tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg Variable: Remove mStorageData buffer allocation and use Scratch buffer instead to reduce SMRAM consumption. 

It can reduce MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) size of SMRAM consumption.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14855 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
Star Zeng 2013-11-18 02:56:04 +00:00 committed by lzeng14
parent e82edcf914
commit fddbbc661e
4 changed files with 40 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
View File

@ -48,14 +48,6 @@ CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
// //
VOID *mHashCtx = NULL; VOID *mHashCtx = NULL;
//
// Pointer to runtime buffer.
// For "Append" operation to an existing variable, a read/modify/write operation
// is supported by firmware internally. Reserve runtime buffer to cache previous
// variable data in runtime phase because memory allocation is forbidden in virtual mode.
//
VOID *mStorageArea = NULL;
// //
// The serialization of the values of the VariableName, VendorGuid and Attributes // The serialization of the values of the VariableName, VendorGuid and Attributes
// parameters of the SetVariable() call and the TimeStamp component of the // parameters of the SetVariable() call and the TimeStamp component of the
@ -191,14 +183,6 @@ AutenticatedVariableServiceInitialize (
return EFI_OUT_OF_RESOURCES; return EFI_OUT_OF_RESOURCES;
} }
//
// Reserved runtime buffer for "Append" operation in virtual mode.
//
mStorageArea = AllocateRuntimePool (MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)));
if (mStorageArea == NULL) {
return EFI_OUT_OF_RESOURCES;
}
// //
// Prepare runtime buffer for serialized data of time-based authenticated // Prepare runtime buffer for serialized data of time-based authenticated
// Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data). // Variable, i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data).

1
SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.h
View File

@ -329,7 +329,6 @@ VerifyTimeBasedPayload (
extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE]; extern UINT8 mPubKeyStore[MAX_KEYDB_SIZE];
extern UINT32 mPubKeyNumber; extern UINT32 mPubKeyNumber;
extern VOID *mHashCtx; extern VOID *mHashCtx;
extern VOID *mStorageArea;
extern UINT8 *mSerializationRuntimeBuffer; extern UINT8 *mSerializationRuntimeBuffer;
#endif #endif

54
SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
View File

@ -1752,7 +1752,9 @@ UpdateVariable (
VARIABLE_POINTER_TRACK NvVariable; VARIABLE_POINTER_TRACK NvVariable;
VARIABLE_STORE_HEADER *VariableStoreHeader; VARIABLE_STORE_HEADER *VariableStoreHeader;
UINTN CacheOffset; UINTN CacheOffset;
UINTN BufSize; UINT8 *BufferForMerge;
UINTN MergedBufSize;
BOOLEAN DataReady;
UINTN DataOffset; UINTN DataOffset;
if (mVariableModuleGlobal->FvbInstance == NULL) { if (mVariableModuleGlobal->FvbInstance == NULL) {
@ -1802,7 +1804,8 @@ UpdateVariable (
// //
NextVariable = GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase)); NextVariable = GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase));
ScratchSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)); ScratchSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize));
SetMem (NextVariable, ScratchSize, 0xff);
DataReady = FALSE;
if (Variable->CurrPtr != NULL) { if (Variable->CurrPtr != NULL) {
// //
@ -1911,42 +1914,42 @@ UpdateVariable (
// //
if ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0) { if ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0) {
// //
// Cache the previous variable data into StorageArea. // NOTE: From 0 to DataOffset of NextVariable is reserved for Variable Header and Name.
// From DataOffset of NextVariable is to save the existing variable data.
// //
DataOffset = sizeof (VARIABLE_HEADER) + Variable->CurrPtr->NameSize + GET_PAD_SIZE (Variable->CurrPtr->NameSize); DataOffset = sizeof (VARIABLE_HEADER) + Variable->CurrPtr->NameSize + GET_PAD_SIZE (Variable->CurrPtr->NameSize);
CopyMem (mStorageArea, (UINT8*)((UINTN) Variable->CurrPtr + DataOffset), Variable->CurrPtr->DataSize); BufferForMerge = (UINT8 *) ((UINTN) NextVariable + DataOffset);
CopyMem (BufferForMerge, (UINT8 *) ((UINTN) Variable->CurrPtr + DataOffset), Variable->CurrPtr->DataSize);
// //
// Set Max Common Variable Data Size as default MaxDataSize // Set Max Common Variable Data Size as default MaxDataSize
// //
MaxDataSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER) - StrSize (VariableName) - GET_PAD_SIZE (StrSize (VariableName)); MaxDataSize = PcdGet32 (PcdMaxVariableSize) - DataOffset;
if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) || ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0))) ||
(CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) { (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
// //
// For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
// EFI_SIGNATURE_DATA values that are already part of the existing variable value. // EFI_SIGNATURE_DATA values that are already part of the existing variable value.
// //
Status = AppendSignatureList ( Status = AppendSignatureList (
mStorageArea, BufferForMerge,
Variable->CurrPtr->DataSize, Variable->CurrPtr->DataSize,
MaxDataSize - Variable->CurrPtr->DataSize, MaxDataSize - Variable->CurrPtr->DataSize,
Data, Data,
DataSize, DataSize,
&BufSize &MergedBufSize
); );
if (Status == EFI_BUFFER_TOO_SMALL) { if (Status == EFI_BUFFER_TOO_SMALL) {
// //
// Signture List is too long, Failed to Append // Signature List is too long, Failed to Append.
// //
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
goto Done; goto Done;
} }
if (BufSize == Variable->CurrPtr->DataSize) { if (MergedBufSize == Variable->CurrPtr->DataSize) {
if ((TimeStamp == NULL) || CompareTimeStamp (TimeStamp, &Variable->CurrPtr->TimeStamp)) { if ((TimeStamp == NULL) || CompareTimeStamp (TimeStamp, &Variable->CurrPtr->TimeStamp)) {
// //
// New EFI_SIGNATURE_DATA is not found and timestamp is not later // New EFI_SIGNATURE_DATA is not found and timestamp is not later
@ -1959,29 +1962,30 @@ UpdateVariable (
} }
} else { } else {
// //
// For other Variables, append the new data to the end of previous data. // For other Variables, append the new data to the end of existing data.
// Max Harware error record variable data size is different from common variable // Max Harware error record variable data size is different from common variable
// //
if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) { if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
MaxDataSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER) - StrSize (VariableName) - GET_PAD_SIZE (StrSize (VariableName)); MaxDataSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - DataOffset;
} }
if (Variable->CurrPtr->DataSize + DataSize > MaxDataSize) { if (Variable->CurrPtr->DataSize + DataSize > MaxDataSize) {
// //
// Exsiting data + Appended data exceed maximum variable size limitation // Existing data size + new data size exceed maximum variable size limitation.
// //
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;
goto Done; goto Done;
} }
CopyMem ((UINT8*)((UINTN) mStorageArea + Variable->CurrPtr->DataSize), Data, DataSize); CopyMem ((UINT8*) ((UINTN) BufferForMerge + Variable->CurrPtr->DataSize), Data, DataSize);
BufSize = Variable->CurrPtr->DataSize + DataSize; MergedBufSize = Variable->CurrPtr->DataSize + DataSize;
} }
// //
// Override Data and DataSize which are used for combined data area including previous and new data. // BufferForMerge(from DataOffset of NextVariable) has included the merged existing and new data.
// //
Data = mStorageArea; Data = BufferForMerge;
DataSize = BufSize; DataSize = MergedBufSize;
DataReady = TRUE;
} }
// //
@ -2038,9 +2042,7 @@ UpdateVariable (
// //
// Function part - create a new variable and copy the data. // Function part - create a new variable and copy the data.
// Both update a variable and create a variable will come here. // Both update a variable and create a variable will come here.
//
SetMem (NextVariable, ScratchSize, 0xff);
NextVariable->StartId = VARIABLE_DATA; NextVariable->StartId = VARIABLE_DATA;
// //
// NextVariable->State = VAR_ADDED; // NextVariable->State = VAR_ADDED;
@ -2082,11 +2084,19 @@ UpdateVariable (
VarNameSize VarNameSize
); );
VarDataOffset = VarNameOffset + VarNameSize + GET_PAD_SIZE (VarNameSize); VarDataOffset = VarNameOffset + VarNameSize + GET_PAD_SIZE (VarNameSize);
//
// If DataReady is TRUE, it means the variable data has been saved into
// NextVariable during EFI_VARIABLE_APPEND_WRITE operation preparation.
//
if (!DataReady) {
CopyMem ( CopyMem (
(UINT8 *) ((UINTN) NextVariable + VarDataOffset), (UINT8 *) ((UINTN) NextVariable + VarDataOffset),
Data, Data,
DataSize DataSize
); );
}
CopyMem (&NextVariable->VendorGuid, VendorGuid, sizeof (EFI_GUID)); CopyMem (&NextVariable->VendorGuid, VendorGuid, sizeof (EFI_GUID));
// //
// There will be pad bytes after Data, the NextVariable->NameSize and // There will be pad bytes after Data, the NextVariable->NameSize and

1
SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableDxe.c
View File

@ -241,7 +241,6 @@ VariableClassAddressChangeEvent (
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.VolatileVariableBase); EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.VolatileVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal); EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
EfiConvertPointer (0x0, (VOID **) &mHashCtx); EfiConvertPointer (0x0, (VOID **) &mHashCtx);
EfiConvertPointer (0x0, (VOID **) &mStorageArea);
EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer); EfiConvertPointer (0x0, (VOID **) &mSerializationRuntimeBuffer);
EfiConvertPointer (0x0, (VOID **) &mNvVariableCache); EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);