mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-08 14:24:24 +02:00
5aa6842715
According to TCG's Platform Reset Attack Mitigation spec, the OS should never create the MOR variable, only read and write it. But some OSes (Fedora 24 and 25) don't follow the TCG's Platform Reset Attack Mitigation spec and unintentionally create MOR variable. The commit fda8f631edbbf3823760542a06f12bd60fd39181 added function VariableHaveTcgProtocols() to check against Tcg/Tcg2 protocol to infer whether the MOR variable is created by platform firmware or not. If not, delete the variable created by OS and lock the variable to avoid OS to create it. But in VariableStandaloneMm, VariableHaveTcgProtocols() always returns FALSE, it causes TCG MOR secure feature does not work in standalone MM environment. As Fedora 24 and 25 are EOL today, directly returns TRUE in the function VariableHaveTcgProtocols() for VariableStandaloneMm, and rename the function to VariableIsMorVariableLegitimate() to make it more obvious what the narrow use-case is for which it exists. Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
149 lines
3.8 KiB
C
149 lines
3.8 KiB
C
/** @file
|
|
|
|
Parts of the SMM/MM implementation that are specific to traditional MM
|
|
|
|
Copyright (c) 2011 - 2024, Intel Corporation. All rights reserved. <BR>
|
|
Copyright (c) 2018, Linaro, Ltd. All rights reserved. <BR>
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
|
|
#include <Library/UefiBootServicesTableLib.h>
|
|
#include <Library/SmmMemLib.h>
|
|
#include "Variable.h"
|
|
|
|
/**
|
|
This function checks if the Primary Buffer (CommBuffer) is valid.
|
|
|
|
@param Buffer The buffer start address to be checked.
|
|
@param Length The buffer length to be checked.
|
|
|
|
@retval TRUE This buffer is valid.
|
|
@retval FALSE This buffer is not valid.
|
|
**/
|
|
BOOLEAN
|
|
VariableSmmIsPrimaryBufferValid (
|
|
IN EFI_PHYSICAL_ADDRESS Buffer,
|
|
IN UINT64 Length
|
|
)
|
|
{
|
|
return SmmIsBufferOutsideSmmValid (Buffer, Length);
|
|
}
|
|
|
|
/**
|
|
This function checks if the buffer is valid per processor architecture and
|
|
does not overlap with SMRAM.
|
|
|
|
@param Buffer The buffer start address to be checked.
|
|
@param Length The buffer length to be checked.
|
|
|
|
@retval TRUE This buffer is valid per processor architecture and does not
|
|
overlap with SMRAM.
|
|
@retval FALSE This buffer is not valid per processor architecture or overlaps
|
|
with SMRAM.
|
|
**/
|
|
BOOLEAN
|
|
VariableSmmIsNonPrimaryBufferValid (
|
|
IN EFI_PHYSICAL_ADDRESS Buffer,
|
|
IN UINT64 Length
|
|
)
|
|
{
|
|
return SmmIsBufferOutsideSmmValid (Buffer, Length);
|
|
}
|
|
|
|
/**
|
|
Notify the system that the SMM variable driver is ready.
|
|
**/
|
|
VOID
|
|
VariableNotifySmmReady (
|
|
VOID
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
EFI_HANDLE Handle;
|
|
|
|
Handle = NULL;
|
|
Status = gBS->InstallProtocolInterface (
|
|
&Handle,
|
|
&gEfiSmmVariableProtocolGuid,
|
|
EFI_NATIVE_INTERFACE,
|
|
NULL
|
|
);
|
|
ASSERT_EFI_ERROR (Status);
|
|
}
|
|
|
|
/**
|
|
Notify the system that the SMM variable write driver is ready.
|
|
**/
|
|
VOID
|
|
VariableNotifySmmWriteReady (
|
|
VOID
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
EFI_HANDLE Handle;
|
|
|
|
Handle = NULL;
|
|
Status = gBS->InstallProtocolInterface (
|
|
&Handle,
|
|
&gSmmVariableWriteGuid,
|
|
EFI_NATIVE_INTERFACE,
|
|
NULL
|
|
);
|
|
ASSERT_EFI_ERROR (Status);
|
|
}
|
|
|
|
/**
|
|
Variable service MM driver entry point
|
|
|
|
@param[in] ImageHandle A handle for the image that is initializing this
|
|
driver
|
|
@param[in] SystemTable A pointer to the EFI system table
|
|
|
|
@retval EFI_SUCCESS Variable service successfully initialized.
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
VariableServiceInitialize (
|
|
IN EFI_HANDLE ImageHandle,
|
|
IN EFI_SYSTEM_TABLE *SystemTable
|
|
)
|
|
{
|
|
return MmVariableServiceInitialize ();
|
|
}
|
|
|
|
/**
|
|
Whether the TCG or TCG2 protocols are installed in the UEFI protocol database.
|
|
This information is used by the MorLock code to infer whether an existing
|
|
MOR variable is legitimate or not.
|
|
|
|
@retval TRUE Either the TCG or TCG2 protocol is installed in the UEFI
|
|
protocol database. MOR variable is legitimate.
|
|
@retval FALSE Neither the TCG nor the TCG2 protocol is installed in the UEFI
|
|
protocol database. MOR variable is not legitimate.
|
|
**/
|
|
BOOLEAN
|
|
VariableIsMorVariableLegitimate (
|
|
VOID
|
|
)
|
|
{
|
|
EFI_STATUS Status;
|
|
VOID *Interface;
|
|
|
|
Status = gBS->LocateProtocol (
|
|
&gEfiTcg2ProtocolGuid,
|
|
NULL, // Registration
|
|
&Interface
|
|
);
|
|
if (!EFI_ERROR (Status)) {
|
|
return TRUE;
|
|
}
|
|
|
|
Status = gBS->LocateProtocol (
|
|
&gEfiTcgProtocolGuid,
|
|
NULL, // Registration
|
|
&Interface
|
|
);
|
|
return !EFI_ERROR (Status);
|
|
}
|