mirror of
				https://github.com/acidanthera/audk.git
				synced 2025-10-25 09:13:47 +02:00 
			
		
		
		
	VariableRuntimeDxe deletes and locks the MorLock variable in
MorLockInit(), with the argument that any protection provided by MorLock
can be circumvented if MorLock can be overwritten by unprivileged code
(i.e., outside of SMM).
Extend the argument and the logic to the MOR variable, which is supposed
to be protected by MorLock. Pass Attributes=0 when deleting MorLock and
MOR both.
This change was suggested by Star; it is inspired by earlier VariableSmm
commit fda8f631edbb ("MdeModulePkg/Variable/RuntimeDxe: delete and lock
OS-created MOR variable", 2017-10-03).
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Suggested-by: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
		
	
			
		
			
				
	
	
		
			131 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			131 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /** @file
 | |
|   TCG MOR (Memory Overwrite Request) Lock Control support (DXE version).
 | |
| 
 | |
|   This module clears MemoryOverwriteRequestControlLock variable to indicate
 | |
|   MOR lock control unsupported.
 | |
| 
 | |
| Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
 | |
| This program and the accompanying materials
 | |
| are licensed and made available under the terms and conditions of the BSD License
 | |
| which accompanies this distribution.  The full text of the license may be found at
 | |
| http://opensource.org/licenses/bsd-license.php
 | |
| 
 | |
| THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
 | |
| WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 | |
| 
 | |
| **/
 | |
| 
 | |
| #include <PiDxe.h>
 | |
| #include <Guid/MemoryOverwriteControl.h>
 | |
| #include <IndustryStandard/MemoryOverwriteRequestControlLock.h>
 | |
| #include <Library/DebugLib.h>
 | |
| #include <Library/BaseLib.h>
 | |
| #include <Library/BaseMemoryLib.h>
 | |
| #include "Variable.h"
 | |
| 
 | |
| extern EDKII_VARIABLE_LOCK_PROTOCOL     mVariableLock;
 | |
| 
 | |
| /**
 | |
|   This service is an MOR/MorLock checker handler for the SetVariable().
 | |
| 
 | |
|   @param[in]  VariableName the name of the vendor's variable, as a
 | |
|                            Null-Terminated Unicode String
 | |
|   @param[in]  VendorGuid   Unify identifier for vendor.
 | |
|   @param[in]  Attributes   Attributes bitmask to set for the variable.
 | |
|   @param[in]  DataSize     The size in bytes of Data-Buffer.
 | |
|   @param[in]  Data         Point to the content of the variable.
 | |
| 
 | |
|   @retval  EFI_SUCCESS            The MOR/MorLock check pass, and Variable
 | |
|                                   driver can store the variable data.
 | |
|   @retval  EFI_INVALID_PARAMETER  The MOR/MorLock data or data size or
 | |
|                                   attributes is not allowed for MOR variable.
 | |
|   @retval  EFI_ACCESS_DENIED      The MOR/MorLock is locked.
 | |
|   @retval  EFI_ALREADY_STARTED    The MorLock variable is handled inside this
 | |
|                                   function. Variable driver can just return
 | |
|                                   EFI_SUCCESS.
 | |
| **/
 | |
| EFI_STATUS
 | |
| SetVariableCheckHandlerMor (
 | |
|   IN CHAR16     *VariableName,
 | |
|   IN EFI_GUID   *VendorGuid,
 | |
|   IN UINT32     Attributes,
 | |
|   IN UINTN      DataSize,
 | |
|   IN VOID       *Data
 | |
|   )
 | |
| {
 | |
|   //
 | |
|   // Just let it pass. No need provide protection for DXE version.
 | |
|   //
 | |
|   return EFI_SUCCESS;
 | |
| }
 | |
| 
 | |
| /**
 | |
|   Initialization for MOR Control Lock.
 | |
| 
 | |
|   @retval EFI_SUCCESS     MorLock initialization success.
 | |
|   @return Others          Some error occurs.
 | |
| **/
 | |
| EFI_STATUS
 | |
| MorLockInit (
 | |
|   VOID
 | |
|   )
 | |
| {
 | |
|   //
 | |
|   // Always clear variable to report unsupported to OS.
 | |
|   // The reason is that the DXE version is not proper to provide *protection*.
 | |
|   // BIOS should use SMM version variable driver to provide such capability.
 | |
|   //
 | |
|   VariableServiceSetVariable (
 | |
|     MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
 | |
|     &gEfiMemoryOverwriteRequestControlLockGuid,
 | |
|     0,                                          // Attributes
 | |
|     0,                                          // DataSize
 | |
|     NULL                                        // Data
 | |
|     );
 | |
| 
 | |
|   //
 | |
|   // Need set this variable to be read-only to prevent other module set it.
 | |
|   //
 | |
|   VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid);
 | |
| 
 | |
|   //
 | |
|   // The MOR variable can effectively improve platform security only when the
 | |
|   // MorLock variable protects the MOR variable. In turn MorLock cannot be made
 | |
|   // secure without SMM support in the platform firmware (see above).
 | |
|   //
 | |
|   // Thus, delete the MOR variable, should it exist for any reason (some OSes
 | |
|   // are known to create MOR unintentionally, in an attempt to set it), then
 | |
|   // also lock the MOR variable, in order to prevent other modules from
 | |
|   // creating it.
 | |
|   //
 | |
|   VariableServiceSetVariable (
 | |
|     MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
 | |
|     &gEfiMemoryOverwriteControlDataGuid,
 | |
|     0,                                      // Attributes
 | |
|     0,                                      // DataSize
 | |
|     NULL                                    // Data
 | |
|     );
 | |
|   VariableLockRequestToLock (
 | |
|     &mVariableLock,
 | |
|     MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
 | |
|     &gEfiMemoryOverwriteControlDataGuid
 | |
|     );
 | |
| 
 | |
|   return EFI_SUCCESS;
 | |
| }
 | |
| 
 | |
| /**
 | |
|   Delayed initialization for MOR Control Lock at EndOfDxe.
 | |
| 
 | |
|   This function performs any operations queued by MorLockInit().
 | |
| **/
 | |
| VOID
 | |
| MorLockInitAtEndOfDxe (
 | |
|   VOID
 | |
|   )
 | |
| {
 | |
|   //
 | |
|   // Do nothing.
 | |
|   //
 | |
| }
 |