OvmfPkg: QemuFlashFvbServicesRuntimeDxe: adhere to -D SMM_REQUIRE

When the user requires "security" by passing -D SMM_REQUIRE, and
consequently by setting PcdSmmSmramRequire, enforce flash-based variables.

Furthermore, add two ASSERT()s to catch if the wrong module were pulled
into the build.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19063 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Laszlo Ersek 2015-11-30 18:48:54 +00:00 committed by lersek
parent 79397dbd2e
commit b963ec494c
5 changed files with 11 additions and 0 deletions

View File

@ -85,6 +85,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Depex] [Depex]
TRUE TRUE

View File

@ -84,6 +84,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Depex] [Depex]
TRUE TRUE

View File

@ -17,6 +17,7 @@
#include <Guid/EventGroup.h> #include <Guid/EventGroup.h>
#include <Library/DebugLib.h> #include <Library/DebugLib.h>
#include <Library/DevicePathLib.h> #include <Library/DevicePathLib.h>
#include <Library/PcdLib.h>
#include <Library/UefiBootServicesTableLib.h> #include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeLib.h> #include <Library/UefiRuntimeLib.h>
#include <Protocol/DevicePath.h> #include <Protocol/DevicePath.h>
@ -34,6 +35,8 @@ InstallProtocolInterfaces (
EFI_HANDLE FwbHandle; EFI_HANDLE FwbHandle;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface; EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface;
ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
// //
// Find a handle with a matching device path that has supports FW Block // Find a handle with a matching device path that has supports FW Block
// protocol // protocol

View File

@ -15,6 +15,7 @@
**/ **/
#include <Library/DebugLib.h> #include <Library/DebugLib.h>
#include <Library/PcdLib.h>
#include <Library/SmmServicesTableLib.h> #include <Library/SmmServicesTableLib.h>
#include <Protocol/DevicePath.h> #include <Protocol/DevicePath.h>
#include <Protocol/SmmFirmwareVolumeBlock.h> #include <Protocol/SmmFirmwareVolumeBlock.h>
@ -29,6 +30,8 @@ InstallProtocolInterfaces (
EFI_HANDLE FvbHandle; EFI_HANDLE FvbHandle;
EFI_STATUS Status; EFI_STATUS Status;
ASSERT (FeaturePcdGet (PcdSmmSmramRequire));
// //
// There is no SMM service that can install multiple protocols in the SMM // There is no SMM service that can install multiple protocols in the SMM
// protocol database in one go. // protocol database in one go.

View File

@ -245,6 +245,7 @@ QemuFlashInitialize (
mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize; mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize;
if (!QemuFlashDetected ()) { if (!QemuFlashDetected ()) {
ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
return EFI_WRITE_PROTECTED; return EFI_WRITE_PROTECTED;
} }