If the platform supports SMM, a gRT->SetVariable() call at boot time
results in the following call tree to SecureBootHook():
RuntimeServiceSetVariable() [VariableSmmRuntimeDxe.c, unprivileged]
SmmVariableHandler() [VariableSmm.c, PRIVILEGED]
VariableServiceSetVariable() [Variable.c, PRIVILEGED]
SecureBootHook() [VariableSmm.c, PRIVILEGED]
//
// do nothing
//
SecureBootHook() [Measurement.c, unprivileged]
//
// measure variable if it
// is related to SB policy
//
And if the platform does not support SMM:
VariableServiceSetVariable() [Variable.c, unprivileged]
SecureBootHook() [Measurement.c, unprivileged]
//
// measure variable if it
// is related to SB policy
//
In other words, the measurement always happens outside of SMM.
Because there are two implementations of the SecureBootHook() API, one
that is called from SMM and does nothing, and another that is called
outside of SMM and measures variables, the function declaration should be
in a header file. This way the compiler can enforce that the function
declaration and all function definitions match.
"Variable.h" is used for "including common header files, defining internal
structures and functions used by Variable modules". Technically, we could
declare SecureBootHook() in "Variable.h". However, "Measurement.c" and
"VariableSmmRuntimeDxe.c" themselves do not include "Variable.h", and that
is likely intentional -- "Variable.h" exposes so much of the privileged
variable implementation that it is likely excluded from these C source
files on purpose.
Therefore introduce a new header file called "PrivilegePolymorphic.h".
"Variable.h" includes this header (so that all C source files that have
been allowed to see the variable internals learn about the new
SecureBootHook() declaration immediately). In "Measurement.c" and
"VariableSmmRuntimeDxe.c", include *only* the new header.
This change cleans up commit fa0737a839 ("MdeModulePkg Variable: Merge
from Auth Variable driver in SecurityPkg", 2015-07-01).
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Ladi Prosek <lprosek@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Ladi Prosek <lprosek@redhat.com>
Measure DBT into PCR[7] when it is updated between initial measure and
ExitBootService. Measure "SecureBoot" change after PK update.
Spec version : TCG PC Client PFP 00.37. http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf
Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Otherwise there will be build failure if without VarCheckUefiLib linked.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18612 6f19259b-4bc3-4df7-8a09-765794883524
Since the variable check service has be separated to VarCheckLib
from Variable driver, so update Variable driver to consume the
separated VarCheckLib.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18286 6f19259b-4bc3-4df7-8a09-765794883524
What to do:
1. Merge from Auth Variable driver in SecurityPkg to Variable drive in
MdeModulePkg. Then the merged Variable driver in MdeModulePkg will
link to AuthVariableLib and TpmMeasurementLib.
AuthVariableLibNull and TpmMeasurementLibNull in MdeModulePkg
could be used for non auth variable support.
AuthVariableLib and DxeTpmMeasurementLib in SecurityPkg
may be used for auth variable support.
Why to do:
1. Remove code duplication and reduce maintenance effort.
After auth variable service separated from Auth Variable driver in SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg
will be almost same with Variable driver in MdeModulePkg. Now it is to
merge them.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17765 6f19259b-4bc3-4df7-8a09-765794883524
for trying to reclaim variable space at EndOfDxe.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16687 6f19259b-4bc3-4df7-8a09-765794883524
and follow UEFI spec to check UEFI defined variables.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@16579 6f19259b-4bc3-4df7-8a09-765794883524
1. Usage information in INF file comment blocks are either incomplete or incorrect.
This includes usage information for Protocols/PPIs/GUIDs/PCDs/HOBs/Events/BootModes.
The syntax for usage information in comment blocks is defined in the EDK II Module Information (INF) Specification
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Zeng, Star <star.zeng@intel.com>
Reviewed-by: Gao, Liming <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@15962 6f19259b-4bc3-4df7-8a09-765794883524
PEI variable implementation checks only the variable header signature for validity. This does not seem robust if system crash occurred during previous Reclaim() operation. If the crash occurred while FTW was rewriting the variable FV, the signature could be valid even though the rest of the FV isn't valid.
Solution: Add a FaultTolerantWritePei driver to check and provide the FTW last write status, then PEI variable and early phase(before FTW protocol ready) of DXE variable can check the status and determine if all or partial variable data has been backed up in spare block, and then use the backed up data.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14454 6f19259b-4bc3-4df7-8a09-765794883524
Add code in BdsDxe driver to call the protocol to mark the read-only variables defined in the UEFI Spec.
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Reviewed-by: Guo Dong <guo.dong@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@14372 6f19259b-4bc3-4df7-8a09-765794883524
The Variable PEI and RuntimeDxe drivers were using the attribute 'HeaderLength' of
EFI_FIRMWARE_VOLUME_HEADER without checking if a Firmware Volume Header was existing at
the base address.
In case the Firmware Volume Header does not exist or is corrupted, the attribute 'HeaderLength'
is a non valid value that can lead to a non valid physical address when accessing produces an
access error.
Signed-off-by: oliviermartin
Reviewed-by: niruiyu
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12836 6f19259b-4bc3-4df7-8a09-765794883524
2. Boot time variable reclaim issue is caused by incorrect flash layout. Platform integrator should ensure that the size of variable region must less than FTW spare space size.
3. Per UEFI Specification, variables of attribute HARDWARE_ERROR_RECORD are guaranteed to have its own storage space size.original implementation doesn’t meet this requirement
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8029 6f19259b-4bc3-4df7-8a09-765794883524
2. modify the method of getting right FVB protocol interface. move the notification event of FVB installation into variable driver. and also move ExitBootService event into variable driver.
3. use EFI_FVB2_WRITE_STATUS flag to distinct whether the FVB protocol supports writing operation or not.Currently, DxeCore installs FVB which has ~EFI_FVB2_WRITE_STATUS(that is, disable write) attrbiute. FvbRuntimeDxe driver should provide a full FVB protocol, which returns EFI_FVB2_WRITE_STATUS attribute to signify itself provide writable FVB protocol. So other modules which need write data by FVB protocol can locate it correctly.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7835 6f19259b-4bc3-4df7-8a09-765794883524
2. move VariableFormat.h into GUID directory and change the “Signature” field of the VARIABLE_STORE_HEADER to gEfiVariableGuid value.
3. merging VARIABLE_INFO_ENTRY structure into the new Include/Guid/VariableFormat.h
4. change gEfiVariableInfoGuid into gEfiVariableGuid.
5. modify FDF files to use new guid value instead of the original signature.
6. all code related to signature is changed to use guid value.
git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@7728 6f19259b-4bc3-4df7-8a09-765794883524
Laszlo Ersek
Zhang, Chao B
Liming Gao
Yao, Jiewen
Star Zeng
niruiyu
lzeng14
oliviermartin
gdong1
andrewfish
hhtian
lgao4
eric_tian
jji4
mdkinney
xli24
gikidy
klu2
vanjeff
gtian
AJFISH
qwang12
qhuang8
yshang1