According to TCG's Platform Reset Attack Mitigation spec, the OS should
never create the MOR variable, only read and write it.
But some OSes (Fedora 24 and 25) don't follow the TCG's Platform Reset
Attack Mitigation spec and unintentionally create MOR variable.
The commit fda8f631edbbf3823760542a06f12bd60fd39181 added function
VariableHaveTcgProtocols() to check against Tcg/Tcg2 protocol to infer
whether the MOR variable is created by platform firmware or not. If not,
delete the variable created by OS and lock the variable to avoid OS to
create it.
But in VariableStandaloneMm, VariableHaveTcgProtocols() always returns
FALSE, it causes TCG MOR secure feature does not work in standalone MM
environment.
As Fedora 24 and 25 are EOL today, directly returns TRUE in the function
VariableHaveTcgProtocols() for VariableStandaloneMm, and rename the
function to VariableIsMorVariableLegitimate() to make it more obvious
what the narrow use-case is for which it exists.
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
VariableSmmIsBufferOutsideSmmValid function is to check the buffer
is outside SMM or not. This patch fix the issue that always return
true for MM.
Meanwhile, this patch renames VariableSmmIsBufferOutsideSmmValid
to VariableSmmIsNonPrimaryBufferValid.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
Add a new function (VariableSmmIsPrimaryBufferValid) to check
Primary Buffer valid or not.
original function (VariableSmmIsBufferOutsideSmmValid) is used to
check the buffer outside MMRAM.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Yuanhao Xie <yuanhao.xie@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
Apply uncrustify changes to .c/.h files in the MdeModulePkg package
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
In preparation of providing a standalone MM based variable runtime
driver, move the existing SMM driver to the new MM services table,
and factor out some pieces that are specific to the traditional
driver, mainly related to the use of UEFI boot services, which are
not accessible to standalone MM drivers.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
