## @file # Provides SMM authenticated variable service # # This module installs SMM variable protocol into SMM protocol database, # which can be used by SMM driver, and installs SMM variable protocol # into BS protocol database, which can be used to notify the SMM Runtime # Dxe driver that the SMM variable service is ready. # This module should be used with SMM Runtime DXE module together. The # SMM Runtime DXE module installs variable arch protocol and variable # write arch protocol based on SMM variable module. # # Caution: This module requires additional review when modified. # This driver will have external input - variable data and communicate buffer in SMM mode. # This external input must be validated carefully to avoid security issues such as # buffer overflow or integer overflow. # The whole SMM authentication variable design relies on the integrity of flash part and SMM. # which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory # may not be modified without authorization. If platform fails to protect these resources, # the authentication service provided in this driver will be broken, and the behavior is undefined. # # Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at # http://opensource.org/licenses/bsd-license.php # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. # ## [Defines] INF_VERSION = 0x00010005 BASE_NAME = VariableAuthSmm MODULE_UNI_FILE = VariableAuthSmm.uni FILE_GUID = D34BDC5E-968A-40f5-A48C-E594F45AE211 MODULE_TYPE = DXE_SMM_DRIVER VERSION_STRING = 1.0 PI_SPECIFICATION_VERSION = 0x0001000A ENTRY_POINT = VariableServiceInitialize # # The following information is for reference only and not required by the build tools. # # VALID_ARCHITECTURES = IA32 X64 # [Sources] Reclaim.c Variable.c VariableSmm.c AuthService.c VarCheck.c Variable.h AuthService.h [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec CryptoPkg/CryptoPkg.dec SecurityPkg/SecurityPkg.dec [LibraryClasses] UefiDriverEntryPoint MemoryAllocationLib BaseLib SynchronizationLib UefiLib SmmServicesTableLib BaseMemoryLib DebugLib DxeServicesTableLib BaseCryptLib PlatformSecureLib HobLib PcdLib DevicePathLib SmmMemLib [Protocols] gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES ## PRODUCES ## UNDEFINED # SmiHandlerRegister gEfiSmmVariableProtocolGuid ## CONSUMES ## NOTIFY gEfiSmmFaultTolerantWriteProtocolGuid gEfiSmmEndOfDxeProtocolGuid ## NOTIFY gEdkiiSmmVarCheckProtocolGuid ## PRODUCES [Guids] ## PRODUCES ## GUID # Variable store header ## CONSUMES ## GUID # Variable store header ## SOMETIMES_CONSUMES ## HOB gEfiAuthenticatedVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"PlatformLang" ## SOMETIMES_PRODUCES ## Variable:L"PlatformLang" ## SOMETIMES_CONSUMES ## Variable:L"Lang" ## SOMETIMES_PRODUCES ## Variable:L"Lang" ## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport" ## CONSUMES ## Variable:L"SetupMode" ## PRODUCES ## Variable:L"SetupMode" ## SOMETIMES_CONSUMES ## Variable:L"PK" ## SOMETIMES_CONSUMES ## Variable:L"KEK" ## CONSUMES ## Variable:L"SecureBoot" ## PRODUCES ## Variable:L"SecureBoot" ## CONSUMES ## Variable:L"SignatureSupport" ## PRODUCES ## Variable:L"SignatureSupport" ## PRODUCES ## Variable:L"VendorKeys" gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"DB" ## SOMETIMES_CONSUMES ## Variable:L"DBX" gEfiImageSecurityDatabaseGuid ## CONSUMES ## Variable:L"SecureBootEnable" ## PRODUCES ## Variable:L"SecureBootEnable" gEfiSecureBootEnableDisableGuid ## CONSUMES ## Variable:L"CustomMode" ## PRODUCES ## Variable:L"CustomMode" gEfiCustomModeEnableGuid ## CONSUMES ## Variable:L"certdb" ## PRODUCES ## Variable:L"certdb" gEfiCertDbGuid ## CONSUMES ## Variable:L"VendorKeysNv" ## PRODUCES ## Variable:L"VendorKeysNv" gEfiVendorKeysNvGuid gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData. gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the format of the CertData. gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. gEfiSystemNvDataFvGuid ## CONSUMES ## GUID gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####" gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES [FeaturePcd] gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable. gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang [Depex] TRUE [UserExtensions.TianoCore."ExtraFiles"] VariableSmmExtra.uni