OvmfPkg: PlatformBdsLib: lock down SMM regardless of S3

At the moment, the EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL is only installed if S3 is enabled -- at the end of SaveS3BootScript(). While a runtime OS is never booted with SMM unlocked (because the SMM IPL locks down SMM as a last resort: > SMM IPL! DXE SMM Ready To Lock Protocol not installed before Ready To > Boot signal > SmmInstallProtocolInterface: [EfiSmmReadyToLockProtocol] 0 > Patch page table start ... > Patch page table done! > SMM IPL locked SMRAM window ), we shouldn't allow UEFI drivers and applications either to mess with SMM just because S3 is disabled. So install EFI_DXE_SMM_READY_TO_LOCK_PROTOCOL in PlatformBdsInit() unconditionally. Cc: Feng Tian <feng.tian@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Ruiyu Ni <ruiyu.ni@intel.com> Cc: Star Zeng <star.zeng@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Star Zeng <star.zeng@intel.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
2016-04-27 18:01:02 +02:00 · 2016-04-27 18:01:02 +02:00 · 84d2070aef
parent 70017e4461
commit 84d2070aef
1 changed files with 16 additions and 13 deletions
--- a/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBdsLib/BdsPlatform.c
@ -125,6 +125,9 @@ Returns:

 --*/
 {
+  EFI_HANDLE Handle;
+  EFI_STATUS Status;
+
  DEBUG ((EFI_D_INFO, "PlatformBdsInit\n"));
  InstallDevicePathCallback ();

@ -147,11 +150,20 @@ Returns:

  if (QemuFwCfgS3Enabled ()) {
    //
-    // Save the boot script too. Note that this requires/includes emitting the
-    // DxeSmmReadyToLock event, which in turn locks down SMM.
+    // Save the boot script too. Note that this will require us to emit the
+    // DxeSmmReadyToLock event just below, which in turn locks down SMM.
    //
    SaveS3BootScript ();
  }
+
+  //
+  // Prevent further changes to LockBoxes or SMRAM.
+  //
+  Handle = NULL;
+  Status = gBS->InstallProtocolInterface (&Handle,
+                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,
+                  NULL);
+  ASSERT_EFI_ERROR (Status);
 }


@ -1206,10 +1218,8 @@ Returns:
 /**
  Save the S3 boot script.

-  Note that we trigger DxeSmmReadyToLock here -- otherwise the script wouldn't
-  be saved actually. Triggering this protocol installation event in turn locks
-  down SMM, so no further changes to LockBoxes or SMRAM are possible
-  afterwards.
+  Note that DxeSmmReadyToLock must be signaled after this function returns;
+  otherwise the script wouldn't be saved actually.
 **/
 STATIC
 VOID
@ -1219,7 +1229,6 @@ SaveS3BootScript (
 {
  EFI_STATUS                 Status;
  EFI_S3_SAVE_STATE_PROTOCOL *BootScript;
-  EFI_HANDLE                 Handle;
  STATIC CONST UINT8         Info[] = { 0xDE, 0xAD, 0xBE, 0xEF };

  Status = gBS->LocateProtocol (&gEfiS3SaveStateProtocolGuid, NULL,
@ -1235,12 +1244,6 @@ SaveS3BootScript (
                         (UINT32) sizeof Info,
                         (EFI_PHYSICAL_ADDRESS)(UINTN) &Info);
  ASSERT_EFI_ERROR (Status);
-
-  Handle = NULL;
-  Status = gBS->InstallProtocolInterface (&Handle,
-                  &gEfiDxeSmmReadyToLockProtocolGuid, EFI_NATIVE_INTERFACE,
-                  NULL);
-  ASSERT_EFI_ERROR (Status);
 }