From af1a266670d040d2f4083ff309d732d648afba2a Mon Sep 17 00:00:00 2001 From: Angelos Mouzakitis Date: Tue, 10 Oct 2023 14:33:42 +0000 Subject: Add submodule dependency files Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec --- .../Universal/Variable/RuntimeDxe/TcgMorLockDxe.c | 124 +++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 roms/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c (limited to 'roms/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c') diff --git a/roms/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c b/roms/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c new file mode 100644 index 000000000..e7accf4ed --- /dev/null +++ b/roms/edk2/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c @@ -0,0 +1,124 @@ +/** @file + TCG MOR (Memory Overwrite Request) Lock Control support (DXE version). + + This module clears MemoryOverwriteRequestControlLock variable to indicate + MOR lock control unsupported. + +Copyright (c) 2016, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include +#include "Variable.h" + +extern EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock; + +/** + This service is an MOR/MorLock checker handler for the SetVariable(). + + @param[in] VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param[in] VendorGuid Unify identifier for vendor. + @param[in] Attributes Attributes bitmask to set for the variable. + @param[in] DataSize The size in bytes of Data-Buffer. + @param[in] Data Point to the content of the variable. + + @retval EFI_SUCCESS The MOR/MorLock check pass, and Variable + driver can store the variable data. + @retval EFI_INVALID_PARAMETER The MOR/MorLock data or data size or + attributes is not allowed for MOR variable. + @retval EFI_ACCESS_DENIED The MOR/MorLock is locked. + @retval EFI_ALREADY_STARTED The MorLock variable is handled inside this + function. Variable driver can just return + EFI_SUCCESS. +**/ +EFI_STATUS +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + // + // Just let it pass. No need provide protection for DXE version. + // + return EFI_SUCCESS; +} + +/** + Initialization for MOR Control Lock. + + @retval EFI_SUCCESS MorLock initialization success. + @return Others Some error occurs. +**/ +EFI_STATUS +MorLockInit ( + VOID + ) +{ + // + // Always clear variable to report unsupported to OS. + // The reason is that the DXE version is not proper to provide *protection*. + // BIOS should use SMM version variable driver to provide such capability. + // + VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + 0, // Attributes + 0, // DataSize + NULL // Data + ); + + // + // Need set this variable to be read-only to prevent other module set it. + // + VariableLockRequestToLock (&mVariableLock, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid); + + // + // The MOR variable can effectively improve platform security only when the + // MorLock variable protects the MOR variable. In turn MorLock cannot be made + // secure without SMM support in the platform firmware (see above). + // + // Thus, delete the MOR variable, should it exist for any reason (some OSes + // are known to create MOR unintentionally, in an attempt to set it), then + // also lock the MOR variable, in order to prevent other modules from + // creating it. + // + VariableServiceSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + 0, // Attributes + 0, // DataSize + NULL // Data + ); + VariableLockRequestToLock ( + &mVariableLock, + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid + ); + + return EFI_SUCCESS; +} + +/** + Delayed initialization for MOR Control Lock at EndOfDxe. + + This function performs any operations queued by MorLockInit(). +**/ +VOID +MorLockInitAtEndOfDxe ( + VOID + ) +{ + // + // Do nothing. + // +} -- cgit 1.2.3-korg