diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c index c2cef764e0..0c2799b42a 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -73,16 +73,28 @@ TpmNvsCommunciate ( return EFI_ACCESS_DENIED; } - if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) { + CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer; + + // + // The Primary Buffer validation + // + if (!Tcg2IsPrimaryBufferValid ((UINTN)CommBuffer, TempCommBufferSize)) { DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __func__)); return EFI_ACCESS_DENIED; } + // + // The NonPrimary Buffer validation + // + if (!Tcg2IsNonPrimaryBufferValid (CommParams->TargetAddress, EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (sizeof (TCG_NVS))))) { + DEBUG ((DEBUG_ERROR, "[%a] - MM NonPrimary buffer pointed from Communication buffer in invalid location!\n", __func__)); + return EFI_ACCESS_DENIED; + } + // // Farm out the job to individual functions based on what was requested. // - CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer; - Status = EFI_SUCCESS; + Status = EFI_SUCCESS; switch (CommParams->Function) { case TpmNvsMmExchangeInfo: DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __func__)); diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h index 3672db939b..0be4984f87 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -55,16 +55,35 @@ Tcg2NotifyMmReady ( ); /** - This function is an abstraction layer for implementation specific Mm buffer validation routine. + This function is for the Primary Buffer validation routine. + The Primary Buffer is the communication buffer requested from + Communicate protocol/PPI. @param Buffer The buffer start address to be checked. @param Length The buffer length to be checked. - @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. - @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. + @retval TRUE This buffer is valid. + @retval FALSE This buffer is not valid. **/ BOOLEAN -IsBufferOutsideMmValid ( +Tcg2IsPrimaryBufferValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ); + +/** + This function is for the NonPrimary Buffer validation routine. + The NonPrimary Buffer is the buffer which might be pointed from the + communication buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid. + @retval FALSE This buffer is not valid. +**/ +BOOLEAN +Tcg2IsNonPrimaryBufferValid ( IN EFI_PHYSICAL_ADDRESS Buffer, IN UINT64 Length ); diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c index 9320053224..0f23662ff8 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -31,16 +31,38 @@ Tcg2NotifyMmReady ( } /** - This function is an abstraction layer for implementation specific Mm buffer validation routine. + This function is for the Primary Buffer validation routine. + The Primary Buffer is the communication buffer requested from + Communicate protocol/PPI. @param Buffer The buffer start address to be checked. @param Length The buffer length to be checked. - @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. - @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. + @retval TRUE This buffer is valid. + @retval FALSE This buffer is not valid. **/ BOOLEAN -IsBufferOutsideMmValid ( +Tcg2IsPrimaryBufferValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return TRUE; +} + +/** + This function is for the Secondary Buffer validation routine. + The Secondary Buffer is the buffer which is pointed from the + communication buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid. + @retval FALSE This buffer is not valid. +**/ +BOOLEAN +Tcg2IsNonPrimaryBufferValid ( IN EFI_PHYSICAL_ADDRESS Buffer, IN UINT64 Length ) diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c index f7d595e7f3..fd8a51bfd0 100644 --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c @@ -41,7 +41,9 @@ Tcg2NotifyMmReady ( } /** - This function is an abstraction layer for implementation specific Mm buffer validation routine. + This function is for the Primary Buffer validation routine. + The Primary Buffer is the communication buffer requested from + Communicate protocol/PPI. @param Buffer The buffer start address to be checked. @param Length The buffer length to be checked. @@ -50,7 +52,27 @@ Tcg2NotifyMmReady ( @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. **/ BOOLEAN -IsBufferOutsideMmValid ( +Tcg2IsPrimaryBufferValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return SmmIsBufferOutsideSmmValid (Buffer, Length); +} + +/** + This function is for the NonPrimary Buffer validation routine. + The NonPrimary Buffer is the buffer which is pointed from the + communication buffer. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid. + @retval FALSE This buffer is not valid. +**/ +BOOLEAN +Tcg2IsNonPrimaryBufferValid ( IN EFI_PHYSICAL_ADDRESS Buffer, IN UINT64 Length )