tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-08 14:24:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
audk/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
Wei6 Xu 5aa6842715 MdeModulePkg/VariableStandaloneMm: Fix TCG MOR secure feature issue 
According to TCG's Platform Reset Attack Mitigation spec, the OS should
never create the MOR variable, only read and write it.
But some OSes (Fedora 24 and 25) don't follow the TCG's Platform Reset
Attack Mitigation spec and unintentionally create MOR variable.

The commit fda8f631edbbf3823760542a06f12bd60fd39181 added function
VariableHaveTcgProtocols() to check against Tcg/Tcg2 protocol to infer
whether the MOR variable is created by platform firmware or not. If not,
delete the variable created by OS and lock the variable to avoid OS to
create it.

But in VariableStandaloneMm, VariableHaveTcgProtocols() always returns
FALSE, it causes TCG MOR secure feature does not work in standalone MM
environment.

As Fedora 24 and 25 are EOL today, directly returns TRUE in the function
VariableHaveTcgProtocols() for VariableStandaloneMm, and rename the
function to VariableIsMorVariableLegitimate() to make it more obvious
what the narrow use-case is for which it exists.

Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
2024-08-30 13:18:08 +00:00

170 lines
4.6 KiB
C
Raw Blame History

/** @file
Polymorphic functions that are called from both the privileged driver (i.e.,
the DXE_SMM variable module) and the non-privileged drivers (i.e., one or
both of the DXE_RUNTIME variable modules).
Each of these functions has two implementations, appropriate for privileged
vs. non-privileged driver code.
Copyright (c) 2017, Red Hat, Inc.<BR>
Copyright (c) 2010 - 2024, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef _PRIVILEGE_POLYMORPHIC_H_
#define _PRIVILEGE_POLYMORPHIC_H_
#include <Uefi/UefiBaseType.h>
/**
SecureBoot Hook for auth variable update.
@param[in] VariableName Name of Variable to be found.
@param[in] VendorGuid Variable vendor GUID.
**/
VOID
EFIAPI
SecureBootHook (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
);
/**
Initialization for MOR Control Lock.
@retval EFI_SUCCESS MorLock initialization success.
@return Others Some error occurs.
**/
EFI_STATUS
MorLockInit (
VOID
);
/**
Delayed initialization for MOR Control Lock at EndOfDxe.
This function performs any operations queued by MorLockInit().
**/
VOID
MorLockInitAtEndOfDxe (
VOID
);
/**
This service is an MOR/MorLock checker handler for the SetVariable().
@param[in] VariableName the name of the vendor's variable, as a
Null-Terminated Unicode String
@param[in] VendorGuid Unify identifier for vendor.
@param[in] Attributes Attributes bitmask to set for the variable.
@param[in] DataSize The size in bytes of Data-Buffer.
@param[in] Data Point to the content of the variable.
@retval EFI_SUCCESS The MOR/MorLock check pass, and Variable
driver can store the variable data.
@retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or
attributes is not allowed for MOR variable.
@retval EFI_ACCESS_DENIED The MOR/MorLock is locked.
@retval EFI_ALREADY_STARTED The MorLock variable is handled inside this
function. Variable driver can just return
EFI_SUCCESS.
**/
EFI_STATUS
SetVariableCheckHandlerMor (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
);
/**
This service is consumed by the variable modules to place a barrier to stop
speculative execution.
Ensures that no later instruction will execute speculatively, until all prior
instructions have completed.
**/
VOID
VariableSpeculationBarrier (
VOID
);
/**
Notify the system that the SMM variable driver is ready.
**/
VOID
VariableNotifySmmReady (
VOID
);
/**
Notify the system that the SMM variable write driver is ready.
**/
VOID
VariableNotifySmmWriteReady (
VOID
);
/**
Variable Driver main entry point. The Variable driver places the 4 EFI
runtime services in the EFI System Table and installs arch protocols
for variable read and write services being available. It also registers
a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.
@retval EFI_SUCCESS Variable service successfully initialized.
**/
EFI_STATUS
EFIAPI
MmVariableServiceInitialize (
VOID
);
/**
This function checks if the Primary Buffer (CommBuffer) is valid.
@param Buffer The buffer start address to be checked.
@param Length The buffer length to be checked.
@retval TRUE This buffer is valid.
@retval FALSE This buffer is not valid.
**/
BOOLEAN
VariableSmmIsPrimaryBufferValid (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
);
/**
This function checks if the buffer is valid per processor architecture and
does not overlap with SMRAM.
@param Buffer The buffer start address to be checked.
@param Length The buffer length to be checked.
@retval TRUE This buffer is valid per processor architecture and does not
overlap with SMRAM.
@retval FALSE This buffer is not valid per processor architecture or overlaps
with SMRAM.
**/
BOOLEAN
VariableSmmIsNonPrimaryBufferValid (
IN EFI_PHYSICAL_ADDRESS Buffer,
IN UINT64 Length
);
/**
Whether the MOR variable is legitimate or not.
@retval TRUE MOR Variable is legitimate.
@retval FALSE MOR Variable in not legitimate.
**/
BOOLEAN
VariableIsMorVariableLegitimate (
VOID
);
#endif
Reference in New Issue View Git Blame Copy Permalink