoft.com/en-us/library/windows/hardware/mt270973(v=vs.85).aspx
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
|
||||
#define __MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_H__
|
||||
|
||||
#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_GUID \
|
||||
{ \
|
||||
0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92} \
|
||||
}
|
||||
|
||||
#define MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME L"MemoryOverwriteRequestControlLock"
|
||||
|
||||
//
|
||||
// VendorGuid: {BB983CCF-151D-40E1-A07B-4A17BE168292}
|
||||
// Name: MemoryOverwriteRequestControlLock
|
||||
// Attributes: NV+BS+RT
|
||||
// Size: 0x1 byte
|
||||
//
|
||||
// The BIOS initializes MemoryOverwriteRequestControlLock to a value of 0x00
|
||||
// before BDS (BOOT#### processing). When the OS loader calls SetVariable by
|
||||
// specifying 0x01, the access mode for both MemoryOverwriteRequestControlLock
|
||||
// and MemoryOverwriteRequestControl is changed to read-only. If any other
|
||||
// value is specified in the SetVariable call, it fails with the
|
||||
// EFI_INVALID_PARAMETER error code.
|
||||
//
|
||||
|
||||
extern EFI_GUID gEfiMemoryOverwriteRequestControlLockGuid;
|
||||
|
||||
#endif
|
|
@ -389,6 +389,9 @@
|
|||
## Include/Guid/MemoryOverwriteControl.h
|
||||
gEfiMemoryOverwriteControlDataGuid = { 0xe20939be, 0x32d4, 0x41be, {0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29 }}
|
||||
|
||||
## Include/IndustryStandard/MemoryOverwriteRequestControlLock.h
|
||||
gEfiMemoryOverwriteRequestControlLockGuid = { 0xBB983CCF, 0x151D, 0x40E1, {0xA0, 0x7B, 0x4A, 0x17, 0xBE, 0x16, 0x82, 0x92}}
|
||||
|
||||
## Include/Guid/WinCertificate.h
|
||||
gEfiCertTypeRsa2048Sha256Guid = { 0xa7717414, 0xc616, 0x4977, {0x94, 0x20, 0x84, 0x47, 0x12, 0xa7, 0x35, 0xbf }}
|
||||
|
||||
|
|
|
@ -234,6 +234,8 @@
|
|||
SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf
|
||||
|
||||
[Components.IA32, Components.X64]
|
||||
|
||||
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
|
||||
SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
|
||||
SecurityPkg/Tcg/TrEESmm/TrEESmm.inf
|
||||
#
|
||||
|
|
|
@ -0,0 +1,196 @@
|
|||
/** @file
|
||||
TCG MOR (Memory Overwrite Request) Lock Control Driver.
|
||||
|
||||
This driver initilize MemoryOverwriteRequestControlLock variable.
|
||||
This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <PiDxe.h>
|
||||
#include <Guid/MemoryOverwriteControl.h>
|
||||
#include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include "TcgMorLock.h"
|
||||
|
||||
typedef struct {
|
||||
CHAR16 *VariableName;
|
||||
EFI_GUID *VendorGuid;
|
||||
} VARIABLE_TYPE;
|
||||
|
||||
VARIABLE_TYPE mMorVariableType[] = {
|
||||
{MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid},
|
||||
{MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid},
|
||||
};
|
||||
|
||||
/**
|
||||
Returns if this is MOR related variable.
|
||||
|
||||
@param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
|
||||
@retval TRUE The variable is MOR related.
|
||||
@retval FALSE The variable is NOT MOR related.
|
||||
**/
|
||||
BOOLEAN
|
||||
IsAnyMorVariable (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid
|
||||
)
|
||||
{
|
||||
UINTN Index;
|
||||
|
||||
for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
|
||||
if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
|
||||
(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
Returns if this is MOR lock variable.
|
||||
|
||||
@param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
|
||||
@retval TRUE The variable is MOR lock variable.
|
||||
@retval FALSE The variable is NOT MOR lock variable.
|
||||
**/
|
||||
BOOLEAN
|
||||
IsMorLockVariable (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid
|
||||
)
|
||||
{
|
||||
if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
|
||||
(CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/**
|
||||
This service is a checker handler for the UEFI Runtime Service SetVariable()
|
||||
|
||||
@param VariableName the name of the vendor's variable, as a
|
||||
Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
@param Attributes Point to memory location to return the attributes of variable. If the point
|
||||
is NULL, the parameter would be ignored.
|
||||
@param DataSize The size in bytes of Data-Buffer.
|
||||
@param Data Point to the content of the variable.
|
||||
|
||||
@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
|
||||
defined by the Attributes.
|
||||
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
|
||||
DataSize exceeds the maximum allowed.
|
||||
@retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
|
||||
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
|
||||
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
set but the AuthInfo does NOT pass the validation check carried
|
||||
out by the firmware.
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
SetVariableCheckHandlerMor (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid,
|
||||
IN UINT32 Attributes,
|
||||
IN UINTN DataSize,
|
||||
IN VOID *Data
|
||||
)
|
||||
{
|
||||
UINTN MorLockDataSize;
|
||||
BOOLEAN MorLock;
|
||||
EFI_STATUS Status;
|
||||
|
||||
//
|
||||
// do not handle non-MOR variable
|
||||
//
|
||||
if (!IsAnyMorVariable (VariableName, VendorGuid)) {
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
MorLockDataSize = sizeof(MorLock);
|
||||
Status = InternalGetVariable (
|
||||
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
|
||||
&gEfiMemoryOverwriteRequestControlLockGuid,
|
||||
NULL,
|
||||
&MorLockDataSize,
|
||||
&MorLock
|
||||
);
|
||||
if (!EFI_ERROR (Status) && MorLock) {
|
||||
//
|
||||
// If lock, deny access
|
||||
//
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
//
|
||||
// check format
|
||||
//
|
||||
if (IsMorLockVariable(VariableName, VendorGuid)) {
|
||||
//
|
||||
// Delete not OK
|
||||
//
|
||||
if ((DataSize == 0) || (Data == NULL) || (Attributes == 0)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
//
|
||||
// set to any other value not OK
|
||||
//
|
||||
if ((DataSize != sizeof(UINT8)) || ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0))) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
//
|
||||
// Or grant access
|
||||
//
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
Entry Point for MOR Lock Control driver.
|
||||
|
||||
@param[in] ImageHandle Image handle of this driver.
|
||||
@param[in] SystemTable A Pointer to the EFI System Table.
|
||||
|
||||
@retval EFI_SUCEESS
|
||||
@return Others Some error occurs.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
MorLockDriverInit (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
UINT8 Data;
|
||||
|
||||
Data = 0;
|
||||
Status = InternalSetVariable (
|
||||
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
|
||||
&gEfiMemoryOverwriteRequestControlLockGuid,
|
||||
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
|
||||
1,
|
||||
&Data
|
||||
);
|
||||
return Status;
|
||||
}
|
|
@ -0,0 +1,137 @@
|
|||
/** @file
|
||||
TCG MOR (Memory Overwrite Request) Lock Control Driver header file.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef _EFI_TCG_MOR_LOCK_H_
|
||||
#define _EFI_TCG_MOR_LOCK_H_
|
||||
|
||||
/**
|
||||
This service is a wrapper for the UEFI Runtime Service GetVariable().
|
||||
|
||||
@param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
@param Attributes Point to memory location to return the attributes of variable. If the point
|
||||
is NULL, the parameter would be ignored.
|
||||
@param DataSize As input, point to the maximum size of return Data-Buffer.
|
||||
As output, point to the actual size of the returned Data-Buffer.
|
||||
@param Data Point to return Data-Buffer.
|
||||
|
||||
@retval EFI_SUCCESS The function completed successfully.
|
||||
@retval EFI_NOT_FOUND The variable was not found.
|
||||
@retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
|
||||
been updated with the size needed to complete the request.
|
||||
@retval EFI_INVALID_PARAMETER VariableName is NULL.
|
||||
@retval EFI_INVALID_PARAMETER VendorGuid is NULL.
|
||||
@retval EFI_INVALID_PARAMETER DataSize is NULL.
|
||||
@retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
|
||||
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
InternalGetVariable (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid,
|
||||
OUT UINT32 *Attributes OPTIONAL,
|
||||
IN OUT UINTN *DataSize,
|
||||
OUT VOID *Data
|
||||
);
|
||||
|
||||
/**
|
||||
This service is a wrapper for the UEFI Runtime Service SetVariable()
|
||||
|
||||
@param VariableName the name of the vendor's variable, as a
|
||||
Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
@param Attributes Point to memory location to return the attributes of variable. If the point
|
||||
is NULL, the parameter would be ignored.
|
||||
@param DataSize The size in bytes of Data-Buffer.
|
||||
@param Data Point to the content of the variable.
|
||||
|
||||
@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
|
||||
defined by the Attributes.
|
||||
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
|
||||
DataSize exceeds the maximum allowed.
|
||||
@retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
|
||||
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
|
||||
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
set but the AuthInfo does NOT pass the validation check carried
|
||||
out by the firmware.
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
InternalSetVariable (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid,
|
||||
IN UINT32 Attributes,
|
||||
IN UINTN DataSize,
|
||||
IN VOID *Data
|
||||
);
|
||||
|
||||
/**
|
||||
This service is a checker handler for the UEFI Runtime Service SetVariable()
|
||||
|
||||
@param VariableName the name of the vendor's variable, as a
|
||||
Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
@param Attributes Point to memory location to return the attributes of variable. If the point
|
||||
is NULL, the parameter would be ignored.
|
||||
@param DataSize The size in bytes of Data-Buffer.
|
||||
@param Data Point to the content of the variable.
|
||||
|
||||
@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
|
||||
defined by the Attributes.
|
||||
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
|
||||
DataSize exceeds the maximum allowed.
|
||||
@retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
|
||||
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
|
||||
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
set but the AuthInfo does NOT pass the validation check carried
|
||||
out by the firmware.
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
SetVariableCheckHandlerMor (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid,
|
||||
IN UINT32 Attributes,
|
||||
IN UINTN DataSize,
|
||||
IN VOID *Data
|
||||
);
|
||||
|
||||
/**
|
||||
Entry Point for MOR Lock Control driver.
|
||||
|
||||
@param[in] ImageHandle Image handle of this driver.
|
||||
@param[in] SystemTable A Pointer to the EFI System Table.
|
||||
|
||||
@retval EFI_SUCEESS
|
||||
@return Others Some error occurs.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
MorLockDriverInit (
|
||||
VOID
|
||||
);
|
||||
|
||||
#endif
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,158 @@
|
|||
/** @file
|
||||
TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#include <PiSmm.h>
|
||||
#include <Library/SmmServicesTableLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Protocol/SmmVarCheck.h>
|
||||
#include <Protocol/SmmVariable.h>
|
||||
#include "TcgMorLock.h"
|
||||
|
||||
EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
|
||||
|
||||
/**
|
||||
This service is a wrapper for the UEFI Runtime Service GetVariable().
|
||||
|
||||
@param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
@param Attributes Point to memory location to return the attributes of variable. If the point
|
||||
is NULL, the parameter would be ignored.
|
||||
@param DataSize As input, point to the maximum size of return Data-Buffer.
|
||||
As output, point to the actual size of the returned Data-Buffer.
|
||||
@param Data Point to return Data-Buffer.
|
||||
|
||||
@retval EFI_SUCCESS The function completed successfully.
|
||||
@retval EFI_NOT_FOUND The variable was not found.
|
||||
@retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has
|
||||
been updated with the size needed to complete the request.
|
||||
@retval EFI_INVALID_PARAMETER VariableName is NULL.
|
||||
@retval EFI_INVALID_PARAMETER VendorGuid is NULL.
|
||||
@retval EFI_INVALID_PARAMETER DataSize is NULL.
|
||||
@retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL.
|
||||
@retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
InternalGetVariable (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid,
|
||||
OUT UINT32 *Attributes OPTIONAL,
|
||||
IN OUT UINTN *DataSize,
|
||||
OUT VOID *Data
|
||||
)
|
||||
{
|
||||
return mSmmVariable->SmmGetVariable (
|
||||
VariableName,
|
||||
VendorGuid,
|
||||
Attributes,
|
||||
DataSize,
|
||||
Data
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
This service is a wrapper for the UEFI Runtime Service SetVariable()
|
||||
|
||||
@param VariableName the name of the vendor's variable, as a
|
||||
Null-Terminated Unicode String
|
||||
@param VendorGuid Unify identifier for vendor.
|
||||
@param Attributes Point to memory location to return the attributes of variable. If the point
|
||||
is NULL, the parameter would be ignored.
|
||||
@param DataSize The size in bytes of Data-Buffer.
|
||||
@param Data Point to the content of the variable.
|
||||
|
||||
@retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
|
||||
defined by the Attributes.
|
||||
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the
|
||||
DataSize exceeds the maximum allowed.
|
||||
@retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string.
|
||||
@retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data.
|
||||
@retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
|
||||
@retval EFI_WRITE_PROTECTED The variable in question cannot be deleted.
|
||||
@retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
|
||||
set but the AuthInfo does NOT pass the validation check carried
|
||||
out by the firmware.
|
||||
@retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
InternalSetVariable (
|
||||
IN CHAR16 *VariableName,
|
||||
IN EFI_GUID *VendorGuid,
|
||||
IN UINT32 Attributes,
|
||||
IN UINTN DataSize,
|
||||
IN VOID *Data
|
||||
)
|
||||
{
|
||||
return mSmmVariable->SmmSetVariable (
|
||||
VariableName,
|
||||
VendorGuid,
|
||||
Attributes,
|
||||
DataSize,
|
||||
Data
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
Entry Point for MOR Lock Control driver.
|
||||
|
||||
@param[in] ImageHandle The firmware allocated handle for the EFI image.
|
||||
@param[in] SystemTable A pointer to the EFI System Table.
|
||||
|
||||
@retval EFI_SUCCESS EntryPoint runs successfully.
|
||||
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
MorLockDriverEntryPointSmm (
|
||||
IN EFI_HANDLE ImageHandle,
|
||||
IN EFI_SYSTEM_TABLE *SystemTable
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck;
|
||||
|
||||
//
|
||||
// This driver link to Smm Variable driver
|
||||
//
|
||||
DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n"));
|
||||
|
||||
Status = gSmst->SmmLocateProtocol (
|
||||
&gEfiSmmVariableProtocolGuid,
|
||||
NULL,
|
||||
(VOID **) &mSmmVariable
|
||||
);
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
|
||||
Status = gSmst->SmmLocateProtocol (
|
||||
&gEdkiiSmmVarCheckProtocolGuid,
|
||||
NULL,
|
||||
(VOID **) &SmmVarCheck
|
||||
);
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
|
||||
Status = MorLockDriverInit ();
|
||||
if (EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler (SetVariableCheckHandlerMor);
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
## @file
|
||||
# Initilizes MemoryOverwriteRequestControlLock variable
|
||||
#
|
||||
# This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
|
||||
#
|
||||
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
# This program and the accompanying materials
|
||||
# are licensed and made available under the terms and conditions of the BSD License
|
||||
# which accompanies this distribution. The full text of the license may be found at
|
||||
# http://opensource.org/licenses/bsd-license.php
|
||||
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
#
|
||||
##
|
||||
|
||||
[Defines]
|
||||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = TcgMorLockSmm
|
||||
MODULE_UNI_FILE = TcgMorLock.uni
|
||||
FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E
|
||||
MODULE_TYPE = DXE_SMM_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
PI_SPECIFICATION_VERSION = 0x0001000A
|
||||
ENTRY_POINT = MorLockDriverEntryPointSmm
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
# VALID_ARCHITECTURES = IA32 X64 IPF EBC
|
||||
#
|
||||
|
||||
[Sources]
|
||||
TcgMorLock.c
|
||||
TcgMorLockSmm.c
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
MdeModulePkg/MdeModulePkg.dec
|
||||
SecurityPkg/SecurityPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
UefiDriverEntryPoint
|
||||
SmmServicesTableLib
|
||||
DebugLib
|
||||
BaseLib
|
||||
BaseMemoryLib
|
||||
|
||||
[Guids]
|
||||
## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl"
|
||||
gEfiMemoryOverwriteControlDataGuid
|
||||
|
||||
## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControlLock"
|
||||
## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock"
|
||||
gEfiMemoryOverwriteRequestControlLockGuid
|
||||
|
||||
[Protocols]
|
||||
gEdkiiSmmVarCheckProtocolGuid ## CONSUMES
|
||||
gEfiSmmVariableProtocolGuid ## CONSUMES
|
||||
|
||||
[Depex]
|
||||
gEfiSmmVariableProtocolGuid AND
|
||||
gSmmVariableWriteGuid AND
|
||||
( gEfiTcgProtocolGuid OR gEfiTrEEProtocolGuid )
|
||||
|
||||
[UserExtensions.TianoCore."ExtraFiles"]
|
||||
TcgMorLockExtra.uni
|
Loading…
Reference in New Issue