tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdeModulePkg Variable: Implement VarCheck PROTOCOL 

and follow UEFI spec to check UEFI defined variables.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16579 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Star Zeng 2015-01-05 03:38:36 +00:00 committed by lzeng14
parent 23d04b58e2
commit efb01a104d
13 changed files with 1675 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
MdeModulePkg/Include/Guid/SmmVariableCommon.h
View File

@ -1,7 +1,7 @@
/** @file
The file defined some common structures used for communicating between SMM variable module and SMM variable wrapper module.
Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@ -15,6 +15,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#ifndef _SMM_VARIABLE_COMMON_H_
#define _SMM_VARIABLE_COMMON_H_
#include <Protocol/VarCheck.h>
#define EFI_SMM_VARIABLE_WRITE_GUID \
{ 0x93ba1826, 0xdffb, 0x45dd, { 0x82, 0xa7, 0xe7, 0xdc, 0xaa, 0x3b, 0xbd, 0xf3 } }
@ -65,6 +67,10 @@ typedef struct {
//
#define SMM_VARIABLE_FUNCTION_LOCK_VARIABLE 8
#define SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET 9
#define SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET 10
///
/// Size of SMM communicate header, without including the payload.
///
@ -107,4 +113,11 @@ typedef struct {
typedef SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE;
typedef struct {
EFI_GUID Guid;
UINTN NameSize;
VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
CHAR16 Name[1];
} SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY;
#endif // _SMM_VARIABLE_COMMON_H_

36
MdeModulePkg/Include/Protocol/SmmVarCheck.h Normal file
View File

@ -0,0 +1,36 @@
/** @file
SMM variable check definitions, it reuses the interface definitions of variable check.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef __SMM_VAR_CHECK_H__
#define __SMM_VAR_CHECK_H__
#include <Protocol/VarCheck.h>
#define EDKII_SMM_VAR_CHECK_PROTOCOL_GUID \
{ \
0xb0d8f3c1, 0xb7de, 0x4c11, { 0xbc, 0x89, 0x2f, 0xb5, 0x62, 0xc8, 0xc4, 0x11 } \
};
typedef struct _EDKII_SMM_VAR_CHECK_PROTOCOL EDKII_SMM_VAR_CHECK_PROTOCOL;
struct _EDKII_SMM_VAR_CHECK_PROTOCOL {
EDKII_VAR_CHECK_REGISTER_SET_VARIABLE_CHECK_HANDLER SmmRegisterSetVariableCheckHandler;
EDKII_VAR_CHECK_VARIABLE_PROPERTY_SET SmmVariablePropertySet;
EDKII_VAR_CHECK_VARIABLE_PROPERTY_GET SmmVariablePropertyGet;
};
extern EFI_GUID gEdkiiSmmVarCheckProtocolGuid;
#endif

120
MdeModulePkg/Include/Protocol/VarCheck.h Normal file
View File

@ -0,0 +1,120 @@
/** @file
Variable check definitions.
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/
#ifndef _VARIABLE_CHECK_H_
#define _VARIABLE_CHECK_H_
#include <Uefi/UefiSpec.h>
typedef struct _EDKII_VAR_CHECK_PROTOCOL EDKII_VAR_CHECK_PROTOCOL;
#define EDKII_VAR_CHECK_PROTOCOL_GUID { \
0xaf23b340, 0x97b4, 0x4685, { 0x8d, 0x4f, 0xa3, 0xf2, 0x81, 0x69, 0xb2, 0x1d } \
};
typedef EFI_SET_VARIABLE VAR_CHECK_SET_VARIABLE_CHECK_HANDLER;
/**
Register SetVariable check handler.
Variable driver will call the handler to do check before
really setting the variable into variable storage.
@param[in] Handler Pointer to the check handler.
@retval EFI_SUCCESS The SetVariable check handler was registered successfully.
@retval EFI_INVALID_PARAMETER Handler is NULL.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
@retval EFI_UNSUPPORTED This interface is not implemented.
For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
**/
typedef
EFI_STATUS
(EFIAPI * EDKII_VAR_CHECK_REGISTER_SET_VARIABLE_CHECK_HANDLER) (
IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
);
#define VAR_CHECK_VARIABLE_PROPERTY_REVISION 0x0001
//
// 1. Set by VariableLock PROTOCOL
// 2. Set by VarCheck PROTOCOL
//
// If set, other fields for check will be ignored.
//
#define VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY BIT0
typedef struct {
UINT16 Revision;
UINT16 Property;
UINT32 Attributes;
UINTN MinSize;
UINTN MaxSize;
} VAR_CHECK_VARIABLE_PROPERTY;
/**
Variable property set.
Variable driver will do check according to the VariableProperty before
really setting the variable into variable storage.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[in] VariableProperty Pointer to the input variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
or the fields of VariableProperty are not valid.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
**/
typedef
EFI_STATUS
(EFIAPI * EDKII_VAR_CHECK_VARIABLE_PROPERTY_SET) (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
);
/**
Variable property get.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[out] VariableProperty Pointer to the output variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
@retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
**/
typedef
EFI_STATUS
(EFIAPI * EDKII_VAR_CHECK_VARIABLE_PROPERTY_GET) (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
);
struct _EDKII_VAR_CHECK_PROTOCOL {
EDKII_VAR_CHECK_REGISTER_SET_VARIABLE_CHECK_HANDLER RegisterSetVariableCheckHandler;
EDKII_VAR_CHECK_VARIABLE_PROPERTY_SET VariablePropertySet;
EDKII_VAR_CHECK_VARIABLE_PROPERTY_GET VariablePropertyGet;
};
extern EFI_GUID gEdkiiVarCheckProtocolGuid;
#endif

8
MdeModulePkg/MdeModulePkg.dec
View File

@ -3,7 +3,7 @@
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
# and libraries instances, which are used for those modules.
#
# Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials are licensed and made available under
# the terms and conditions of the BSD License that accompanies this distribution.
# The full text of the license may be found at
@ -355,6 +355,12 @@
# Include/Protocol/VariableLock.h
gEdkiiVariableLockProtocolGuid = { 0xcd3d0a05, 0x9e24, 0x437c, { 0xa8, 0x91, 0x1e, 0xe0, 0x53, 0xdb, 0x76, 0x38 }}
## Include/Protocol/VarCheck.h
gEdkiiVarCheckProtocolGuid = { 0xaf23b340, 0x97b4, 0x4685, { 0x8d, 0x4f, 0xa3, 0xf2, 0x81, 0x69, 0xb2, 0x1d } }
## Include/Protocol/SmmVarCheck.h
gEdkiiSmmVarCheckProtocolGuid = { 0xb0d8f3c1, 0xb7de, 0x4c11, { 0xbc, 0x89, 0x2f, 0xb5, 0x62, 0xc8, 0xc4, 0x11 } }
## This protocol is similar with DXE FVB protocol and used in the UEFI SMM evvironment.
# Include/Protocol/SmmFirmwareVolumeBlock.h
gEfiSmmFirmwareVolumeBlockProtocolGuid = { 0xd326d041, 0xbd31, 0x4c01, { 0xb5, 0xa8, 0x62, 0x8b, 0xe8, 0x7f, 0x6, 0x53 }}

1063
MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c Normal file
View File

File diff suppressed because it is too large Load Diff

126
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
View File

@ -14,7 +14,7 @@
VariableServiceGetVariable() and VariableServiceSetVariable() are external API
to receive datasize and data buffer. The size should be checked carefully.
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -55,51 +55,6 @@ BOOLEAN mEndOfDxe = FALSE;
///
BOOLEAN mEnableLocking = TRUE;
//
// To prevent name collisions with possible future globally defined variables,
// other internal firmware data variables that are not defined here must be
// saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
// any other GUID defined by the UEFI Specification. Implementations must
// only permit the creation of variables with a UEFI Specification-defined
// VendorGuid when these variables are documented in the UEFI Specification.
//
GLOBAL_VARIABLE_ENTRY mGlobalVariableList[] = {
{EFI_LANG_CODES_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_LANG_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_TIME_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_PLATFORM_LANG_CODES_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_PLATFORM_LANG_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_CON_IN_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_CON_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_ERR_OUT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_CON_IN_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_CON_OUT_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_ERR_OUT_DEV_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_BOOT_ORDER_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_BOOT_NEXT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_BOOT_CURRENT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_BOOT_OPTION_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_DRIVER_ORDER_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_HW_ERR_REC_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_SETUP_MODE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_KEY_EXCHANGE_KEY_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT_AT},
{EFI_PLATFORM_KEY_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT_AT},
{EFI_SIGNATURE_SUPPORT_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_SECURE_BOOT_MODE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_KEK_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_PK_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_DB_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_DBX_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_DBT_DEFAULT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_OS_INDICATIONS_SUPPORT_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
{EFI_OS_INDICATIONS_VARIABLE_NAME, VARIABLE_ATTRIBUTE_NV_BS_RT},
{EFI_VENDOR_KEYS_VARIABLE_NAME, VARIABLE_ATTRIBUTE_BS_RT},
};
GLOBAL_VARIABLE_ENTRY mGlobalVariableList2[] = {
{L"Boot####", VARIABLE_ATTRIBUTE_NV_BS_RT},
{L"Driver####", VARIABLE_ATTRIBUTE_NV_BS_RT},
{L"Key####", VARIABLE_ATTRIBUTE_NV_BS_RT},
};
/**
Routine used to track statistical information about variable usage.
@ -2174,63 +2129,6 @@ IsHwErrRecVariable (
return TRUE;
}
/**
This code checks if variable guid is global variable guid first.
If yes, further check if variable name is in mGlobalVariableList or mGlobalVariableList2 and attributes matched.
@param[in] VariableName Pointer to variable name.
@param[in] VendorGuid Variable Vendor Guid.
@param[in] Attributes Attributes of the variable.
@retval EFI_SUCCESS Variable is not global variable, or Variable is global variable, variable name is in the lists and attributes matched.
@retval EFI_INVALID_PARAMETER Variable is global variable, but variable name is not in the lists or attributes unmatched.
**/
EFI_STATUS
EFIAPI
CheckEfiGlobalVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes
)
{
UINTN Index;
UINTN NameLength;
if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid)){
//
// Try list 1, exactly match.
//
for (Index = 0; Index < sizeof (mGlobalVariableList)/sizeof (mGlobalVariableList[0]); Index++) {
if ((StrCmp (mGlobalVariableList[Index].Name, VariableName) == 0) &&
(Attributes == 0 || Attributes == mGlobalVariableList[Index].Attributes)) {
return EFI_SUCCESS;
}
}
//
// Try list 2.
//
NameLength = StrLen (VariableName) - 4;
for (Index = 0; Index < sizeof (mGlobalVariableList2)/sizeof (mGlobalVariableList2[0]); Index++) {
if ((StrLen (VariableName) == StrLen (mGlobalVariableList2[Index].Name)) &&
(StrnCmp (mGlobalVariableList2[Index].Name, VariableName, NameLength) == 0) &&
IsHexaDecimalDigitCharacter (VariableName[NameLength]) &&
IsHexaDecimalDigitCharacter (VariableName[NameLength + 1]) &&
IsHexaDecimalDigitCharacter (VariableName[NameLength + 2]) &&
IsHexaDecimalDigitCharacter (VariableName[NameLength + 3]) &&
(Attributes == 0 || Attributes == mGlobalVariableList2[Index].Attributes)) {
return EFI_SUCCESS;
}
}
DEBUG ((EFI_D_INFO, "[Variable]: set global variable with invalid variable name or attributes - %g:%s:%x\n", VendorGuid, VariableName, Attributes));
return EFI_INVALID_PARAMETER;
}
return EFI_SUCCESS;
}
/**
Mark a variable that will become read-only after leaving the DXE phase of execution.
@ -2255,6 +2153,7 @@ VariableLockRequestToLock (
)
{
VARIABLE_ENTRY *Entry;
CHAR16 *Name;
if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
return EFI_INVALID_PARAMETER;
@ -2273,8 +2172,8 @@ VariableLockRequestToLock (
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
Entry->Name = (CHAR16 *) (Entry + 1);
StrnCpy (Entry->Name, VariableName, StrLen (VariableName));
Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
StrnCpy (Name, VariableName, StrLen (VariableName));
CopyGuid (&Entry->Guid, VendorGuid);
InsertTailList (&mLockedVariableList, &Entry->Link);
@ -2567,6 +2466,7 @@ VariableServiceSetVariable (
EFI_PHYSICAL_ADDRESS Point;
LIST_ENTRY *Link;
VARIABLE_ENTRY *Entry;
CHAR16 *Name;
//
// Check input parameters.
@ -2619,12 +2519,7 @@ VariableServiceSetVariable (
//
if (StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER)) {
return EFI_INVALID_PARAMETER;
}
}
Status = CheckEfiGlobalVariable (VariableName, VendorGuid, Attributes);
if (EFI_ERROR (Status)) {
return Status;
}
}
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
@ -2653,7 +2548,8 @@ VariableServiceSetVariable (
; Link = GetNextNode (&mLockedVariableList, Link)
) {
Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Entry->Name, VariableName) == 0)) {
Name = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
if (CompareGuid (&Entry->Guid, VendorGuid) && (StrCmp (Name, VariableName) == 0)) {
Status = EFI_WRITE_PROTECTED;
DEBUG ((EFI_D_INFO, "[Variable]: Changing readonly variable after leaving DXE phase - %g:%s\n", VendorGuid, VariableName));
goto Done;
@ -2661,6 +2557,11 @@ VariableServiceSetVariable (
}
}
Status = InternalVarCheckSetVariableCheck (VariableName, VendorGuid, Attributes, DataSize, Data);
if (EFI_ERROR (Status)) {
goto Done;
}
//
// Check whether the input variable is already existed.
//
@ -2678,6 +2579,7 @@ VariableServiceSetVariable (
// 2. The only attribute differing is EFI_VARIABLE_APPEND_WRITE
//
Status = EFI_INVALID_PARAMETER;
DEBUG ((EFI_D_INFO, "[Variable]: Rewritten a preexisting variable with different attributes - %g:%s\n", VendorGuid, VariableName));
goto Done;
}
}

135
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
View File

@ -3,7 +3,7 @@
The internal header file includes the common header files, defines
internal structure and functions used by Variable modules.
Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -23,6 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/FirmwareVolumeBlock.h>
#include <Protocol/Variable.h>
#include <Protocol/VariableLock.h>
#include <Protocol/VarCheck.h>
#include <Library/PcdLib.h>
#include <Library/HobLib.h>
#include <Library/UefiDriverEntryPoint.h>
@ -46,11 +47,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
typedef struct {
CHAR16 *Name;
UINT32 Attributes;
} GLOBAL_VARIABLE_ENTRY;
///
/// The size of a 3 character ISO639 language code.
///
@ -105,9 +101,9 @@ typedef struct {
} VARIABLE_ENTRY_CONSISTENCY;
typedef struct {
EFI_GUID Guid;
CHAR16 *Name;
LIST_ENTRY Link;
EFI_GUID Guid;
//CHAR16 *Name;
} VARIABLE_ENTRY;
/**
@ -395,6 +391,9 @@ VariableServiceGetVariable (
This code Finds the Next available variable.
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
@param VariableNameSize Size of the variable name.
@param VariableName Pointer to variable name.
@param VendorGuid Variable Vendor Guid.
@ -417,6 +416,10 @@ VariableServiceGetNextVariableName (
This code sets variable in storage blocks (Volatile or Non-Volatile).
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode, and datasize and data are external input.
This function will do basic validation, before parse the data.
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Attributes Attribute value of the variable found
@ -445,6 +448,9 @@ VariableServiceSetVariable (
This code returns information about the EFI variables.
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
@param Attributes Attributes bitmask to specify the type of variables
on which to return information.
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
@ -470,6 +476,9 @@ VariableServiceQueryVariableInfoInternal (
This code returns information about the EFI variables.
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
@param Attributes Attributes bitmask to specify the type of variables
on which to return information.
@param MaximumVariableStorageSize Pointer to the maximum size of the storage space available
@ -516,6 +525,116 @@ VariableLockRequestToLock (
IN EFI_GUID *VendorGuid
);
/**
Check if a Unicode character is a hexadecimal character.
This function checks if a Unicode character is a
hexadecimal character. The valid hexadecimal character is
L'0' to L'9', L'a' to L'f', or L'A' to L'F'.
@param Char The character to check against.
@retval TRUE If the Char is a hexadecmial character.
@retval FALSE If the Char is not a hexadecmial character.
**/
BOOLEAN
EFIAPI
IsHexaDecimalDigitCharacter (
IN CHAR16 Char
);
/**
Internal SetVariable check.
@param[in] VariableName Name of Variable to set.
@param[in] VendorGuid Variable vendor GUID.
@param[in] Attributes Attribute value of the variable.
@param[in] DataSize Size of Data to set.
@param[in] Data Data pointer.
@retval EFI_SUCCESS The SetVariable check result was success.
@retval EFI_INVALID_PARAMETER An invalid combination of attribute bits, name, and GUID were supplied,
or the DataSize exceeds the minimum or maximum allowed,
or the Data value is not following UEFI spec for UEFI defined variables.
@retval EFI_WRITE_PROTECTED The variable in question is read-only.
@retval Others The return status from check handler.
**/
EFI_STATUS
EFIAPI
InternalVarCheckSetVariableCheck (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
);
/**
Register SetVariable check handler.
@param[in] Handler Pointer to check handler.
@retval EFI_SUCCESS The SetVariable check handler was registered successfully.
@retval EFI_INVALID_PARAMETER Handler is NULL.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
@retval EFI_UNSUPPORTED This interface is not implemented.
For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
**/
EFI_STATUS
EFIAPI
VarCheckRegisterSetVariableCheckHandler (
IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
);
/**
Variable property set.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[in] VariableProperty Pointer to the input variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
or the fields of VariableProperty are not valid.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
**/
EFI_STATUS
EFIAPI
VarCheckVariablePropertySet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
);
/**
Variable property get.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[out] VariableProperty Pointer to the output variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
@retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
**/
EFI_STATUS
EFIAPI
VarCheckVariablePropertyGet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
);
extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal;
#endif

40
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
View File

@ -4,7 +4,7 @@
and volatile storage space and install variable architecture protocol.
Copyright (C) 2013, Red Hat, Inc.
Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -23,8 +23,14 @@ EFI_HANDLE mHandle = NULL;
EFI_EVENT mVirtualAddressChangeEvent = NULL;
EFI_EVENT mFtwRegistration = NULL;
extern LIST_ENTRY mLockedVariableList;
extern LIST_ENTRY mVarCheckVariableList;
extern UINT32 mNumberOfHandler;
extern VAR_CHECK_SET_VARIABLE_CHECK_HANDLER *mHandlerTable;
extern BOOLEAN mEndOfDxe;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock = { VariableLockRequestToLock };
EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet };
/**
Return TRUE if ExitBootServices () has been called.
@ -222,9 +228,8 @@ VariableClassAddressChangeEvent (
IN VOID *Context
)
{
LIST_ENTRY *Link;
VARIABLE_ENTRY *Entry;
EFI_STATUS Status;
UINTN Index;
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetBlockSize);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->FvbInstance->GetPhysicalAddress);
@ -242,23 +247,16 @@ VariableClassAddressChangeEvent (
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
//
// in the list of locked variables, convert the name pointers first
//
for ( Link = GetFirstNode (&mLockedVariableList)
; !IsNull (&mLockedVariableList, Link)
; Link = GetNextNode (&mLockedVariableList, Link)
) {
Entry = BASE_CR (Link, VARIABLE_ENTRY, Link);
Status = EfiConvertPointer (0x0, (VOID **) &Entry->Name);
ASSERT_EFI_ERROR (Status);
EfiConvertPointer (0x0, (VOID **) &mHandlerTable);
for (Index = 0; Index < mNumberOfHandler; Index++) {
EfiConvertPointer (0x0, (VOID **) &mHandlerTable[Index]);
}
//
// second, convert the list itself using UefiRuntimeLib
//
Status = EfiConvertList (0x0, &mLockedVariableList);
ASSERT_EFI_ERROR (Status);
Status = EfiConvertList (0x0, &mVarCheckVariableList);
ASSERT_EFI_ERROR (Status);
}
@ -442,6 +440,14 @@ VariableServiceInitialize (
);
ASSERT_EFI_ERROR (Status);
Status = gBS->InstallMultipleProtocolInterfaces (
&mHandle,
&gEdkiiVarCheckProtocolGuid,
&mVarCheck,
NULL
);
ASSERT_EFI_ERROR (Status);
SystemTable->RuntimeServices->GetVariable = VariableServiceGetVariable;
SystemTable->RuntimeServices->GetNextVariableName = VariableServiceGetNextVariableName;
SystemTable->RuntimeServices->SetVariable = VariableServiceSetVariable;

5
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
View File

@ -8,7 +8,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@ -42,6 +42,7 @@
Variable.c
VariableDxe.c
Variable.h
VarCheck.c
[Packages]
MdePkg/MdePkg.dec
@ -60,6 +61,7 @@
UefiDriverEntryPoint
PcdLib
HobLib
DevicePathLib
[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
@ -69,6 +71,7 @@
gEfiVariableWriteArchProtocolGuid ## PRODUCES
gEfiVariableArchProtocolGuid ## PRODUCES
gEdkiiVariableLockProtocolGuid ## PRODUCES
gEdkiiVarCheckProtocolGuid ## PRODUCES
[Guids]
## PRODUCES ## GUID # Signature of Variable store header

73
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
View File

@ -15,7 +15,7 @@
VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
SmmVariableGetStatistics() should also do validation based on its own knowledge.
Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/SmmFaultTolerantWrite.h>
#include <Protocol/SmmAccess2.h>
#include <Protocol/SmmEndOfDxe.h>
#include <Protocol/SmmVarCheck.h>
#include <Library/SmmServicesTableLib.h>
@ -102,6 +103,10 @@ EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
VariableServiceQueryVariableInfo
};
EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet };
/**
Return TRUE if ExitBootServices () has been called.
@ -498,6 +503,7 @@ SmmVariableHandler (
SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
VARIABLE_INFO_ENTRY *VariableInfo;
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
UINTN InfoSize;
UINTN NameBufferSize;
UINTN CommBufferPayloadSize;
@ -731,6 +737,61 @@ SmmVariableHandler (
);
}
break;
case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET:
if (mEndOfDxe) {
Status = EFI_ACCESS_DENIED;
} else {
CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) SmmVariableFunctionHeader->Data;
Status = VarCheckVariablePropertySet (
CommVariableProperty->Name,
&CommVariableProperty->Guid,
&CommVariableProperty->VariableProperty
);
}
break;
case SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET:
if (CommBufferPayloadSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: SMM communication buffer size invalid!\n"));
return EFI_SUCCESS;
}
//
// Copy the input communicate buffer payload to pre-allocated SMM variable buffer payload.
//
CopyMem (mVariableBufferPayload, SmmVariableFunctionHeader->Data, CommBufferPayloadSize);
CommVariableProperty = (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *) mVariableBufferPayload;
if ((UINTN) (~0) - CommVariableProperty->NameSize < OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
//
// Prevent InfoSize overflow happen
//
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
InfoSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + CommVariableProperty->NameSize;
//
// SMRAM range check already covered before
//
if (InfoSize > CommBufferPayloadSize) {
DEBUG ((EFI_D_ERROR, "VarCheckVariablePropertyGet: Data size exceed communication buffer size limit!\n"));
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
//
// Make sure VariableName is A Null-terminated string.
//
Status = EFI_ACCESS_DENIED;
goto EXIT;
}
Status = VarCheckVariablePropertyGet (
CommVariableProperty->Name,
&CommVariableProperty->Guid,
&CommVariableProperty->VariableProperty
);
CopyMem (SmmVariableFunctionHeader->Data, mVariableBufferPayload, CommBufferPayloadSize);
break;
default:
Status = EFI_UNSUPPORTED;
@ -887,6 +948,14 @@ VariableServiceInitialize (
);
ASSERT_EFI_ERROR (Status);
Status = gSmst->SmmInstallProtocolInterface (
&VariableHandle,
&gEdkiiSmmVarCheckProtocolGuid,
EFI_NATIVE_INTERFACE,
&mSmmVarCheck
);
ASSERT_EFI_ERROR (Status);
//
// Get SMRAM information
//
@ -910,7 +979,7 @@ VariableServiceInitialize (
mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);
mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
Status = gSmst->SmmAllocatePool (
EfiRuntimeServicesData,

7
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
View File

@ -12,7 +12,7 @@
# This external input must be validated carefully to avoid security issue like
# buffer overflow, integer overflow.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@ -44,6 +44,7 @@
Reclaim.c
Variable.c
VariableSmm.c
VarCheck.c
Variable.h
[Packages]
@ -62,6 +63,7 @@
DxeServicesTableLib
HobLib
PcdLib
DevicePathLib
[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
@ -72,7 +74,8 @@
## UNDEFINED # SmiHandlerRegister
gEfiSmmVariableProtocolGuid
gEfiSmmAccess2ProtocolGuid ## CONSUMES
gEfiSmmEndOfDxeProtocolGuid ## CONSUMES
gEfiSmmEndOfDxeProtocolGuid ## NOTIFY
gEdkiiSmmVarCheckProtocolGuid ## PRODUCES
[Guids]
## PRODUCES ## GUID # Signature of Variable store header

191
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
View File

@ -14,7 +14,7 @@
InitCommunicateBuffer() is really function to check the variable data size.
Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@ -30,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/SmmCommunication.h>
#include <Protocol/SmmVariable.h>
#include <Protocol/VariableLock.h>
#include <Protocol/VarCheck.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
@ -56,6 +57,7 @@ UINTN mVariableBufferSize;
UINTN mVariableBufferPayloadSize;
EFI_LOCK mVariableServicesLock;
EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
EDKII_VAR_CHECK_PROTOCOL mVarCheck;
/**
Acquires lock only at boot time. Simply returns at runtime.
@ -244,6 +246,180 @@ Done:
return Status;
}
/**
Register SetVariable check handler.
@param[in] Handler Pointer to check handler.
@retval EFI_SUCCESS The SetVariable check handler was registered successfully.
@retval EFI_INVALID_PARAMETER Handler is NULL.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the SetVariable check handler register request.
@retval EFI_UNSUPPORTED This interface is not implemented.
For example, it is unsupported in VarCheck protocol if both VarCheck and SmmVarCheck protocols are present.
**/
EFI_STATUS
EFIAPI
VarCheckRegisterSetVariableCheckHandler (
IN VAR_CHECK_SET_VARIABLE_CHECK_HANDLER Handler
)
{
return EFI_UNSUPPORTED;
}
/**
Variable property set.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[in] VariableProperty Pointer to the input variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
or the fields of VariableProperty are not valid.
@retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
**/
EFI_STATUS
EFIAPI
VarCheckVariablePropertySet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
)
{
EFI_STATUS Status;
UINTN VariableNameSize;
UINTN PayloadSize;
SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
if (Name == NULL || Name[0] == 0 || Guid == NULL) {
return EFI_INVALID_PARAMETER;
}
if (VariableProperty == NULL) {
return EFI_INVALID_PARAMETER;
}
if (VariableProperty->Revision != VAR_CHECK_VARIABLE_PROPERTY_REVISION) {
return EFI_INVALID_PARAMETER;
}
VariableNameSize = StrSize (Name);
CommVariableProperty = NULL;
//
// If VariableName exceeds SMM payload limit. Return failure
//
if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
return EFI_INVALID_PARAMETER;
}
AcquireLockOnlyAtBootTime (&mVariableServicesLock);
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
//
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + VariableNameSize;
Status = InitCommunicateBuffer ((VOID **) &CommVariableProperty, PayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET);
if (EFI_ERROR (Status)) {
goto Done;
}
ASSERT (CommVariableProperty != NULL);
CopyGuid (&CommVariableProperty->Guid, Guid);
CopyMem (&CommVariableProperty->VariableProperty, VariableProperty, sizeof (*VariableProperty));
CommVariableProperty->NameSize = VariableNameSize;
CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSize);
//
// Send data to SMM.
//
Status = SendCommunicateBuffer (PayloadSize);
Done:
ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
/**
Variable property get.
@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[out] VariableProperty Pointer to the output variable property.
@retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
@retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string.
@retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
**/
EFI_STATUS
EFIAPI
VarCheckVariablePropertyGet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
)
{
EFI_STATUS Status;
UINTN VariableNameSize;
UINTN PayloadSize;
SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
if (Name == NULL || Name[0] == 0 || Guid == NULL) {
return EFI_INVALID_PARAMETER;
}
if (VariableProperty == NULL) {
return EFI_INVALID_PARAMETER;
}
VariableNameSize = StrSize (Name);
CommVariableProperty = NULL;
//
// If VariableName exceeds SMM payload limit. Return failure
//
if (VariableNameSize > mVariableBufferPayloadSize - OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name)) {
return EFI_INVALID_PARAMETER;
}
AcquireLockOnlyAtBootTime (&mVariableServicesLock);
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
//
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) + VariableNameSize;
Status = InitCommunicateBuffer ((VOID **) &CommVariableProperty, PayloadSize, SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET);
if (EFI_ERROR (Status)) {
goto Done;
}
ASSERT (CommVariableProperty != NULL);
CopyGuid (&CommVariableProperty->Guid, Guid);
CommVariableProperty->NameSize = VariableNameSize;
CopyMem (CommVariableProperty->Name, Name, CommVariableProperty->NameSize);
//
// Send data to SMM.
//
Status = SendCommunicateBuffer (PayloadSize);
if (Status == EFI_SUCCESS) {
CopyMem (VariableProperty, &CommVariableProperty->VariableProperty, sizeof (*VariableProperty));
}
Done:
ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
return Status;
}
/**
This code finds variable in storage blocks (Volatile or Non-Volatile).
@ -734,7 +910,7 @@ SmmVariableReady (
// Allocate memory for variable communicate buffer.
//
mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
OFFSET_OF (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE, Name) - sizeof (VARIABLE_HEADER);
OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
mVariableBufferSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + mVariableBufferPayloadSize;
mVariableBuffer = AllocateRuntimePool (mVariableBufferSize);
ASSERT (mVariableBuffer != NULL);
@ -833,6 +1009,17 @@ VariableSmmRuntimeInitialize (
);
ASSERT_EFI_ERROR (Status);
mVarCheck.RegisterSetVariableCheckHandler = VarCheckRegisterSetVariableCheckHandler;
mVarCheck.VariablePropertySet = VarCheckVariablePropertySet;
mVarCheck.VariablePropertyGet = VarCheckVariablePropertyGet;
Status = gBS->InstallMultipleProtocolInterfaces (
&mHandle,
&gEdkiiVarCheckProtocolGuid,
&mVarCheck,
NULL
);
ASSERT_EFI_ERROR (Status);
//
// Smm variable service is ready
//

3
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
View File

@ -10,7 +10,7 @@
# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
#
# Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@ -65,6 +65,7 @@
## UNDEFINED # Used to do smm communication
gEfiSmmVariableProtocolGuid
gEdkiiVariableLockProtocolGuid ## PRODUCES
gEdkiiVarCheckProtocolGuid ## PRODUCES
[Guids]
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event