audk/MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c

574 lines
20 KiB
C

/** @file -- VariablePolicySmmDxe.c
This protocol allows communication with Variable Policy Engine.
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Library/BaseLib.h>
#include <Library/UefiLib.h>
#include <Library/DebugLib.h>
#include <Library/SafeIntLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Protocol/VariablePolicy.h>
#include <Protocol/MmCommunication2.h>
#include <Guid/VarCheckPolicyMmi.h>
#include "Variable.h"
EDKII_VARIABLE_POLICY_PROTOCOL mVariablePolicyProtocol;
EFI_MM_COMMUNICATION2_PROTOCOL *mMmCommunication;
VOID *mMmCommunicationBuffer;
UINTN mMmCommunicationBufferSize;
EFI_LOCK mMmCommunicationLock;
/**
Internal helper function to consolidate communication method.
@param[in,out] CommBuffer
@param[in,out] CommSize Size of the CommBuffer.
@retval EFI_STATUS Result from communication method.
**/
STATIC
EFI_STATUS
InternalMmCommunicate (
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommSize
)
{
EFI_STATUS Status;
if (CommBuffer == NULL || CommSize == NULL) {
return EFI_INVALID_PARAMETER;
}
Status = mMmCommunication->Communicate (mMmCommunication, CommBuffer, CommBuffer, CommSize);
return Status;
}
/**
This API function disables the variable policy enforcement. If it's
already been called once, will return EFI_ALREADY_STARTED.
@retval EFI_SUCCESS
@retval EFI_ALREADY_STARTED Has already been called once this boot.
@retval EFI_WRITE_PROTECTED Interface has been locked until reboot.
@retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.
**/
STATIC
EFI_STATUS
EFIAPI
ProtocolDisableVariablePolicy (
VOID
)
{
EFI_STATUS Status;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
UINTN BufferSize;
// Check the PCD for convenience.
// This would also be rejected by the lib, but why go to MM if we don't have to?
if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {
return EFI_WRITE_PROTECTED;
}
AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
// Set up the MM communication.
BufferSize = mMmCommunicationBufferSize;
CommHeader = mMmCommunicationBuffer;
PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
CommHeader->MessageLength = BufferSize;
PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_DISABLE;
Status = InternalMmCommunicate (CommHeader, &BufferSize);
DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
return (EFI_ERROR( Status )) ? Status : PolicyHeader->Result;
}
/**
This API function returns whether or not the policy engine is
currently being enforced.
@param[out] State Pointer to a return value for whether the policy enforcement
is currently enabled.
@retval EFI_SUCCESS
@retval Others An error has prevented this command from completing.
**/
STATIC
EFI_STATUS
EFIAPI
ProtocolIsVariablePolicyEnabled (
OUT BOOLEAN *State
)
{
EFI_STATUS Status;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS *CommandParams;
UINTN BufferSize;
if (State == NULL) {
return EFI_INVALID_PARAMETER;
}
AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
// Set up the MM communication.
BufferSize = mMmCommunicationBufferSize;
CommHeader = mMmCommunicationBuffer;
PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
CommandParams = (VAR_CHECK_POLICY_COMM_IS_ENABLED_PARAMS*)(PolicyHeader + 1);
CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
CommHeader->MessageLength = BufferSize;
PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_IS_ENABLED;
Status = InternalMmCommunicate (CommHeader, &BufferSize);
DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
if (!EFI_ERROR( Status )) {
Status = PolicyHeader->Result;
*State = CommandParams->State;
}
ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
return Status;
}
/**
This API function validates and registers a new policy with
the policy enforcement engine.
@param[in] NewPolicy Pointer to the incoming policy structure.
@retval EFI_SUCCESS
@retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.
@retval EFI_ALREADY_STARTED An identical matching policy already exists.
@retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.
@retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.
@retval EFI_ABORTED A calculation error has prevented this function from completing.
@retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.
**/
STATIC
EFI_STATUS
EFIAPI
ProtocolRegisterVariablePolicy (
IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
)
{
EFI_STATUS Status;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
VOID *PolicyBuffer;
UINTN BufferSize;
UINTN RequiredSize;
if (NewPolicy == NULL) {
return EFI_INVALID_PARAMETER;
}
// First, make sure that the required size does not exceed the capabilities
// of the MmCommunication buffer.
RequiredSize = OFFSET_OF(EFI_MM_COMMUNICATE_HEADER, Data) + sizeof(VAR_CHECK_POLICY_COMM_HEADER);
Status = SafeUintnAdd( RequiredSize, NewPolicy->Size, &RequiredSize );
if (EFI_ERROR( Status ) || RequiredSize > mMmCommunicationBufferSize) {
DEBUG(( DEBUG_ERROR, "%a - Policy too large for buffer! %r, %d > %d \n", __FUNCTION__,
Status, RequiredSize, mMmCommunicationBufferSize ));
return EFI_OUT_OF_RESOURCES;
}
AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
// Set up the MM communication.
BufferSize = mMmCommunicationBufferSize;
CommHeader = mMmCommunicationBuffer;
PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
PolicyBuffer = (VOID*)(PolicyHeader + 1);
CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
CommHeader->MessageLength = BufferSize;
PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_REGISTER;
// Copy the policy into place. This copy is safe because we've already tested above.
CopyMem( PolicyBuffer, NewPolicy, NewPolicy->Size );
Status = InternalMmCommunicate (CommHeader, &BufferSize);
DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
return (EFI_ERROR( Status )) ? Status : PolicyHeader->Result;
}
/**
This helper function takes care of the overhead of formatting, sending, and interpreting
the results for a single DumpVariablePolicy request.
@param[in] PageRequested The page of the paginated results from MM. 0 for metadata.
@param[out] TotalSize The total size of the entire buffer. Returned as part of metadata.
@param[out] PageSize The size of the current page being returned. Not valid as part of metadata.
@param[out] HasMore A flag indicating whether there are more pages after this one.
@param[out] Buffer The start of the current page from MM.
@retval EFI_SUCCESS Output params have been updated (either metadata or dump page).
@retval EFI_INVALID_PARAMETER One of the output params is NULL.
@retval Others Response from MM handler.
**/
STATIC
EFI_STATUS
DumpVariablePolicyHelper (
IN UINT32 PageRequested,
OUT UINT32 *TotalSize,
OUT UINT32 *PageSize,
OUT BOOLEAN *HasMore,
OUT UINT8 **Buffer
)
{
EFI_STATUS Status;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
VAR_CHECK_POLICY_COMM_DUMP_PARAMS *CommandParams;
UINTN BufferSize;
if (TotalSize == NULL || PageSize == NULL || HasMore == NULL || Buffer == NULL) {
return EFI_INVALID_PARAMETER;
}
// Set up the MM communication.
BufferSize = mMmCommunicationBufferSize;
CommHeader = mMmCommunicationBuffer;
PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
CommandParams = (VAR_CHECK_POLICY_COMM_DUMP_PARAMS*)(PolicyHeader + 1);
CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
CommHeader->MessageLength = BufferSize;
PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_DUMP;
CommandParams->PageRequested = PageRequested;
Status = InternalMmCommunicate (CommHeader, &BufferSize);
DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
if (!EFI_ERROR( Status )) {
Status = PolicyHeader->Result;
*TotalSize = CommandParams->TotalSize;
*PageSize = CommandParams->PageSize;
*HasMore = CommandParams->HasMore;
*Buffer = (UINT8*)(CommandParams + 1);
}
return Status;
}
/**
This API function will dump the entire contents of the variable policy table.
Similar to GetVariable, the first call can be made with a 0 size and it will return
the size of the buffer required to hold the entire table.
@param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.
@param[in,out] Size On input, the size of the output buffer. On output, the size
of the data returned.
@retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.
@retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.
@retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.
**/
STATIC
EFI_STATUS
EFIAPI
ProtocolDumpVariablePolicy (
OUT UINT8 *Policy OPTIONAL,
IN OUT UINT32 *Size
)
{
EFI_STATUS Status;
UINT8 *Source;
UINT8 *Destination;
UINT32 PolicySize;
UINT32 PageSize;
BOOLEAN HasMore;
UINT32 PageIndex;
if (Size == NULL || (*Size > 0 && Policy == NULL)) {
return EFI_INVALID_PARAMETER;
}
AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
// Repeat this whole process until we either have a failure case or get the entire buffer.
do {
// First, we must check the zero page to determine the buffer size and
// reset the internal state.
PolicySize = 0;
PageSize = 0;
HasMore = FALSE;
Status = DumpVariablePolicyHelper (0, &PolicySize, &PageSize, &HasMore, &Source);
if (EFI_ERROR (Status)) {
break;
}
// If we're good, we can at least check the required size now.
if (*Size < PolicySize) {
*Size = PolicySize;
Status = EFI_BUFFER_TOO_SMALL;
break;
}
// On further thought, let's update the size either way.
*Size = PolicySize;
// And get ready to ROCK.
Destination = Policy;
// Keep looping and copying until we're either done or freak out.
for (PageIndex = 1; !EFI_ERROR (Status) && HasMore && PageIndex < MAX_UINT32; PageIndex++) {
Status = DumpVariablePolicyHelper (PageIndex, &PolicySize, &PageSize, &HasMore, &Source);
if (!EFI_ERROR (Status)) {
CopyMem (Destination, Source, PageSize);
Destination += PageSize;
}
}
// Next, we check to see whether
} while (Status == EFI_TIMEOUT);
ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
// There's currently no use for this, but it shouldn't be hard to implement.
return Status;
}
/**
This API function locks the interface so that no more policy updates
can be performed or changes made to the enforcement until the next boot.
@retval EFI_SUCCESS
@retval Others An error has prevented this command from completing.
**/
STATIC
EFI_STATUS
EFIAPI
ProtocolLockVariablePolicy (
VOID
)
{
EFI_STATUS Status;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
VAR_CHECK_POLICY_COMM_HEADER *PolicyHeader;
UINTN BufferSize;
AcquireLockOnlyAtBootTime (&mMmCommunicationLock);
// Set up the MM communication.
BufferSize = mMmCommunicationBufferSize;
CommHeader = mMmCommunicationBuffer;
PolicyHeader = (VAR_CHECK_POLICY_COMM_HEADER*)&CommHeader->Data;
CopyGuid( &CommHeader->HeaderGuid, &gVarCheckPolicyLibMmiHandlerGuid );
CommHeader->MessageLength = BufferSize;
PolicyHeader->Signature = VAR_CHECK_POLICY_COMM_SIG;
PolicyHeader->Revision = VAR_CHECK_POLICY_COMM_REVISION;
PolicyHeader->Command = VAR_CHECK_POLICY_COMMAND_LOCK;
Status = InternalMmCommunicate (CommHeader, &BufferSize);
DEBUG(( DEBUG_VERBOSE, "%a - MmCommunication returned %r.\n", __FUNCTION__, Status ));
ReleaseLockOnlyAtBootTime (&mMmCommunicationLock);
return (EFI_ERROR( Status )) ? Status : PolicyHeader->Result;
}
/**
This helper function locates the shared comm buffer and assigns it to input pointers.
@param[in,out] BufferSize On input, the minimum buffer size required INCLUDING the MM communicate header.
On output, the size of the matching buffer found.
@param[out] LocatedBuffer A pointer to the matching buffer.
@retval EFI_SUCCESS
@retval EFI_INVALID_PARAMETER One of the output pointers was NULL.
@retval EFI_OUT_OF_RESOURCES Not enough memory to allocate a comm buffer.
**/
STATIC
EFI_STATUS
InitMmCommonCommBuffer (
IN OUT UINTN *BufferSize,
OUT VOID **LocatedBuffer
)
{
EFI_STATUS Status;
Status = EFI_SUCCESS;
// Make sure that we're working with good pointers.
if (BufferSize == NULL || LocatedBuffer == NULL) {
return EFI_INVALID_PARAMETER;
}
// Allocate the runtime memory for the comm buffer.
*LocatedBuffer = AllocateRuntimePool (*BufferSize);
if (*LocatedBuffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
*BufferSize = 0;
}
EfiInitializeLock (&mMmCommunicationLock, TPL_NOTIFY);
return Status;
}
/**
Convert internal pointer addresses to virtual addresses.
@param[in] Event Event whose notification function is being invoked.
@param[in] Context The pointer to the notification function's context, which
is implementation-dependent.
**/
STATIC
VOID
EFIAPI
VariablePolicyVirtualAddressCallback (
IN EFI_EVENT Event,
IN VOID *Context
)
{
EfiConvertPointer (0, (VOID **)&mMmCommunication);
EfiConvertPointer (0, (VOID **)&mMmCommunicationBuffer);
}
/**
The driver's entry point.
@param[in] ImageHandle The firmware allocated handle for the EFI image.
@param[in] SystemTable A pointer to the EFI System Table.
@retval EFI_SUCCESS The entry point executed successfully.
@retval other Some error occured when executing this entry point.
**/
EFI_STATUS
EFIAPI
VariablePolicySmmDxeMain (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
BOOLEAN ProtocolInstalled;
BOOLEAN VirtualAddressChangeRegistered;
EFI_EVENT VirtualAddressChangeEvent;
Status = EFI_SUCCESS;
ProtocolInstalled = FALSE;
VirtualAddressChangeRegistered = FALSE;
// Update the minimum buffer size.
mMmCommunicationBufferSize = VAR_CHECK_POLICY_MM_COMM_BUFFER_SIZE;
// Locate the shared comm buffer to use for sending MM commands.
Status = InitMmCommonCommBuffer( &mMmCommunicationBufferSize, &mMmCommunicationBuffer );
if (EFI_ERROR( Status )) {
DEBUG((DEBUG_ERROR, "%a - Failed to locate a viable MM comm buffer! %r\n", __FUNCTION__, Status));
ASSERT_EFI_ERROR( Status );
return Status;
}
// Locate the MmCommunication protocol.
Status = gBS->LocateProtocol( &gEfiMmCommunication2ProtocolGuid, NULL, (VOID**)&mMmCommunication );
if (EFI_ERROR( Status )) {
DEBUG((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol! %r\n", __FUNCTION__, Status));
ASSERT_EFI_ERROR( Status );
return Status;
}
// Configure the VariablePolicy protocol structure.
mVariablePolicyProtocol.Revision = EDKII_VARIABLE_POLICY_PROTOCOL_REVISION;
mVariablePolicyProtocol.DisableVariablePolicy = ProtocolDisableVariablePolicy;
mVariablePolicyProtocol.IsVariablePolicyEnabled = ProtocolIsVariablePolicyEnabled;
mVariablePolicyProtocol.RegisterVariablePolicy = ProtocolRegisterVariablePolicy;
mVariablePolicyProtocol.DumpVariablePolicy = ProtocolDumpVariablePolicy;
mVariablePolicyProtocol.LockVariablePolicy = ProtocolLockVariablePolicy;
// Register all the protocols and return the status.
Status = gBS->InstallMultipleProtocolInterfaces( &ImageHandle,
&gEdkiiVariablePolicyProtocolGuid, &mVariablePolicyProtocol,
NULL );
if (EFI_ERROR( Status )) {
DEBUG(( DEBUG_ERROR, "%a - Failed to install protocol! %r\n", __FUNCTION__, Status ));
goto Exit;
}
else {
ProtocolInstalled = TRUE;
}
// Normally, we might want to register a callback
// to lock the interface, but this is integrated
// into the existing callbacks in VaraiableSmm.c
// and VariableDxe.c.
//
// Register a VirtualAddressChange callback for the MmComm protocol and Comm buffer.
Status = gBS->CreateEventEx (EVT_NOTIFY_SIGNAL,
TPL_NOTIFY,
VariablePolicyVirtualAddressCallback,
NULL,
&gEfiEventVirtualAddressChangeGuid,
&VirtualAddressChangeEvent);
if (EFI_ERROR( Status )) {
DEBUG(( DEBUG_ERROR, "%a - Failed to create VirtualAddressChange event! %r\n", __FUNCTION__, Status ));
goto Exit;
}
else {
VirtualAddressChangeRegistered = TRUE;
}
Exit:
//
// If we're about to return a failed status (and unload this driver), we must first undo anything that
// has been successfully done.
if (EFI_ERROR( Status )) {
if (ProtocolInstalled) {
gBS->UninstallProtocolInterface( &ImageHandle, &gEdkiiVariablePolicyProtocolGuid, &mVariablePolicyProtocol );
}
if (VirtualAddressChangeRegistered) {
gBS->CloseEvent( VirtualAddressChangeEvent );
}
}
return Status;
}