mirror of https://github.com/acidanthera/audk.git
OvmfPkg: QemuFlashFvbServicesRuntimeDxe: adhere to -D SMM_REQUIRE
When the user requires "security" by passing -D SMM_REQUIRE, and consequently by setting PcdSmmSmramRequire, enforce flash-based variables. Furthermore, add two ASSERT()s to catch if the wrong module were pulled into the build. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jordan Justen <jordan.l.justen@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19063 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
79397dbd2e
commit
b963ec494c
|
@ -85,6 +85,8 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
|
||||||
|
|
||||||
|
[FeaturePcd]
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
|
||||||
|
|
||||||
[Depex]
|
[Depex]
|
||||||
TRUE
|
TRUE
|
||||||
|
|
|
@ -84,6 +84,8 @@
|
||||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
|
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
|
||||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
|
||||||
|
|
||||||
|
[FeaturePcd]
|
||||||
|
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
|
||||||
|
|
||||||
[Depex]
|
[Depex]
|
||||||
TRUE
|
TRUE
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
#include <Guid/EventGroup.h>
|
#include <Guid/EventGroup.h>
|
||||||
#include <Library/DebugLib.h>
|
#include <Library/DebugLib.h>
|
||||||
#include <Library/DevicePathLib.h>
|
#include <Library/DevicePathLib.h>
|
||||||
|
#include <Library/PcdLib.h>
|
||||||
#include <Library/UefiBootServicesTableLib.h>
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
#include <Library/UefiRuntimeLib.h>
|
#include <Library/UefiRuntimeLib.h>
|
||||||
#include <Protocol/DevicePath.h>
|
#include <Protocol/DevicePath.h>
|
||||||
|
@ -34,6 +35,8 @@ InstallProtocolInterfaces (
|
||||||
EFI_HANDLE FwbHandle;
|
EFI_HANDLE FwbHandle;
|
||||||
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface;
|
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface;
|
||||||
|
|
||||||
|
ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
|
||||||
|
|
||||||
//
|
//
|
||||||
// Find a handle with a matching device path that has supports FW Block
|
// Find a handle with a matching device path that has supports FW Block
|
||||||
// protocol
|
// protocol
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
**/
|
**/
|
||||||
|
|
||||||
#include <Library/DebugLib.h>
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/PcdLib.h>
|
||||||
#include <Library/SmmServicesTableLib.h>
|
#include <Library/SmmServicesTableLib.h>
|
||||||
#include <Protocol/DevicePath.h>
|
#include <Protocol/DevicePath.h>
|
||||||
#include <Protocol/SmmFirmwareVolumeBlock.h>
|
#include <Protocol/SmmFirmwareVolumeBlock.h>
|
||||||
|
@ -29,6 +30,8 @@ InstallProtocolInterfaces (
|
||||||
EFI_HANDLE FvbHandle;
|
EFI_HANDLE FvbHandle;
|
||||||
EFI_STATUS Status;
|
EFI_STATUS Status;
|
||||||
|
|
||||||
|
ASSERT (FeaturePcdGet (PcdSmmSmramRequire));
|
||||||
|
|
||||||
//
|
//
|
||||||
// There is no SMM service that can install multiple protocols in the SMM
|
// There is no SMM service that can install multiple protocols in the SMM
|
||||||
// protocol database in one go.
|
// protocol database in one go.
|
||||||
|
|
|
@ -245,6 +245,7 @@ QemuFlashInitialize (
|
||||||
mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize;
|
mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize;
|
||||||
|
|
||||||
if (!QemuFlashDetected ()) {
|
if (!QemuFlashDetected ()) {
|
||||||
|
ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
|
||||||
return EFI_WRITE_PROTECTED;
|
return EFI_WRITE_PROTECTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue