Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
index bad8ecc..7d880e6 100644
--- a/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
+++ b/MdeModulePkg/Universal/PlatformDriOverrideDxe/PlatDriOverrideLib.c
@@ -1,7 +1,7 @@
/** @file
Implementation of the shared functions to do the platform driver vverride mapping.

- Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1004,7 +1004,6 @@ SaveOverridesMapping (
//
if ((VariableNeededSize +
OneItemNeededSize +
- sizeof (VARIABLE_HEADER) +
StrSize (L"PlatDriOver ")
) >= MaximumVariableSize
) {
--
1.9.5.msysgit.0

What to do:
1. Move TpmMeasurementLib LibraryClass from SecurityPkg to MdeModulePkg.
2. Implement a NULL TpmMeasurementLib library instance.

Why to do:
1. Share code.
We are moving forward to separate auth variable service from Auth Variable
driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
2. Remove code duplication and reduce maintenance effort.
After auth variable service separated from Auth Variable driver in SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg
will be almost same with Variable driver in MdeModulePkg. We are going to
merge them.
3. TpmMeasurementLib is consumed by Auth Variable driver in SecurityPkg now,
as Auth Variable driver in SecurityPkg will be merged to Variable driver in
MdeModulePkg, so the library class also needs to be moved to MdeModulePkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Include/Library/TpmMeasurementLib.h | 44 ++++++++++++++++++++
.../TpmMeasurementLibNull/TpmMeasurementLibNull.c | 45 +++++++++++++++++++++
.../TpmMeasurementLibNull.inf | 34 ++++++++++++++++
.../TpmMeasurementLibNull.uni | Bin 0 -> 1654 bytes
MdeModulePkg/MdeModulePkg.dec | 4 ++
MdeModulePkg/MdeModulePkg.dsc | 2 +
6 files changed, 129 insertions(+)
create mode 100644 MdeModulePkg/Include/Library/TpmMeasurementLib.h
create mode 100644 MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
create mode 100644 MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
create mode 100644 MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.uni

diff --git a/MdeModulePkg/Include/Library/TpmMeasurementLib.h b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
new file mode 100644
index 0000000..45542f4
--- /dev/null
+++ b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
@@ -0,0 +1,44 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2012, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TPM_MEASUREMENT_LIB_H_
+#define _TPM_MEASUREMENT_LIB_H_
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ );
+
+#endif
diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
new file mode 100644
index 0000000..16221e9
--- /dev/null
+++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
@@ -0,0 +1,45 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved. <BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
+{
+ //
+ // Do nothing, just return EFI_SUCCESS.
+ //
+ return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
new file mode 100644
index 0000000..fef783a
--- /dev/null
+++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
@@ -0,0 +1,34 @@
+## @file
+# Provides NULL TPM measurement function.
+#
+# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TpmMeasurementLibNull
+ FILE_GUID = 6DFD6E9F-9278-48D8-8F45-B6CFF2C2B69C
+ MODULE_TYPE = UEFI_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ MODULE_UNI_FILE = TpmMeasurementLibNull.uni
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF
+#
+
+[Sources]
+ TpmMeasurementLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.uni b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.uni
new file mode 100644
index 0000000000000000000000000000000000000000..71a2b1f392d8b13bf7afeeb6558a9065b8e4075b
GIT binary patch
literal 1654
zcmchXPjAye5XI+=#CNdL3!***@Nuj)KTK7aH^btt);|?oY0alPy2hj*iND#
zaX^)***@9xa(n>TM~egC^<Eem****@C5e3W|rC9ruNjHV3n_Dg)QwC`vm(M%Y_Z?oF}jZ
z?>EK;o)q6tVyAAE+Xnj#***@WE8NG!|48PQZDE$#wcR*g&*1bNey{DNy|OoU
z$~=PK2KIC2+EcJg-*kt4U~T-0sL`Z|s$TOJ=rl#AroFR{_3izUdJ{***@XV
z0+***@Q@0+&bBS-|d|USA#7l3nQofAY9JE@`***@r{|~j+t;veC^g*%5uxA
z6Hjf#S2mrPyan@;iO;ogtV<LzQ)E`@BPEucdA+Y=1M9Lr-{Vqqy>nWO`HIVawHX|Q
zC=OmP<yx~=)gyS;U8PR+nyKUb35oMBVh%a&>*BTC5;bzw&#1sFAV!-VUDY`oPU5Y*
z7wRdmt>O!(bd$XW=***@W^NF1uc$%***@YaeX_QgWj^***@0KJ#t68y2BtfR-8)
ztP%Y+WEMJohuq07^FA>pLalv7KZisN9CFM|eXMVTQMf{FFm~KptJ57$m-vMmyNrQd
z64iIiF0e<S3L|#e`>e!WHswr+RgALws87Ty`wzyic*I=yFZ`3mR}tFx3a3Vo(4t2-
zDQEZS-$ehhmg6o>^`2Bc<L{2w?+T<***@PMyMmGQlCo{oO5pRi=Y%uV9k}M)Q@*-0
o>Vz|}#Iym!|M$miRJHtD9qNJs6{tgcmGZ}GdE7dh=u)***@18S@P%m4rY

literal 0
HcmV?d00001

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 14e27a2..e87e89a 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -111,6 +111,10 @@ [LibraryClasses]
## @libraryclass Provides core boot manager functions
PlatformBootManagerLib|Include/Library/PlatformBootManagerLib.h

+ ## @libraryclass Provides common interfaces about TPM measurement for other modules.
+ #
+ TpmMeasurementLib|Include/Library/TpmMeasurementLib.h
+
[Guids]
## MdeModule package token space guid
# Include/Guid/MdeModulePkgTokenSpace.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index f718b3e..3b1ace9 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -95,6 +95,7 @@ [LibraryClasses]
S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
PlatformBootManagerLib|MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf

[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
@@ -273,6 +274,7 @@ [Components]
MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf
+ MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf

MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
--
1.9.5.msysgit.0

What to do:
1. Merge from VariablePei in SecurityPkg to VariablePei in MdeModulePkg.

Why to do:
1. Remove code duplication and reduce maintenance effort.
The code logic of VariablePei in SecurityPkg is same with VariablePei
in MdeModulePkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
.../Universal/Variable/Pei/PeiVariable.uni | Bin 2130 -> 2182 bytes
MdeModulePkg/Universal/Variable/Pei/Variable.c | 194 +++++++++++++++------
MdeModulePkg/Universal/Variable/Pei/Variable.h | 4 +-
.../Universal/Variable/Pei/VariablePei.inf | 9 +-
4 files changed, 153 insertions(+), 54 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/Pei/PeiVariable.uni b/MdeModulePkg/Universal/Variable/Pei/PeiVariable.uni
index 830143bb2986dea174a32c5b11b2642c9c920293..7c11eff3c1f34dd93025df9d11563621b9389759 100644
GIT binary patch
delta 98
zcmca4&?Y#+Y;pqIn#mg&MI=KQG8i%$iWw9bavAa&QW#1Zau`y9yv)h|Y<qz!To_F^
Ve`TD^ieDj*9)l7CF9R1C0{{~$7SI3y

delta 40
ycmV+@0N4M95z-KlHj^R&aFap^I+M-;5|Jd*li&d`0W`A_0+R)kY6iZOdI$_2Z4HqC

diff --git a/MdeModulePkg/Universal/Variable/Pei/Variable.c b/MdeModulePkg/Universal/Variable/Pei/Variable.c
index 97c86f2..8dc828c 100644
--- a/MdeModulePkg/Universal/Variable/Pei/Variable.c
+++ b/MdeModulePkg/Universal/Variable/Pei/Variable.c
@@ -1,9 +1,8 @@
/** @file
-
Implement ReadOnly Variable Services required by PEIM and install
PEI ReadOnly Varaiable2 PPI. These services operates the non volatile storage space.

-Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -114,27 +113,65 @@ IsValidVariableHeader (
return TRUE;
}

+/**
+ This code gets the size of variable header.
+
+ @param AuthFlag Authenticated variable flag.
+
+ @return Size of variable header in bytes in type UINTN.
+
+**/
+UINTN
+GetVariableHeaderSize (
+ IN BOOLEAN AuthFlag
+ )
+{
+ UINTN Value;
+
+ if (AuthFlag) {
+ Value = sizeof (AUTHENTICATED_VARIABLE_HEADER);
+ } else {
+ Value = sizeof (VARIABLE_HEADER);
+ }
+
+ return Value;
+}

/**
This code gets the size of name of variable.

@param Variable Pointer to the Variable Header.
+ @param AuthFlag Authenticated variable flag.

@return Size of variable in bytes in type UINTN.

**/
UINTN
NameSizeOfVariable (
- IN VARIABLE_HEADER *Variable
+ IN VARIABLE_HEADER *Variable,
+ IN BOOLEAN AuthFlag
)
{
- if (Variable->State == (UINT8) (-1) ||
- Variable->DataSize == (UINT32) (-1) ||
- Variable->NameSize == (UINT32) (-1) ||
- Variable->Attributes == (UINT32) (-1)) {
- return 0;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (AuthFlag) {
+ if (AuthVariable->State == (UINT8) (-1) ||
+ AuthVariable->DataSize == (UINT32) (-1) ||
+ AuthVariable->NameSize == (UINT32) (-1) ||
+ AuthVariable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) AuthVariable->NameSize;
+ } else {
+ if (Variable->State == (UINT8) (-1) ||
+ Variable->DataSize == (UINT32) (-1) ||
+ Variable->NameSize == (UINT32) (-1) ||
+ Variable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) Variable->NameSize;
}
- return (UINTN) Variable->NameSize;
}


@@ -142,46 +179,88 @@ NameSizeOfVariable (
This code gets the size of data of variable.

@param Variable Pointer to the Variable Header.
+ @param AuthFlag Authenticated variable flag.

@return Size of variable in bytes in type UINTN.

**/
UINTN
DataSizeOfVariable (
- IN VARIABLE_HEADER *Variable
+ IN VARIABLE_HEADER *Variable,
+ IN BOOLEAN AuthFlag
)
{
- if (Variable->State == (UINT8) (-1) ||
- Variable->DataSize == (UINT32) (-1) ||
- Variable->NameSize == (UINT32) (-1) ||
- Variable->Attributes == (UINT32) (-1)) {
- return 0;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (AuthFlag) {
+ if (AuthVariable->State == (UINT8) (-1) ||
+ AuthVariable->DataSize == (UINT32) (-1) ||
+ AuthVariable->NameSize == (UINT32) (-1) ||
+ AuthVariable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) AuthVariable->DataSize;
+ } else {
+ if (Variable->State == (UINT8) (-1) ||
+ Variable->DataSize == (UINT32) (-1) ||
+ Variable->NameSize == (UINT32) (-1) ||
+ Variable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) Variable->DataSize;
}
- return (UINTN) Variable->DataSize;
}

/**
This code gets the pointer to the variable name.

@param Variable Pointer to the Variable Header.
+ @param AuthFlag Authenticated variable flag.

@return A CHAR16* pointer to Variable Name.

**/
CHAR16 *
GetVariableNamePtr (
- IN VARIABLE_HEADER *Variable
+ IN VARIABLE_HEADER *Variable,
+ IN BOOLEAN AuthFlag
)
{
- return (CHAR16 *) (Variable + 1);
+ return (CHAR16 *) ((UINTN) Variable + GetVariableHeaderSize (AuthFlag));
}

+/**
+ This code gets the pointer to the variable guid.
+
+ @param Variable Pointer to the Variable Header.
+ @param AuthFlag Authenticated variable flag.
+
+ @return A EFI_GUID* pointer to Vendor Guid.
+
+**/
+EFI_GUID *
+GetVendorGuidPtr (
+ IN VARIABLE_HEADER *Variable,
+ IN BOOLEAN AuthFlag
+ )
+{
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (AuthFlag) {
+ return &AuthVariable->VendorGuid;
+ } else {
+ return &Variable->VendorGuid;
+ }
+}

/**
This code gets the pointer to the variable data.

@param Variable Pointer to the Variable Header.
@param VariableHeader Pointer to the Variable Header that has consecutive content.
+ @param AuthFlag Authenticated variable flag.

@return A UINT8* pointer to Variable Data.

@@ -189,7 +268,8 @@ GetVariableNamePtr (
UINT8 *
GetVariableDataPtr (
IN VARIABLE_HEADER *Variable,
- IN VARIABLE_HEADER *VariableHeader
+ IN VARIABLE_HEADER *VariableHeader,
+ IN BOOLEAN AuthFlag
)
{
UINTN Value;
@@ -197,9 +277,9 @@ GetVariableDataPtr (
//
// Be careful about pad size for alignment
//
- Value = (UINTN) GetVariableNamePtr (Variable);
- Value += NameSizeOfVariable (VariableHeader);
- Value += GET_PAD_SIZE (NameSizeOfVariable (VariableHeader));
+ Value = (UINTN) GetVariableNamePtr (Variable, AuthFlag);
+ Value += NameSizeOfVariable (VariableHeader, AuthFlag);
+ Value += GET_PAD_SIZE (NameSizeOfVariable (VariableHeader, AuthFlag));

return (UINT8 *) Value;
}
@@ -226,9 +306,9 @@ GetNextVariablePtr (
EFI_PHYSICAL_ADDRESS SpareAddress;
UINTN Value;

- Value = (UINTN) GetVariableDataPtr (Variable, VariableHeader);
- Value += DataSizeOfVariable (VariableHeader);
- Value += GET_PAD_SIZE (DataSizeOfVariable (VariableHeader));
+ Value = (UINTN) GetVariableDataPtr (Variable, VariableHeader, StoreInfo->AuthFlag);
+ Value += DataSizeOfVariable (VariableHeader, StoreInfo->AuthFlag);
+ Value += GET_PAD_SIZE (DataSizeOfVariable (VariableHeader, StoreInfo->AuthFlag));
//
// Be careful about pad size for alignment
//
@@ -263,7 +343,8 @@ GetVariableStoreStatus (
IN VARIABLE_STORE_HEADER *VarStoreHeader
)
{
- if (CompareGuid (&VarStoreHeader->Signature, &gEfiVariableGuid) &&
+ if ((CompareGuid (&VarStoreHeader->Signature, &gEfiAuthenticatedVariableGuid) ||
+ CompareGuid (&VarStoreHeader->Signature, &gEfiVariableGuid)) &&
VarStoreHeader->Format == VARIABLE_STORE_FORMATTED &&
VarStoreHeader->State == VARIABLE_STORE_HEALTHY
) {
@@ -383,7 +464,10 @@ CompareWithValidVariable (
OUT VARIABLE_POINTER_TRACK *PtrTrack
)
{
- VOID *Point;
+ VOID *Point;
+ EFI_GUID *TempVendorGuid;
+
+ TempVendorGuid = GetVendorGuidPtr (VariableHeader, StoreInfo->AuthFlag);

if (VariableName[0] == 0) {
PtrTrack->CurrPtr = Variable;
@@ -394,14 +478,14 @@ CompareWithValidVariable (
// Instead we compare the GUID a UINT32 at a time and branch
// on the first failed comparison.
//
- if ((((INT32 *) VendorGuid)[0] == ((INT32 *) &VariableHeader->VendorGuid)[0]) &&
- (((INT32 *) VendorGuid)[1] == ((INT32 *) &VariableHeader->VendorGuid)[1]) &&
- (((INT32 *) VendorGuid)[2] == ((INT32 *) &VariableHeader->VendorGuid)[2]) &&
- (((INT32 *) VendorGuid)[3] == ((INT32 *) &VariableHeader->VendorGuid)[3])
+ if ((((INT32 *) VendorGuid)[0] == ((INT32 *) TempVendorGuid)[0]) &&
+ (((INT32 *) VendorGuid)[1] == ((INT32 *) TempVendorGuid)[1]) &&
+ (((INT32 *) VendorGuid)[2] == ((INT32 *) TempVendorGuid)[2]) &&
+ (((INT32 *) VendorGuid)[3] == ((INT32 *) TempVendorGuid)[3])
) {
- ASSERT (NameSizeOfVariable (VariableHeader) != 0);
- Point = (VOID *) GetVariableNamePtr (Variable);
- if (CompareVariableName (StoreInfo, VariableName, Point, NameSizeOfVariable (VariableHeader))) {
+ ASSERT (NameSizeOfVariable (VariableHeader, StoreInfo->AuthFlag) != 0);
+ Point = (VOID *) GetVariableNamePtr (Variable, StoreInfo->AuthFlag);
+ if (CompareVariableName (StoreInfo, VariableName, Point, NameSizeOfVariable (VariableHeader, StoreInfo->AuthFlag))) {
PtrTrack->CurrPtr = Variable;
return EFI_SUCCESS;
}
@@ -435,12 +519,20 @@ GetVariableStore (

StoreInfo->IndexTable = NULL;
StoreInfo->FtwLastWriteData = NULL;
+ StoreInfo->AuthFlag = FALSE;
VariableStoreHeader = NULL;
switch (Type) {
case VariableStoreTypeHob:
- GuidHob = GetFirstGuidHob (&gEfiVariableGuid);
+ GuidHob = GetFirstGuidHob (&gEfiAuthenticatedVariableGuid);
if (GuidHob != NULL) {
VariableStoreHeader = (VARIABLE_STORE_HEADER *) GET_GUID_HOB_DATA (GuidHob);
+ StoreInfo->AuthFlag = TRUE;
+ } else {
+ GuidHob = GetFirstGuidHob (&gEfiVariableGuid);
+ if (GuidHob != NULL) {
+ VariableStoreHeader = (VARIABLE_STORE_HEADER *) GET_GUID_HOB_DATA (GuidHob);
+ StoreInfo->AuthFlag = FALSE;
+ }
}
break;

@@ -496,6 +588,8 @@ GetVariableStore (

VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINT8 *) FvHeader + FvHeader->HeaderLength);

+ StoreInfo->AuthFlag = (BOOLEAN) (CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid));
+
GuidHob = GetFirstGuidHob (&gEfiVariableIndexTableGuid);
if (GuidHob != NULL) {
StoreInfo->IndexTable = GET_GUID_HOB_DATA (GuidHob);
@@ -551,9 +645,9 @@ GetVariableHeader (
return FALSE;
}

- //
- // First assume variable header pointed by Variable is consecutive.
- //
+ //
+ // First assume variable header pointed by Variable is consecutive.
+ //
*VariableHeader = Variable;

if (StoreInfo->FtwLastWriteData != NULL) {
@@ -566,7 +660,7 @@ GetVariableHeader (
//
return FALSE;
}
- if (((UINTN) Variable < (UINTN) TargetAddress) && (((UINTN) Variable + sizeof (VARIABLE_HEADER)) > (UINTN) TargetAddress)) {
+ if (((UINTN) Variable < (UINTN) TargetAddress) && (((UINTN) Variable + GetVariableHeaderSize (StoreInfo->AuthFlag)) > (UINTN) TargetAddress)) {
//
// Variable header pointed by Variable is inconsecutive,
// create a guid hob to combine the two partial variable header content together.
@@ -575,7 +669,7 @@ GetVariableHeader (
if (GuidHob != NULL) {
*VariableHeader = (VARIABLE_HEADER *) GET_GUID_HOB_DATA (GuidHob);
} else {
- *VariableHeader = (VARIABLE_HEADER *) BuildGuidHob (&gEfiCallerIdGuid, sizeof (VARIABLE_HEADER));
+ *VariableHeader = (VARIABLE_HEADER *) BuildGuidHob (&gEfiCallerIdGuid, GetVariableHeaderSize (StoreInfo->AuthFlag));
PartialHeaderSize = (UINTN) TargetAddress - (UINTN) Variable;
//
// Partial content is in NV storage.
@@ -584,7 +678,7 @@ GetVariableHeader (
//
// Another partial content is in spare block.
//
- CopyMem ((UINT8 *) *VariableHeader + PartialHeaderSize, (UINT8 *) (UINTN) SpareAddress, sizeof (VARIABLE_HEADER) - PartialHeaderSize);
+ CopyMem ((UINT8 *) *VariableHeader + PartialHeaderSize, (UINT8 *) (UINTN) SpareAddress, GetVariableHeaderSize (StoreInfo->AuthFlag) - PartialHeaderSize);
}
}
} else {
@@ -898,13 +992,13 @@ PeiGetVariable (
//
// Get data size
//
- VarDataSize = DataSizeOfVariable (VariableHeader);
+ VarDataSize = DataSizeOfVariable (VariableHeader, StoreInfo.AuthFlag);
if (*DataSize >= VarDataSize) {
if (Data == NULL) {
return EFI_INVALID_PARAMETER;
}

- GetVariableNameOrData (&StoreInfo, GetVariableDataPtr (Variable.CurrPtr, VariableHeader), VarDataSize, Data);
+ GetVariableNameOrData (&StoreInfo, GetVariableDataPtr (Variable.CurrPtr, VariableHeader, StoreInfo.AuthFlag), VarDataSize, Data);

if (Attributes != NULL) {
*Attributes = VariableHeader->Attributes;
@@ -1035,8 +1129,8 @@ PeiGetNextVariableName (
//
Status = FindVariableEx (
&StoreInfo,
- GetVariableNamePtr (Variable.CurrPtr),
- &VariableHeader->VendorGuid,
+ GetVariableNamePtr (Variable.CurrPtr, StoreInfo.AuthFlag),
+ GetVendorGuidPtr (VariableHeader, StoreInfo.AuthFlag),
&VariablePtrTrack
);
if (!EFI_ERROR (Status) && VariablePtrTrack.CurrPtr != Variable.CurrPtr) {
@@ -1053,8 +1147,8 @@ PeiGetNextVariableName (
) {
Status = FindVariableEx (
&StoreInfoForHob,
- GetVariableNamePtr (Variable.CurrPtr),
- &VariableHeader->VendorGuid,
+ GetVariableNamePtr (Variable.CurrPtr, StoreInfo.AuthFlag),
+ GetVendorGuidPtr (VariableHeader, StoreInfo.AuthFlag),
&VariableInHob
);
if (!EFI_ERROR (Status)) {
@@ -1063,13 +1157,13 @@ PeiGetNextVariableName (
}
}

- VarNameSize = NameSizeOfVariable (VariableHeader);
+ VarNameSize = NameSizeOfVariable (VariableHeader, StoreInfo.AuthFlag);
ASSERT (VarNameSize != 0);

if (VarNameSize <= *VariableNameSize) {
- GetVariableNameOrData (&StoreInfo, (UINT8 *) GetVariableNamePtr (Variable.CurrPtr), VarNameSize, (UINT8 *) VariableName);
+ GetVariableNameOrData (&StoreInfo, (UINT8 *) GetVariableNamePtr (Variable.CurrPtr, StoreInfo.AuthFlag), VarNameSize, (UINT8 *) VariableName);

- CopyMem (VariableGuid, &VariableHeader->VendorGuid, sizeof (EFI_GUID));
+ CopyMem (VariableGuid, GetVendorGuidPtr (VariableHeader, StoreInfo.AuthFlag), sizeof (EFI_GUID));

Status = EFI_SUCCESS;
} else {
diff --git a/MdeModulePkg/Universal/Variable/Pei/Variable.h b/MdeModulePkg/Universal/Variable/Pei/Variable.h
index 55277b0..a37444b 100644
--- a/MdeModulePkg/Universal/Variable/Pei/Variable.h
+++ b/MdeModulePkg/Universal/Variable/Pei/Variable.h
@@ -1,9 +1,8 @@
/** @file
-
The internal header file includes the common header files, defines
internal structure and functions used by PeiVariable module.

-Copyright (c) 2006 - 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -48,6 +47,7 @@ typedef struct {
// in spare block.
//
FAULT_TOLERANT_WRITE_LAST_WRITE_DATA *FtwLastWriteData;
+ BOOLEAN AuthFlag;
} VARIABLE_STORE_INFO;

//
diff --git a/MdeModulePkg/Universal/Variable/Pei/VariablePei.inf b/MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
index 6404562..72a440d 100644
--- a/MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
+++ b/MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
@@ -1,7 +1,9 @@
## @file
-# Implement ReadOnly Variable Services required by PEIM and install PEI ReadOnly Varaiable2 PPI.
+# Implements ReadOnly Variable Services required by PEIM and installs PEI ReadOnly Varaiable2 PPI.
#
-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+# This module implements ReadOnly Variable Services required by PEIM and installs PEI ReadOnly Varaiable2 PPI.
+#
+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -47,6 +49,9 @@ [LibraryClasses]
[Guids]
## CONSUMES ## GUID # Variable store header
## SOMETIMES_CONSUMES ## HOB
+ gEfiAuthenticatedVariableGuid
+ ## SOMETIMES_CONSUMES ## GUID # Variable store header
+ ## SOMETIMES_CONSUMES ## HOB
gEfiVariableGuid
## SOMETIMES_PRODUCES ## HOB
## SOMETIMES_CONSUMES ## HOB
--
1.9.5.msysgit.0

What to do:
1. Move authenticated variable definition from AuthenticatedVariableFormat.h
to VariableFormat.h with gEfiAuthenticatedVariableGuid and
AUTHENTICATED_VARIABLE_HEADER.

Why to do:
1. Share code.
We are moving forward to separate auth variable service from Auth Variable
driver in SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.
2. Remove code duplication and reduce maintenance effort.
After auth variable service separated from Auth Variable driver in SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg
will be almost same with Variable driver in MdeModulePkg. We are going to
merge them.
3. gEfiAuthenticatedVariableGuid will be used by both merged Variable driver
and AuthVariableLib, AUTHENTICATED_VARIABLE_HEADER will be used by
merged Variable driver.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Include/Guid/VariableFormat.h | 50 +++++++++++++++++++++++++++++-
MdeModulePkg/MdeModulePkg.dec | 4 +++
2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/MdeModulePkg/Include/Guid/VariableFormat.h b/MdeModulePkg/Include/Guid/VariableFormat.h
index a7902f1..c52eaf3 100644
--- a/MdeModulePkg/Include/Guid/VariableFormat.h
+++ b/MdeModulePkg/Include/Guid/VariableFormat.h
@@ -2,7 +2,7 @@
The variable data structures are related to EDK II-specific implementation of UEFI variables.
VariableFormat.h defines variable data headers and variable storage region headers.

-Copyright (c) 2006 - 2011, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials are licensed and made available under
the terms and conditions of the BSD License that accompanies this distribution.
The full text of the license may be found at
@@ -19,7 +19,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#define EFI_VARIABLE_GUID \
{ 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d } }

+#define EFI_AUTHENTICATED_VARIABLE_GUID \
+ { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+
extern EFI_GUID gEfiVariableGuid;
+extern EFI_GUID gEfiAuthenticatedVariableGuid;

///
/// Alignment of variable name and data, according to the architecture:
@@ -60,6 +64,7 @@ typedef enum {
#pragma pack(1)

#define VARIABLE_STORE_SIGNATURE EFI_VARIABLE_GUID
+#define AUTHENTICATED_VARIABLE_STORE_SIGNATURE EFI_AUTHENTICATED_VARIABLE_GUID

///
/// Variable Store Header Format and State.
@@ -136,6 +141,49 @@ typedef struct {
EFI_GUID VendorGuid;
} VARIABLE_HEADER;

+///
+/// Single Authenticated Variable Data Header Structure.
+///
+typedef struct {
+ ///
+ /// Variable Data Start Flag.
+ ///
+ UINT16 StartId;
+ ///
+ /// Variable State defined above.
+ ///
+ UINT8 State;
+ UINT8 Reserved;
+ ///
+ /// Attributes of variable defined in UEFI specification.
+ ///
+ UINT32 Attributes;
+ ///
+ /// Associated monotonic count value against replay attack.
+ ///
+ UINT64 MonotonicCount;
+ ///
+ /// Associated TimeStamp value against replay attack.
+ ///
+ EFI_TIME TimeStamp;
+ ///
+ /// Index of associated public key in database.
+ ///
+ UINT32 PubKeyIndex;
+ ///
+ /// Size of variable null-terminated Unicode string name.
+ ///
+ UINT32 NameSize;
+ ///
+ /// Size of the variable data without this header.
+ ///
+ UINT32 DataSize;
+ ///
+ /// A unique identifier for the vendor that produces and consumes this varaible.
+ ///
+ EFI_GUID VendorGuid;
+} AUTHENTICATED_VARIABLE_HEADER;
+
#pragma pack()

typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index e87e89a..12b77a6 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -172,6 +172,10 @@ [Guids]
# Include/Guid/VariableFormat.h
gEfiVariableGuid = { 0xddcf3616, 0x3275, 0x4164, { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}

+ ## Guid acted as the authenticated variable store header's signature, and to specify the variable list entries put in the EFI system table.
+ # Include/Guid/AuthenticatedVariableFormat.h
+ gEfiAuthenticatedVariableGuid = { 0xaaf32c78, 0x947b, 0x439a, { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 } }
+
# Include/Guid/VariableIndexTable.h
gEfiVariableIndexTableGuid = { 0x8cfdb8c8, 0xd6b2, 0x40f3, { 0x8e, 0x97, 0x02, 0x30, 0x7c, 0xc9, 0x8b, 0x7c }}

--
1.9.5.msysgit.0

What to do:
1. Merge VariableInfo in SecurityPkg to VariableInfo in MdeModulePkg.

Why to do:
1. Remove code duplication and reduce maintenance effort.
The functionality of VariableInfo in SecurityPkg has covered VariableInfo
in MdeModulePkg.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
.../Application/VariableInfo/VariableInfo.c | 209 ++++++++++++++++++---
.../Application/VariableInfo/VariableInfo.inf | 25 ++-
.../Application/VariableInfo/VariableInfo.uni | Bin 2430 -> 2904 bytes
3 files changed, 205 insertions(+), 29 deletions(-)

diff --git a/MdeModulePkg/Application/VariableInfo/VariableInfo.c b/MdeModulePkg/Application/VariableInfo/VariableInfo.c
index 50b67d0..727e1ce 100644
--- a/MdeModulePkg/Application/VariableInfo/VariableInfo.c
+++ b/MdeModulePkg/Application/VariableInfo/VariableInfo.c
@@ -1,35 +1,190 @@
/** @file
- If the Variable services have PcdVariableCollectStatistics set to TRUE then
- the EFI system table will contain statistical information about variable usage
- an this utility will print out the information. You can use console redirection
- to capture the data.
-
- Copyright (c) 2006 - 2007, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+ If the Variable services have PcdVariableCollectStatistics set to TRUE then
+ this utility will print out the statistics information. You can use console
+ redirection to capture the data.
+
+ Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

#include <Uefi.h>
#include <Library/UefiLib.h>
#include <Library/UefiApplicationEntryPoint.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
#include <Guid/VariableFormat.h>
+#include <Guid/SmmVariableCommon.h>
+#include <Protocol/SmmCommunication.h>
+#include <Protocol/SmmVariable.h>
+
+EFI_SMM_COMMUNICATION_PROTOCOL *mSmmCommunication = NULL;
+
+/**
+ This function get the variable statistics data from SMM variable driver.
+
+ @param[in, out] SmmCommunicateHeader In input, a pointer to a collection of data that will
+ be passed into an SMM environment. In output, a pointer
+ to a collection of data that comes from an SMM environment.
+ @param[in, out] SmmCommunicateSize The size of the SmmCommunicateHeader.
+
+ @retval EFI_SUCCESS Get the statistics data information.
+ @retval EFI_NOT_FOUND Not found.
+ @retval EFI_BUFFER_TO_SMALL DataSize is too small for the result.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariableStatisticsData (
+ IN OUT EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader,
+ IN OUT UINTN *SmmCommunicateSize
+ )
+{
+ EFI_STATUS Status;
+ SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
+
+ CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGuid);
+ SmmCommunicateHeader->MessageLength = *SmmCommunicateSize - OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data);
+
+ SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) &SmmCommunicateHeader->Data[0];
+ SmmVariableFunctionHeader->Function = SMM_VARIABLE_FUNCTION_GET_STATISTICS;

+ Status = mSmmCommunication->Communicate (mSmmCommunication, SmmCommunicateHeader, SmmCommunicateSize);
+ ASSERT_EFI_ERROR (Status);
+
+ Status = SmmVariableFunctionHeader->ReturnStatus;
+ return Status;
+}
+
+/**
+
+ This function get and print the variable statistics data from SMM variable driver.
+
+ @retval EFI_SUCCESS Print the statistics information successfully.
+ @retval EFI_NOT_FOUND Not found the statistics information.
+
+**/
+EFI_STATUS
+PrintInfoFromSmm (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_INFO_ENTRY *VariableInfo;
+ EFI_SMM_COMMUNICATE_HEADER *CommBuffer;
+ UINTN RealCommSize;
+ UINTN CommSize;
+ SMM_VARIABLE_COMMUNICATE_HEADER *FunctionHeader;
+ EFI_SMM_VARIABLE_PROTOCOL *Smmvariable;
+
+ Status = gBS->LocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **) &Smmvariable);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = gBS->LocateProtocol (&gEfiSmmCommunicationProtocolGuid, NULL, (VOID **) &mSmmCommunication);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ CommSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE;
+ RealCommSize = CommSize;
+ CommBuffer = AllocateZeroPool (CommSize);
+ ASSERT (CommBuffer != NULL);
+
+ Print (L"Non-Volatile SMM Variables:\n");
+ do {
+ Status = GetVariableStatisticsData (CommBuffer, &CommSize);
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (CommBuffer);
+ CommBuffer = AllocateZeroPool (CommSize);
+ ASSERT (CommBuffer != NULL);
+ RealCommSize = CommSize;
+ Status = GetVariableStatisticsData (CommBuffer, &CommSize);
+ }
+
+ if (EFI_ERROR (Status) || (CommSize <= SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE)) {
+ break;
+ }
+
+ if (CommSize < RealCommSize) {
+ CommSize = RealCommSize;
+ }
+
+ FunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) CommBuffer->Data;
+ VariableInfo = (VARIABLE_INFO_ENTRY *) FunctionHeader->Data;
+
+ if (!VariableInfo->Volatile) {
+ Print (
+ L"%g R%03d(%03d) W%03d D%03d:%s\n",
+ &VariableInfo->VendorGuid,
+ VariableInfo->ReadCount,
+ VariableInfo->CacheCount,
+ VariableInfo->WriteCount,
+ VariableInfo->DeleteCount,
+ (CHAR16 *)(VariableInfo + 1)
+ );
+ }
+ } while (TRUE);
+
+ Print (L"Volatile SMM Variables:\n");
+ ZeroMem (CommBuffer, CommSize);
+ do {
+ Status = GetVariableStatisticsData (CommBuffer, &CommSize);
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (CommBuffer);
+ CommBuffer = AllocateZeroPool (CommSize);
+ ASSERT (CommBuffer != NULL);
+ RealCommSize = CommSize;
+ Status = GetVariableStatisticsData (CommBuffer, &CommSize);
+ }
+
+ if (EFI_ERROR (Status) || (CommSize <= SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE)) {
+ break;
+ }
+
+ if (CommSize < RealCommSize) {
+ CommSize = RealCommSize;
+ }
+
+ FunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) CommBuffer->Data;
+ VariableInfo = (VARIABLE_INFO_ENTRY *) FunctionHeader->Data;
+
+ if (VariableInfo->Volatile) {
+ Print (
+ L"%g R%03d(%03d) W%03d D%03d:%s\n",
+ &VariableInfo->VendorGuid,
+ VariableInfo->ReadCount,
+ VariableInfo->CacheCount,
+ VariableInfo->WriteCount,
+ VariableInfo->DeleteCount,
+ (CHAR16 *)(VariableInfo + 1)
+ );
+ }
+ } while (TRUE);
+
+ FreePool (CommBuffer);
+ return Status;
+}

/**
The user Entry Point for Application. The user code starts with this function
- as the real entry point for the image goes into a library that calls this
+ as the real entry point for the image goes into a library that calls this
function.

-
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
@param[in] SystemTable A pointer to the EFI System Table.
-
+
@retval EFI_SUCCESS The entry point is executed successfully.
@retval other Some error occurs when executing this entry point.

@@ -46,14 +201,25 @@ UefiMain (
VARIABLE_INFO_ENTRY *Entry;

Status = EfiGetSystemConfigurationTable (&gEfiVariableGuid, (VOID **)&Entry);
+ if (EFI_ERROR (Status) || (Entry == NULL)) {
+ Status = EfiGetSystemConfigurationTable (&gEfiAuthenticatedVariableGuid, (VOID **)&Entry);
+ }
+
+ if (EFI_ERROR (Status) || (Entry == NULL)) {
+ Status = PrintInfoFromSmm ();
+ if (!EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+
if (!EFI_ERROR (Status) && (Entry != NULL)) {
Print (L"Non-Volatile EFI Variables:\n");
VariableInfo = Entry;
do {
if (!VariableInfo->Volatile) {
Print (
- L"%g R%03d(%03d) W%03d D%03d:%s\n",
- &VariableInfo->VendorGuid,
+ L"%g R%03d(%03d) W%03d D%03d:%s\n",
+ &VariableInfo->VendorGuid,
VariableInfo->ReadCount,
VariableInfo->CacheCount,
VariableInfo->WriteCount,
@@ -70,8 +236,8 @@ UefiMain (
do {
if (VariableInfo->Volatile) {
Print (
- L"%g R%03d(%03d) W%03d D%03d:%s\n",
- &VariableInfo->VendorGuid,
+ L"%g R%03d(%03d) W%03d D%03d:%s\n",
+ &VariableInfo->VendorGuid,
VariableInfo->ReadCount,
VariableInfo->CacheCount,
VariableInfo->WriteCount,
@@ -88,7 +254,6 @@ UefiMain (
Print (L" 1. Set PcdVariableCollectStatistics as TRUE\n");
Print (L" 2. Rebuild Variable Dxe driver\n");
Print (L" 3. Run \"VariableInfo\" cmd again\n");
-
}

return Status;
diff --git a/MdeModulePkg/Application/VariableInfo/VariableInfo.inf b/MdeModulePkg/Application/VariableInfo/VariableInfo.inf
index 4d9dc71..9074b52 100644
--- a/MdeModulePkg/Application/VariableInfo/VariableInfo.inf
+++ b/MdeModulePkg/Application/VariableInfo/VariableInfo.inf
@@ -1,9 +1,12 @@
## @file
-# This is a shell application that will display statistical information about variable usage.
+# A shell application that displays statistical information about variable usage.
+#
+# This application can display statistical information about variable usage for SMM variable
+# driver and non-SMM variable driver.
# Note that if Variable Dxe driver doesn't enable the feature by setting PcdVariableCollectStatistics
-# as TRUE, The application will not display variable statistical information.
+# as TRUE, the application will not display variable statistical information.
#
-# Copyright (c) 2007 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at
@@ -20,7 +23,6 @@ [Defines]
FILE_GUID = 202A2922-8C27-4943-9855-26180BF9F113
MODULE_TYPE = UEFI_APPLICATION
VERSION_STRING = 1.0
-
ENTRY_POINT = UefiMain

#
@@ -32,18 +34,27 @@ [Defines]
[Sources]
VariableInfo.c

-
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec

-
[LibraryClasses]
UefiApplicationEntryPoint
UefiLib
+ UefiBootServicesTableLib
+ BaseMemoryLib
+ MemoryAllocationLib
+
+[Protocols]
+ gEfiSmmCommunicationProtocolGuid ## SOMETIMES_CONSUMES

+ ## UNDEFINED # Used to do smm communication
+ ## SOMETIMES_CONSUMES
+ gEfiSmmVariableProtocolGuid
+
[Guids]
- gEfiVariableGuid ## CONSUMES ## SystemTable
+ gEfiAuthenticatedVariableGuid ## SOMETIMES_CONSUMES ## SystemTable
+ gEfiVariableGuid ## CONSUMES ## SystemTable

[UserExtensions.TianoCore."ExtraFiles"]
VariableInfoExtra.uni
diff --git a/MdeModulePkg/Application/VariableInfo/VariableInfo.uni b/MdeModulePkg/Application/VariableInfo/VariableInfo.uni
index ea839d5c0bb7161d3d2f6495f575e97139e934e8..b8e6fd406f0263b6633ade51be96d4065dc58f68 100644
GIT binary patch
delta 311
zcmew-bVF={3ZvshQ$zj~hD?THh608hhD3%+hT_SNoQ4zE*|CQ(WPl_lI!d!917-3i
z=4SgVFr+c$GZZl>Fa$IB0-*v!8BnSSs4kHq31~nn11|#?gFX-{Fr<LR%Yb4a^*{rF
zA__n<ABc4!`X}piit-|>)0_D4En~^#j~vaDgP5EcO*c<v@@K*0O0CJW*lV!4lpoEd
WAe)qtZ6e-9FAXQVaI68lsuuwLHc1=+

delta 136
zcmca1_D^VnieLys216!***@pk>Oq_h1-H^Q;$jf2KnfN<<;sKG#j~E}Zg4Cr>G?bqF
riYsNZ2eT8S$>wfme-?uJne`ZyCdaeuPhQ6112jl)vK-eMWW(|RyA3E-

--
1.9.5.msysgit.0

What to do:
1. Add AuthVariableLib LibraryClass definitions.
2. Implement a NULL AuthVariableLib library instance.
3. Add VARIABLE_ENTRY_PROPERTY definition to VarCheck.h.
4. Add VARIABLE_ENTRY_CONSISTENCY and variable attribute
combinations definitions to VariableFormat.h.

Why to do:
1. Share code.
1.1. Separate auth variable service from Auth Variable driver in
SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.

1.2 The VARIABLE_ENTRY_PROPERTY definition to VarCheck.h,
VARIABLE_ENTRY_CONSISTENCY and variable attribute
combinations definitions to VariableFormat.h will be shared
by merged Variable driver and AuthVariableLib.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Include/Guid/VariableFormat.h | 18 ++
MdeModulePkg/Include/Library/AuthVariableLib.h | 261 +++++++++++++++++++++
MdeModulePkg/Include/Protocol/VarCheck.h | 6 +
.../AuthVariableLibNull/AuthVariableLibNull.c | 78 ++++++
.../AuthVariableLibNull/AuthVariableLibNull.inf | 40 ++++
.../AuthVariableLibNull/AuthVariableLibNull.uni | Bin 0 -> 1710 bytes
MdeModulePkg/MdeModulePkg.dec | 4 +
MdeModulePkg/MdeModulePkg.dsc | 2 +
.../Universal/Variable/RuntimeDxe/Variable.h | 10 -
9 files changed, 409 insertions(+), 10 deletions(-)
create mode 100644 MdeModulePkg/Include/Library/AuthVariableLib.h
create mode 100644 MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c
create mode 100644 MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
create mode 100644 MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.uni

diff --git a/MdeModulePkg/Include/Guid/VariableFormat.h b/MdeModulePkg/Include/Guid/VariableFormat.h
index c52eaf3..3b60fac 100644
--- a/MdeModulePkg/Include/Guid/VariableFormat.h
+++ b/MdeModulePkg/Include/Guid/VariableFormat.h
@@ -111,6 +111,18 @@ typedef struct {
#define VAR_ADDED 0x3f ///< Variable has been completely added.

///
+/// Variable Attribute combinations.
+///
+#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
+#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
+#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)
+
+///
/// Single Variable Data Header Structure.
///
typedef struct {
@@ -184,6 +196,12 @@ typedef struct {
EFI_GUID VendorGuid;
} AUTHENTICATED_VARIABLE_HEADER;

+typedef struct {
+ EFI_GUID *Guid;
+ CHAR16 *Name;
+ UINTN VariableSize;
+} VARIABLE_ENTRY_CONSISTENCY;
+
#pragma pack()

typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;
diff --git a/MdeModulePkg/Include/Library/AuthVariableLib.h b/MdeModulePkg/Include/Library/AuthVariableLib.h
new file mode 100644
index 0000000..66bc424
--- /dev/null
+++ b/MdeModulePkg/Include/Library/AuthVariableLib.h
@@ -0,0 +1,261 @@
+/** @file
+ Provides services to initialize and process authenticated variables.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _AUTH_VARIABLE_LIB_H_
+#define _AUTH_VARIABLE_LIB_H_
+
+#include <Protocol/VarCheck.h>
+
+///
+/// Size of AuthInfo prior to the data payload.
+///
+#define AUTHINFO_SIZE ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION, AuthInfo)) + \
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) + \
+ sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256))
+
+#define AUTHINFO2_SIZE(VarAuth2) ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
+ (UINTN) ((EFI_VARIABLE_AUTHENTICATION_2 *) (VarAuth2))->AuthInfo.Hdr.dwLength)
+
+#define OFFSET_OF_AUTHINFO2_CERT_DATA ((OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) + \
+ (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)))
+
+typedef struct {
+ CHAR16 *VariableName;
+ EFI_GUID *VendorGuid;
+ UINT32 Attributes;
+ UINTN DataSize;
+ VOID *Data;
+ UINT32 PubKeyIndex;
+ UINT64 MonotonicCount;
+ EFI_TIME *TimeStamp;
+} AUTH_VARIABLE_INFO;
+
+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the variable found.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_FIND_VARIABLE) (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Finds next variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds next variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the next variable.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_FIND_NEXT_VARIABLE) (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for
+ input of the variable.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_UPDATE_VARIABLE) (
+ IN AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Get scratch buffer.
+
+ @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than
+ the maximum supported buffer size, this value contains
+ the maximum supported buffer size as output.
+ @param[out] ScratchBuffer Pointer to scratch buffer address.
+
+ @retval EFI_SUCCESS Get scratch buffer successfully.
+ @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *AUTH_VAR_LIB_GET_SCRATCH_BUFFER) (
+ IN OUT UINTN *ScratchBufferSize,
+ OUT VOID **ScratchBuffer
+ );
+
+/**
+ This function is to check if the remaining variable space is enough to set
+ all Variables from argument list successfully. The purpose of the check
+ is to keep the consistency of the Variables to be in variable storage.
+
+ Note: Variables are assumed to be in same storage.
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
+ so follow the argument sequence to check the Variables.
+
+ @param[in] Attributes Variable attributes for Variable entries.
+ @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
+ It will be changed to variable total size as output.
+
+ @retval TRUE Have enough variable space to set the Variables successfully.
+ @retval FALSE No enough variable space to set the Variables successfully.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *AUTH_VAR_LIB_CHECK_REMAINING_SPACE) (
+ IN UINT32 Attributes,
+ ...
+ );
+
+/**
+ Return TRUE if at OS runtime.
+
+ @retval TRUE If at OS runtime.
+ @retval FALSE If at boot time.
+
+**/
+typedef
+BOOLEAN
+(EFIAPI *AUTH_VAR_LIB_AT_RUNTIME) (
+ VOID
+ );
+
+#define AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION 0x01
+
+typedef struct {
+ UINTN StructVersion;
+ UINTN StructSize;
+ //
+ // Reflect the overhead associated with the saving
+ // of a single EFI authenticated variable with the exception
+ // of the overhead associated with the length
+ // of the string name of the EFI variable.
+ //
+ UINTN MaxAuthVariableSize;
+ AUTH_VAR_LIB_FIND_VARIABLE FindVariable;
+ AUTH_VAR_LIB_FIND_NEXT_VARIABLE FindNextVariable;
+ AUTH_VAR_LIB_UPDATE_VARIABLE UpdateVariable;
+ AUTH_VAR_LIB_GET_SCRATCH_BUFFER GetScratchBuffer;
+ AUTH_VAR_LIB_CHECK_REMAINING_SPACE CheckRemainingSpaceForConsistency;
+ AUTH_VAR_LIB_AT_RUNTIME AtRuntime;
+} AUTH_VAR_LIB_CONTEXT_IN;
+
+#define AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION 0x01
+
+typedef struct {
+ UINTN StructVersion;
+ UINTN StructSize;
+ //
+ // Caller needs to set variable property for the variables.
+ //
+ VARIABLE_ENTRY_PROPERTY *AuthVarEntry;
+ UINTN AuthVarEntryCount;
+ //
+ // Caller needs to ConvertPointer() for the pointers.
+ //
+ VOID **AddressPointer;
+ UINTN AddressPointerCount;
+} AUTH_VAR_LIB_CONTEXT_OUT;
+
+/**
+ Initialization for authenticated varibale services.
+ If this initialization returns error status, other APIs will not work
+ and expect to be not called then.
+
+ @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.
+ @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.
+
+ @retval EFI_SUCCESS Function successfully executed.
+ @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibInitialize (
+ IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,
+ OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
+ );
+
+/**
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+
+ @param[in] VariableName Name of the variable.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
+ defined by the Attributes.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
+ set, but the AuthInfo does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibProcessVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ );
+
+#endif
diff --git a/MdeModulePkg/Include/Protocol/VarCheck.h b/MdeModulePkg/Include/Protocol/VarCheck.h
index 1a79216..3525989 100644
--- a/MdeModulePkg/Include/Protocol/VarCheck.h
+++ b/MdeModulePkg/Include/Protocol/VarCheck.h
@@ -63,6 +63,12 @@ typedef struct {
UINTN MaxSize;
} VAR_CHECK_VARIABLE_PROPERTY;

+typedef struct {
+ EFI_GUID *Guid;
+ CHAR16 *Name;
+ VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
+} VARIABLE_ENTRY_PROPERTY;
+
/**
Variable property set.
Variable driver will do check according to the VariableProperty before
diff --git a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c
new file mode 100644
index 0000000..054131f
--- /dev/null
+++ b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.c
@@ -0,0 +1,78 @@
+/** @file
+ Implements NULL authenticated variable services.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/AuthVariableLib.h>
+#include <Library/DebugLib.h>
+
+/**
+ Initialization for authenticated varibale services.
+ If this initialization returns error status, other APIs will not work
+ and expect to be not called then.
+
+ @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.
+ @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.
+
+ @retval EFI_SUCCESS Function successfully executed.
+ @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibInitialize (
+ IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,
+ OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
+ )
+{
+ //
+ // Do nothing, just return EFI_UNSUPPORTED.
+ //
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+
+ @param[in] VariableName Name of the variable.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
+ defined by the Attributes.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
+ set, but the AuthInfo does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibProcessVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ )
+{
+ ASSERT (FALSE);
+ return EFI_UNSUPPORTED;
+}
diff --git a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
new file mode 100644
index 0000000..e153f63
--- /dev/null
+++ b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides NULL authenticated variable services.
+#
+# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions
+# of the BSD License which accompanies this distribution. The
+# full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = AuthVariableLibNull
+ MODULE_UNI_FILE = AuthVariableLibNull.uni
+ FILE_GUID = 435CB0E4-7C9A-4BB7-9907-8FD4643E978A
+ MODULE_TYPE = DXE_RUNTIME_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ AuthVariableLibNull.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DebugLib
diff --git a/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.uni b/MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.uni
new file mode 100644
index 0000000000000000000000000000000000000000..02237fffe27cc038184ece447a04ff4e0a0ac421
GIT binary patch
literal 1710
zcmc(fTW`}q5QXO%iT_}wFMwJHD)E94A|VDWN)zRx!c&!7TT3C1oTQLHPx;PlZPQRB
zUQlJ(yE{93=FFK{-~4P^(<0tyJdwS%3(IU_b9-!$uxhVoh2?gQeTIFF<<v%Y!V}rp
zwzjb=>`TVXrdT$tX6#)vFR+bm;)oGv=U9X^b)>k8@=(#<k=e?2&hwHyHt>D|yQhrD
z_S|0BOFLwqdVX{Ah)ib+PU)*`GiFPR*=eya4`m(Dq*md%hRmf*Y_F|teS33H_Cq*i
zuJMX<IVg(p4U{o4q-s!G>nTsp-pcoOoLk}_VF@(|+Alz>)m262_$=^N4VGRL;g<M1
ztvbu13aT6G3T~Z+a;cf9-UU&WYl$Le;+s|aXg8<3>T_)yScmn=***@2<s^@1NOb
z#1x{`2zn{jnzgc?cvseSk*dn*0(+>CIRC(VpVM7kf|fhHCb#Ev5JDZKam`hov!N2N
z{LZMSg0}K6T<MtX3+mI{(|(O*0`r+2?d`;%T=CXXhW61C*!1Y0u6^L!vd^qjl#I|)
z;}B~~e~p+WuJ4HZ+F{<ur$nf=PwD3bkAWk1nW>NUZ7>Q~s13%pueCb-jnf(XLhX9Q
z$j<QUJF`>lDX7Bedh|XkahFXohxp1zQG?fed=>pG<0p2+T=***@zjS{j*>`R4Hqo-)m
zqni}7!!0XyE62$HaZR_&ruU%gnQ(W4e&--{!O&kWv2z$nFDctXts#8=_8j<a5!RNw
saOqv6PB;QfOdBx#Uw_j^mD#^#rJfj&kNTxo)#1L(9x|&K&B|*10?{@M8vp<R

literal 0
HcmV?d00001

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 12b77a6..a067384 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -115,6 +115,10 @@ [LibraryClasses]
#
TpmMeasurementLib|Include/Library/TpmMeasurementLib.h

+ ## @libraryclass Provides authenticated variable services.
+ #
+ AuthVaribleLib|Include/Library/AuthVaribleLib.h
+
[Guids]
## MdeModule package token space guid
# Include/Guid/MdeModulePkgTokenSpace.h
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 3b1ace9..fc518d0 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -96,6 +96,7 @@ [LibraryClasses]
CpuExceptionHandlerLib|MdeModulePkg/Library/CpuExceptionHandlerLibNull/CpuExceptionHandlerLibNull.inf
PlatformBootManagerLib|MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf

[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
@@ -275,6 +276,7 @@ [Components]
MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf
MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf

MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
index 8ea7378..f5ba486 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
@@ -44,10 +44,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Guid/HardwareErrorVariable.h>
#include <Guid/VarErrorFlag.h>

-#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
-#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
-
///
/// The size of a 3 character ISO639 language code.
///
@@ -100,12 +96,6 @@ typedef struct {
} VARIABLE_MODULE_GLOBAL;

typedef struct {
- EFI_GUID *Guid;
- CHAR16 *Name;
- UINTN VariableSize;
-} VARIABLE_ENTRY_CONSISTENCY;
-
-typedef struct {
LIST_ENTRY Link;
EFI_GUID Guid;
//CHAR16 *Name;
--
1.9.5.msysgit.0

AuthVariableLib and TpmMeasurementLib library classes are now linked with
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
to optionally support secure variables.

For Nt32Pkg,
link AuthVariableLib and DxeTpmMeasurementLib in SecurityPkg
when SECURE_BOOT_ENABLE = TRUE,
and link AuthVariableLibNull and TpmMeasurementLibNull in MdeModulePkg
when SECURE_BOOT_ENABLE = FALSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Ruiyu Ni <***@intel.com>
Reviewed-by: Jordan Justen <***@intel.com>
---
Nt32Pkg/Nt32Pkg.dsc | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc
index b0d3fbf..2344d9a 100644
--- a/Nt32Pkg/Nt32Pkg.dsc
+++ b/Nt32Pkg/Nt32Pkg.dsc
@@ -136,6 +136,10 @@ [LibraryClasses]
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif

[LibraryClasses.common.USER_DEFINED]
--
1.9.5.msysgit.0

AuthVariableLib and TpmMeasurementLib library classes are now linked with
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
to optionally support secure variables.

For OvmfPkg,
link AuthVariableLib and DxeTpmMeasurementLib in SecurityPkg
when SECURE_BOOT_ENABLE = TRUE,
and link AuthVariableLibNull and TpmMeasurementLibNull in MdeModulePkg
when SECURE_BOOT_ENABLE = FALSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jordan Justen <***@intel.com>
Reviewed-by: Laszlo Ersek <***@redhat.com>
Tested-by: Laszlo Ersek <***@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 4 ++++
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++++
OvmfPkg/OvmfPkgX64.dsc | 4 ++++
3 files changed, 12 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 6342b5c..c9bfe30 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -120,9 +120,13 @@ [LibraryClasses]
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
!if $(NETWORK_IP6_ENABLE) == TRUE
TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
!endif
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif

S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index f1230bf..7e2e485 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -125,9 +125,13 @@ [LibraryClasses]
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
!if $(NETWORK_IP6_ENABLE) == TRUE
TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
!endif
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif

S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e5fc90d..cf8d65c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -125,9 +125,13 @@ [LibraryClasses]
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
!if $(NETWORK_IP6_ENABLE) == TRUE
TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf
!endif
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
!endif

S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
--
1.9.5.msysgit.0

What to do:
1. Implement AuthVariableLib library instance.
2. Temporarily add VARIABLE_ENTRY_CONSISTENCY and
variable attribute combinations definitions to
AuthenticatedVariableFormat.h for git bisect.

Why to do:
1. Share code.
Separate auth variable service from Auth Variable driver in
SecurityPkg to AuthVariableLib. Then the AuthVariableLib could benefit
and be used by different implementation of Auth Variable drivers.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
.../Include/Guid/AuthenticatedVariableFormat.h | 17 +
SecurityPkg/Library/AuthVariableLib/AuthService.c | 2432 ++++++++++++++++++++
.../Library/AuthVariableLib/AuthServiceInternal.h | 411 ++++
.../Library/AuthVariableLib/AuthVariableLib.c | 460 ++++
.../Library/AuthVariableLib/AuthVariableLib.inf | 86 +
.../Library/AuthVariableLib/AuthVariableLib.uni | Bin 0 -> 1670 bytes
SecurityPkg/SecurityPkg.dsc | 4 +-
.../VariableAuthenticated/RuntimeDxe/Variable.h | 6 -
8 files changed, 3409 insertions(+), 7 deletions(-)
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthService.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
create mode 100644 SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni

diff --git a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
index 66947e1..c7cd34a 100644
--- a/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
+++ b/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h
@@ -147,6 +147,17 @@ typedef struct {
#define VAR_ADDED 0x3f ///< Variable has been completely added.

///
+/// Variable Attribute combinations.
+///
+#define VARIABLE_ATTRIBUTE_NV_BS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
+#define VARIABLE_ATTRIBUTE_BS_RT (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS)
+#define VARIABLE_ATTRIBUTE_AT_AW (EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT (VARIABLE_ATTRIBUTE_BS_RT | EFI_VARIABLE_NON_VOLATILE)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_HARDWARE_ERROR_RECORD)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AT (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+#define VARIABLE_ATTRIBUTE_NV_BS_RT_HR_AT_AW (VARIABLE_ATTRIBUTE_NV_BS_RT_HR | VARIABLE_ATTRIBUTE_AT_AW)
+
/// Single Variable Data Header Structure.
///
typedef struct {
@@ -189,6 +200,12 @@ typedef struct {
EFI_GUID VendorGuid;
} VARIABLE_HEADER;

+typedef struct {
+ EFI_GUID *Guid;
+ CHAR16 *Name;
+ UINTN VariableSize;
+} VARIABLE_ENTRY_CONSISTENCY;
+
#pragma pack()

typedef struct _VARIABLE_INFO_ENTRY VARIABLE_INFO_ENTRY;
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
new file mode 100644
index 0000000..415befb
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -0,0 +1,2432 @@
+/** @file
+ Implement authentication services for the authenticated variables.
+
+ Caution: This module requires additional review when modified.
+ This driver will have external input - variable data. It may be input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+ Variable attribute should also be checked to avoid authentication bypass.
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+ may not be modified without authorization. If platform fails to protect these resources,
+ the authentication service provided in this driver will be broken, and the behavior is undefined.
+
+ ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do
+ variable authentication.
+
+ VerifyTimeBasedPayloadAndUpdate() and VerifyCounterBasedPayload() are sub function to do verification.
+ They will do basic validation for authentication data structure, then call crypto library
+ to verify the signature.
+
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "AuthServiceInternal.h"
+
+//
+// Public Exponent of RSA Key.
+//
+CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
+
+//
+// Requirement for different signature type which have been defined in UEFI spec.
+// These data are used to perform SignatureList format check while setting PK/KEK variable.
+//
+EFI_SIGNATURE_ITEM mSupportSigItem[] = {
+//{SigType, SigHeaderSize, SigDataSize }
+ {EFI_CERT_SHA256_GUID, 0, 32 },
+ {EFI_CERT_RSA2048_GUID, 0, 256 },
+ {EFI_CERT_RSA2048_SHA256_GUID, 0, 256 },
+ {EFI_CERT_SHA1_GUID, 0, 20 },
+ {EFI_CERT_RSA2048_SHA1_GUID, 0, 256 },
+ {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)},
+ {EFI_CERT_SHA224_GUID, 0, 28 },
+ {EFI_CERT_SHA384_GUID, 0, 48 },
+ {EFI_CERT_SHA512_GUID, 0, 64 },
+ {EFI_CERT_X509_SHA256_GUID, 0, 48 },
+ {EFI_CERT_X509_SHA384_GUID, 0, 64 },
+ {EFI_CERT_X509_SHA512_GUID, 0, 80 }
+};
+
+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] Data Pointer to data address.
+ @param[out] DataSize Pointer to data size.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+AuthServiceInternalFindVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VOID **Data,
+ OUT UINTN *DataSize
+ )
+{
+ EFI_STATUS Status;
+ AUTH_VARIABLE_INFO AuthVariableInfo;
+
+ ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
+ Status = mAuthVarLibContextIn->FindVariable (
+ VariableName,
+ VendorGuid,
+ &AuthVariableInfo
+ );
+ *Data = AuthVariableInfo.Data;
+ *DataSize = AuthVariableInfo.DataSize;
+ return Status;
+}
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+AuthServiceInternalUpdateVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ )
+{
+ AUTH_VARIABLE_INFO AuthVariableInfo;
+
+ ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
+ AuthVariableInfo.VariableName = VariableName;
+ AuthVariableInfo.VendorGuid = VendorGuid;
+ AuthVariableInfo.Data = Data;
+ AuthVariableInfo.DataSize = DataSize;
+ AuthVariableInfo.Attributes = Attributes;
+
+ return mAuthVarLibContextIn->UpdateVariable (
+ &AuthVariableInfo
+ );
+}
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] KeyIndex Index of associated public key.
+ @param[in] MonotonicCount Value of associated monotonic count.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+AuthServiceInternalUpdateVariableWithMonotonicCount (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN UINT32 KeyIndex,
+ IN UINT64 MonotonicCount
+ )
+{
+ AUTH_VARIABLE_INFO AuthVariableInfo;
+
+ ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
+ AuthVariableInfo.VariableName = VariableName;
+ AuthVariableInfo.VendorGuid = VendorGuid;
+ AuthVariableInfo.Data = Data;
+ AuthVariableInfo.DataSize = DataSize;
+ AuthVariableInfo.Attributes = Attributes;
+ AuthVariableInfo.PubKeyIndex = KeyIndex;
+ AuthVariableInfo.MonotonicCount = MonotonicCount;
+
+ return mAuthVarLibContextIn->UpdateVariable (
+ &AuthVariableInfo
+ );
+}
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] TimeStamp Value of associated TimeStamp.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+AuthServiceInternalUpdateVariableWithTimeStamp (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN EFI_TIME *TimeStamp
+ )
+{
+ EFI_STATUS FindStatus;
+ VOID *OrgData;
+ UINTN OrgDataSize;
+ AUTH_VARIABLE_INFO AuthVariableInfo;
+
+ FindStatus = AuthServiceInternalFindVariable (
+ VariableName,
+ VendorGuid,
+ &OrgData,
+ &OrgDataSize
+ );
+
+ //
+ // EFI_VARIABLE_APPEND_WRITE attribute only effects for existing variable
+ //
+ if (!EFI_ERROR (FindStatus) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0)) {
+ if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) ||
+ (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) {
+ //
+ // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of
+ // EFI_SIGNATURE_DATA values that are already part of the existing variable value.
+ //
+ FilterSignatureList (
+ OrgData,
+ OrgDataSize,
+ Data,
+ &DataSize
+ );
+ }
+ }
+
+ ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo));
+ AuthVariableInfo.VariableName = VariableName;
+ AuthVariableInfo.VendorGuid = VendorGuid;
+ AuthVariableInfo.Data = Data;
+ AuthVariableInfo.DataSize = DataSize;
+ AuthVariableInfo.Attributes = Attributes;
+ AuthVariableInfo.TimeStamp = TimeStamp;
+ return mAuthVarLibContextIn->UpdateVariable (
+ &AuthVariableInfo
+ );
+}
+
+/**
+ Determine whether this operation needs a physical present user.
+
+ @param[in] VariableName Name of the Variable.
+ @param[in] VendorGuid GUID of the Variable.
+
+ @retval TRUE This variable is protected, only a physical present user could set this variable.
+ @retval FALSE This variable is not protected.
+
+**/
+BOOLEAN
+NeedPhysicallyPresent(
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))
+ || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Determine whether the platform is operating in Custom Secure Boot mode.
+
+ @retval TRUE The platform is operating in Custom mode.
+ @retval FALSE The platform is operating in Standard mode.
+
+**/
+BOOLEAN
+InCustomMode (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ VOID *Data;
+ UINTN DataSize;
+
+ Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize);
+ if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Get available public key index.
+
+ @param[in] PubKey Pointer to Public Key data.
+
+ @return Public key index, 0 if no any public key index available.
+
+**/
+UINT32
+GetAvailableKeyIndex (
+ IN UINT8 *PubKey
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT8 *Ptr;
+ UINT32 Index;
+ BOOLEAN IsFound;
+ EFI_GUID VendorGuid;
+ CHAR16 Name[1];
+ AUTH_VARIABLE_INFO AuthVariableInfo;
+ UINT32 KeyIndex;
+
+ Status = AuthServiceInternalFindVariable (
+ AUTHVAR_KEYDB_NAME,
+ &gEfiAuthenticatedVariableGuid,
+ (VOID **) &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "Get public key database variable failure, Status = %r\n", Status));
+ return 0;
+ }
+
+ if (mPubKeyNumber == mMaxKeyNumber) {
+ Name[0] = 0;
+ AuthVariableInfo.VariableName = Name;
+ ZeroMem (&VendorGuid, sizeof (VendorGuid));
+ AuthVariableInfo.VendorGuid = &VendorGuid;
+ mPubKeyNumber = 0;
+ //
+ // Collect valid key data.
+ //
+ do {
+ Status = mAuthVarLibContextIn->FindNextVariable (AuthVariableInfo.VariableName, AuthVariableInfo.VendorGuid, &AuthVariableInfo);
+ if (!EFI_ERROR (Status)) {
+ if (AuthVariableInfo.PubKeyIndex != 0) {
+ for (Ptr = Data; Ptr < (Data + DataSize); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) {
+ if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) == AuthVariableInfo.PubKeyIndex) {
+ //
+ // Check if the key data has been collected.
+ //
+ for (Index = 0; Index < mPubKeyNumber; Index++) {
+ if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex)) == AuthVariableInfo.PubKeyIndex) {
+ break;
+ }
+ }
+ if (Index == mPubKeyNumber) {
+ //
+ // New key data.
+ //
+ CopyMem ((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber, Ptr, sizeof (AUTHVAR_KEY_DB_DATA));
+ mPubKeyNumber++;
+ }
+ break;
+ }
+ }
+ }
+ }
+ } while (Status != EFI_NOT_FOUND);
+
+ //
+ // No available space to add new public key.
+ //
+ if (mPubKeyNumber == mMaxKeyNumber) {
+ return 0;
+ }
+ }
+
+ //
+ // Find available public key index.
+ //
+ for (KeyIndex = 1; KeyIndex <= mMaxKeyNumber; KeyIndex++) {
+ IsFound = FALSE;
+ for (Ptr = mPubKeyStore; Ptr < (mPubKeyStore + mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA)); Ptr += sizeof (AUTHVAR_KEY_DB_DATA)) {
+ if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) Ptr)->KeyIndex)) == KeyIndex) {
+ IsFound = TRUE;
+ break;
+ }
+ }
+ if (!IsFound) {
+ break;
+ }
+ }
+
+ return KeyIndex;
+}
+
+/**
+ Add public key in store and return its index.
+
+ @param[in] PubKey Input pointer to Public Key data.
+ @param[in] VariableDataEntry The variable data entry.
+
+ @return Index of new added public key.
+
+**/
+UINT32
+AddPubKeyInStore (
+ IN UINT8 *PubKey,
+ IN VARIABLE_ENTRY_CONSISTENCY *VariableDataEntry
+ )
+{
+ EFI_STATUS Status;
+ UINT32 Index;
+ VARIABLE_ENTRY_CONSISTENCY PublicKeyEntry;
+ UINT32 Attributes;
+ UINT32 KeyIndex;
+
+ if (PubKey == NULL) {
+ return 0;
+ }
+
+ //
+ // Check whether the public key entry does exist.
+ //
+ for (Index = 0; Index < mPubKeyNumber; Index++) {
+ if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
+ return ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex));
+ }
+ }
+
+ KeyIndex = GetAvailableKeyIndex (PubKey);
+ if (KeyIndex == 0) {
+ return 0;
+ }
+
+ //
+ // Check the variable space for both public key and variable data.
+ //
+ PublicKeyEntry.VariableSize = (mPubKeyNumber + 1) * sizeof (AUTHVAR_KEY_DB_DATA);
+ PublicKeyEntry.Guid = &gEfiAuthenticatedVariableGuid;
+ PublicKeyEntry.Name = AUTHVAR_KEYDB_NAME;
+ Attributes = VARIABLE_ATTRIBUTE_NV_BS_RT | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
+
+ if (!mAuthVarLibContextIn->CheckRemainingSpaceForConsistency (Attributes, &PublicKeyEntry, VariableDataEntry, NULL)) {
+ //
+ // No enough variable space.
+ //
+ return 0;
+ }
+
+ WriteUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyIndex), KeyIndex);
+ CopyMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + mPubKeyNumber)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
+ mPubKeyNumber++;
+
+ //
+ // Update public key database variable.
+ //
+ Status = AuthServiceInternalUpdateVariable (
+ AUTHVAR_KEYDB_NAME,
+ &gEfiAuthenticatedVariableGuid,
+ mPubKeyStore,
+ mPubKeyNumber * sizeof (AUTHVAR_KEY_DB_DATA),
+ Attributes
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "Update public key database variable failure, Status = %r\n", Status));
+ return 0;
+ }
+
+ return KeyIndex;
+}
+
+/**
+ Verify data payload with AuthInfo in EFI_CERT_TYPE_RSA2048_SHA256_GUID type.
+ Follow the steps in UEFI2.2.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+
+ @param[in] Data Pointer to data with AuthInfo.
+ @param[in] DataSize Size of Data.
+ @param[in] PubKey Public key used for verification.
+
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_SECURITY_VIOLATION If authentication failed.
+ @retval EFI_SUCCESS Authentication successful.
+
+**/
+EFI_STATUS
+VerifyCounterBasedPayload (
+ IN UINT8 *Data,
+ IN UINTN DataSize,
+ IN UINT8 *PubKey
+ )
+{
+ BOOLEAN Status;
+ EFI_VARIABLE_AUTHENTICATION *CertData;
+ EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
+ UINT8 Digest[SHA256_DIGEST_SIZE];
+ VOID *Rsa;
+ UINTN PayloadSize;
+
+ PayloadSize = DataSize - AUTHINFO_SIZE;
+ Rsa = NULL;
+ CertData = NULL;
+ CertBlock = NULL;
+
+ if (Data == NULL || PubKey == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
+ CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
+
+ //
+ // wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
+ // Cert type should be EFI_CERT_TYPE_RSA2048_SHA256_GUID.
+ //
+ if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
+ !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertTypeRsa2048Sha256Guid)) {
+ //
+ // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
+ //
+ return EFI_SECURITY_VIOLATION;
+ }
+ //
+ // Hash data payload with SHA256.
+ //
+ ZeroMem (Digest, SHA256_DIGEST_SIZE);
+ Status = Sha256Init (mHashCtx);
+ if (!Status) {
+ goto Done;
+ }
+ Status = Sha256Update (mHashCtx, Data + AUTHINFO_SIZE, PayloadSize);
+ if (!Status) {
+ goto Done;
+ }
+ //
+ // Hash Size.
+ //
+ Status = Sha256Update (mHashCtx, &PayloadSize, sizeof (UINTN));
+ if (!Status) {
+ goto Done;
+ }
+ //
+ // Hash Monotonic Count.
+ //
+ Status = Sha256Update (mHashCtx, &CertData->MonotonicCount, sizeof (UINT64));
+ if (!Status) {
+ goto Done;
+ }
+ Status = Sha256Final (mHashCtx, Digest);
+ if (!Status) {
+ goto Done;
+ }
+ //
+ // Generate & Initialize RSA Context.
+ //
+ Rsa = RsaNew ();
+ ASSERT (Rsa != NULL);
+ //
+ // Set RSA Key Components.
+ // NOTE: Only N and E are needed to be set as RSA public key for signature verification.
+ //
+ Status = RsaSetKey (Rsa, RsaKeyN, PubKey, EFI_CERT_TYPE_RSA2048_SIZE);
+ if (!Status) {
+ goto Done;
+ }
+ Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));
+ if (!Status) {
+ goto Done;
+ }
+ //
+ // Verify the signature.
+ //
+ Status = RsaPkcs1Verify (
+ Rsa,
+ Digest,
+ SHA256_DIGEST_SIZE,
+ CertBlock->Signature,
+ EFI_CERT_TYPE_RSA2048_SHA256_SIZE
+ );
+
+Done:
+ if (Rsa != NULL) {
+ RsaFree (Rsa);
+ }
+ if (Status) {
+ return EFI_SUCCESS;
+ } else {
+ return EFI_SECURITY_VIOLATION;
+ }
+}
+
+/**
+ Update platform mode.
+
+ @param[in] Mode SETUP_MODE or USER_MODE.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SUCCESS Update platform mode successfully.
+
+**/
+EFI_STATUS
+UpdatePlatformMode (
+ IN UINT32 Mode
+ )
+{
+ EFI_STATUS Status;
+ VOID *Data;
+ UINTN DataSize;
+ UINT8 SecureBootMode;
+ UINT8 SecureBootEnable;
+ UINTN VariableDataSize;
+
+ Status = AuthServiceInternalFindVariable (
+ EFI_SETUP_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Update the value of SetupMode variable by a simple mem copy, this could avoid possible
+ // variable storage reclaim at runtime.
+ //
+ mPlatformMode = (UINT8) Mode;
+ CopyMem (Data, &mPlatformMode, sizeof(UINT8));
+
+ if (mAuthVarLibContextIn->AtRuntime ()) {
+ //
+ // SecureBoot Variable indicates whether the platform firmware is operating
+ // in Secure boot mode (1) or not (0), so we should not change SecureBoot
+ // Variable in runtime.
+ //
+ return Status;
+ }
+
+ //
+ // Check "SecureBoot" variable's existence.
+ // If it doesn't exist, firmware has no capability to perform driver signing verification,
+ // then set "SecureBoot" to 0.
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_SECURE_BOOT_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ &Data,
+ &DataSize
+ );
+ //
+ // If "SecureBoot" variable exists, then check "SetupMode" variable update.
+ // If "SetupMode" variable is USER_MODE, "SecureBoot" variable is set to 1.
+ // If "SetupMode" variable is SETUP_MODE, "SecureBoot" variable is set to 0.
+ //
+ if (EFI_ERROR (Status)) {
+ SecureBootMode = SECURE_BOOT_MODE_DISABLE;
+ } else {
+ if (mPlatformMode == USER_MODE) {
+ SecureBootMode = SECURE_BOOT_MODE_ENABLE;
+ } else if (mPlatformMode == SETUP_MODE) {
+ SecureBootMode = SECURE_BOOT_MODE_DISABLE;
+ } else {
+ return EFI_NOT_FOUND;
+ }
+ }
+
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ &SecureBootMode,
+ sizeof(UINT8),
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Check "SecureBootEnable" variable's existence. It can enable/disable secure boot feature.
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &Data,
+ &DataSize
+ );
+
+ if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) {
+ //
+ // Create the "SecureBootEnable" variable as secure boot is enabled.
+ //
+ SecureBootEnable = SECURE_BOOT_ENABLE;
+ VariableDataSize = sizeof (SecureBootEnable);
+ } else {
+ //
+ // Delete the "SecureBootEnable" variable if this variable exist as "SecureBoot"
+ // variable is not in secure boot state.
+ //
+ if (EFI_ERROR (Status)) {
+ return EFI_SUCCESS;
+ }
+ SecureBootEnable = SECURE_BOOT_DISABLE;
+ VariableDataSize = 0;
+ }
+
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &SecureBootEnable,
+ VariableDataSize,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ return Status;
+}
+
+/**
+ Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK/db/dbx/dbt variable.
+
+ @param[in] VariableName Name of Variable to be check.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Point to the variable data to be checked.
+ @param[in] DataSize Size of Data.
+
+ @return EFI_INVALID_PARAMETER Invalid signature list format.
+ @return EFI_SUCCESS Passed signature list format check successfully.
+
+**/
+EFI_STATUS
+CheckSignatureListFormat(
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ EFI_SIGNATURE_LIST *SigList;
+ UINTN SigDataSize;
+ UINT32 Index;
+ UINT32 SigCount;
+ BOOLEAN IsPk;
+ VOID *RsaContext;
+ EFI_SIGNATURE_DATA *CertData;
+ UINTN CertLen;
+
+ if (DataSize == 0) {
+ return EFI_SUCCESS;
+ }
+
+ ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL);
+
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
+ IsPk = TRUE;
+ } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) ||
+ (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) {
+ IsPk = FALSE;
+ } else {
+ return EFI_SUCCESS;
+ }
+
+ SigCount = 0;
+ SigList = (EFI_SIGNATURE_LIST *) Data;
+ SigDataSize = DataSize;
+ RsaContext = NULL;
+
+ //
+ // Walk throuth the input signature list and check the data format.
+ // If any signature is incorrectly formed, the whole check will fail.
+ //
+ while ((SigDataSize > 0) && (SigDataSize >= SigList->SignatureListSize)) {
+ for (Index = 0; Index < (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM)); Index++ ) {
+ if (CompareGuid (&SigList->SignatureType, &mSupportSigItem[Index].SigType)) {
+ //
+ // The value of SignatureSize should always be 16 (size of SignatureOwner
+ // component) add the data length according to signature type.
+ //
+ if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) &&
+ (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+ if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) &&
+ SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+ break;
+ }
+ }
+
+ if (Index == (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM))) {
+ //
+ // Undefined signature type.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) {
+ //
+ // Try to retrieve the RSA public key from the X.509 certificate.
+ // If this operation fails, it's not a valid certificate.
+ //
+ RsaContext = RsaNew ();
+ if (RsaContext == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize);
+ CertLen = SigList->SignatureSize - sizeof (EFI_GUID);
+ if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) {
+ RsaFree (RsaContext);
+ return EFI_INVALID_PARAMETER;
+ }
+ RsaFree (RsaContext);
+ }
+
+ if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+ SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize;
+
+ SigDataSize -= SigList->SignatureListSize;
+ SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize);
+ }
+
+ if (((UINTN) SigList - (UINTN) Data) != DataSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (IsPk && SigCount > 1) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update "VendorKeys" variable to record the out of band secure boot key modification.
+
+ @return EFI_SUCCESS Variable is updated successfully.
+ @return Others Failed to update variable.
+
+**/
+EFI_STATUS
+VendorKeyIsModified (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+
+ if (mVendorKeyState == VENDOR_KEYS_MODIFIED) {
+ return EFI_SUCCESS;
+ }
+ mVendorKeyState = VENDOR_KEYS_MODIFIED;
+
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
+ &gEfiVendorKeysNvGuid,
+ &mVendorKeyState,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ return AuthServiceInternalUpdateVariable (
+ EFI_VENDOR_KEYS_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ &mVendorKeyState,
+ sizeof (UINT8),
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+}
+
+/**
+ Process variable with platform key for verification.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable
+ @param[in] IsPk Indicate whether it is to process pk.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation.
+ check carried out by the firmware.
+ @return EFI_SUCCESS Variable passed validation successfully.
+
+**/
+EFI_STATUS
+ProcessVarWithPk (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL,
+ IN BOOLEAN IsPk
+ )
+{
+ EFI_STATUS Status;
+ BOOLEAN Del;
+ UINT8 *Payload;
+ UINTN PayloadSize;
+
+ if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
+ (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ //
+ // PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
+ // authenticated variable.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Del = FALSE;
+ if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
+ Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
+ PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
+ if (PayloadSize == 0) {
+ Del = TRUE;
+ }
+
+ Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = AuthServiceInternalUpdateVariableWithTimeStamp (
+ VariableName,
+ VendorGuid,
+ Payload,
+ PayloadSize,
+ Attributes,
+ &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ if ((mPlatformMode != SETUP_MODE) || IsPk) {
+ Status = VendorKeyIsModified ();
+ }
+ } else if (mPlatformMode == USER_MODE) {
+ //
+ // Verify against X509 Cert in PK database.
+ //
+ Status = VerifyTimeBasedPayloadAndUpdate (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ Attributes,
+ AuthVarTypePk,
+ &Del
+ );
+ } else {
+ //
+ // Verify against the certificate in data payload.
+ //
+ Status = VerifyTimeBasedPayloadAndUpdate (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ Attributes,
+ AuthVarTypePayload,
+ &Del
+ );
+ }
+
+ if (!EFI_ERROR(Status) && IsPk) {
+ if (mPlatformMode == SETUP_MODE && !Del) {
+ //
+ // If enroll PK in setup mode, need change to user mode.
+ //
+ Status = UpdatePlatformMode (USER_MODE);
+ } else if (mPlatformMode == USER_MODE && Del){
+ //
+ // If delete PK in user mode, need change to setup mode.
+ //
+ Status = UpdatePlatformMode (SETUP_MODE);
+ }
+ }
+
+ return Status;
+}
+
+/**
+ Process variable with key exchange key for verification.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
+ check carried out by the firmware.
+ @return EFI_SUCCESS Variable pass validation successfully.
+
+**/
+EFI_STATUS
+ProcessVarWithKek (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Payload;
+ UINTN PayloadSize;
+
+ if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 ||
+ (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ //
+ // DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based
+ // authenticated variable.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = EFI_SUCCESS;
+ if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
+ //
+ // Time-based, verify against X509 Cert KEK.
+ //
+ return VerifyTimeBasedPayloadAndUpdate (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ Attributes,
+ AuthVarTypeKek,
+ NULL
+ );
+ } else {
+ //
+ // If in setup mode or custom secure boot mode, no authentication needed.
+ //
+ Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
+ PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
+
+ Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = AuthServiceInternalUpdateVariableWithTimeStamp (
+ VariableName,
+ VendorGuid,
+ Payload,
+ PayloadSize,
+ Attributes,
+ &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (mPlatformMode != SETUP_MODE) {
+ Status = VendorKeyIsModified ();
+ }
+ }
+
+ return Status;
+}
+
+/**
+ Check if it is to delete auth variable.
+
+ @param[in] OrgAttributes Original attribute value of the variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval TRUE It is to delete auth variable.
+ @retval FALSE It is not to delete auth variable.
+
+**/
+BOOLEAN
+IsDeleteAuthVariable (
+ IN UINT32 OrgAttributes,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ )
+{
+ BOOLEAN Del;
+ UINTN PayloadSize;
+
+ Del = FALSE;
+
+ //
+ // To delete a variable created with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ // or the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute,
+ // SetVariable must be used with attributes matching the existing variable
+ // and the DataSize set to the size of the AuthInfo descriptor.
+ //
+ if ((Attributes == OrgAttributes) &&
+ ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) {
+ if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
+ if (PayloadSize == 0) {
+ Del = TRUE;
+ }
+ } else {
+ PayloadSize = DataSize - AUTHINFO_SIZE;
+ if (PayloadSize == 0) {
+ Del = TRUE;
+ }
+ }
+ }
+
+ return Del;
+}
+
+/**
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.
+
+ @param[in] VariableName Name of the variable.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+ @return EFI_OUT_OF_RESOURCES The Database to save the public key is full.
+ @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ set, but the AuthInfo does NOT pass the validation
+ check carried out by the firmware.
+ @return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
+
+**/
+EFI_STATUS
+ProcessVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL
+ )
+{
+ EFI_STATUS Status;
+ BOOLEAN IsDeletion;
+ BOOLEAN IsFirstTime;
+ UINT8 *PubKey;
+ EFI_VARIABLE_AUTHENTICATION *CertData;
+ EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;
+ UINT32 KeyIndex;
+ UINT64 MonotonicCount;
+ VARIABLE_ENTRY_CONSISTENCY VariableDataEntry;
+ UINT32 Index;
+ AUTH_VARIABLE_INFO OrgVariableInfo;
+
+ KeyIndex = 0;
+ CertData = NULL;
+ CertBlock = NULL;
+ PubKey = NULL;
+ IsDeletion = FALSE;
+ Status = EFI_SUCCESS;
+
+ ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));
+ Status = mAuthVarLibContextIn->FindVariable (
+ VariableName,
+ VendorGuid,
+ &OrgVariableInfo
+ );
+
+ if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
+ //
+ // Allow the delete operation of common authenticated variable at user physical presence.
+ //
+ if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ Status = DeleteCertsFromDb (VariableName, VendorGuid);
+ }
+ if (!EFI_ERROR (Status)) {
+ Status = AuthServiceInternalUpdateVariable (
+ VariableName,
+ VendorGuid,
+ NULL,
+ 0,
+ 0
+ );
+ }
+ return Status;
+ }
+
+ if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
+ //
+ // This variable is protected, only physical present user could modify its value.
+ //
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ //
+ // A time-based authenticated variable and a count-based authenticated variable
+ // can't be updated by each other.
+ //
+ if (OrgVariableInfo.Data != NULL) {
+ if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) &&
+ ((OrgVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) {
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
+ ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0)) {
+ return EFI_SECURITY_VIOLATION;
+ }
+ }
+
+ //
+ // Process Time-based Authenticated variable.
+ //
+ if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ return VerifyTimeBasedPayloadAndUpdate (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ Attributes,
+ AuthVarTypePriv,
+ NULL
+ );
+ }
+
+ //
+ // Determine if first time SetVariable with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS.
+ //
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ //
+ // Determine current operation type.
+ //
+ if (DataSize == AUTHINFO_SIZE) {
+ IsDeletion = TRUE;
+ }
+ //
+ // Determine whether this is the first time with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+ //
+ if (OrgVariableInfo.Data == NULL) {
+ IsFirstTime = TRUE;
+ } else if ((OrgVariableInfo.Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ IsFirstTime = TRUE;
+ } else {
+ KeyIndex = OrgVariableInfo.PubKeyIndex;
+ IsFirstTime = FALSE;
+ }
+ } else if ((OrgVariableInfo.Data != NULL) &&
+ ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)
+ ) {
+ //
+ // If the variable is already write-protected, it always needs authentication before update.
+ //
+ return EFI_WRITE_PROTECTED;
+ } else {
+ //
+ // If without EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS, set and attributes collision.
+ // That means it is not authenticated variable, just update variable as usual.
+ //
+ Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
+ return Status;
+ }
+
+ //
+ // Get PubKey and check Monotonic Count value corresponding to the variable.
+ //
+ CertData = (EFI_VARIABLE_AUTHENTICATION *) Data;
+ CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) (CertData->AuthInfo.CertData);
+ PubKey = CertBlock->PublicKey;
+
+ //
+ // Update Monotonic Count value.
+ //
+ MonotonicCount = CertData->MonotonicCount;
+
+ if (!IsFirstTime) {
+ //
+ // 2 cases need to check here
+ // 1. Internal PubKey variable. PubKeyIndex is always 0
+ // 2. Other counter-based AuthVariable. Check input PubKey.
+ //
+ if (KeyIndex == 0) {
+ return EFI_SECURITY_VIOLATION;
+ }
+ for (Index = 0; Index < mPubKeyNumber; Index++) {
+ if (ReadUnaligned32 (&(((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyIndex)) == KeyIndex) {
+ if (CompareMem (((AUTHVAR_KEY_DB_DATA *) mPubKeyStore + Index)->KeyData, PubKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {
+ break;
+ } else {
+ return EFI_SECURITY_VIOLATION;
+ }
+ }
+ }
+ if (Index == mPubKeyNumber) {
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ //
+ // Compare the current monotonic count and ensure that it is greater than the last SetVariable
+ // operation with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute set.
+ //
+ if (MonotonicCount <= OrgVariableInfo.MonotonicCount) {
+ //
+ // Monotonic count check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
+ //
+ return EFI_SECURITY_VIOLATION;
+ }
+ }
+ //
+ // Verify the certificate in Data payload.
+ //
+ Status = VerifyCounterBasedPayload (Data, DataSize, PubKey);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Now, the signature has been verified!
+ //
+ if (IsFirstTime && !IsDeletion) {
+ VariableDataEntry.VariableSize = DataSize - AUTHINFO_SIZE;
+ VariableDataEntry.Guid = VendorGuid;
+ VariableDataEntry.Name = VariableName;
+
+ //
+ // Update public key database variable if need.
+ //
+ KeyIndex = AddPubKeyInStore (PubKey, &VariableDataEntry);
+ if (KeyIndex == 0) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ }
+
+ //
+ // Verification pass.
+ //
+ return AuthServiceInternalUpdateVariableWithMonotonicCount (VariableName, VendorGuid, (UINT8*)Data + AUTHINFO_SIZE, DataSize - AUTHINFO_SIZE, Attributes, KeyIndex, MonotonicCount);
+}
+
+/**
+ Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data.
+
+ @param[in] Data Pointer to original EFI_SIGNATURE_LIST.
+ @param[in] DataSize Size of Data buffer.
+ @param[in, out] NewData Pointer to new EFI_SIGNATURE_LIST.
+ @param[in, out] NewDataSize Size of NewData buffer.
+
+**/
+EFI_STATUS
+FilterSignatureList (
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN OUT VOID *NewData,
+ IN OUT UINTN *NewDataSize
+ )
+{
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN CertCount;
+ EFI_SIGNATURE_LIST *NewCertList;
+ EFI_SIGNATURE_DATA *NewCert;
+ UINTN NewCertCount;
+ UINTN Index;
+ UINTN Index2;
+ UINTN Size;
+ UINT8 *Tail;
+ UINTN CopiedCount;
+ UINTN SignatureListSize;
+ BOOLEAN IsNewCert;
+ UINT8 *TempData;
+ UINTN TempDataSize;
+ EFI_STATUS Status;
+
+ if (*NewDataSize == 0) {
+ return EFI_SUCCESS;
+ }
+
+ TempDataSize = *NewDataSize;
+ Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData);
+ if (EFI_ERROR (Status)) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Tail = TempData;
+
+ NewCertList = (EFI_SIGNATURE_LIST *) NewData;
+ while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) {
+ NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
+ NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize;
+
+ CopiedCount = 0;
+ for (Index = 0; Index < NewCertCount; Index++) {
+ IsNewCert = TRUE;
+
+ Size = DataSize;
+ CertList = (EFI_SIGNATURE_LIST *) Data;
+ while ((Size > 0) && (Size >= CertList->SignatureListSize)) {
+ if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) &&
+ (CertList->SignatureSize == NewCertList->SignatureSize)) {
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ for (Index2 = 0; Index2 < CertCount; Index2++) {
+ //
+ // Iterate each Signature Data in this Signature List.
+ //
+ if (CompareMem (NewCert, Cert, CertList->SignatureSize) == 0) {
+ IsNewCert = FALSE;
+ break;
+ }
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+ }
+ }
+
+ if (!IsNewCert) {
+ break;
+ }
+ Size -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+
+ if (IsNewCert) {
+ //
+ // New EFI_SIGNATURE_DATA, keep it.
+ //
+ if (CopiedCount == 0) {
+ //
+ // Copy EFI_SIGNATURE_LIST header for only once.
+ //
+ CopyMem (Tail, NewCertList, sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize);
+ Tail = Tail + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize;
+ }
+
+ CopyMem (Tail, NewCert, NewCertList->SignatureSize);
+ Tail += NewCertList->SignatureSize;
+ CopiedCount++;
+ }
+
+ NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize);
+ }
+
+ //
+ // Update SignatureListSize in the kept EFI_SIGNATURE_LIST.
+ //
+ if (CopiedCount != 0) {
+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize);
+ CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize);
+ CertList->SignatureListSize = (UINT32) SignatureListSize;
+ }
+
+ *NewDataSize -= NewCertList->SignatureListSize;
+ NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize);
+ }
+
+ TempDataSize = (Tail - (UINT8 *) TempData);
+
+ CopyMem (NewData, TempData, TempDataSize);
+ *NewDataSize = TempDataSize;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Compare two EFI_TIME data.
+
+
+ @param FirstTime A pointer to the first EFI_TIME data.
+ @param SecondTime A pointer to the second EFI_TIME data.
+
+ @retval TRUE The FirstTime is not later than the SecondTime.
+ @retval FALSE The FirstTime is later than the SecondTime.
+
+**/
+BOOLEAN
+AuthServiceInternalCompareTimeStamp (
+ IN EFI_TIME *FirstTime,
+ IN EFI_TIME *SecondTime
+ )
+{
+ if (FirstTime->Year != SecondTime->Year) {
+ return (BOOLEAN) (FirstTime->Year < SecondTime->Year);
+ } else if (FirstTime->Month != SecondTime->Month) {
+ return (BOOLEAN) (FirstTime->Month < SecondTime->Month);
+ } else if (FirstTime->Day != SecondTime->Day) {
+ return (BOOLEAN) (FirstTime->Day < SecondTime->Day);
+ } else if (FirstTime->Hour != SecondTime->Hour) {
+ return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour);
+ } else if (FirstTime->Minute != SecondTime->Minute) {
+ return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute);
+ }
+
+ return (BOOLEAN) (FirstTime->Second <= SecondTime->Second);
+}
+
+/**
+ Find matching signer's certificates for common authenticated variable
+ by corresponding VariableName and VendorGuid from "certdb".
+
+ The data format of "certdb":
+ //
+ // UINT32 CertDbListSize;
+ // /// AUTH_CERT_DB_DATA Certs1[];
+ // /// AUTH_CERT_DB_DATA Certs2[];
+ // /// ...
+ // /// AUTH_CERT_DB_DATA Certsn[];
+ //
+
+ @param[in] VariableName Name of authenticated Variable.
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.
+ @param[in] Data Pointer to variable "certdb".
+ @param[in] DataSize Size of variable "certdb".
+ @param[out] CertOffset Offset of matching CertData, from starting of Data.
+ @param[out] CertDataSize Length of CertData in bytes.
+ @param[out] CertNodeOffset Offset of matching AUTH_CERT_DB_DATA , from
+ starting of Data.
+ @param[out] CertNodeSize Length of AUTH_CERT_DB_DATA in bytes.
+
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.
+ @retval EFI_NOT_FOUND Fail to find matching certs.
+ @retval EFI_SUCCESS Find matching certs and output parameters.
+
+**/
+EFI_STATUS
+FindCertsFromDb (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT8 *Data,
+ IN UINTN DataSize,
+ OUT UINT32 *CertOffset, OPTIONAL
+ OUT UINT32 *CertDataSize, OPTIONAL
+ OUT UINT32 *CertNodeOffset,OPTIONAL
+ OUT UINT32 *CertNodeSize OPTIONAL
+ )
+{
+ UINT32 Offset;
+ AUTH_CERT_DB_DATA *Ptr;
+ UINT32 CertSize;
+ UINT32 NameSize;
+ UINT32 NodeSize;
+ UINT32 CertDbListSize;
+
+ if ((VariableName == NULL) || (VendorGuid == NULL) || (Data == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Check whether DataSize matches recorded CertDbListSize.
+ //
+ if (DataSize < sizeof (UINT32)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ CertDbListSize = ReadUnaligned32 ((UINT32 *) Data);
+
+ if (CertDbListSize != (UINT32) DataSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Offset = sizeof (UINT32);
+
+ //
+ // Get corresponding certificates by VendorGuid and VariableName.
+ //
+ while (Offset < (UINT32) DataSize) {
+ Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset);
+ //
+ // Check whether VendorGuid matches.
+ //
+ if (CompareGuid (&Ptr->VendorGuid, VendorGuid)) {
+ NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);
+ NameSize = ReadUnaligned32 (&Ptr->NameSize);
+ CertSize = ReadUnaligned32 (&Ptr->CertDataSize);
+
+ if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize +
+ sizeof (CHAR16) * NameSize) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Offset = Offset + sizeof (EFI_GUID) + sizeof (UINT32) * 3;
+ //
+ // Check whether VariableName matches.
+ //
+ if ((NameSize == StrLen (VariableName)) &&
+ (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) {
+ Offset = Offset + NameSize * sizeof (CHAR16);
+
+ if (CertOffset != NULL) {
+ *CertOffset = Offset;
+ }
+
+ if (CertDataSize != NULL) {
+ *CertDataSize = CertSize;
+ }
+
+ if (CertNodeOffset != NULL) {
+ *CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data);
+ }
+
+ if (CertNodeSize != NULL) {
+ *CertNodeSize = NodeSize;
+ }
+
+ return EFI_SUCCESS;
+ } else {
+ Offset = Offset + NameSize * sizeof (CHAR16) + CertSize;
+ }
+ } else {
+ NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize);
+ Offset = Offset + NodeSize;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
+
+/**
+ Retrieve signer's certificates for common authenticated variable
+ by corresponding VariableName and VendorGuid from "certdb".
+
+ @param[in] VariableName Name of authenticated Variable.
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.
+ @param[out] CertData Pointer to signer's certificates.
+ @param[out] CertDataSize Length of CertData in bytes.
+
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.
+ @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.
+ @retval EFI_SUCCESS Get signer's certificates successfully.
+
+**/
+EFI_STATUS
+GetCertsFromDb (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT UINT8 **CertData,
+ OUT UINT32 *CertDataSize
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT32 CertOffset;
+
+ if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Get variable "certdb".
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ (VOID **) &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if ((DataSize == 0) || (Data == NULL)) {
+ ASSERT (FALSE);
+ return EFI_NOT_FOUND;
+ }
+
+ Status = FindCertsFromDb (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ &CertOffset,
+ CertDataSize,
+ NULL,
+ NULL
+ );
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ *CertData = Data + CertOffset;
+ return EFI_SUCCESS;
+}
+
+/**
+ Delete matching signer's certificates when deleting common authenticated
+ variable by corresponding VariableName and VendorGuid from "certdb".
+
+ @param[in] VariableName Name of authenticated Variable.
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.
+
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.
+ @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.
+ @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.
+ @retval EFI_SUCCESS The operation is completed successfully.
+
+**/
+EFI_STATUS
+DeleteCertsFromDb (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT32 VarAttr;
+ UINT32 CertNodeOffset;
+ UINT32 CertNodeSize;
+ UINT8 *NewCertDb;
+ UINT32 NewCertDbSize;
+
+ if ((VariableName == NULL) || (VendorGuid == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Get variable "certdb".
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ (VOID **) &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if ((DataSize == 0) || (Data == NULL)) {
+ ASSERT (FALSE);
+ return EFI_NOT_FOUND;
+ }
+
+ if (DataSize == sizeof (UINT32)) {
+ //
+ // There is no certs in certdb.
+ //
+ return EFI_SUCCESS;
+ }
+
+ //
+ // Get corresponding cert node from certdb.
+ //
+ Status = FindCertsFromDb (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ NULL,
+ NULL,
+ &CertNodeOffset,
+ &CertNodeSize
+ );
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (DataSize < (CertNodeOffset + CertNodeSize)) {
+ return EFI_NOT_FOUND;
+ }
+
+ //
+ // Construct new data content of variable "certdb".
+ //
+ NewCertDbSize = (UINT32) DataSize - CertNodeSize;
+ NewCertDb = (UINT8*) mCertDbStore;
+
+ //
+ // Copy the DB entries before deleting node.
+ //
+ CopyMem (NewCertDb, Data, CertNodeOffset);
+ //
+ // Update CertDbListSize.
+ //
+ CopyMem (NewCertDb, &NewCertDbSize, sizeof (UINT32));
+ //
+ // Copy the DB entries after deleting node.
+ //
+ if (DataSize > (CertNodeOffset + CertNodeSize)) {
+ CopyMem (
+ NewCertDb + CertNodeOffset,
+ Data + CertNodeOffset + CertNodeSize,
+ DataSize - CertNodeOffset - CertNodeSize
+ );
+ }
+
+ //
+ // Set "certdb".
+ //
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ NewCertDb,
+ NewCertDbSize,
+ VarAttr
+ );
+
+ return Status;
+}
+
+/**
+ Insert signer's certificates for common authenticated variable with VariableName
+ and VendorGuid in AUTH_CERT_DB_DATA to "certdb".
+
+ @param[in] VariableName Name of authenticated Variable.
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.
+ @param[in] CertData Pointer to signer's certificates.
+ @param[in] CertDataSize Length of CertData in bytes.
+
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.
+ @retval EFI_ACCESS_DENIED An AUTH_CERT_DB_DATA entry with same VariableName
+ and VendorGuid already exists.
+ @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.
+ @retval EFI_SUCCESS Insert an AUTH_CERT_DB_DATA entry to "certdb"
+
+**/
+EFI_STATUS
+InsertCertsToDb (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT8 *CertData,
+ IN UINTN CertDataSize
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINT32 VarAttr;
+ UINT8 *NewCertDb;
+ UINT32 NewCertDbSize;
+ UINT32 CertNodeSize;
+ UINT32 NameSize;
+ AUTH_CERT_DB_DATA *Ptr;
+
+ if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Get variable "certdb".
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ (VOID **) &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if ((DataSize == 0) || (Data == NULL)) {
+ ASSERT (FALSE);
+ return EFI_NOT_FOUND;
+ }
+
+ //
+ // Find whether matching cert node already exists in "certdb".
+ // If yes return error.
+ //
+ Status = FindCertsFromDb (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+ );
+
+ if (!EFI_ERROR (Status)) {
+ ASSERT (FALSE);
+ return EFI_ACCESS_DENIED;
+ }
+
+ //
+ // Construct new data content of variable "certdb".
+ //
+ NameSize = (UINT32) StrLen (VariableName);
+ CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16);
+ NewCertDbSize = (UINT32) DataSize + CertNodeSize;
+ if (NewCertDbSize > mMaxCertDbSize) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ NewCertDb = (UINT8*) mCertDbStore;
+
+ //
+ // Copy the DB entries before inserting node.
+ //
+ CopyMem (NewCertDb, Data, DataSize);
+ //
+ // Update CertDbListSize.
+ //
+ CopyMem (NewCertDb, &NewCertDbSize, sizeof (UINT32));
+ //
+ // Construct new cert node.
+ //
+ Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize);
+ CopyGuid (&Ptr->VendorGuid, VendorGuid);
+ CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32));
+ CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32));
+ CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32));
+
+ CopyMem (
+ (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA),
+ VariableName,
+ NameSize * sizeof (CHAR16)
+ );
+
+ CopyMem (
+ (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16),
+ CertData,
+ CertDataSize
+ );
+
+ //
+ // Set "certdb".
+ //
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ NewCertDb,
+ NewCertDbSize,
+ VarAttr
+ );
+
+ return Status;
+}
+
+/**
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload.
+ @param[in] OrgTimeStamp Pointer to original time stamp,
+ original variable is not found if NULL.
+ @param[out] VarPayloadPtr Pointer to variable payload address.
+ @param[out] VarPayloadSize Pointer to variable payload size.
+
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
+ of resources.
+ @retval EFI_SUCCESS Variable pass validation successfully.
+
+**/
+EFI_STATUS
+VerifyTimeBasedPayload (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN AUTHVAR_TYPE AuthVarType,
+ IN EFI_TIME *OrgTimeStamp,
+ OUT UINT8 **VarPayloadPtr,
+ OUT UINTN *VarPayloadSize
+ )
+{
+ EFI_VARIABLE_AUTHENTICATION_2 *CertData;
+ UINT8 *SigData;
+ UINT32 SigDataSize;
+ UINT8 *PayloadPtr;
+ UINTN PayloadSize;
+ UINT32 Attr;
+ BOOLEAN VerifyStatus;
+ EFI_STATUS Status;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN Index;
+ UINTN CertCount;
+ UINT32 KekDataSize;
+ UINT8 *NewData;
+ UINTN NewDataSize;
+ UINT8 *Buffer;
+ UINTN Length;
+ UINT8 *RootCert;
+ UINTN RootCertSize;
+ UINT8 *SignerCerts;
+ UINTN CertStackSize;
+ UINT8 *CertsInCertDb;
+ UINT32 CertsSizeinDb;
+
+ VerifyStatus = FALSE;
+ CertData = NULL;
+ NewData = NULL;
+ Attr = Attributes;
+ SignerCerts = NULL;
+ RootCert = NULL;
+ CertsInCertDb = NULL;
+
+ //
+ // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is
+ // set, then the Data buffer shall begin with an instance of a complete (and serialized)
+ // EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new
+ // variable value and DataSize shall reflect the combined size of the descriptor and the new
+ // variable value. The authentication descriptor is not part of the variable data and is not
+ // returned by subsequent calls to GetVariable().
+ //
+ CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;
+
+ //
+ // Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the
+ // TimeStamp value are set to zero.
+ //
+ if ((CertData->TimeStamp.Pad1 != 0) ||
+ (CertData->TimeStamp.Nanosecond != 0) ||
+ (CertData->TimeStamp.TimeZone != 0) ||
+ (CertData->TimeStamp.Daylight != 0) ||
+ (CertData->TimeStamp.Pad2 != 0)) {
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ if ((OrgTimeStamp != NULL) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
+ if (AuthServiceInternalCompareTimeStamp (&CertData->TimeStamp, OrgTimeStamp)) {
+ //
+ // TimeStamp check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION.
+ //
+ return EFI_SECURITY_VIOLATION;
+ }
+ }
+
+ //
+ // wCertificateType should be WIN_CERT_TYPE_EFI_GUID.
+ // Cert type should be EFI_CERT_TYPE_PKCS7_GUID.
+ //
+ if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) ||
+ !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) {
+ //
+ // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION.
+ //
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ //
+ // Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor.
+ // AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header.
+ //
+ SigData = CertData->AuthInfo.CertData;
+ SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData));
+
+ //
+ // Find out the new data payload which follows Pkcs7 SignedData directly.
+ //
+ PayloadPtr = SigData + SigDataSize;
+ PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;
+
+ //
+ // Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes
+ // parameters of the SetVariable() call and the TimeStamp component of the
+ // EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value
+ // i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data)
+ //
+ NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) +
+ sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16);
+
+ //
+ // Here is to reuse scratch data area(at the end of volatile variable store)
+ // to reduce SMRAM consumption for SMM variable driver.
+ // The scratch buffer is enough to hold the serialized data and safe to use,
+ // because it is only used at here to do verification temporarily first
+ // and then used in UpdateVariable() for a time based auth variable set.
+ //
+ Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData);
+ if (EFI_ERROR (Status)) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Buffer = NewData;
+ Length = StrLen (VariableName) * sizeof (CHAR16);
+ CopyMem (Buffer, VariableName, Length);
+ Buffer += Length;
+
+ Length = sizeof (EFI_GUID);
+ CopyMem (Buffer, VendorGuid, Length);
+ Buffer += Length;
+
+ Length = sizeof (UINT32);
+ CopyMem (Buffer, &Attr, Length);
+ Buffer += Length;
+
+ Length = sizeof (EFI_TIME);
+ CopyMem (Buffer, &CertData->TimeStamp, Length);
+ Buffer += Length;
+
+ CopyMem (Buffer, PayloadPtr, PayloadSize);
+
+ if (AuthVarType == AuthVarTypePk) {
+ //
+ // Verify that the signature has been made with the current Platform Key (no chaining for PK).
+ // First, get signer's certificates from SignedData.
+ //
+ VerifyStatus = Pkcs7GetSigners (
+ SigData,
+ SigDataSize,
+ &SignerCerts,
+ &CertStackSize,
+ &RootCert,
+ &RootCertSize
+ );
+ if (!VerifyStatus) {
+ goto Exit;
+ }
+
+ //
+ // Second, get the current platform key from variable. Check whether it's identical with signer's certificates
+ // in SignedData. If not, return error immediately.
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_PLATFORM_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ VerifyStatus = FALSE;
+ goto Exit;
+ }
+ CertList = (EFI_SIGNATURE_LIST *) Data;
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ if ((RootCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) ||
+ (CompareMem (Cert->SignatureData, RootCert, RootCertSize) != 0)) {
+ VerifyStatus = FALSE;
+ goto Exit;
+ }
+
+ //
+ // Verify Pkcs7 SignedData via Pkcs7Verify library.
+ //
+ VerifyStatus = Pkcs7Verify (
+ SigData,
+ SigDataSize,
+ RootCert,
+ RootCertSize,
+ NewData,
+ NewDataSize
+ );
+
+ } else if (AuthVarType == AuthVarTypeKek) {
+
+ //
+ // Get KEK database from variable.
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_KEY_EXCHANGE_KEY_NAME,
+ &gEfiGlobalVariableGuid,
+ &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList.
+ //
+ KekDataSize = (UINT32) DataSize;
+ CertList = (EFI_SIGNATURE_LIST *) Data;
+ while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) {
+ if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ for (Index = 0; Index < CertCount; Index++) {
+ //
+ // Iterate each Signature Data Node within this CertList for a verify
+ //
+ RootCert = Cert->SignatureData;
+ RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
+
+ //
+ // Verify Pkcs7 SignedData via Pkcs7Verify library.
+ //
+ VerifyStatus = Pkcs7Verify (
+ SigData,
+ SigDataSize,
+ RootCert,
+ RootCertSize,
+ NewData,
+ NewDataSize
+ );
+ if (VerifyStatus) {
+ goto Exit;
+ }
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+ }
+ }
+ KekDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+ } else if (AuthVarType == AuthVarTypePriv) {
+
+ //
+ // Process common authenticated variable except PK/KEK/DB/DBX/DBT.
+ // Get signer's certificates from SignedData.
+ //
+ VerifyStatus = Pkcs7GetSigners (
+ SigData,
+ SigDataSize,
+ &SignerCerts,
+ &CertStackSize,
+ &RootCert,
+ &RootCertSize
+ );
+ if (!VerifyStatus) {
+ goto Exit;
+ }
+
+ //
+ // Get previously stored signer's certificates from certdb for existing
+ // variable. Check whether they are identical with signer's certificates
+ // in SignedData. If not, return error immediately.
+ //
+ if (OrgTimeStamp != NULL) {
+ VerifyStatus = FALSE;
+
+ Status = GetCertsFromDb (VariableName, VendorGuid, &CertsInCertDb, &CertsSizeinDb);
+ if (EFI_ERROR (Status)) {
+ goto Exit;
+ }
+
+ if ((CertStackSize != CertsSizeinDb) ||
+ (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) {
+ goto Exit;
+ }
+ }
+
+ VerifyStatus = Pkcs7Verify (
+ SigData,
+ SigDataSize,
+ RootCert,
+ RootCertSize,
+ NewData,
+ NewDataSize
+ );
+ if (!VerifyStatus) {
+ goto Exit;
+ }
+
+ //
+ // Delete signer's certificates when delete the common authenticated variable.
+ //
+ if ((PayloadSize == 0) && (OrgTimeStamp != NULL) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) {
+ Status = DeleteCertsFromDb (VariableName, VendorGuid);
+ if (EFI_ERROR (Status)) {
+ VerifyStatus = FALSE;
+ goto Exit;
+ }
+ } else if ((OrgTimeStamp == NULL) && (PayloadSize != 0)) {
+ //
+ // Insert signer's certificates when adding a new common authenticated variable.
+ //
+ Status = InsertCertsToDb (VariableName, VendorGuid, SignerCerts, CertStackSize);
+ if (EFI_ERROR (Status)) {
+ VerifyStatus = FALSE;
+ goto Exit;
+ }
+ }
+ } else if (AuthVarType == AuthVarTypePayload) {
+ CertList = (EFI_SIGNATURE_LIST *) PayloadPtr;
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ RootCert = Cert->SignatureData;
+ RootCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1);
+ //
+ // Verify Pkcs7 SignedData via Pkcs7Verify library.
+ //
+ VerifyStatus = Pkcs7Verify (
+ SigData,
+ SigDataSize,
+ RootCert,
+ RootCertSize,
+ NewData,
+ NewDataSize
+ );
+ } else {
+ return EFI_SECURITY_VIOLATION;
+ }
+
+Exit:
+
+ if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {
+ Pkcs7FreeSigners (RootCert);
+ Pkcs7FreeSigners (SignerCerts);
+ }
+
+ if (!VerifyStatus) {
+ return EFI_SECURITY_VIOLATION;
+ }
+
+ Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ *VarPayloadPtr = PayloadPtr;
+ *VarPayloadSize = PayloadSize;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload.
+ @param[out] VarDel Delete the variable or not.
+
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
+ of resources.
+ @retval EFI_SUCCESS Variable pass validation successfully.
+
+**/
+EFI_STATUS
+VerifyTimeBasedPayloadAndUpdate (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN AUTHVAR_TYPE AuthVarType,
+ OUT BOOLEAN *VarDel
+ )
+{
+ EFI_STATUS Status;
+ EFI_STATUS FindStatus;
+ UINT8 *PayloadPtr;
+ UINTN PayloadSize;
+ EFI_VARIABLE_AUTHENTICATION_2 *CertData;
+ AUTH_VARIABLE_INFO OrgVariableInfo;
+
+ ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo));
+ FindStatus = mAuthVarLibContextIn->FindVariable (
+ VariableName,
+ VendorGuid,
+ &OrgVariableInfo
+ );
+
+ Status = VerifyTimeBasedPayload (
+ VariableName,
+ VendorGuid,
+ Data,
+ DataSize,
+ Attributes,
+ AuthVarType,
+ (!EFI_ERROR (FindStatus)) ? OrgVariableInfo.TimeStamp : NULL,
+ &PayloadPtr,
+ &PayloadSize
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if ((PayloadSize == 0) && (VarDel != NULL)) {
+ *VarDel = TRUE;
+ }
+
+ CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data;
+
+ //
+ // Final step: Update/Append Variable if it pass Pkcs7Verify
+ //
+ return AuthServiceInternalUpdateVariableWithTimeStamp (
+ VariableName,
+ VendorGuid,
+ PayloadPtr,
+ PayloadSize,
+ Attributes,
+ &CertData->TimeStamp
+ );
+}
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
new file mode 100644
index 0000000..19ea123
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h
@@ -0,0 +1,411 @@
+/** @file
+ The internal header file includes the common header files, defines
+ internal structure and functions used by AuthService module.
+
+ Caution: This module requires additional review when modified.
+ This driver will have external input - variable data. It may be input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+ Variable attribute should also be checked to avoid authentication bypass.
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+ may not be modified without authorization. If platform fails to protect these resources,
+ the authentication service provided in this driver will be broken, and the behavior is undefined.
+
+Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _AUTHSERVICE_INTERNAL_H_
+#define _AUTHSERVICE_INTERNAL_H_
+
+#include <Library/AuthVariableLib.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/PlatformSecureLib.h>
+
+#include <Guid/AuthenticatedVariableFormat.h>
+#include <Guid/ImageAuthentication.h>
+
+///
+/// Struct to record signature requirement defined by UEFI spec.
+/// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field.
+///
+typedef struct {
+ EFI_GUID SigType;
+ // Expected SignatureHeader size in Bytes.
+ UINT32 SigHeaderSize;
+ // Expected SignatureData size in Bytes.
+ UINT32 SigDataSize;
+} EFI_SIGNATURE_ITEM;
+
+typedef enum {
+ AuthVarTypePk,
+ AuthVarTypeKek,
+ AuthVarTypePriv,
+ AuthVarTypePayload
+} AUTHVAR_TYPE;
+
+///
+/// "AuthVarKeyDatabase" variable for the Public Key store
+/// of variables with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+///
+/// GUID: gEfiAuthenticatedVariableGuid
+///
+/// We need maintain atomicity.
+///
+/// Format:
+/// +----------------------------+
+/// | AUTHVAR_KEY_DB_DATA | <-- First AuthVarKey
+/// +----------------------------+
+/// | ...... |
+/// +----------------------------+
+/// | AUTHVAR_KEY_DB_DATA | <-- Last AuthKey
+/// +----------------------------+
+///
+#define AUTHVAR_KEYDB_NAME L"AuthVarKeyDatabase"
+
+#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256
+#define EFI_CERT_TYPE_RSA2048_SIZE 256
+
+#pragma pack(1)
+typedef struct {
+ UINT32 KeyIndex;
+ UINT8 KeyData[EFI_CERT_TYPE_RSA2048_SIZE];
+} AUTHVAR_KEY_DB_DATA;
+#pragma pack()
+
+///
+/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX
+/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+///
+/// GUID: gEfiCertDbGuid
+///
+/// We need maintain atomicity.
+///
+/// Format:
+/// +----------------------------+
+/// | UINT32 | <-- CertDbListSize, including this UINT32
+/// +----------------------------+
+/// | AUTH_CERT_DB_DATA | <-- First CERT
+/// +----------------------------+
+/// | ........ |
+/// +----------------------------+
+/// | AUTH_CERT_DB_DATA | <-- Last CERT
+/// +----------------------------+
+///
+#define EFI_CERT_DB_NAME L"certdb"
+
+#pragma pack(1)
+typedef struct {
+ EFI_GUID VendorGuid;
+ UINT32 CertNodeSize;
+ UINT32 NameSize;
+ UINT32 CertDataSize;
+ /// CHAR16 VariableName[NameSize];
+ /// UINT8 CertData[CertDataSize];
+} AUTH_CERT_DB_DATA;
+#pragma pack()
+
+extern UINT8 *mPubKeyStore;
+extern UINT32 mPubKeyNumber;
+extern UINT32 mMaxKeyNumber;
+extern UINT32 mMaxKeyDbSize;
+extern UINT8 *mCertDbStore;
+extern UINT32 mMaxCertDbSize;
+extern UINT32 mPlatformMode;
+extern UINT8 mVendorKeyState;
+
+extern VOID *mHashCtx;
+
+extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn;
+
+/**
+ Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload.
+ @param[out] VarDel Delete the variable or not.
+
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack
+ of resources.
+ @retval EFI_SUCCESS Variable pass validation successfully.
+
+**/
+EFI_STATUS
+VerifyTimeBasedPayloadAndUpdate (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN AUTHVAR_TYPE AuthVarType,
+ OUT BOOLEAN *VarDel
+ );
+
+/**
+ Delete matching signer's certificates when deleting common authenticated
+ variable by corresponding VariableName and VendorGuid from "certdb".
+
+ @param[in] VariableName Name of authenticated Variable.
+ @param[in] VendorGuid Vendor GUID of authenticated Variable.
+
+ @retval EFI_INVALID_PARAMETER Any input parameter is invalid.
+ @retval EFI_NOT_FOUND Fail to find "certdb" or matching certs.
+ @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources.
+ @retval EFI_SUCCESS The operation is completed successfully.
+
+**/
+EFI_STATUS
+DeleteCertsFromDb (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ );
+
+/**
+ Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data.
+
+ @param[in] Data Pointer to original EFI_SIGNATURE_LIST.
+ @param[in] DataSize Size of Data buffer.
+ @param[in, out] NewData Pointer to new EFI_SIGNATURE_LIST.
+ @param[in, out] NewDataSize Size of NewData buffer.
+
+**/
+EFI_STATUS
+FilterSignatureList (
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN OUT VOID *NewData,
+ IN OUT UINTN *NewDataSize
+ );
+
+/**
+ Process variable with platform key for verification.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable
+ @param[in] IsPk Indicate whether it is to process pk.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation.
+ check carried out by the firmware.
+ @return EFI_SUCCESS Variable passed validation successfully.
+
+**/
+EFI_STATUS
+ProcessVarWithPk (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL,
+ IN BOOLEAN IsPk
+ );
+
+/**
+ Process variable with key exchange key for verification.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data found. If size is less than the
+ data, this value contains the required size.
+ @param[in] Attributes Attribute value of the variable.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation
+ check carried out by the firmware.
+ @return EFI_SUCCESS Variable pass validation successfully.
+
+**/
+EFI_STATUS
+ProcessVarWithKek (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL
+ );
+
+/**
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.
+
+ @param[in] VariableName Name of the variable.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+ @return EFI_OUT_OF_RESOURCES The Database to save the public key is full.
+ @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ set, but the AuthInfo does NOT pass the validation
+ check carried out by the firmware.
+ @return EFI_SUCCESS Variable is not write-protected or pass validation successfully.
+
+**/
+EFI_STATUS
+ProcessVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes OPTIONAL
+ );
+
+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] Data Pointer to data address.
+ @param[out] DataSize Pointer to data size.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+AuthServiceInternalFindVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VOID **Data,
+ OUT UINTN *DataSize
+ );
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+AuthServiceInternalUpdateVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ );
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] KeyIndex Index of associated public key.
+ @param[in] MonotonicCount Value of associated monotonic count.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+AuthServiceInternalUpdateVariableWithMonotonicCount (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN UINT32 KeyIndex,
+ IN UINT64 MonotonicCount
+ );
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+ @param[in] TimeStamp Value of associated TimeStamp.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+AuthServiceInternalUpdateVariableWithTimeStamp (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes,
+ IN EFI_TIME *TimeStamp
+ );
+
+#endif
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
new file mode 100644
index 0000000..22d664b
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c
@@ -0,0 +1,460 @@
+/** @file
+ Implement authentication services for the authenticated variables.
+
+ Caution: This module requires additional review when modified.
+ This driver will have external input - variable data. It may be input in SMM mode.
+ This external input must be validated carefully to avoid security issue like
+ buffer overflow, integer overflow.
+ Variable attribute should also be checked to avoid authentication bypass.
+ The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+ which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+ may not be modified without authorization. If platform fails to protect these resources,
+ the authentication service provided in this driver will be broken, and the behavior is undefined.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "AuthServiceInternal.h"
+
+///
+/// Global database array for scratch
+///
+UINT8 *mPubKeyStore;
+UINT32 mPubKeyNumber;
+UINT32 mMaxKeyNumber;
+UINT32 mMaxKeyDbSize;
+UINT8 *mCertDbStore;
+UINT32 mMaxCertDbSize;
+UINT32 mPlatformMode;
+UINT8 mVendorKeyState;
+
+EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID};
+
+//
+// Hash context pointer
+//
+VOID *mHashCtx = NULL;
+
+VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = {
+ {
+ &gEfiSecureBootEnableDisableGuid,
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ }
+ },
+ {
+ &gEfiCustomModeEnableGuid,
+ EFI_CUSTOM_MODE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ }
+ },
+ {
+ &gEfiVendorKeysNvGuid,
+ EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ sizeof (UINT8),
+ sizeof (UINT8)
+ }
+ },
+ {
+ &gEfiAuthenticatedVariableGuid,
+ AUTHVAR_KEYDB_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
+ sizeof (UINT8),
+ MAX_UINTN
+ }
+ },
+ {
+ &gEfiCertDbGuid,
+ EFI_CERT_DB_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ sizeof (UINT32),
+ MAX_UINTN
+ }
+ },
+};
+
+VOID *mAddressPointer[3];
+
+AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL;
+
+/**
+ Initialization for authenticated varibale services.
+ If this initialization returns error status, other APIs will not work
+ and expect to be not called then.
+
+ @param[in] AuthVarLibContextIn Pointer to input auth variable lib context.
+ @param[out] AuthVarLibContextOut Pointer to output auth variable lib context.
+
+ @retval EFI_SUCCESS Function successfully executed.
+ @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL.
+ @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibInitialize (
+ IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn,
+ OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut
+ )
+{
+ EFI_STATUS Status;
+ UINT8 VarValue;
+ UINT32 VarAttr;
+ UINT8 *Data;
+ UINTN DataSize;
+ UINTN CtxSize;
+ UINT8 SecureBootMode;
+ UINT8 SecureBootEnable;
+ UINT8 CustomMode;
+ UINT32 ListSize;
+
+ if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ mAuthVarLibContextIn = AuthVarLibContextIn;
+
+ //
+ // Initialize hash context.
+ //
+ CtxSize = Sha256GetContextSize ();
+ mHashCtx = AllocateRuntimePool (CtxSize);
+ if (mHashCtx == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Reserve runtime buffer for public key database. The size excludes variable header and name size.
+ //
+ mMaxKeyDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (AUTHVAR_KEYDB_NAME));
+ mMaxKeyNumber = mMaxKeyDbSize / sizeof (AUTHVAR_KEY_DB_DATA);
+ mPubKeyStore = AllocateRuntimePool (mMaxKeyDbSize);
+ if (mPubKeyStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Reserve runtime buffer for certificate database. The size excludes variable header and name size.
+ //
+ mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_NAME));
+ mCertDbStore = AllocateRuntimePool (mMaxCertDbSize);
+ if (mCertDbStore == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Check "AuthVarKeyDatabase" variable's existence.
+ // If it doesn't exist, create a new one with initial value of 0 and EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS set.
+ //
+ Status = AuthServiceInternalFindVariable (
+ AUTHVAR_KEYDB_NAME,
+ &gEfiAuthenticatedVariableGuid,
+ (VOID **) &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS;
+ VarValue = 0;
+ mPubKeyNumber = 0;
+ Status = AuthServiceInternalUpdateVariable (
+ AUTHVAR_KEYDB_NAME,
+ &gEfiAuthenticatedVariableGuid,
+ &VarValue,
+ sizeof(UINT8),
+ VarAttr
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ } else {
+ //
+ // Load database in global variable for cache.
+ //
+ ASSERT ((DataSize != 0) && (Data != NULL));
+ //
+ // "AuthVarKeyDatabase" is an internal variable. Its DataSize is always ensured not to exceed mPubKeyStore buffer size(See definition before)
+ // Therefore, there is no memory overflow in underlying CopyMem.
+ //
+ CopyMem (mPubKeyStore, (UINT8 *) Data, DataSize);
+ mPubKeyNumber = (UINT32) (DataSize / sizeof (AUTHVAR_KEY_DB_DATA));
+ }
+
+ Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME));
+ } else {
+ DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME));
+ }
+
+ //
+ // Create "SetupMode" variable with BS+RT attribute set.
+ //
+ if (EFI_ERROR (Status)) {
+ mPlatformMode = SETUP_MODE;
+ } else {
+ mPlatformMode = USER_MODE;
+ }
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SETUP_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ &mPlatformMode,
+ sizeof(UINT8),
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Create "SignatureSupport" variable with BS+RT attribute set.
+ //
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SIGNATURE_SUPPORT_NAME,
+ &gEfiGlobalVariableGuid,
+ mSignatureSupport,
+ sizeof(mSignatureSupport),
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // If "SecureBootEnable" variable exists, then update "SecureBoot" variable.
+ // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE.
+ // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE.
+ //
+ SecureBootEnable = SECURE_BOOT_DISABLE;
+ Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize);
+ if (!EFI_ERROR (Status)) {
+ if (mPlatformMode == SETUP_MODE){
+ //
+ // PK is cleared in runtime. "SecureBootMode" is not updated before reboot
+ // Delete "SecureBootMode" in SetupMode
+ //
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &SecureBootEnable,
+ 0,
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ } else {
+ SecureBootEnable = *(UINT8 *) Data;
+ }
+ } else if (mPlatformMode == USER_MODE) {
+ //
+ // "SecureBootEnable" not exist, initialize it in USER_MODE.
+ //
+ SecureBootEnable = SECURE_BOOT_ENABLE;
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_ENABLE_NAME,
+ &gEfiSecureBootEnableDisableGuid,
+ &SecureBootEnable,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+
+ //
+ // Create "SecureBoot" variable with BS+RT attribute set.
+ //
+ if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) {
+ SecureBootMode = SECURE_BOOT_MODE_ENABLE;
+ } else {
+ SecureBootMode = SECURE_BOOT_MODE_DISABLE;
+ }
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_SECURE_BOOT_MODE_NAME,
+ &gEfiGlobalVariableGuid,
+ &SecureBootMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode));
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode));
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable));
+
+ //
+ // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state.
+ //
+ CustomMode = STANDARD_SECURE_BOOT_MODE;
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_CUSTOM_MODE_NAME,
+ &gEfiCustomModeEnableGuid,
+ &CustomMode,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode));
+
+ //
+ // Check "certdb" variable's existence.
+ // If it doesn't exist, then create a new one with
+ // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+ //
+ Status = AuthServiceInternalFindVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ (VOID **) &Data,
+ &DataSize
+ );
+ if (EFI_ERROR (Status)) {
+ VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS;
+ ListSize = sizeof (UINT32);
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_CERT_DB_NAME,
+ &gEfiCertDbGuid,
+ &ListSize,
+ sizeof (UINT32),
+ VarAttr
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+
+ //
+ // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly.
+ //
+ Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize);
+ if (!EFI_ERROR (Status)) {
+ mVendorKeyState = *(UINT8 *)Data;
+ } else {
+ //
+ // "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state.
+ //
+ mVendorKeyState = VENDOR_KEYS_VALID;
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
+ &gEfiVendorKeysNvGuid,
+ &mVendorKeyState,
+ sizeof (UINT8),
+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+
+ //
+ // Create "VendorKeys" variable with BS+RT attribute set.
+ //
+ Status = AuthServiceInternalUpdateVariable (
+ EFI_VENDOR_KEYS_VARIABLE_NAME,
+ &gEfiGlobalVariableGuid,
+ &mVendorKeyState,
+ sizeof (UINT8),
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState));
+
+ AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION;
+ AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT);
+ AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry;
+ AuthVarLibContextOut->AuthVarEntryCount = sizeof (mAuthVarEntry) / sizeof (mAuthVarEntry[0]);
+ mAddressPointer[0] = mHashCtx;
+ mAddressPointer[1] = mPubKeyStore;
+ mAddressPointer[2] = mCertDbStore;
+ AuthVarLibContextOut->AddressPointer = mAddressPointer;
+ AuthVarLibContextOut->AddressPointerCount = sizeof (mAddressPointer) / sizeof (mAddressPointer[0]);
+
+ return Status;
+}
+
+/**
+ Process variable with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS/EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set.
+
+ @param[in] VariableName Name of the variable.
+ @param[in] VendorGuid Variable vendor GUID.
+ @param[in] Data Data pointer.
+ @param[in] DataSize Size of Data.
+ @param[in] Attributes Attribute value of the variable.
+
+ @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as
+ defined by the Attributes.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+ @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACESS
+ set, but the AuthInfo does NOT pass the validation
+ check carried out by the firmware.
+ @retval EFI_UNSUPPORTED Unsupported to process authenticated variable.
+
+**/
+EFI_STATUS
+EFIAPI
+AuthVariableLibProcessVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *Data,
+ IN UINTN DataSize,
+ IN UINT32 Attributes
+ )
+{
+ EFI_STATUS Status;
+
+ if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){
+ Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE);
+ } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) {
+ Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
+ } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) &&
+ ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) ||
+ (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)
+ )) {
+ Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE);
+ if (EFI_ERROR (Status)) {
+ Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes);
+ }
+ } else {
+ Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
+ }
+
+ return Status;
+}
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
new file mode 100644
index 0000000..5033085
--- /dev/null
+++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
@@ -0,0 +1,86 @@
+## @file
+# Provides authenticated variable services.
+#
+# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions
+# of the BSD License which accompanies this distribution. The
+# full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = AuthVariableLib
+ MODULE_UNI_FILE = AuthVariableLib.uni
+ FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457
+ MODULE_TYPE = DXE_RUNTIME_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ AuthVariableLib.c
+ AuthService.c
+ AuthServiceInternal.h
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ MemoryAllocationLib
+ BaseCryptLib
+ PlatformSecureLib
+
+[Guids]
+ ## CONSUMES ## Variable:L"SetupMode"
+ ## PRODUCES ## Variable:L"SetupMode"
+ ## SOMETIMES_CONSUMES ## Variable:L"PK"
+ ## SOMETIMES_CONSUMES ## Variable:L"KEK"
+ ## CONSUMES ## Variable:L"SecureBoot"
+ ## PRODUCES ## Variable:L"SecureBoot"
+ ## CONSUMES ## Variable:L"SignatureSupport"
+ ## PRODUCES ## Variable:L"SignatureSupport"
+ ## PRODUCES ## Variable:L"VendorKeys"
+ gEfiGlobalVariableGuid
+
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"
+ gEfiImageSecurityDatabaseGuid
+
+ ## CONSUMES ## Variable:L"SecureBootEnable"
+ ## PRODUCES ## Variable:L"SecureBootEnable"
+ gEfiSecureBootEnableDisableGuid
+
+ ## CONSUMES ## Variable:L"CustomMode"
+ ## PRODUCES ## Variable:L"CustomMode"
+ gEfiCustomModeEnableGuid
+
+ ## CONSUMES ## Variable:L"certdb"
+ ## PRODUCES ## Variable:L"certdb"
+ gEfiCertDbGuid
+
+ ## CONSUMES ## Variable:L"VendorKeysNv"
+ ## PRODUCES ## Variable:L"VendorKeysNv"
+ gEfiVendorKeysNvGuid
+
+ gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.
+ gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate.
+ gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature.
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni
new file mode 100644
index 0000000000000000000000000000000000000000..2f72288eea5162efd067ba91a8c54801da2d431b
GIT binary patch
literal 1670
zcmchXPjAye5XI+=#CNdL3!v5kBrXUc5^BH#>L_tkI92)A)>4QgCuzx-2Yzq1v1uq0
z2UJ=1?#|A>dGlu0KYz5XZ4vJip2*(***@zShd%)%1XP!KE=MmGO~@W?UL1k
zv9Jl2HLEFmSIjGHBO5zT#EBUeouBymxW>NU7;nj9X<KJ^0sA#<AHnG{<8ymz&+LUA
zGEY6L8SEp|nTk{TD#wD^!eVwh?8`&B1~e&Cd4?fh=@Hv2>ssGl-;r|;hr;z-a;^kL
zF}{H^B8IdK8f!h_DcM{4-j;I<{39$u`***@0aVTR8fZz;d<N(gs{uhXijEUKF-
z-_&j6ER;*bL{+Yc8oD5`***@0=S|9C}bW(G!YXduG{pl8$hU>L!G2#1XwgoYTC^dp!
zinU^`tjFGqO<km_GCIc|DkRR|@!scjTbH2a7O(Nm`4WVXp)_u|s&m#<;-%jY^;FPS
z{*@~olYK>f+I!lsu#90owWGbA7?exiCQ5D}EP+jr?#b*u-;RA|ouXufmKt-cDg8BM
zmbkt{J7G+)N7w>FqkT$0CwL4TIb)_i*0;qdT%ooYyS~=***@HbAU><cyXh>@M*)puqm
z*i%r2k$Ln!D{+@iF>`$7qo~2_9lnbGmGL7xVy^p_+(ZdkB=)7oY0y)&=+RAzdCV=_
z>9!jq|DUzpE}***@W@O3HqIZlz}k>EwM8gNiQkeL9HA<e|rx6wg_v(t-0{7Q70UM
lC8jMH{@*`mtIp@&a#1G?$U<GxtJS|NpZm`xMxR|}egR0x2Co1B

literal 0
HcmV?d00001

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 35a7a51..fd74ec1 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -175,7 +175,9 @@ [Components]
#
SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf
SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf
-
+
+ SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+
[Components.IA32, Components.X64, Components.IPF]
# SecurityPkg/UserIdentification/PwdCredentialProviderDxe/PwdCredentialProviderDxe.inf
# SecurityPkg/UserIdentification/UsbCredentialProviderDxe/UsbCredentialProviderDxe.inf
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
index 4a4595f..20f60d4 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.h
@@ -122,12 +122,6 @@ typedef struct {
} VARIABLE_MODULE_GLOBAL;

typedef struct {
- EFI_GUID *Guid;
- CHAR16 *Name;
- UINTN VariableSize;
-} VARIABLE_ENTRY_CONSISTENCY;
-
-typedef struct {
LIST_ENTRY Link;
EFI_GUID Guid;
//CHAR16 *Name;
--
1.9.5.msysgit.0

AuthVariableLib and TpmMeasurementLib library classes are now linked with
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
to optionally support secure variables.

For Vlv2TbltDevicePkg,
link AuthVariableLib and DxeTpmMeasurementLib in SecurityPkg
when SECURE_BOOT_ENABLE = TRUE,
and link AuthVariableLibNull and TpmMeasurementLibNull in MdeModulePkg
when SECURE_BOOT_ENABLE = FALSE.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: David Wei <***@intel.com>
---
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 15 ++++++++++-----
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 15 ++++++++++-----
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 15 ++++++++++-----
3 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
index b3f47dd..fc9e869 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
@@ -257,11 +257,16 @@ [LibraryClasses.common]

StallSmmLib|$(PLATFORM_PACKAGE)/Library/StallSmmLib/StallSmmLib.inf

- !if $(SECURE_BOOT_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
- !endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
!if $(RC_BINARY_RELEASE) == TRUE
I2cLib|Vlv2TbltDevicePkg/Library/I2CLib/I2CLibNull.inf
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index 90ead2e..b4fba1e 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -257,11 +257,16 @@ [LibraryClasses.common]

StallSmmLib|$(PLATFORM_PACKAGE)/Library/StallSmmLib/StallSmmLib.inf

- !if $(SECURE_BOOT_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
- !endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
!if $(RC_BINARY_RELEASE) == TRUE
I2cLib|Vlv2TbltDevicePkg/Library/I2CLib/I2CLibNull.inf
!endif
diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 344bbc9..4b290d6 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -257,11 +257,16 @@ [LibraryClasses.common]

StallSmmLib|$(PLATFORM_PACKAGE)/Library/StallSmmLib/StallSmmLib.inf

- !if $(SECURE_BOOT_ENABLE) == TRUE
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
- !endif
+!if $(SECURE_BOOT_ENABLE) == TRUE
+ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+ IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
+ PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
+ TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+ AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+!else
+ TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf
+!endif
!if $(RC_BINARY_RELEASE) == TRUE
I2cLib|Vlv2TbltDevicePkg/Library/I2CLib/I2CLibNull.inf
!endif
--
1.9.5.msysgit.0

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Ruiyu Ni <***@intel.com>
Reviewed-by: Jordan Justen <***@intel.com>
---
Nt32Pkg/Nt32Pkg.dsc | 8 +-------
Nt32Pkg/Nt32Pkg.fdf | 8 +-------
2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/Nt32Pkg/Nt32Pkg.dsc b/Nt32Pkg/Nt32Pkg.dsc
index 2344d9a..a8e5590 100644
--- a/Nt32Pkg/Nt32Pkg.dsc
+++ b/Nt32Pkg/Nt32Pkg.dsc
@@ -326,11 +326,7 @@ [Components]
Nt32Pkg/WinNtFlashMapPei/WinNtFlashMapPei.inf

MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif

Nt32Pkg/WinNtAutoScanPei/WinNtAutoScanPei.inf
Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf
@@ -373,11 +369,9 @@ [Components]
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
diff --git a/Nt32Pkg/Nt32Pkg.fdf b/Nt32Pkg/Nt32Pkg.fdf
index 1eedb75..b46580e 100644
--- a/Nt32Pkg/Nt32Pkg.fdf
+++ b/Nt32Pkg/Nt32Pkg.fdf
@@ -184,11 +184,7 @@ [FV.FvRecovery]
INF Nt32Pkg/WinNtFirmwareVolumePei/WinNtFirmwareVolumePei.inf

INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
-INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif

INF Nt32Pkg/WinNtThunkPPIToProtocolPei/WinNtThunkPPIToProtocolPei.inf
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -223,11 +219,9 @@ [FV.FvRecovery]
INF MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
INF MdeModulePkg/Universal/StatusCodeHandler/RuntimeDxe/StatusCodeHandlerRuntimeDxe.inf
INF Nt32Pkg/WinNtOemHookStatusCodeHandlerDxe/WinNtOemHookStatusCodeHandlerDxe.inf
+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
-INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
-INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
--
1.9.5.msysgit.0

Remove gVariableAuthenticatedRuntimeDxeFileGuid definition in
ArmPlatformPkg.dec and use gVariableRuntimeDxeFileGuid in
NorFlashAuthenticatedDxe.inf as auth Variable driver in SecurityPkg
and Variable driver in MdeModulePkg have been merged.

Cc: Olivier Martin <***@arm.com>
Cc: Leif Lindholm <***@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
---
ArmPlatformPkg/ArmPlatformPkg.dec | 5 +----
ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf | 5 +++--
2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
index 4100b15..cd67aee 100644
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
@@ -1,6 +1,7 @@
#/** @file
#
# Copyright (c) 2011-2015, ARM Limited. All rights reserved.
+# Copyright (c) 2015, Intel Corporation. All rights reserved.
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -36,10 +37,6 @@ [Guids.common]
# Following Guid must match FILE_GUID in MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
#
gVariableRuntimeDxeFileGuid = { 0xcbd2e4d5, 0x7068, 0x4ff5, { 0xb4, 0x62, 0x98, 0x22, 0xb4, 0xad, 0x8d, 0x60 } }
- #
- # Following Guid must match FILE_GUID in SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
- #
- gVariableAuthenticatedRuntimeDxeFileGuid = { 0x2226f30f, 0x3d5b, 0x402d, {0x99, 0x36, 0xa9, 0x71, 0x84, 0xEB, 0x45, 0x16 } }

## Include/Guid/ArmGlobalVariableHob.h
gArmGlobalVariableGuid = { 0xc3253c90, 0xa24f, 0x4599, { 0xa6, 0x64, 0x1f, 0x88, 0x13, 0x77, 0x8f, 0xc9} }
diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf
index ff8f048..6c5e6ae 100644
--- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf
+++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashAuthenticatedDxe.inf
@@ -4,6 +4,7 @@
#
# Copyright (c) 2011 - 2014, ARM Ltd. All rights reserved.<BR>
# Copyright (c) 2015, Linaro Ltd. All rights reserved.<BR>
+# Copyright (c) 2015, Intel Corporation. All rights reserved.
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -70,7 +71,7 @@ [Pcd.common]

[Depex]
#
- # NorFlashAuthenticatedDxe must be loaded before VariableAuthenticatedRuntimeDxe
+ # NorFlashAuthenticatedDxe must be loaded before VariableRuntimeDxe
# in case empty flash needs populating with default values
#
- BEFORE gVariableAuthenticatedRuntimeDxeFileGuid
+ BEFORE gVariableRuntimeDxeFileGuid
--
1.9.5.msysgit.0

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jordan Justen <***@intel.com>
Reviewed-by: Laszlo Ersek <***@redhat.com>
Tested-by: Laszlo Ersek <***@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 5 -----
OvmfPkg/OvmfPkgIa32.fdf | 6 ++----
OvmfPkg/OvmfPkgIa32X64.dsc | 5 -----
OvmfPkg/OvmfPkgIa32X64.fdf | 6 ++----
OvmfPkg/OvmfPkgX64.dsc | 5 -----
OvmfPkg/OvmfPkgX64.fdf | 6 ++----
6 files changed, 6 insertions(+), 27 deletions(-)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index c9bfe30..bb008f6 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -596,11 +596,6 @@ [Components]
!endif

!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
- <LibraryClasses>
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- }
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif

diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index cc70bb7..24ad0bf 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -1,7 +1,7 @@
## @file
# Open Virtual Machine Firmware: FDF
#
-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -231,11 +231,9 @@ [FV.DXEFV]
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf

+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif

INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 7e2e485..fed584f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -603,11 +603,6 @@ [Components.X64]
!endif

!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
- <LibraryClasses>
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- }
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif

diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 7256ff3..5f98be8 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -1,7 +1,7 @@
## @file
# Open Virtual Machine Firmware: FDF
#
-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -231,11 +231,9 @@ [FV.DXEFV]
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf

+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif

INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index cf8d65c..92af10f 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -601,11 +601,6 @@ [Components]
!endif

!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf {
- <LibraryClasses>
- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
- OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
- }
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif

diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 80fd827..11e74e7 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -1,7 +1,7 @@
## @file
# Open Virtual Machine Firmware: FDF
#
-# Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -231,11 +231,9 @@ [FV.DXEFV]
INF OvmfPkg/XenBusDxe/XenBusDxe.inf
INF OvmfPkg/XenPvBlkDxe/XenPvBlkDxe.inf

+INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif

INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
--
1.9.5.msysgit.0

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Laszlo Ersek <***@redhat.com>
Reviewed-by: Ard Biesheuvel <***@linaro.org>
Tested-by: Ard Biesheuvel <***@linaro.org>
---
ArmVirtPkg/ArmVirtQemu.dsc | 7 +------
ArmVirtPkg/ArmVirtQemu.fdf | 9 ++-------
2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d8eb796..0671469 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -239,11 +239,7 @@ [Components.common]
ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
ArmPkg/Drivers/CpuPei/CpuPei.inf

-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif

MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf {
<LibraryClasses>
@@ -264,16 +260,15 @@ [Components.common]
#
ArmPkg/Drivers/CpuDxe/CpuDxe.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf {
<LibraryClasses>
NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
}
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!else
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf
index 73d088a..e822fdf 100644
--- a/ArmVirtPkg/ArmVirtQemu.fdf
+++ b/ArmVirtPkg/ArmVirtQemu.fdf
@@ -1,6 +1,7 @@
#
# Copyright (c) 2011-2015, ARM Limited. All rights reserved.
# Copyright (c) 2014, Linaro Limited. All rights reserved.
+# Copyright (c) 2015, Intel Corporation. All rights reserved.
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -116,11 +117,9 @@ [FV.FvMain]
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableRuntimeDxe.inf
INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
- INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!endif
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
INF EmbeddedPkg/ResetRuntimeDxe/ResetRuntimeDxe.inf
@@ -264,11 +263,7 @@ [FV.FVMAIN_COMPACT]
INF ArmPlatformPkg/MemoryInitPei/MemoryInitPeim.inf
INF ArmPkg/Drivers/CpuPei/CpuPei.inf
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif
INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf

FILE FV_IMAGE = 9E21FD93-9C72-4c15-8C4B-E77F1DB2D792 {
--
1.9.5.msysgit.0

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: David Wei <***@intel.com>
---
Vlv2TbltDevicePkg/PlatformPkg.fdf | 14 ++------------
Vlv2TbltDevicePkg/PlatformPkgGcc.fdf | 14 ++------------
Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc | 17 +++--------------
Vlv2TbltDevicePkg/PlatformPkgIA32.dsc | 17 +++--------------
Vlv2TbltDevicePkg/PlatformPkgX64.dsc | 17 +++--------------
5 files changed, 13 insertions(+), 66 deletions(-)

diff --git a/Vlv2TbltDevicePkg/PlatformPkg.fdf b/Vlv2TbltDevicePkg/PlatformPkg.fdf
index a0a6af4..10071e1 100644
--- a/Vlv2TbltDevicePkg/PlatformPkg.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkg.fdf
@@ -340,11 +340,7 @@ [FV.FVRECOVERY]
!endif
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/CpuPeim.inf
INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
-INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif

INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf

@@ -435,19 +431,13 @@ [FV.FVMAIN]
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF IntelFrameworkModulePkg/Universal/Acpi/AcpiS3SaveDxe/AcpiS3SaveDxe.inf

-!if $(SECURE_BOOT_ENABLE)
-INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
-INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
-INF $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
-INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
-INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
-INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
INF $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
+!if $(SECURE_BOOT_ENABLE)
+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif

INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
index 3aa9b45..53f0bc0 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
+++ b/Vlv2TbltDevicePkg/PlatformPkgGcc.fdf
@@ -298,11 +298,7 @@ [FV.FVRECOVERY]
!endif
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/IA32/CpuPeim.inf
INF MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
-INF SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
INF MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif

INF $(PLATFORM_PACKAGE)/PlatformPei/PlatformPei.inf

@@ -393,19 +389,13 @@ [FV.FVMAIN]
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF IntelFrameworkModulePkg/Universal/Acpi/AcpiS3SaveDxe/AcpiS3SaveDxe.inf

-!if $(SECURE_BOOT_ENABLE)
-INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
-INF SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf
-INF $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
-INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
-INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
-INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-!else
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
INF $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
INF RuleOverride = BINARY $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
+!if $(SECURE_BOOT_ENABLE)
+INF SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
!endif

INF MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
diff --git a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
index fc9e869..ea65eb9 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgGccX64.dsc
@@ -1016,11 +1016,7 @@ [Components.IA32]
!endif
}

-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf

!if $(FTPM_ENABLE) == TRUE
@@ -1157,16 +1153,15 @@ [Components.X64]
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf{
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
}
$(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf {
<LibraryClasses>
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -1177,12 +1172,6 @@ [Components.X64]
#
*_*_*_VFR_FLAGS = -g b2dedc91-d59f-48d2-898a-12490c74a4e0
}
- !else
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
- $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
- $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
!endif
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf {
<LibraryClasses>
diff --git a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
index b4fba1e..d4ed8f2 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgIA32.dsc
@@ -1013,11 +1013,7 @@ [Components.IA32]
!endif
}

-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf

!if $(FTPM_ENABLE) == TRUE
@@ -1153,16 +1149,15 @@ [Components.IA32]
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf{
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
}
$(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf {
<LibraryClasses>
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -1173,12 +1168,6 @@ [Components.IA32]
#
*_*_*_VFR_FLAGS = -g b2dedc91-d59f-48d2-898a-12490c74a4e0
}
- !else
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
- $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
- $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
!endif
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf {
<LibraryClasses>
diff --git a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
index 4b290d6..64378a0 100644
--- a/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
+++ b/Vlv2TbltDevicePkg/PlatformPkgX64.dsc
@@ -1010,11 +1010,7 @@ [Components.IA32]
!endif
}

-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/Pei/VariablePei.inf
-!else
MdeModulePkg/Universal/Variable/Pei/VariablePei.inf
-!endif
MdeModulePkg/Universal/FaultTolerantWritePei/FaultTolerantWritePei.inf

!if $(FTPM_ENABLE) == TRUE
@@ -1150,16 +1146,15 @@ [Components.X64]
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmmRuntimeDxe.inf
- SecurityPkg/VariableAuthenticated/RuntimeDxe/VariableSmm.inf{
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf {
<LibraryClasses>
- PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SerialPortLib|$(PLATFORM_PACKAGE)/Library/SerialPortLib/SerialPortLib.inf
}
$(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
$(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
+!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf {
<LibraryClasses>
PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
@@ -1170,12 +1165,6 @@ [Components.X64]
#
*_*_*_VFR_FLAGS = -g b2dedc91-d59f-48d2-898a-12490c74a4e0
}
- !else
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
- MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
- $(PLATFORM_PACKAGE)/FvbRuntimeDxe/FvbSmm.inf
- MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf
- $(PLATFORM_BINARY_PACKAGE)/$(DXE_ARCHITECTURE)$(TARGET)/$(DXE_ARCHITECTURE)/PchSpiSmm.inf
!endif
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf {
<LibraryClasses>
--
1.9.5.msysgit.0

What to do:
1. Merge from Auth Variable driver in SecurityPkg to Variable drive in
MdeModulePkg. Then the merged Variable driver in MdeModulePkg will
link to AuthVariableLib and TpmMeasurementLib.
AuthVariableLibNull and TpmMeasurementLibNull in MdeModulePkg
could be used for non auth variable support.
AuthVariableLib and DxeTpmMeasurementLib in SecurityPkg
may be used for auth variable support.

Why to do:
1. Remove code duplication and reduce maintenance effort.
After auth variable service separated from Auth Variable driver in SecurityPkg
to AuthVariableLib. The remaining code logic of Auth Variable driver in SecurityPkg
will be almost same with Variable driver in MdeModulePkg. Now it is to
merge them.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <***@intel.com>
Reviewed-by: Jiewen Yao <***@intel.com>
Reviewed-by: Liming Gao <***@intel.com>
---
MdeModulePkg/Include/Guid/SmmVariableCommon.h | 8 +-
.../Universal/Variable/RuntimeDxe/Measurement.c | 255 +++++
.../Universal/Variable/RuntimeDxe/Reclaim.c | 5 +-
.../Universal/Variable/RuntimeDxe/VarCheck.c | 234 ++--
.../Universal/Variable/RuntimeDxe/Variable.c | 1156 +++++++++++++++-----
.../Universal/Variable/RuntimeDxe/Variable.h | 447 ++++++--
.../Universal/Variable/RuntimeDxe/VariableDxe.c | 83 +-
.../Universal/Variable/RuntimeDxe/VariableExLib.c | 256 +++++
.../Variable/RuntimeDxe/VariableRuntimeDxe.inf | 48 +-
.../Variable/RuntimeDxe/VariableRuntimeDxe.uni | Bin 2588 -> 3150 bytes
.../Universal/Variable/RuntimeDxe/VariableSmm.c | 77 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.inf | 61 +-
.../Universal/Variable/RuntimeDxe/VariableSmm.uni | Bin 3746 -> 4454 bytes
.../Variable/RuntimeDxe/VariableSmmExtra.uni | Bin 1348 -> 1332 bytes
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.c | 130 ++-
.../Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf | 43 +-
16 files changed, 2232 insertions(+), 571 deletions(-)
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c

diff --git a/MdeModulePkg/Include/Guid/SmmVariableCommon.h b/MdeModulePkg/Include/Guid/SmmVariableCommon.h
index e92ab7f..216992d 100644
--- a/MdeModulePkg/Include/Guid/SmmVariableCommon.h
+++ b/MdeModulePkg/Include/Guid/SmmVariableCommon.h
@@ -71,6 +71,8 @@ typedef struct {

#define SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET 10

+#define SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE 11
+
///
/// Size of SMM communicate header, without including the payload.
///
@@ -120,4 +122,8 @@ typedef struct {
CHAR16 Name[1];
} SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY;

-#endif // _SMM_VARIABLE_COMMON_H_
\ No newline at end of file
+typedef struct {
+ UINTN VariablePayloadSize;
+} SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE;
+
+#endif // _SMM_VARIABLE_COMMON_H_
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
new file mode 100644
index 0000000..1b625e7
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
@@ -0,0 +1,255 @@
+/** @file
+ Measure TrEE required variable.
+
+Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <PiDxe.h>
+#include <Guid/ImageAuthentication.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Protocol/TrEEProtocol.h>
+
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+typedef struct {
+ CHAR16 *VariableName;
+ EFI_GUID *VendorGuid;
+} VARIABLE_TYPE;
+
+VARIABLE_TYPE mVariableType[] = {
+ {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid},
+ {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid},
+ {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},
+ {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},
+ {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},
+};
+
+/**
+ This function will return if this variable is SecureBootPolicy Variable.
+
+ @param[in] VariableName A Null-terminated string that is the name of the vendor's variable.
+ @param[in] VendorGuid A unique identifier for the vendor.
+
+ @retval TRUE This is SecureBootPolicy Variable
+ @retval FALSE This is not SecureBootPolicy Variable
+**/
+BOOLEAN
+IsSecureBootPolicyVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ UINTN Index;
+
+ for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {
+ if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) &&
+ (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
+ Measure and log an EFI variable, and extend the measurement result into a specific PCR.
+
+ @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
+ @param[in] VendorGuid A unique identifier for the vendor.
+ @param[in] VarData The content of the variable data.
+ @param[in] VarSize The size of the variable data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+MeasureVariable (
+ IN CHAR16 *VarName,
+ IN EFI_GUID *VendorGuid,
+ IN VOID *VarData,
+ IN UINTN VarSize
+ )
+{
+ EFI_STATUS Status;
+ UINTN VarNameLength;
+ EFI_VARIABLE_DATA_TREE *VarLog;
+ UINT32 VarLogSize;
+
+ ASSERT ((VarSize == 0 && VarData == NULL) || (VarSize != 0 && VarData != NULL));
+
+ VarNameLength = StrLen (VarName);
+ VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
+ - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
+
+ VarLog = (EFI_VARIABLE_DATA_TREE *) AllocateZeroPool (VarLogSize);
+ if (VarLog == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName));
+ VarLog->UnicodeNameLength = VarNameLength;
+ VarLog->VariableDataLength = VarSize;
+ CopyMem (
+ VarLog->UnicodeName,
+ VarName,
+ VarNameLength * sizeof (*VarName)
+ );
+ if (VarSize != 0) {
+ CopyMem (
+ (CHAR16 *)VarLog->UnicodeName + VarNameLength,
+ VarData,
+ VarSize
+ );
+ }
+
+ DEBUG ((EFI_D_INFO, "AuthVariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_AUTHORITY));
+ DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));
+
+ Status = TpmMeasureAndLogData (
+ 7,
+ EV_EFI_VARIABLE_DRIVER_CONFIG,
+ VarLog,
+ VarLogSize,
+ VarLog,
+ VarLogSize
+ );
+ FreePool (VarLog);
+ return Status;
+}
+
+/**
+ Returns the status whether get the variable success. The function retrieves
+ variable through the UEFI Runtime Service GetVariable(). The
+ returned buffer is allocated using AllocatePool(). The caller is responsible
+ for freeing this buffer with FreePool().
+
+ This API is only invoked in boot time. It may NOT be invoked at runtime.
+
+ @param[in] Name The pointer to a Null-terminated Unicode string.
+ @param[in] Guid The pointer to an EFI_GUID structure
+ @param[out] Value The buffer point saved the variable info.
+ @param[out] Size The buffer size of the variable.
+
+ @return EFI_OUT_OF_RESOURCES Allocate buffer failed.
+ @return EFI_SUCCESS Find the specified variable.
+ @return Others Errors Return errors from call to gRT->GetVariable.
+
+**/
+EFI_STATUS
+InternalGetVariable (
+ IN CONST CHAR16 *Name,
+ IN CONST EFI_GUID *Guid,
+ OUT VOID **Value,
+ OUT UINTN *Size
+ )
+{
+ EFI_STATUS Status;
+ UINTN BufferSize;
+
+ //
+ // Try to get the variable size.
+ //
+ BufferSize = 0;
+ *Value = NULL;
+ if (Size != NULL) {
+ *Size = 0;
+ }
+
+ Status = gRT->GetVariable ((CHAR16 *) Name, (EFI_GUID *) Guid, NULL, &BufferSize, *Value);
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ return Status;
+ }
+
+ //
+ // Allocate buffer to get the variable.
+ //
+ *Value = AllocatePool (BufferSize);
+ ASSERT (*Value != NULL);
+ if (*Value == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Get the variable data.
+ //
+ Status = gRT->GetVariable ((CHAR16 *) Name, (EFI_GUID *) Guid, NULL, &BufferSize, *Value);
+ if (EFI_ERROR (Status)) {
+ FreePool(*Value);
+ *Value = NULL;
+ }
+
+ if (Size != NULL) {
+ *Size = BufferSize;
+ }
+
+ return Status;
+}
+
+/**
+ SecureBoot Hook for SetVariable.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+
+**/
+VOID
+EFIAPI
+SecureBootHook (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ UINTN VariableDataSize;
+ VOID *VariableData;
+
+ if (!IsSecureBootPolicyVariable (VariableName, VendorGuid)) {
+ return ;
+ }
+
+ //
+ // We should NOT use Data and DataSize here,because it may include signature,
+ // or is just partial with append attributes, or is deleted.
+ // We should GetVariable again, to get full variable content.
+ //
+ Status = InternalGetVariable (
+ VariableName,
+ VendorGuid,
+ &VariableData,
+ &VariableDataSize
+ );
+ if (EFI_ERROR (Status)) {
+ VariableData = NULL;
+ VariableDataSize = 0;
+ }
+
+ Status = MeasureVariable (
+ VariableName,
+ VendorGuid,
+ VariableData,
+ VariableDataSize
+ );
+ DEBUG ((EFI_D_INFO, "MeasureBootPolicyVariable - %r\n", Status));
+
+ if (VariableData != NULL) {
+ FreePool (VariableData);
+ }
+
+ return ;
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c
index 44c56e2..616812c 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Reclaim.c
@@ -1,9 +1,8 @@
/** @file
-
Handles non-volatile variable store garbage collection, using FTW
(Fault Tolerant Write) protocol.

-Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -50,7 +49,7 @@ GetLbaAndOffsetByAddress (
Fvb = NULL;
*Lba = (EFI_LBA) (-1);
*Offset = 0;
-
+
//
// Get the proper FVB protocol.
//
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
index b2f5572..978a865 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c
@@ -616,30 +616,49 @@ UEFI_DEFINED_VARIABLE_ENTRY mGlobalVariableList2[] = {
},
};

-typedef struct {
- EFI_GUID *Guid;
- CHAR16 *Name;
- VAR_CHECK_VARIABLE_PROPERTY VariableProperty;
-} VARIABLE_DRIVER_VARIABLE_ENTRY;
-
-VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
+//
+// EFI_IMAGE_SECURITY_DATABASE_GUID
+//
+UEFI_DEFINED_VARIABLE_ENTRY mImageSecurityVariableList[] = {
{
- &gEdkiiVarErrorFlagGuid,
- VAR_ERROR_FLAG_NAME,
+ EFI_IMAGE_SECURITY_DATABASE,
{
VAR_CHECK_VARIABLE_PROPERTY_REVISION,
- VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
- VARIABLE_ATTRIBUTE_NV_BS_RT,
- sizeof (VAR_ERROR_FLAG),
- sizeof (VAR_ERROR_FLAG),
- }
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_IMAGE_SECURITY_DATABASE1,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
+ },
+ {
+ EFI_IMAGE_SECURITY_DATABASE2,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ 0,
+ VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
+ 1,
+ MAX_UINTN
+ },
+ NULL
},
};

/**
- Get UEFI defined global variable property.
- The code will check if variable guid is global variable guid first.
- If yes, further check if variable name is in mGlobalVariableList or mGlobalVariableList2.
+ Get UEFI defined global variable or image security database variable property.
+ The code will check if variable guid is global variable or image security database guid first.
+ If yes, further check if variable name is in mGlobalVariableList, mGlobalVariableList2 or mImageSecurityVariableList.

@param[in] VariableName Pointer to variable name.
@param[in] VendorGuid Variable Vendor Guid.
@@ -647,8 +666,8 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
@param[out] VariableProperty Pointer to variable property.
@param[out] VarCheckFunction Pointer to check function.

- @retval EFI_SUCCESS Variable is not global variable.
- @retval EFI_INVALID_PARAMETER Variable is global variable, but variable name is not in the lists.
+ @retval EFI_SUCCESS Variable is not global variable or image security database variable.
+ @retval EFI_INVALID_PARAMETER Variable is global variable or image security database variable, but variable name is not in the lists.

**/
EFI_STATUS
@@ -711,36 +730,24 @@ GetUefiDefinedVariableProperty (
return EFI_INVALID_PARAMETER;
}

- //
- // It is not global variable.
- //
- return EFI_SUCCESS;
-}
-
-/**
- Get variable property for variables managed by Varaible driver.
-
- @param[in] VariableName Pointer to variable name.
- @param[in] VendorGuid Variable Vendor Guid.
-
- @return Pointer to variable property.
-
-**/
-VAR_CHECK_VARIABLE_PROPERTY *
-GetVariableDriverVariableProperty (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof (mVariableDriverVariableList)/sizeof (mVariableDriverVariableList[0]); Index++) {
- if ((CompareGuid (mVariableDriverVariableList[Index].Guid, VendorGuid)) && (StrCmp (mVariableDriverVariableList[Index].Name, VariableName) == 0)) {
- return &mVariableDriverVariableList[Index].VariableProperty;
+ if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid)) {
+ for (Index = 0; Index < sizeof (mImageSecurityVariableList)/sizeof (mImageSecurityVariableList[0]); Index++) {
+ if (StrCmp (mImageSecurityVariableList[Index].Name, VariableName) == 0) {
+ if (VarCheckFunction != NULL) {
+ *VarCheckFunction = mImageSecurityVariableList[Index].CheckFunction;
+ }
+ *VariableProperty = &mImageSecurityVariableList[Index].VariableProperty;
+ return EFI_SUCCESS;
+ }
}
+
+ return EFI_INVALID_PARAMETER;
}

- return NULL;
+ //
+ // It is not global variable, image security database variable.
+ //
+ return EFI_SUCCESS;
}

/**
@@ -800,12 +807,17 @@ InternalVarCheckSetVariableCheck (
}
}
if (Property == NULL) {
- Property = GetVariableDriverVariableProperty (VariableName, VendorGuid);
- }
- if (Property == NULL) {
Status = GetUefiDefinedVariableProperty (VariableName, VendorGuid, TRUE, &Property, &VarCheckFunction);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_INFO, "[Variable]: Var Check UEFI defined variable fail %r - %g:%s\n", Status, VendorGuid, VariableName));
+ //
+ // To prevent name collisions with possible future globally defined variables,
+ // other internal firmware data variables that are not defined here must be
+ // saved with a unique VendorGuid other than EFI_GLOBAL_VARIABLE or
+ // any other GUID defined by the UEFI Specification. Implementations must
+ // only permit the creation of variables with a UEFI Specification-defined
+ // VendorGuid when these variables are documented in the UEFI Specification.
+ //
+ DEBUG ((EFI_D_INFO, "Variable Check UEFI defined variable fail %r - %s not in %g namespace\n", Status, VariableName, VendorGuid));
return Status;
}
}
@@ -814,27 +826,29 @@ InternalVarCheckSetVariableCheck (
DEBUG ((EFI_D_INFO, "[Variable]: Var Check ReadOnly variable fail %r - %g:%s\n", EFI_WRITE_PROTECTED, VendorGuid, VariableName));
return EFI_WRITE_PROTECTED;
}
- if (!((DataSize == 0) || (Attributes == 0))) {
+ if (!((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0)) || (Attributes == 0))) {
//
// Not to delete variable.
//
- if (Attributes != Property->Attributes) {
- DEBUG ((EFI_D_INFO, "[Variable]: Var Check Attributes(0x%08x to 0x%08x) fail %r - %g:%s\n", Property->Attributes, Attributes, EFI_INVALID_PARAMETER, VendorGuid, VariableName));
+ if ((Attributes != 0) && ((Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Property->Attributes)) {
+ DEBUG ((EFI_D_INFO, "Variable Check Attributes(0x%08x to 0x%08x) fail %r - %g:%s\n", Property->Attributes, Attributes, EFI_INVALID_PARAMETER, VendorGuid, VariableName));
return EFI_INVALID_PARAMETER;
}
- if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) {
- DEBUG ((EFI_D_INFO, "[Variable]: Var Check DataSize fail(0x%x not in 0x%x - 0x%x) %r - %g:%s\n", DataSize, Property->MinSize, Property->MaxSize, EFI_INVALID_PARAMETER, VendorGuid, VariableName));
- return EFI_INVALID_PARAMETER;
- }
- if (VarCheckFunction != NULL) {
- Status = VarCheckFunction (
- Property,
- DataSize,
- Data
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_INFO, "[Variable]: Internal Var Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName));
- return Status;
+ if (DataSize != 0) {
+ if ((DataSize < Property->MinSize) || (DataSize > Property->MaxSize)) {
+ DEBUG ((EFI_D_INFO, "Variable Check DataSize fail(0x%x not in 0x%x - 0x%x) %r - %g:%s\n", DataSize, Property->MinSize, Property->MaxSize, EFI_INVALID_PARAMETER, VendorGuid, VariableName));
+ return EFI_INVALID_PARAMETER;
+ }
+ if (VarCheckFunction != NULL) {
+ Status = VarCheckFunction (
+ Property,
+ DataSize,
+ Data
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_INFO, "Internal Variable Check function fail %r - %g:%s\n", Status, VendorGuid, VariableName));
+ return Status;
+ }
}
}
}
@@ -849,7 +863,7 @@ InternalVarCheckSetVariableCheck (
Data
);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_INFO, "[Variable]: Var Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));
+ DEBUG ((EFI_D_INFO, "Variable Check handler fail %r - %g:%s\n", Status, VendorGuid, VariableName));
return Status;
}
}
@@ -927,6 +941,10 @@ VarCheckRegisterSetVariableCheckHandler (

DEBUG ((EFI_D_INFO, "RegisterSetVariableCheckHandler - 0x%x\n", Handler));

+ Status = EFI_SUCCESS;
+
+ AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
//
// Check whether the handler list is enough to store new handler.
//
@@ -936,7 +954,7 @@ VarCheckRegisterSetVariableCheckHandler (
//
Status = ReallocateHandlerTable();
if (EFI_ERROR (Status)) {
- return Status;
+ goto Done;
}
}

@@ -946,7 +964,10 @@ VarCheckRegisterSetVariableCheckHandler (
mHandlerTable[mNumberOfHandler] = Handler;
mNumberOfHandler++;

- return EFI_SUCCESS;
+Done:
+ ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ return Status;
}

/**
@@ -971,6 +992,8 @@ VariablePropertyGetFunction (
CHAR16 *VariableName;
VAR_CHECK_VARIABLE_PROPERTY *Property;

+ Property = NULL;
+
for ( Link = GetFirstNode (&mVarCheckVariableList)
; !IsNull (&mVarCheckVariableList, Link)
; Link = GetNextNode (&mVarCheckVariableList, Link)
@@ -982,15 +1005,58 @@ VariablePropertyGetFunction (
}
}

- Property = GetVariableDriverVariableProperty (Name, Guid);
- if (Property == NULL) {
- GetUefiDefinedVariableProperty (Name, Guid, WildcardMatch, &Property, NULL);
- }
+ GetUefiDefinedVariableProperty (Name, Guid, WildcardMatch, &Property, NULL);

return Property;
}

/**
+ Internal variable property set.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[in] VariableProperty Pointer to the input variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckVariablePropertySet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ )
+{
+ EFI_STATUS Status;
+ VAR_CHECK_VARIABLE_ENTRY *Entry;
+ CHAR16 *VariableName;
+ VAR_CHECK_VARIABLE_PROPERTY *Property;
+
+ Status = EFI_SUCCESS;
+
+ Property = VariablePropertyGetFunction (Name, Guid, FALSE);
+ if (Property != NULL) {
+ CopyMem (Property, VariableProperty, sizeof (*VariableProperty));
+ } else {
+ Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name));
+ if (Entry == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Done;
+ }
+ VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
+ StrnCpy (VariableName, Name, StrLen (Name));
+ CopyGuid (&Entry->Guid, Guid);
+ CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty));
+ InsertTailList (&mVarCheckVariableList, &Entry->Link);
+ }
+
+Done:
+ return Status;
+}
+
+/**
Variable property set.

@param[in] Name Pointer to the variable name.
@@ -1014,9 +1080,6 @@ VarCheckVariablePropertySet (
)
{
EFI_STATUS Status;
- VAR_CHECK_VARIABLE_ENTRY *Entry;
- CHAR16 *VariableName;
- VAR_CHECK_VARIABLE_PROPERTY *Property;

if (Name == NULL || Name[0] == 0 || Guid == NULL) {
return EFI_INVALID_PARAMETER;
@@ -1034,27 +1097,10 @@ VarCheckVariablePropertySet (
return EFI_ACCESS_DENIED;
}

- Status = EFI_SUCCESS;
-
AcquireLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);

- Property = VariablePropertyGetFunction (Name, Guid, FALSE);
- if (Property != NULL) {
- CopyMem (Property, VariableProperty, sizeof (*VariableProperty));
- } else {
- Entry = AllocateRuntimeZeroPool (sizeof (*Entry) + StrSize (Name));
- if (Entry == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Done;
- }
- VariableName = (CHAR16 *) ((UINTN) Entry + sizeof (*Entry));
- StrnCpy (VariableName, Name, StrLen (Name));
- CopyGuid (&Entry->Guid, Guid);
- CopyMem (&Entry->VariableProperty, VariableProperty, sizeof (*VariableProperty));
- InsertTailList (&mVarCheckVariableList, &Entry->Link);
- }
+ Status = InternalVarCheckVariablePropertySet (Name, Guid, VariableProperty);

-Done:
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);

return Status;
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index a4104cc..ceec30b 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -1,8 +1,7 @@
/** @file
-
- The common variable operation routines shared by DXE_RUNTIME variable
+ The common variable operation routines shared by DXE_RUNTIME variable
module and DXE_SMM variable module.
-
+
Caution: This module requires additional review when modified.
This driver will have external input - variable data. They may be input in SMM mode.
This external input must be validated carefully to avoid security issue like
@@ -14,14 +13,17 @@
VariableServiceGetVariable() and VariableServiceSetVariable() are external API
to receive datasize and data buffer. The size should be checked carefully.

+ VariableServiceSetVariable() should also check authenticate data to avoid buffer overflow,
+ integer overflow. It should also check attribute to avoid authentication bypass.
+
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

@@ -60,14 +62,59 @@ BOOLEAN mEnableLocking = TRUE;
//
VAR_ERROR_FLAG mCurrentBootVarErrFlag = VAR_ERROR_FLAG_NO_ERROR;

+VARIABLE_ENTRY_PROPERTY mVariableEntryProperty[] = {
+ {
+ &gEdkiiVarErrorFlagGuid,
+ VAR_ERROR_FLAG_NAME,
+ {
+ VAR_CHECK_VARIABLE_PROPERTY_REVISION,
+ VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
+ VARIABLE_ATTRIBUTE_NV_BS_RT,
+ sizeof (VAR_ERROR_FLAG),
+ sizeof (VAR_ERROR_FLAG)
+ }
+ },
+};
+
+AUTH_VAR_LIB_CONTEXT_IN mContextIn = {
+ AUTH_VAR_LIB_CONTEXT_IN_STRUCT_VERSION,
+ sizeof (AUTH_VAR_LIB_CONTEXT_IN),
+ //
+ // MaxAuthVariableSize, TO BE FILLED
+ //
+ 0,
+ VariableExLibFindVariable,
+ VariableExLibFindNextVariable,
+ VariableExLibUpdateVariable,
+ VariableExLibGetScratchBuffer,
+ VariableExLibCheckRemainingSpaceForConsistency,
+ VariableExLibAtRuntime,
+};
+
+AUTH_VAR_LIB_CONTEXT_OUT mContextOut;
+
/**
- Routine used to track statistical information about variable usage.
+
+ SecureBoot Hook for auth variable update.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+**/
+VOID
+EFIAPI
+SecureBootHook (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ );
+
+/**
+ Routine used to track statistical information about variable usage.
The data is stored in the EFI system table so it can be accessed later.
- VariableInfo.efi can dump out the table. Only Boot Services variable
+ VariableInfo.efi can dump out the table. Only Boot Services variable
accesses are tracked by this code. The PcdVariableCollectStatistics
- build flag controls if this feature is enabled.
+ build flag controls if this feature is enabled.

- A read that hits in the cache will have Read and Cache true for
+ A read that hits in the cache will have Read and Cache true for
the transaction. Data is allocated by this routine, but never
freed.

@@ -115,7 +162,7 @@ UpdateVariableInfo (
gVariableInfo->Volatile = Volatile;
}

-
+
for (Entry = gVariableInfo; Entry != NULL; Entry = Entry->Next) {
if (CompareGuid (VendorGuid, &Entry->VendorGuid)) {
if (StrCmp (VariableName, Entry->Name) == 0) {
@@ -236,7 +283,9 @@ UpdateVariableStore (
// Check if the Data is Volatile.
//
if (!Volatile) {
- ASSERT (Fvb != NULL);
+ if (Fvb == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
Status = Fvb->GetPhysicalAddress(Fvb, &FvVolHdr);
ASSERT_EFI_ERROR (Status);

@@ -265,14 +314,14 @@ UpdateVariableStore (
if ((DataPtr + DataSize) >= ((UINTN) ((UINT8 *) VolatileBase + VolatileBase->Size))) {
return EFI_INVALID_PARAMETER;
}
-
+
//
// If Volatile Variable just do a simple mem copy.
- //
+ //
CopyMem ((UINT8 *)(UINTN)DataPtr, Buffer, DataSize);
return EFI_SUCCESS;
}
-
+
//
// If we are here we are dealing with Non-Volatile Variables.
//
@@ -346,7 +395,8 @@ GetVariableStoreStatus (
IN VARIABLE_STORE_HEADER *VarStoreHeader
)
{
- if (CompareGuid (&VarStoreHeader->Signature, &gEfiVariableGuid) &&
+ if ((CompareGuid (&VarStoreHeader->Signature, &gEfiAuthenticatedVariableGuid) ||
+ CompareGuid (&VarStoreHeader->Signature, &gEfiVariableGuid)) &&
VarStoreHeader->Format == VARIABLE_STORE_FORMATTED &&
VarStoreHeader->State == VARIABLE_STORE_HEALTHY
) {
@@ -367,6 +417,27 @@ GetVariableStoreStatus (
}
}

+/**
+ This code gets the size of variable header.
+
+ @return Size of variable header in bytes in type UINTN.
+
+**/
+UINTN
+GetVariableHeaderSize (
+ VOID
+ )
+{
+ UINTN Value;
+
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ Value = sizeof (AUTHENTICATED_VARIABLE_HEADER);
+ } else {
+ Value = sizeof (VARIABLE_HEADER);
+ }
+
+ return Value;
+}

/**

@@ -382,13 +453,49 @@ NameSizeOfVariable (
IN VARIABLE_HEADER *Variable
)
{
- if (Variable->State == (UINT8) (-1) ||
- Variable->DataSize == (UINT32) (-1) ||
- Variable->NameSize == (UINT32) (-1) ||
- Variable->Attributes == (UINT32) (-1)) {
- return 0;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ if (AuthVariable->State == (UINT8) (-1) ||
+ AuthVariable->DataSize == (UINT32) (-1) ||
+ AuthVariable->NameSize == (UINT32) (-1) ||
+ AuthVariable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) AuthVariable->NameSize;
+ } else {
+ if (Variable->State == (UINT8) (-1) ||
+ Variable->DataSize == (UINT32) (-1) ||
+ Variable->NameSize == (UINT32) (-1) ||
+ Variable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) Variable->NameSize;
+ }
+}
+
+/**
+ This code sets the size of name of variable.
+
+ @param[in] Variable Pointer to the Variable Header.
+ @param[in] NameSize Name size to set.
+
+**/
+VOID
+SetNameSizeOfVariable (
+ IN VARIABLE_HEADER *Variable,
+ IN UINTN NameSize
+ )
+{
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ AuthVariable->NameSize = (UINT32) NameSize;
+ } else {
+ Variable->NameSize = (UINT32) NameSize;
}
- return (UINTN) Variable->NameSize;
}

/**
@@ -405,13 +512,49 @@ DataSizeOfVariable (
IN VARIABLE_HEADER *Variable
)
{
- if (Variable->State == (UINT8) (-1) ||
- Variable->DataSize == (UINT32) (-1) ||
- Variable->NameSize == (UINT32) (-1) ||
- Variable->Attributes == (UINT32) (-1)) {
- return 0;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ if (AuthVariable->State == (UINT8) (-1) ||
+ AuthVariable->DataSize == (UINT32) (-1) ||
+ AuthVariable->NameSize == (UINT32) (-1) ||
+ AuthVariable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) AuthVariable->DataSize;
+ } else {
+ if (Variable->State == (UINT8) (-1) ||
+ Variable->DataSize == (UINT32) (-1) ||
+ Variable->NameSize == (UINT32) (-1) ||
+ Variable->Attributes == (UINT32) (-1)) {
+ return 0;
+ }
+ return (UINTN) Variable->DataSize;
+ }
+}
+
+/**
+ This code sets the size of variable data.
+
+ @param[in] Variable Pointer to the Variable Header.
+ @param[in] DataSize Data size to set.
+
+**/
+VOID
+SetDataSizeOfVariable (
+ IN VARIABLE_HEADER *Variable,
+ IN UINTN DataSize
+ )
+{
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ AuthVariable->DataSize = (UINT32) DataSize;
+ } else {
+ Variable->DataSize = (UINT32) DataSize;
}
- return (UINTN) Variable->DataSize;
}

/**
@@ -428,8 +571,30 @@ GetVariableNamePtr (
IN VARIABLE_HEADER *Variable
)
{
+ return (CHAR16 *) ((UINTN) Variable + GetVariableHeaderSize ());
+}
+
+/**
+ This code gets the pointer to the variable guid.
+
+ @param Variable Pointer to the Variable Header.
+
+ @return A EFI_GUID* pointer to Vendor Guid.
+
+**/
+EFI_GUID *
+GetVendorGuidPtr (
+ IN VARIABLE_HEADER *Variable
+ )
+{
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;

- return (CHAR16 *) (Variable + 1);
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ return &AuthVariable->VendorGuid;
+ } else {
+ return &Variable->VendorGuid;
+ }
}

/**
@@ -458,6 +623,30 @@ GetVariableDataPtr (
return (UINT8 *) Value;
}

+/**
+ This code gets the variable data offset related to variable header.
+
+ @param Variable Pointer to the Variable Header.
+
+ @return Variable Data offset.
+
+**/
+UINTN
+GetVariableDataOffset (
+ IN VARIABLE_HEADER *Variable
+ )
+{
+ UINTN Value;
+
+ //
+ // Be careful about pad size for alignment
+ //
+ Value = GetVariableHeaderSize ();
+ Value += NameSizeOfVariable (Variable);
+ Value += GET_PAD_SIZE (NameSizeOfVariable (Variable));
+
+ return Value;
+}

/**

@@ -514,7 +703,7 @@ GetStartPointer (

@param VarStoreHeader Pointer to the Variable Store Header.

- @return Pointer to the end of the variable storage area.
+ @return Pointer to the end of the variable storage area.

**/
VARIABLE_HEADER *
@@ -657,7 +846,10 @@ InitializeVarErrorFlag (
&Flag,
sizeof (Flag),
VARIABLE_ATTRIBUTE_NV_BS_RT,
- &Variable
+ 0,
+ 0,
+ &Variable,
+ NULL
);
}

@@ -683,7 +875,7 @@ IsUserVariable (
// then no need to check if the variable is user variable or not specially.
//
if (mEndOfDxe && (mVariableModuleGlobal->CommonMaxUserVariableSpace != mVariableModuleGlobal->CommonVariableSpace)) {
- if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), &Variable->VendorGuid, &Property) == EFI_NOT_FOUND) {
+ if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) {
return TRUE;
}
}
@@ -715,7 +907,7 @@ CalculateCommonUserVariableTotalSize (
NextVariable = GetNextVariablePtr (Variable);
VariableSize = (UINTN) NextVariable - (UINTN) Variable;
if ((Variable->Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
- if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), &Variable->VendorGuid, &Property) == EFI_NOT_FOUND) {
+ if (InternalVarCheckVariablePropertyGet (GetVariableNamePtr (Variable), GetVendorGuidPtr (Variable), &Property) == EFI_NOT_FOUND) {
//
// No property, it is user variable.
//
@@ -752,27 +944,27 @@ InitializeVariableQuota (

Variable store garbage collection and reclaim operation.

- @param VariableBase Base address of variable store.
- @param LastVariableOffset Offset of last variable.
- @param IsVolatile The variable store is volatile or not;
- if it is non-volatile, need FTW.
- @param UpdatingPtrTrack Pointer to updating variable pointer track structure.
- @param NewVariable Pointer to new variable.
- @param NewVariableSize New variable size.
+ @param[in] VariableBase Base address of variable store.
+ @param[out] LastVariableOffset Offset of last variable.
+ @param[in] IsVolatile The variable store is volatile or not;
+ if it is non-volatile, need FTW.
+ @param[in, out] UpdatingPtrTrack Pointer to updating variable pointer track structure.
+ @param[in] NewVariable Pointer to new variable.
+ @param[in] NewVariableSize New variable size.

- @return EFI_OUT_OF_RESOURCES
- @return EFI_SUCCESS
- @return Others
+ @return EFI_SUCCESS Reclaim operation has finished successfully.
+ @return EFI_OUT_OF_RESOURCES No enough memory resources or variable space.
+ @return Others Unexpect error happened during reclaim operation.

**/
EFI_STATUS
Reclaim (
- IN EFI_PHYSICAL_ADDRESS VariableBase,
- OUT UINTN *LastVariableOffset,
- IN BOOLEAN IsVolatile,
- IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
- IN VARIABLE_HEADER *NewVariable,
- IN UINTN NewVariableSize
+ IN EFI_PHYSICAL_ADDRESS VariableBase,
+ OUT UINTN *LastVariableOffset,
+ IN BOOLEAN IsVolatile,
+ IN OUT VARIABLE_POINTER_TRACK *UpdatingPtrTrack,
+ IN VARIABLE_HEADER *NewVariable,
+ IN UINTN NewVariableSize
)
{
VARIABLE_HEADER *Variable;
@@ -863,7 +1055,7 @@ Reclaim (

//
// Reinstall all ADDED variables as long as they are not identical to Updating Variable.
- //
+ //
Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable);
@@ -885,24 +1077,24 @@ Reclaim (

//
// Reinstall all in delete transition variables.
- //
+ //
Variable = GetStartPointer (VariableStoreHeader);
while (IsValidVariableHeader (Variable, GetEndPointer (VariableStoreHeader))) {
NextVariable = GetNextVariablePtr (Variable);
if (Variable != UpdatingVariable && Variable != UpdatingInDeletedTransition && Variable->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)) {

//
- // Buffer has cached all ADDED variable.
+ // Buffer has cached all ADDED variable.
// Per IN_DELETED variable, we have to guarantee that
- // no ADDED one in previous buffer.
- //
-
+ // no ADDED one in previous buffer.
+ //
+
FoundAdded = FALSE;
AddedVariable = GetStartPointer ((VARIABLE_STORE_HEADER *) ValidBuffer);
while (IsValidVariableHeader (AddedVariable, GetEndPointer ((VARIABLE_STORE_HEADER *) ValidBuffer))) {
NextAddedVariable = GetNextVariablePtr (AddedVariable);
NameSize = NameSizeOfVariable (AddedVariable);
- if (CompareGuid (&AddedVariable->VendorGuid, &Variable->VendorGuid) &&
+ if (CompareGuid (GetVendorGuidPtr (AddedVariable), GetVendorGuidPtr (Variable)) &&
NameSize == NameSizeOfVariable (Variable)
) {
Point0 = (VOID *) GetVariableNamePtr (AddedVariable);
@@ -1033,14 +1225,14 @@ Done:
/**
Find the variable in the specified variable store.

- @param VariableName Name of the variable to be found
- @param VendorGuid Vendor GUID to be found.
- @param IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute
- check at runtime when searching variable.
- @param PtrTrack Variable Track Pointer structure that contains Variable Information.
+ @param[in] VariableName Name of the variable to be found
+ @param[in] VendorGuid Vendor GUID to be found.
+ @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute
+ check at runtime when searching variable.
+ @param[in, out] PtrTrack Variable Track Pointer structure that contains Variable Information.

- @retval EFI_SUCCESS Variable found successfully
- @retval EFI_NOT_FOUND Variable not found
+ @retval EFI_SUCCESS Variable found successfully
+ @retval EFI_NOT_FOUND Variable not found
**/
EFI_STATUS
FindVariableEx (
@@ -1064,7 +1256,7 @@ FindVariableEx (
; IsValidVariableHeader (PtrTrack->CurrPtr, PtrTrack->EndPtr)
; PtrTrack->CurrPtr = GetNextVariablePtr (PtrTrack->CurrPtr)
) {
- if (PtrTrack->CurrPtr->State == VAR_ADDED ||
+ if (PtrTrack->CurrPtr->State == VAR_ADDED ||
PtrTrack->CurrPtr->State == (VAR_IN_DELETED_TRANSITION & VAR_ADDED)
) {
if (IgnoreRtCheck || !AtRuntime () || ((PtrTrack->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != 0)) {
@@ -1076,7 +1268,7 @@ FindVariableEx (
return EFI_SUCCESS;
}
} else {
- if (CompareGuid (VendorGuid, &PtrTrack->CurrPtr->VendorGuid)) {
+ if (CompareGuid (VendorGuid, GetVendorGuidPtr (PtrTrack->CurrPtr))) {
Point = (VOID *) GetVariableNamePtr (PtrTrack->CurrPtr);

ASSERT (NameSizeOfVariable (PtrTrack->CurrPtr) != 0);
@@ -1109,14 +1301,14 @@ FindVariableEx (
at runtime when searching existing variable, only VariableName and VendorGuid are compared.
Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime.

- @param VariableName Name of the variable to be found.
- @param VendorGuid Vendor GUID to be found.
- @param PtrTrack VARIABLE_POINTER_TRACK structure for output,
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Vendor GUID to be found.
+ @param[out] PtrTrack VARIABLE_POINTER_TRACK structure for output,
including the range searched and the target position.
- @param Global Pointer to VARIABLE_GLOBAL structure, including
+ @param[in] Global Pointer to VARIABLE_GLOBAL structure, including
base of volatile variable storage area, base of
NV variable storage area, and a lock.
- @param IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute
+ @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute
check at runtime when searching variable.

@retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while
@@ -1202,7 +1394,7 @@ GetIndexFromSupportedLangCodes(
IN CHAR8 *SupportedLang,
IN CHAR8 *Lang,
IN BOOLEAN Iso639Language
- )
+ )
{
UINTN Index;
UINTN CompareLength;
@@ -1237,8 +1429,8 @@ GetIndexFromSupportedLangCodes(
// Determine the length of the next language code in SupportedLang
//
for (CompareLength = 0; SupportedLang[CompareLength] != '\0' && SupportedLang[CompareLength] != ';'; CompareLength++);
-
- if ((CompareLength == LanguageLength) &&
+
+ if ((CompareLength == LanguageLength) &&
(AsciiStrnCmp (Lang, SupportedLang, CompareLength) == 0)) {
//
// Successfully find the index of Lang string in SupportedLang string.
@@ -1336,10 +1528,10 @@ GetLangFromSupportedLangCodes (
}

/**
- Returns a pointer to an allocated buffer that contains the best matching language
- from a set of supported languages.
-
- This function supports both ISO 639-2 and RFC 4646 language codes, but language
+ Returns a pointer to an allocated buffer that contains the best matching language
+ from a set of supported languages.
+
+ This function supports both ISO 639-2 and RFC 4646 language codes, but language
code types may not be mixed in a single call to this function. This function
supports a variable argument list that allows the caller to pass in a prioritized
list of language codes to test against all the language codes in SupportedLanguages.
@@ -1347,37 +1539,37 @@ GetLangFromSupportedLangCodes (
If SupportedLanguages is NULL, then ASSERT().

@param[in] SupportedLanguages A pointer to a Null-terminated ASCII string that
- contains a set of language codes in the format
+ contains a set of language codes in the format
specified by Iso639Language.
@param[in] Iso639Language If TRUE, then all language codes are assumed to be
in ISO 639-2 format. If FALSE, then all language
codes are assumed to be in RFC 4646 language format
- @param[in] ... A variable argument list that contains pointers to
+ @param[in] ... A variable argument list that contains pointers to
Null-terminated ASCII strings that contain one or more
language codes in the format specified by Iso639Language.
The first language code from each of these language
code lists is used to determine if it is an exact or
- close match to any of the language codes in
+ close match to any of the language codes in
SupportedLanguages. Close matches only apply to RFC 4646
language codes, and the matching algorithm from RFC 4647
- is used to determine if a close match is present. If
+ is used to determine if a close match is present. If
an exact or close match is found, then the matching
language code from SupportedLanguages is returned. If
no matches are found, then the next variable argument
- parameter is evaluated. The variable argument list
+ parameter is evaluated. The variable argument list
is terminated by a NULL.

@retval NULL The best matching language could not be found in SupportedLanguages.
- @retval NULL There are not enough resources available to return the best matching
+ @retval NULL There are not enough resources available to return the best matching
language.
- @retval Other A pointer to a Null-terminated ASCII string that is the best matching
+ @retval Other A pointer to a Null-terminated ASCII string that is the best matching
language in SupportedLanguages.

**/
CHAR8 *
EFIAPI
VariableGetBestLanguage (
- IN CONST CHAR8 *SupportedLanguages,
+ IN CONST CHAR8 *SupportedLanguages,
IN BOOLEAN Iso639Language,
...
)
@@ -1389,7 +1581,9 @@ VariableGetBestLanguage (
CONST CHAR8 *Supported;
CHAR8 *Buffer;

- ASSERT (SupportedLanguages != NULL);
+ if (SupportedLanguages == NULL) {
+ return NULL;
+ }

VA_START (Args, Iso639Language);
while ((Language = VA_ARG (Args, CHAR8 *)) != NULL) {
@@ -1452,7 +1646,7 @@ VariableGetBestLanguage (
LanguageLength = 0;
} else {
//
- // If RFC 4646 mode, then trim Language from the right to the next '-' character
+ // If RFC 4646 mode, then trim Language from the right to the next '-' character
//
for (LanguageLength--; LanguageLength > 0 && Language[LanguageLength] != '-'; LanguageLength--);
}
@@ -1461,7 +1655,7 @@ VariableGetBestLanguage (
VA_END (Args);

//
- // No matches were found
+ // No matches were found
//
return NULL;
}
@@ -1476,8 +1670,9 @@ VariableGetBestLanguage (
so follow the argument sequence to check the Variables.

@param[in] Attributes Variable attributes for Variable entries.
- @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
- A NULL terminates the list. The VariableSize of
+ @param[in] Marker VA_LIST style variable argument list.
+ The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
It will be changed to variable total size as output.

@@ -1487,9 +1682,9 @@ VariableGetBestLanguage (
**/
BOOLEAN
EFIAPI
-CheckRemainingSpaceForConsistency (
+CheckRemainingSpaceForConsistencyInternal (
IN UINT32 Attributes,
- ...
+ IN VA_LIST Marker
)
{
EFI_STATUS Status;
@@ -1520,7 +1715,7 @@ CheckRemainingSpaceForConsistency (
ASSERT_EFI_ERROR (Status);

TotalNeededSize = 0;
- VA_START (Args, Attributes);
+ Args = Marker;
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);
while (VariableEntry != NULL) {
//
@@ -1530,12 +1725,11 @@ CheckRemainingSpaceForConsistency (
VarNameSize += GET_PAD_SIZE (VarNameSize);
VarDataSize = VariableEntry->VariableSize;
VarDataSize += GET_PAD_SIZE (VarDataSize);
- VariableEntry->VariableSize = HEADER_ALIGN (sizeof (VARIABLE_HEADER) + VarNameSize + VarDataSize);
+ VariableEntry->VariableSize = HEADER_ALIGN (GetVariableHeaderSize () + VarNameSize + VarDataSize);

TotalNeededSize += VariableEntry->VariableSize;
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);
}
- VA_END (Args);

if (RemainingVariableStorageSize >= TotalNeededSize) {
//
@@ -1550,7 +1744,7 @@ CheckRemainingSpaceForConsistency (
return FALSE;
}

- VA_START (Args, Attributes);
+ Args = Marker;
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);
while (VariableEntry != NULL) {
//
@@ -1580,7 +1774,6 @@ CheckRemainingSpaceForConsistency (
//
// No enough space for Variable[Index].
//
- VA_END (Args);
return FALSE;
}
//
@@ -1589,12 +1782,49 @@ CheckRemainingSpaceForConsistency (
RemainingVariableStorageSize -= VariableEntry->VariableSize;
VariableEntry = VA_ARG (Args, VARIABLE_ENTRY_CONSISTENCY *);
}
- VA_END (Args);

return TRUE;
}

/**
+ This function is to check if the remaining variable space is enough to set
+ all Variables from argument list successfully. The purpose of the check
+ is to keep the consistency of the Variables to be in variable storage.
+
+ Note: Variables are assumed to be in same storage.
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
+ so follow the argument sequence to check the Variables.
+
+ @param[in] Attributes Variable attributes for Variable entries.
+ @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
+ It will be changed to variable total size as output.
+
+ @retval TRUE Have enough variable space to set the Variables successfully.
+ @retval FALSE No enough variable space to set the Variables successfully.
+
+**/
+BOOLEAN
+EFIAPI
+CheckRemainingSpaceForConsistency (
+ IN UINT32 Attributes,
+ ...
+ )
+{
+ VA_LIST Marker;
+ BOOLEAN Return;
+
+ VA_START (Marker, Attributes);
+
+ Return = CheckRemainingSpaceForConsistencyInternal (Attributes, Marker);
+
+ VA_END (Marker);
+
+ return Return;
+}
+
+/**
Hook the operations in PlatformLangCodes, LangCodes, PlatformLang and Lang.

When setting Lang/LangCodes, simultaneously update PlatformLang/PlatformLangCodes.
@@ -1660,7 +1890,7 @@ AutoUpdateLangVariable (
ASSERT (mVariableModuleGlobal->PlatformLangCodes != NULL);

//
- // PlatformLang holds a single language from PlatformLangCodes,
+ // PlatformLang holds a single language from PlatformLangCodes,
// so the size of PlatformLangCodes is enough for the PlatformLang.
//
if (mVariableModuleGlobal->PlatformLang != NULL) {
@@ -1690,7 +1920,7 @@ AutoUpdateLangVariable (
ASSERT (mVariableModuleGlobal->LangCodes != NULL);
}

- if (SetLanguageCodes
+ if (SetLanguageCodes
&& (mVariableModuleGlobal->PlatformLangCodes != NULL)
&& (mVariableModuleGlobal->LangCodes != NULL)) {
//
@@ -1704,7 +1934,7 @@ AutoUpdateLangVariable (
//
VariableName = EFI_PLATFORM_LANG_VARIABLE_NAME;
Data = GetVariableDataPtr (Variable.CurrPtr);
- DataSize = Variable.CurrPtr->DataSize;
+ DataSize = DataSizeOfVariable (Variable.CurrPtr);
} else {
Status = FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (!EFI_ERROR (Status)) {
@@ -1713,7 +1943,7 @@ AutoUpdateLangVariable (
//
VariableName = EFI_LANG_VARIABLE_NAME;
Data = GetVariableDataPtr (Variable.CurrPtr);
- DataSize = Variable.CurrPtr->DataSize;
+ DataSize = DataSizeOfVariable (Variable.CurrPtr);
} else {
//
// Neither PlatformLang nor Lang is set, directly return
@@ -1756,7 +1986,7 @@ AutoUpdateLangVariable (
VariableEntry[0].VariableSize = ISO_639_2_ENTRY_SIZE + 1;
VariableEntry[0].Guid = &gEfiGlobalVariableGuid;
VariableEntry[0].Name = EFI_LANG_VARIABLE_NAME;
-
+
VariableEntry[1].VariableSize = AsciiStrSize (BestPlatformLang);
VariableEntry[1].Guid = &gEfiGlobalVariableGuid;
VariableEntry[1].Name = EFI_PLATFORM_LANG_VARIABLE_NAME;
@@ -1772,7 +2002,7 @@ AutoUpdateLangVariable (
FindVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);

Status = UpdateVariable (EFI_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, BestLang,
- ISO_639_2_ENTRY_SIZE + 1, Attributes, &Variable);
+ ISO_639_2_ENTRY_SIZE + 1, Attributes, 0, 0, &Variable, NULL);
}

DEBUG ((EFI_D_INFO, "Variable Driver Auto Update PlatformLang, PlatformLang:%a, Lang:%a Status: %r\n", BestPlatformLang, BestLang, Status));
@@ -1820,8 +2050,8 @@ AutoUpdateLangVariable (
//
FindVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);

- Status = UpdateVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, BestPlatformLang,
- AsciiStrSize (BestPlatformLang), Attributes, &Variable);
+ Status = UpdateVariable (EFI_PLATFORM_LANG_VARIABLE_NAME, &gEfiGlobalVariableGuid, BestPlatformLang,
+ AsciiStrSize (BestPlatformLang), Attributes, 0, 0, &Variable, NULL);
}

DEBUG ((EFI_D_INFO, "Variable Driver Auto Update Lang, Lang:%a, PlatformLang:%a Status: %r\n", BestLang, BestPlatformLang, Status));
@@ -1840,16 +2070,51 @@ AutoUpdateLangVariable (
}

/**
- Update the variable region with Variable information. These are the same
- arguments as the EFI Variable services.
+ Compare two EFI_TIME data.
+
+
+ @param FirstTime A pointer to the first EFI_TIME data.
+ @param SecondTime A pointer to the second EFI_TIME data.
+
+ @retval TRUE The FirstTime is not later than the SecondTime.
+ @retval FALSE The FirstTime is later than the SecondTime.
+
+**/
+BOOLEAN
+VariableCompareTimeStampInternal (
+ IN EFI_TIME *FirstTime,
+ IN EFI_TIME *SecondTime
+ )
+{
+ if (FirstTime->Year != SecondTime->Year) {
+ return (BOOLEAN) (FirstTime->Year < SecondTime->Year);
+ } else if (FirstTime->Month != SecondTime->Month) {
+ return (BOOLEAN) (FirstTime->Month < SecondTime->Month);
+ } else if (FirstTime->Day != SecondTime->Day) {
+ return (BOOLEAN) (FirstTime->Day < SecondTime->Day);
+ } else if (FirstTime->Hour != SecondTime->Hour) {
+ return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour);
+ } else if (FirstTime->Minute != SecondTime->Minute) {
+ return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute);
+ }
+
+ return (BOOLEAN) (FirstTime->Second <= SecondTime->Second);
+}
+
+/**
+ Update the variable region with Variable information. If EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is set,
+ index of associated public key is needed.

@param[in] VariableName Name of variable.
@param[in] VendorGuid Guid of variable.
@param[in] Data Variable data.
@param[in] DataSize Size of data. 0 means delete.
- @param[in] Attributes Attribues of the variable.
+ @param[in] Attributes Attributes of the variable.
+ @param[in] KeyIndex Index of associated public key.
+ @param[in] MonotonicCount Value of associated monotonic count.
@param[in, out] CacheVariable The variable information which is used to keep track of variable usage.
-
+ @param[in] TimeStamp Value of associated TimeStamp.
+
@retval EFI_SUCCESS The update operation is success.
@retval EFI_OUT_OF_RESOURCES Variable region is full, can not write other data into this region.

@@ -1861,12 +2126,16 @@ UpdateVariable (
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL,
- IN OUT VARIABLE_POINTER_TRACK *CacheVariable
+ IN UINT32 KeyIndex OPTIONAL,
+ IN UINT64 MonotonicCount OPTIONAL,
+ IN OUT VARIABLE_POINTER_TRACK *CacheVariable,
+ IN EFI_TIME *TimeStamp OPTIONAL
)
{
EFI_STATUS Status;
VARIABLE_HEADER *NextVariable;
UINTN ScratchSize;
+ UINTN MaxDataSize;
UINTN VarNameOffset;
UINTN VarDataOffset;
UINTN VarNameSize;
@@ -1878,15 +2147,32 @@ UpdateVariable (
VARIABLE_POINTER_TRACK NvVariable;
VARIABLE_STORE_HEADER *VariableStoreHeader;
UINTN CacheOffset;
+ UINT8 *BufferForMerge;
+ UINTN MergedBufSize;
+ BOOLEAN DataReady;
+ UINTN DataOffset;
BOOLEAN IsCommonVariable;
BOOLEAN IsCommonUserVariable;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;

- if ((mVariableModuleGlobal->FvbInstance == NULL) && ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0)) {
+ if (mVariableModuleGlobal->FvbInstance == NULL) {
//
- // The FVB protocol is not ready. Trying to update NV variable prior to the installation
- // of EFI_VARIABLE_WRITE_ARCH_PROTOCOL.
+ // The FVB protocol is not ready, so the EFI_VARIABLE_WRITE_ARCH_PROTOCOL is not installed.
//
- return EFI_NOT_AVAILABLE_YET;
+ if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
+ //
+ // Trying to update NV variable prior to the installation of EFI_VARIABLE_WRITE_ARCH_PROTOCOL
+ //
+ DEBUG ((EFI_D_ERROR, "Update NV variable before EFI_VARIABLE_WRITE_ARCH_PROTOCOL ready - %r\n", EFI_NOT_AVAILABLE_YET));
+ return EFI_NOT_AVAILABLE_YET;
+ } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
+ //
+ // Trying to update volatile authenticated variable prior to the installation of EFI_VARIABLE_WRITE_ARCH_PROTOCOL
+ // The authenticated variable perhaps is not initialized, just return here.
+ //
+ DEBUG ((EFI_D_ERROR, "Update AUTH variable before EFI_VARIABLE_WRITE_ARCH_PROTOCOL ready - %r\n", EFI_NOT_AVAILABLE_YET));
+ return EFI_NOT_AVAILABLE_YET;
+ }
}

if ((CacheVariable->CurrPtr == NULL) || CacheVariable->Volatile) {
@@ -1898,7 +2184,7 @@ UpdateVariable (
// Now let Variable points to the same variable in Flash area.
//
VariableStoreHeader = (VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase);
- Variable = &NvVariable;
+ Variable = &NvVariable;
Variable->StartPtr = GetStartPointer (VariableStoreHeader);
Variable->EndPtr = GetEndPointer (VariableStoreHeader);
Variable->CurrPtr = (VARIABLE_HEADER *)((UINTN)Variable->StartPtr + ((UINTN)CacheVariable->CurrPtr - (UINTN)CacheVariable->StartPtr));
@@ -1908,18 +2194,27 @@ UpdateVariable (
Variable->InDeletedTransitionPtr = NULL;
}
Variable->Volatile = FALSE;
- }
+ }

Fvb = mVariableModuleGlobal->FvbInstance;

+ //
+ // Tricky part: Use scratch data area at the end of volatile variable store
+ // as a temporary storage.
+ //
+ NextVariable = GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase));
+ ScratchSize = mVariableModuleGlobal->ScratchBufferSize;
+ SetMem (NextVariable, ScratchSize, 0xff);
+ DataReady = FALSE;
+
if (Variable->CurrPtr != NULL) {
//
// Update/Delete existing variable.
//
- if (AtRuntime ()) {
+ if (AtRuntime ()) {
//
- // If AtRuntime and the variable is Volatile and Runtime Access,
- // the volatile is ReadOnly, and SetVariable should be aborted and
+ // If AtRuntime and the variable is Volatile and Runtime Access,
+ // the volatile is ReadOnly, and SetVariable should be aborted and
// return EFI_WRITE_PROTECTED.
//
if (Variable->Volatile) {
@@ -1927,19 +2222,29 @@ UpdateVariable (
goto Done;
}
//
- // Only variable that have NV|RT attributes can be updated/deleted in Runtime.
+ // Only variable that have NV attributes can be updated/deleted in Runtime.
//
- if (((Variable->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) || ((Variable->CurrPtr->Attributes & EFI_VARIABLE_NON_VOLATILE) == 0)) {
+ if ((Variable->CurrPtr->Attributes & EFI_VARIABLE_NON_VOLATILE) == 0) {
Status = EFI_INVALID_PARAMETER;
- goto Done;
+ goto Done;
+ }
+
+ //
+ // Only variable that have RT attributes can be updated/deleted in Runtime.
+ //
+ if ((Variable->CurrPtr->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) {
+ Status = EFI_INVALID_PARAMETER;
+ goto Done;
}
}

//
// Setting a data variable with no access, or zero DataSize attributes
// causes it to be deleted.
+ // When the EFI_VARIABLE_APPEND_WRITE attribute is set, DataSize of zero will
+ // not delete the variable.
//
- if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) {
+ if ((((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && (DataSize == 0))|| ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0)) {
if (Variable->InDeletedTransitionPtr != NULL) {
//
// Both ADDED and IN_DELETED_TRANSITION variable are present,
@@ -1977,7 +2282,7 @@ UpdateVariable (
(UINTN) &Variable->CurrPtr->State,
sizeof (UINT8),
&State
- );
+ );
if (!EFI_ERROR (Status)) {
UpdateVariableInfo (VariableName, VendorGuid, Variable->Volatile, FALSE, FALSE, TRUE, FALSE);
if (!Variable->Volatile) {
@@ -1985,15 +2290,19 @@ UpdateVariable (
FlushHobVariableToFlash (VariableName, VendorGuid);
}
}
- goto Done;
+ goto Done;
}
//
// If the variable is marked valid, and the same data has been passed in,
// then return to the caller immediately.
//
if (DataSizeOfVariable (Variable->CurrPtr) == DataSize &&
- (CompareMem (Data, GetVariableDataPtr (Variable->CurrPtr), DataSize) == 0)) {
-
+ (CompareMem (Data, GetVariableDataPtr (Variable->CurrPtr), DataSize) == 0) &&
+ ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) &&
+ (TimeStamp == NULL)) {
+ //
+ // Variable content unchanged and no need to update timestamp, just return.
+ //
UpdateVariableInfo (VariableName, VendorGuid, Variable->Volatile, FALSE, TRUE, FALSE, FALSE);
Status = EFI_SUCCESS;
goto Done;
@@ -2001,6 +2310,53 @@ UpdateVariable (
(Variable->CurrPtr->State == (VAR_ADDED & VAR_IN_DELETED_TRANSITION))) {

//
+ // EFI_VARIABLE_APPEND_WRITE attribute only effects for existing variable.
+ //
+ if ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0) {
+ //
+ // NOTE: From 0 to DataOffset of NextVariable is reserved for Variable Header and Name.
+ // From DataOffset of NextVariable is to save the existing variable data.
+ //
+ DataOffset = GetVariableDataOffset (Variable->CurrPtr);
+ BufferForMerge = (UINT8 *) ((UINTN) NextVariable + DataOffset);
+ CopyMem (BufferForMerge, (UINT8 *) ((UINTN) Variable->CurrPtr + DataOffset), DataSizeOfVariable (Variable->CurrPtr));
+
+ //
+ // Set Max Common/Auth Variable Data Size as default MaxDataSize.
+ //
+ if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
+ MaxDataSize = mVariableModuleGlobal->MaxAuthVariableSize - DataOffset;
+ } else {
+ MaxDataSize = mVariableModuleGlobal->MaxVariableSize - DataOffset;
+ }
+
+ //
+ // Append the new data to the end of existing data.
+ // Max Harware error record variable data size is different from common/auth variable.
+ //
+ if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
+ MaxDataSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - DataOffset;
+ }
+
+ if (DataSizeOfVariable (Variable->CurrPtr) + DataSize > MaxDataSize) {
+ //
+ // Existing data size + new data size exceed maximum variable size limitation.
+ //
+ Status = EFI_INVALID_PARAMETER;
+ goto Done;
+ }
+ CopyMem ((UINT8*) ((UINTN) BufferForMerge + DataSizeOfVariable (Variable->CurrPtr)), Data, DataSize);
+ MergedBufSize = DataSizeOfVariable (Variable->CurrPtr) + DataSize;
+
+ //
+ // BufferForMerge(from DataOffset of NextVariable) has included the merged existing and new data.
+ //
+ Data = BufferForMerge;
+ DataSize = MergedBufSize;
+ DataReady = TRUE;
+ }
+
+ //
// Mark the old variable as in delete transition.
//
State = Variable->CurrPtr->State;
@@ -2014,28 +2370,33 @@ UpdateVariable (
(UINTN) &Variable->CurrPtr->State,
sizeof (UINT8),
&State
- );
+ );
if (EFI_ERROR (Status)) {
- goto Done;
- }
+ goto Done;
+ }
if (!Variable->Volatile) {
CacheVariable->CurrPtr->State = State;
}
- }
+ }
} else {
//
// Not found existing variable. Create a new variable.
- //
-
+ //
+
+ if ((DataSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0)) {
+ Status = EFI_SUCCESS;
+ goto Done;
+ }
+
//
// Make sure we are trying to create a new variable.
- // Setting a data variable with zero DataSize or no access attributes means to delete it.
+ // Setting a data variable with zero DataSize or no access attributes means to delete it.
//
if (DataSize == 0 || (Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == 0) {
Status = EFI_NOT_FOUND;
goto Done;
}
-
+
//
// Only variable have NV|RT attribute can be created in Runtime.
//
@@ -2043,29 +2404,50 @@ UpdateVariable (
(((Attributes & EFI_VARIABLE_RUNTIME_ACCESS) == 0) || ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0))) {
Status = EFI_INVALID_PARAMETER;
goto Done;
- }
+ }
}

//
// Function part - create a new variable and copy the data.
// Both update a variable and create a variable will come here.
-
- //
- // Tricky part: Use scratch data area at the end of volatile variable store
- // as a temporary storage.
//
- NextVariable = GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase));
- ScratchSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize));
-
- SetMem (NextVariable, ScratchSize, 0xff);
-
NextVariable->StartId = VARIABLE_DATA;
- NextVariable->Attributes = Attributes;
//
// NextVariable->State = VAR_ADDED;
//
NextVariable->Reserved = 0;
- VarNameOffset = sizeof (VARIABLE_HEADER);
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) NextVariable;
+ AuthVariable->PubKeyIndex = KeyIndex;
+ AuthVariable->MonotonicCount = MonotonicCount;
+ ZeroMem (&AuthVariable->TimeStamp, sizeof (EFI_TIME));
+
+ if (((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) &&
+ (TimeStamp != NULL)) {
+ if ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) {
+ CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof (EFI_TIME));
+ } else {
+ //
+ // In the case when the EFI_VARIABLE_APPEND_WRITE attribute is set, only
+ // when the new TimeStamp value is later than the current timestamp associated
+ // with the variable, we need associate the new timestamp with the updated value.
+ //
+ if (Variable->CurrPtr != NULL) {
+ if (VariableCompareTimeStampInternal (&(((AUTHENTICATED_VARIABLE_HEADER *) Variable->CurrPtr)->TimeStamp), TimeStamp)) {
+ CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof (EFI_TIME));
+ }
+ }
+ }
+ }
+ }
+
+ //
+ // The EFI_VARIABLE_APPEND_WRITE attribute will never be set in the returned
+ // Attributes bitmask parameter of a GetVariable() call.
+ //
+ NextVariable->Attributes = Attributes & (~EFI_VARIABLE_APPEND_WRITE);
+
+ VarNameOffset = GetVariableHeaderSize ();
VarNameSize = StrSize (VariableName);
CopyMem (
(UINT8 *) ((UINTN) NextVariable + VarNameOffset),
@@ -2073,19 +2455,27 @@ UpdateVariable (
VarNameSize
);
VarDataOffset = VarNameOffset + VarNameSize + GET_PAD_SIZE (VarNameSize);
- CopyMem (
- (UINT8 *) ((UINTN) NextVariable + VarDataOffset),
- Data,
- DataSize
- );
- CopyMem (&NextVariable->VendorGuid, VendorGuid, sizeof (EFI_GUID));
+
+ //
+ // If DataReady is TRUE, it means the variable data has been saved into
+ // NextVariable during EFI_VARIABLE_APPEND_WRITE operation preparation.
+ //
+ if (!DataReady) {
+ CopyMem (
+ (UINT8 *) ((UINTN) NextVariable + VarDataOffset),
+ Data,
+ DataSize
+ );
+ }
+
+ CopyMem (GetVendorGuidPtr (NextVariable), VendorGuid, sizeof (EFI_GUID));
//
// There will be pad bytes after Data, the NextVariable->NameSize and
// NextVariable->DataSize should not include pad size so that variable
// service can get actual size in GetVariable.
//
- NextVariable->NameSize = (UINT32)VarNameSize;
- NextVariable->DataSize = (UINT32)DataSize;
+ SetNameSizeOfVariable (NextVariable, VarNameSize);
+ SetDataSizeOfVariable (NextVariable, DataSize);

//
// The actual size of the variable that stores in storage should
@@ -2122,8 +2512,14 @@ UpdateVariable (
//
// Perform garbage collection & reclaim operation, and integrate the new variable at the same time.
//
- Status = Reclaim (mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
- &mVariableModuleGlobal->NonVolatileLastVariableOffset, FALSE, Variable, NextVariable, HEADER_ALIGN (VarSize));
+ Status = Reclaim (
+ mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
+ &mVariableModuleGlobal->NonVolatileLastVariableOffset,
+ FALSE,
+ Variable,
+ NextVariable,
+ HEADER_ALIGN (VarSize)
+ );
if (!EFI_ERROR (Status)) {
//
// The new variable has been integrated successfully during reclaiming.
@@ -2147,7 +2543,7 @@ UpdateVariable (
//
// Four steps
// 1. Write variable header
- // 2. Set variable state to header valid
+ // 2. Set variable state to header valid
// 3. Write variable data
// 4. Set variable state to valid
//
@@ -2161,7 +2557,7 @@ UpdateVariable (
TRUE,
Fvb,
mVariableModuleGlobal->NonVolatileLastVariableOffset,
- sizeof (VARIABLE_HEADER),
+ (UINT32) GetVariableHeaderSize (),
(UINT8 *) NextVariable
);

@@ -2194,9 +2590,9 @@ UpdateVariable (
FALSE,
TRUE,
Fvb,
- mVariableModuleGlobal->NonVolatileLastVariableOffset + sizeof (VARIABLE_HEADER),
- (UINT32) VarSize - sizeof (VARIABLE_HEADER),
- (UINT8 *) NextVariable + sizeof (VARIABLE_HEADER)
+ mVariableModuleGlobal->NonVolatileLastVariableOffset + GetVariableHeaderSize (),
+ (UINT32) (VarSize - GetVariableHeaderSize ()),
+ (UINT8 *) NextVariable + GetVariableHeaderSize ()
);

if (EFI_ERROR (Status)) {
@@ -2237,7 +2633,7 @@ UpdateVariable (
} else {
//
// Create a volatile variable.
- //
+ //
Volatile = TRUE;

if ((UINT32) (VarSize + mVariableModuleGlobal->VolatileLastVariableOffset) >
@@ -2245,8 +2641,14 @@ UpdateVariable (
//
// Perform garbage collection & reclaim operation, and integrate the new variable at the same time.
//
- Status = Reclaim (mVariableModuleGlobal->VariableGlobal.VolatileVariableBase,
- &mVariableModuleGlobal->VolatileLastVariableOffset, TRUE, Variable, NextVariable, HEADER_ALIGN (VarSize));
+ Status = Reclaim (
+ mVariableModuleGlobal->VariableGlobal.VolatileVariableBase,
+ &mVariableModuleGlobal->VolatileLastVariableOffset,
+ TRUE,
+ Variable,
+ NextVariable,
+ HEADER_ALIGN (VarSize)
+ );
if (!EFI_ERROR (Status)) {
//
// The new variable has been integrated successfully during reclaiming.
@@ -2320,7 +2722,7 @@ UpdateVariable (
sizeof (UINT8),
&State
);
- if (!EFI_ERROR (Status) && !Variable->Volatile) {
+ if (!EFI_ERROR (Status) && !Variable->Volatile) {
CacheVariable->CurrPtr->State = State;
}
}
@@ -2396,6 +2798,7 @@ IsHwErrRecVariable (
/**
Mark a variable that will become read-only after leaving the DXE phase of execution.

+
@param[in] This The VARIABLE_LOCK_PROTOCOL instance.
@param[in] VariableName A pointer to the variable name that will be made read-only subsequently.
@param[in] VendorGuid A pointer to the vendor GUID that will be made read-only subsequently.
@@ -2474,7 +2877,7 @@ Done:
@param DataSize Size of Data found. If size is less than the
data, this value contains the required size.
@param Data Data pointer.
-
+
@return EFI_INVALID_PARAMETER Invalid parameter.
@return EFI_SUCCESS Find the specified variable.
@return EFI_NOT_FOUND Not found.
@@ -2500,7 +2903,7 @@ VariableServiceGetVariable (
}

AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
+
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
goto Done;
@@ -2525,7 +2928,7 @@ VariableServiceGetVariable (

*DataSize = VarDataSize;
UpdateVariableInfo (VariableName, VendorGuid, Variable.Volatile, TRUE, FALSE, FALSE, FALSE);
-
+
Status = EFI_SUCCESS;
goto Done;
} else {
@@ -2539,47 +2942,35 @@ Done:
return Status;
}

-
-
/**
-
This code Finds the Next available variable.

Caution: This function may receive untrusted input.
This function may be invoked in SMM mode. This function will do basic validation, before parse the data.

- @param VariableNameSize Size of the variable name.
- @param VariableName Pointer to variable name.
- @param VendorGuid Variable Vendor Guid.
+ @param[in] VariableName Pointer to variable name.
+ @param[in] VendorGuid Variable Vendor Guid.
+ @param[out] VariablePtr Pointer to variable header address.

- @return EFI_INVALID_PARAMETER Invalid parameter.
- @return EFI_SUCCESS Find the specified variable.
- @return EFI_NOT_FOUND Not found.
- @return EFI_BUFFER_TO_SMALL DataSize is too small for the result.
+ @return EFI_SUCCESS Find the specified variable.
+ @return EFI_NOT_FOUND Not found.

**/
EFI_STATUS
EFIAPI
-VariableServiceGetNextVariableName (
- IN OUT UINTN *VariableNameSize,
- IN OUT CHAR16 *VariableName,
- IN OUT EFI_GUID *VendorGuid
+VariableServiceGetNextVariableInternal (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VARIABLE_HEADER **VariablePtr
)
{
VARIABLE_STORE_TYPE Type;
VARIABLE_POINTER_TRACK Variable;
VARIABLE_POINTER_TRACK VariableInHob;
VARIABLE_POINTER_TRACK VariablePtrTrack;
- UINTN VarNameSize;
EFI_STATUS Status;
VARIABLE_STORE_HEADER *VariableStoreHeader[VariableStoreTypeMax];

- if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
-
Status = FindVariable (VariableName, VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
if (Variable.CurrPtr == NULL || EFI_ERROR (Status)) {
goto Done;
@@ -2624,7 +3015,7 @@ VariableServiceGetNextVariableName (
}
}
//
- // Capture the case that
+ // Capture the case that
// 1. current storage is the last one, or
// 2. no further storage
//
@@ -2652,7 +3043,7 @@ VariableServiceGetNextVariableName (
VariablePtrTrack.EndPtr = Variable.EndPtr;
Status = FindVariableEx (
GetVariableNamePtr (Variable.CurrPtr),
- &Variable.CurrPtr->VendorGuid,
+ GetVendorGuidPtr (Variable.CurrPtr),
FALSE,
&VariablePtrTrack
);
@@ -2665,14 +3056,14 @@ VariableServiceGetNextVariableName (
//
// Don't return NV variable when HOB overrides it
//
- if ((VariableStoreHeader[VariableStoreTypeHob] != NULL) && (VariableStoreHeader[VariableStoreTypeNv] != NULL) &&
+ if ((VariableStoreHeader[VariableStoreTypeHob] != NULL) && (VariableStoreHeader[VariableStoreTypeNv] != NULL) &&
(Variable.StartPtr == GetStartPointer (VariableStoreHeader[VariableStoreTypeNv]))
) {
VariableInHob.StartPtr = GetStartPointer (VariableStoreHeader[VariableStoreTypeHob]);
VariableInHob.EndPtr = GetEndPointer (VariableStoreHeader[VariableStoreTypeHob]);
Status = FindVariableEx (
GetVariableNamePtr (Variable.CurrPtr),
- &Variable.CurrPtr->VendorGuid,
+ GetVendorGuidPtr (Variable.CurrPtr),
FALSE,
&VariableInHob
);
@@ -2682,18 +3073,8 @@ VariableServiceGetNextVariableName (
}
}

- VarNameSize = NameSizeOfVariable (Variable.CurrPtr);
- ASSERT (VarNameSize != 0);
-
- if (VarNameSize <= *VariableNameSize) {
- CopyMem (VariableName, GetVariableNamePtr (Variable.CurrPtr), VarNameSize);
- CopyMem (VendorGuid, &Variable.CurrPtr->VendorGuid, sizeof (EFI_GUID));
- Status = EFI_SUCCESS;
- } else {
- Status = EFI_BUFFER_TOO_SMALL;
- }
-
- *VariableNameSize = VarNameSize;
+ *VariablePtr = Variable.CurrPtr;
+ Status = EFI_SUCCESS;
goto Done;
}
}
@@ -2702,6 +3083,59 @@ VariableServiceGetNextVariableName (
}

Done:
+ return Status;
+}
+
+/**
+
+ This code Finds the Next available variable.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
+
+ @param VariableNameSize Size of the variable name.
+ @param VariableName Pointer to variable name.
+ @param VendorGuid Variable Vendor Guid.
+
+ @return EFI_INVALID_PARAMETER Invalid parameter.
+ @return EFI_SUCCESS Find the specified variable.
+ @return EFI_NOT_FOUND Not found.
+ @return EFI_BUFFER_TO_SMALL DataSize is too small for the result.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableServiceGetNextVariableName (
+ IN OUT UINTN *VariableNameSize,
+ IN OUT CHAR16 *VariableName,
+ IN OUT EFI_GUID *VendorGuid
+ )
+{
+ EFI_STATUS Status;
+ UINTN VarNameSize;
+ VARIABLE_HEADER *VariablePtr;
+
+ if (VariableNameSize == NULL || VariableName == NULL || VendorGuid == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
+
+ Status = VariableServiceGetNextVariableInternal (VariableName, VendorGuid, &VariablePtr);
+ if (!EFI_ERROR (Status)) {
+ VarNameSize = NameSizeOfVariable (VariablePtr);
+ ASSERT (VarNameSize != 0);
+ if (VarNameSize <= *VariableNameSize) {
+ CopyMem (VariableName, GetVariableNamePtr (VariablePtr), VarNameSize);
+ CopyMem (VendorGuid, GetVendorGuidPtr (VariablePtr), sizeof (EFI_GUID));
+ Status = EFI_SUCCESS;
+ } else {
+ Status = EFI_BUFFER_TOO_SMALL;
+ }
+
+ *VariableNameSize = VarNameSize;
+ }
+
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
return Status;
}
@@ -2713,6 +3147,9 @@ Done:
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode, and datasize and data are external input.
This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.

@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@@ -2742,6 +3179,7 @@ VariableServiceSetVariable (
EFI_STATUS Status;
VARIABLE_HEADER *NextVariable;
EFI_PHYSICAL_ADDRESS Point;
+ UINTN PayloadSize;
LIST_ENTRY *Link;
VARIABLE_ENTRY *Entry;
CHAR16 *Name;
@@ -2751,16 +3189,16 @@ VariableServiceSetVariable (
//
if (VariableName == NULL || VariableName[0] == 0 || VendorGuid == NULL) {
return EFI_INVALID_PARAMETER;
- }
+ }

if (DataSize != 0 && Data == NULL) {
return EFI_INVALID_PARAMETER;
}

//
- // Not support authenticated or append variable write yet.
+ // Check for reserverd bit in variable attribute.
//
- if ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_APPEND_WRITE)) != 0) {
+ if ((Attributes & (~EFI_VARIABLE_ATTRIBUTES_MASK)) != 0) {
return EFI_INVALID_PARAMETER;
}

@@ -2769,22 +3207,67 @@ VariableServiceSetVariable (
//
if ((Attributes & (EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS)) == EFI_VARIABLE_RUNTIME_ACCESS) {
return EFI_INVALID_PARAMETER;
+ } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
+ if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {
+ //
+ // Not support authenticated variable write.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+ } else if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) {
+ if (PcdGet32 (PcdHwErrStorageSize) == 0) {
+ //
+ // Not support harware error record variable variable.
+ //
+ return EFI_INVALID_PARAMETER;
+ }
+ }
+
+ //
+ // EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS and EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute
+ // cannot be set both.
+ //
+ if (((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS)
+ && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) {
+ return EFI_INVALID_PARAMETER;
}

- if ((UINTN)(~0) - DataSize < StrSize(VariableName)){
+ if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) {
+ if (DataSize < AUTHINFO_SIZE) {
+ //
+ // Try to write Authenticated Variable without AuthInfo.
+ //
+ return EFI_SECURITY_VIOLATION;
+ }
+ PayloadSize = DataSize - AUTHINFO_SIZE;
+ } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) {
+ //
+ // Sanity check for EFI_VARIABLE_AUTHENTICATION_2 descriptor.
+ //
+ if (DataSize < OFFSET_OF_AUTHINFO2_CERT_DATA ||
+ ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength > DataSize - (OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo)) ||
+ ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+ return EFI_SECURITY_VIOLATION;
+ }
+ PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
+ } else {
+ PayloadSize = DataSize;
+ }
+
+ if ((UINTN)(~0) - PayloadSize < StrSize(VariableName)){
+ //
+ // Prevent whole variable size overflow
//
- // Prevent whole variable size overflow
- //
return EFI_INVALID_PARAMETER;
}

//
// The size of the VariableName, including the Unicode Null in bytes plus
// the DataSize is limited to maximum size of PcdGet32 (PcdMaxHardwareErrorVariableSize)
- // bytes for HwErrRec, and PcdGet32 (PcdMaxVariableSize) bytes for the others.
+ // bytes for HwErrRec#### variable.
//
if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) == EFI_VARIABLE_HARDWARE_ERROR_RECORD) {
- if ( StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER)) {
+ if (StrSize (VariableName) + PayloadSize > PcdGet32 (PcdMaxHardwareErrorVariableSize) - GetVariableHeaderSize ()) {
return EFI_INVALID_PARAMETER;
}
if (!IsHwErrRecVariable(VariableName, VendorGuid)) {
@@ -2793,13 +3276,24 @@ VariableServiceSetVariable (
} else {
//
// The size of the VariableName, including the Unicode Null in bytes plus
- // the DataSize is limited to maximum size of PcdGet32 (PcdMaxVariableSize) bytes.
+ // the DataSize is limited to maximum size of Max(Auth)VariableSize bytes.
//
- if (StrSize (VariableName) + DataSize > PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER)) {
- return EFI_INVALID_PARAMETER;
+ if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
+ if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ()) {
+ return EFI_INVALID_PARAMETER;
+ }
+ } else {
+ if (StrSize (VariableName) + PayloadSize > mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ()) {
+ return EFI_INVALID_PARAMETER;
+ }
}
}

+ Status = InternalVarCheckSetVariableCheck (VariableName, VendorGuid, Attributes, PayloadSize, (VOID *) ((UINTN) Data + DataSize - PayloadSize));
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);

//
@@ -2835,11 +3329,6 @@ VariableServiceSetVariable (
}
}

- Status = InternalVarCheckSetVariableCheck (VariableName, VendorGuid, Attributes, DataSize, Data);
- if (EFI_ERROR (Status)) {
- goto Done;
- }
-
//
// Check whether the input variable is already existed.
//
@@ -2849,7 +3338,7 @@ VariableServiceSetVariable (
Status = EFI_WRITE_PROTECTED;
goto Done;
}
- if (Attributes != 0 && Attributes != Variable.CurrPtr->Attributes) {
+ if (Attributes != 0 && (Attributes & (~EFI_VARIABLE_APPEND_WRITE)) != Variable.CurrPtr->Attributes) {
//
// If a preexisting variable is rewritten with different attributes, SetVariable() shall not
// modify the variable and shall return EFI_INVALID_PARAMETER. Two exceptions to this rule:
@@ -2875,12 +3364,25 @@ VariableServiceSetVariable (
}
}

- Status = UpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes, &Variable);
+ if (mVariableModuleGlobal->VariableGlobal.AuthSupport) {
+ Status = AuthVariableLibProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes);
+ } else {
+ Status = UpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes, 0, 0, &Variable, NULL);
+ }

Done:
InterlockedDecrement (&mVariableModuleGlobal->VariableGlobal.ReentrantState);
ReleaseLockOnlyAtBootTime (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);

+ if (!AtRuntime ()) {
+ if (!EFI_ERROR (Status)) {
+ SecureBootHook (
+ VariableName,
+ VendorGuid
+ );
+ }
+ }
+
return Status;
}

@@ -2947,7 +3449,7 @@ VariableServiceQueryVariableInfoInternal (
//
if ((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) {
*MaximumVariableStorageSize = PcdGet32 (PcdHwErrStorageSize);
- *MaximumVariableSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - sizeof (VARIABLE_HEADER);
+ *MaximumVariableSize = PcdGet32 (PcdMaxHardwareErrorVariableSize) - GetVariableHeaderSize ();
} else {
if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) {
if (AtRuntime ()) {
@@ -2958,9 +3460,13 @@ VariableServiceQueryVariableInfoInternal (
}

//
- // Let *MaximumVariableSize be PcdGet32 (PcdMaxVariableSize) with the exception of the variable header size.
+ // Let *MaximumVariableSize be Max(Auth)VariableSize with the exception of the variable header size.
//
- *MaximumVariableSize = PcdGet32 (PcdMaxVariableSize) - sizeof (VARIABLE_HEADER);
+ if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
+ *MaximumVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ();
+ } else {
+ *MaximumVariableSize = mVariableModuleGlobal->MaxVariableSize - GetVariableHeaderSize ();
+ }
}

//
@@ -3008,7 +3514,7 @@ VariableServiceQueryVariableInfoInternal (
VariablePtrTrack.EndPtr = GetEndPointer (VariableStoreHeader);
Status = FindVariableEx (
GetVariableNamePtr (Variable),
- &Variable->VendorGuid,
+ GetVendorGuidPtr (Variable),
FALSE,
&VariablePtrTrack
);
@@ -3038,10 +3544,10 @@ VariableServiceQueryVariableInfoInternal (
}
}

- if (*RemainingVariableStorageSize < sizeof (VARIABLE_HEADER)) {
+ if (*RemainingVariableStorageSize < GetVariableHeaderSize ()) {
*MaximumVariableSize = 0;
- } else if ((*RemainingVariableStorageSize - sizeof (VARIABLE_HEADER)) < *MaximumVariableSize) {
- *MaximumVariableSize = *RemainingVariableStorageSize - sizeof (VARIABLE_HEADER);
+ } else if ((*RemainingVariableStorageSize - GetVariableHeaderSize ()) < *MaximumVariableSize) {
+ *MaximumVariableSize = *RemainingVariableStorageSize - GetVariableHeaderSize ();
}

return EFI_SUCCESS;
@@ -3083,7 +3589,7 @@ VariableServiceQueryVariableInfo (
return EFI_INVALID_PARAMETER;
}

- if((Attributes & (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_HARDWARE_ERROR_RECORD)) == 0) {
+ if ((Attributes & EFI_VARIABLE_ATTRIBUTES_MASK) == 0) {
//
// Make sure the Attributes combination is supported by the platform.
//
@@ -3103,11 +3609,20 @@ VariableServiceQueryVariableInfo (
// Make sure Hw Attribute is set with NV.
//
return EFI_INVALID_PARAMETER;
- } else if ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_APPEND_WRITE)) != 0) {
- //
- // Not support authenticated or append variable write yet.
- //
- return EFI_UNSUPPORTED;
+ } else if ((Attributes & VARIABLE_ATTRIBUTE_AT_AW) != 0) {
+ if (!mVariableModuleGlobal->VariableGlobal.AuthSupport) {
+ //
+ // Not support authenticated variable write.
+ //
+ return EFI_UNSUPPORTED;
+ }
+ } else if ((Attributes & EFI_VARIABLE_HARDWARE_ERROR_RECORD) != 0) {
+ if (PcdGet32 (PcdHwErrStorageSize) == 0) {
+ //
+ // Not support harware error record variable variable.
+ //
+ return EFI_UNSUPPORTED;
+ }
}

AcquireLockOnlyAtBootTime(&mVariableModuleGlobal->VariableGlobal.VariableServicesLock);
@@ -3157,11 +3672,13 @@ ReclaimForOS(
}

RemainingHwErrVariableSpace = PcdGet32 (PcdHwErrStorageSize) - mVariableModuleGlobal->HwErrVariableTotalSize;
+
//
// Check if the free area is below a threshold.
//
- if ((RemainingCommonRuntimeVariableSpace < PcdGet32 (PcdMaxVariableSize))
- || ((PcdGet32 (PcdHwErrStorageSize) != 0) &&
+ if (((RemainingCommonRuntimeVariableSpace < mVariableModuleGlobal->MaxVariableSize) ||
+ (RemainingCommonRuntimeVariableSpace < mVariableModuleGlobal->MaxAuthVariableSize)) ||
+ ((PcdGet32 (PcdHwErrStorageSize) != 0) &&
(RemainingHwErrVariableSpace < PcdGet32 (PcdMaxHardwareErrorVariableSize)))){
Status = Reclaim (
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase,
@@ -3176,8 +3693,29 @@ ReclaimForOS(
}

/**
+ Get non-volatile maximum variable size.
+
+ @return Non-volatile maximum variable size.
+
+**/
+UINTN
+GetNonVolatileMaxVariableSize (
+ VOID
+ )
+{
+ if (PcdGet32 (PcdHwErrStorageSize) != 0) {
+ return MAX (MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxAuthVariableSize)),
+ PcdGet32 (PcdMaxHardwareErrorVariableSize));
+ } else {
+ return MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxAuthVariableSize));
+ }
+}
+
+/**
Init non-volatile variable store.

+ @param[out] NvFvHeader Output pointer to non-volatile FV header address.
+
@retval EFI_SUCCESS Function successfully executed.
@retval EFI_OUT_OF_RESOURCES Fail to allocate enough memory resource.
@retval EFI_VOLUME_CORRUPTED Variable Store or Firmware Volume for Variable Store is corrupted.
@@ -3185,7 +3723,7 @@ ReclaimForOS(
**/
EFI_STATUS
InitNonVolatileVariableStore (
- VOID
+ OUT EFI_FIRMWARE_VOLUME_HEADER **NvFvHeader
)
{
EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
@@ -3241,7 +3779,7 @@ InitNonVolatileVariableStore (
} else if ((FtwLastWriteData->TargetAddress > NvStorageBase) &&
(FtwLastWriteData->TargetAddress < (NvStorageBase + NvStorageSize))) {
//
- // Flash NV storage from the offset is backed up in spare block.
+ // Flash NV storage from the Offset is backed up in spare block.
//
BackUpOffset = (UINT32) (FtwLastWriteData->TargetAddress - NvStorageBase);
BackUpSize = NvStorageSize - BackUpOffset;
@@ -3276,9 +3814,10 @@ InitNonVolatileVariableStore (
}
ASSERT(mNvVariableCache->Size == VariableStoreLength);

-
ASSERT (sizeof (VARIABLE_STORE_HEADER) <= VariableStoreLength);

+ mVariableModuleGlobal->VariableGlobal.AuthFormat = (BOOLEAN)(CompareGuid (&mNvVariableCache->Signature, &gEfiAuthenticatedVariableGuid));
+
HwErrStorageSize = PcdGet32 (PcdHwErrStorageSize);
MaxUserNvVariableSpaceSize = PcdGet32 (PcdMaxUserNvVariableSpaceSize);
BoottimeReservedNvVariableSpaceSize = PcdGet32 (PcdBoottimeReservedNvVariableSpaceSize);
@@ -3287,17 +3826,17 @@ InitNonVolatileVariableStore (
// Note that in EdkII variable driver implementation, Hardware Error Record type variable
// is stored with common variable in the same NV region. So the platform integrator should
// ensure that the value of PcdHwErrStorageSize is less than the value of
- // VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)).
+ // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)).
//
ASSERT (HwErrStorageSize < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)));
//
// Ensure that the value of PcdMaxUserNvVariableSpaceSize is less than the value of
- // VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) - PcdGet32 (PcdHwErrStorageSize).
+ // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) - PcdGet32 (PcdHwErrStorageSize).
//
ASSERT (MaxUserNvVariableSpaceSize < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER) - HwErrStorageSize));
//
// Ensure that the value of PcdBoottimeReservedNvVariableSpaceSize is less than the value of
- // VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) - PcdGet32 (PcdHwErrStorageSize).
+ // (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)) - PcdGet32 (PcdHwErrStorageSize).
//
ASSERT (BoottimeReservedNvVariableSpaceSize < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER) - HwErrStorageSize));

@@ -3308,9 +3847,12 @@ InitNonVolatileVariableStore (
DEBUG ((EFI_D_INFO, "Variable driver common space: 0x%x 0x%x 0x%x\n", mVariableModuleGlobal->CommonVariableSpace, mVariableModuleGlobal->CommonMaxUserVariableSpace, mVariableModuleGlobal->CommonRuntimeVariableSpace));

//
- // The max variable or hardware error variable size should be < variable store size.
+ // The max NV variable size should be < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)).
//
- ASSERT(MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) < VariableStoreLength);
+ ASSERT (GetNonVolatileMaxVariableSize () < (VariableStoreLength - sizeof (VARIABLE_STORE_HEADER)));
+
+ mVariableModuleGlobal->MaxVariableSize = PcdGet32 (PcdMaxVariableSize);
+ mVariableModuleGlobal->MaxAuthVariableSize = ((PcdGet32 (PcdMaxAuthVariableSize) != 0) ? PcdGet32 (PcdMaxAuthVariableSize) : mVariableModuleGlobal->MaxVariableSize);

//
// Parse non-volatile variable data and get last variable offset.
@@ -3329,6 +3871,7 @@ InitNonVolatileVariableStore (
}
mVariableModuleGlobal->NonVolatileLastVariableOffset = (UINTN) Variable - (UINTN) VariableStoreBase;

+ *NvFvHeader = FvHeader;
return EFI_SUCCESS;
}

@@ -3374,17 +3917,17 @@ FlushHobVariableToFlash (
}
ASSERT ((Variable->Attributes & EFI_VARIABLE_NON_VOLATILE) != 0);
if (VendorGuid == NULL || VariableName == NULL ||
- !CompareGuid (VendorGuid, &Variable->VendorGuid) ||
+ !CompareGuid (VendorGuid, GetVendorGuidPtr (Variable)) ||
StrCmp (VariableName, GetVariableNamePtr (Variable)) != 0) {
VariableData = GetVariableDataPtr (Variable);
Status = VariableServiceSetVariable (
GetVariableNamePtr (Variable),
- &Variable->VendorGuid,
+ GetVendorGuidPtr (Variable),
Variable->Attributes,
- Variable->DataSize,
+ DataSizeOfVariable (Variable),
VariableData
);
- DEBUG ((EFI_D_INFO, "Variable driver flush the HOB variable to flash: %g %s %r\n", &Variable->VendorGuid, GetVariableNamePtr (Variable), Status));
+ DEBUG ((EFI_D_INFO, "Variable driver flush the HOB variable to flash: %g %s %r\n", GetVendorGuidPtr (Variable), GetVariableNamePtr (Variable), Status));
} else {
//
// The updated or deleted variable is matched with the HOB variable.
@@ -3398,7 +3941,7 @@ FlushHobVariableToFlash (
// If set variable successful, or the updated or deleted variable is matched with the HOB variable,
// set the HOB variable to DELETED state in local.
//
- DEBUG ((EFI_D_INFO, "Variable driver set the HOB variable to DELETED state in local: %g %s\n", &Variable->VendorGuid, GetVariableNamePtr (Variable)));
+ DEBUG ((EFI_D_INFO, "Variable driver set the HOB variable to DELETED state in local: %g %s\n", GetVendorGuidPtr (Variable), GetVariableNamePtr (Variable)));
Variable->State &= VAR_DELETED;
} else {
ErrorFlag = TRUE;
@@ -3440,6 +3983,7 @@ VariableWriteServiceInitialize (
UINT8 Data;
EFI_PHYSICAL_ADDRESS VariableStoreBase;
EFI_PHYSICAL_ADDRESS NvStorageBase;
+ VARIABLE_ENTRY_PROPERTY *VariableEntry;

NvStorageBase = (EFI_PHYSICAL_ADDRESS) PcdGet64 (PcdFlashNvStorageVariableBase64);
if (NvStorageBase == 0) {
@@ -3452,7 +3996,7 @@ VariableWriteServiceInitialize (
//
mVariableModuleGlobal->VariableGlobal.NonVolatileVariableBase = VariableStoreBase;
VariableStoreHeader = (VARIABLE_STORE_HEADER *)(UINTN)VariableStoreBase;
-
+
//
// Check if the free area is really free.
//
@@ -3479,7 +4023,45 @@ VariableWriteServiceInitialize (

FlushHobVariableToFlash (NULL, NULL);

- return EFI_SUCCESS;
+ Status = EFI_SUCCESS;
+ ZeroMem (&mContextOut, sizeof (mContextOut));
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ //
+ // Authenticated variable initialize.
+ //
+ mContextIn.MaxAuthVariableSize = mVariableModuleGlobal->MaxAuthVariableSize - GetVariableHeaderSize ();
+ Status = AuthVariableLibInitialize (&mContextIn, &mContextOut);
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_INFO, "Variable driver will work with auth variable support!\n"));
+ mVariableModuleGlobal->VariableGlobal.AuthSupport = TRUE;
+ if (mContextOut.AuthVarEntry != NULL) {
+ for (Index = 0; Index < mContextOut.AuthVarEntryCount; Index++) {
+ VariableEntry = &mContextOut.AuthVarEntry[Index];
+ Status = InternalVarCheckVariablePropertySet (
+ VariableEntry->Name,
+ VariableEntry->Guid,
+ &VariableEntry->VariableProperty
+ );
+ ASSERT_EFI_ERROR (Status);
+ }
+ }
+ } else if (Status == EFI_UNSUPPORTED) {
+ DEBUG ((EFI_D_INFO, "NOTICE - AuthVariableLibInitialize() returns %r!\n", Status));
+ DEBUG ((EFI_D_INFO, "Variable driver will continue to work without auth variable support!\n"));
+ mVariableModuleGlobal->VariableGlobal.AuthSupport = FALSE;
+ Status = EFI_SUCCESS;
+ }
+ }
+
+ if (!EFI_ERROR (Status)) {
+ for (Index = 0; Index < sizeof (mVariableEntryProperty) / sizeof (mVariableEntryProperty[0]); Index++) {
+ VariableEntry = &mVariableEntryProperty[Index];
+ Status = InternalVarCheckVariablePropertySet (VariableEntry->Name, VariableEntry->Guid, &VariableEntry->VariableProperty);
+ ASSERT_EFI_ERROR (Status);
+ }
+ }
+
+ return Status;
}


@@ -3501,6 +4083,8 @@ VariableCommonInitialize (
UINT64 VariableStoreLength;
UINTN ScratchSize;
EFI_HOB_GUID_TYPE *GuidHob;
+ EFI_GUID *VariableGuid;
+ EFI_FIRMWARE_VOLUME_HEADER *NvFvHeader;

//
// Allocate runtime memory for variable driver global structure.
@@ -3513,15 +4097,42 @@ VariableCommonInitialize (
InitializeLock (&mVariableModuleGlobal->VariableGlobal.VariableServicesLock, TPL_NOTIFY);

//
+ // Init non-volatile variable store.
+ //
+ Status = InitNonVolatileVariableStore (&NvFvHeader);
+ if (EFI_ERROR (Status)) {
+ FreePool (mVariableModuleGlobal);
+ return Status;
+ }
+
+ //
+ // mVariableModuleGlobal->VariableGlobal.AuthFormat
+ // has been initialized in InitNonVolatileVariableStore().
+ //
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ DEBUG ((EFI_D_INFO, "Variable driver will work with auth variable format!\n"));
+ //
+ // Set AuthSupport to FALSE first, VariableWriteServiceInitialize() will initialize it.
+ //
+ mVariableModuleGlobal->VariableGlobal.AuthSupport = FALSE;
+ VariableGuid = &gEfiAuthenticatedVariableGuid;
+ } else {
+ DEBUG ((EFI_D_INFO, "Variable driver will work without auth variable support!\n"));
+ mVariableModuleGlobal->VariableGlobal.AuthSupport = FALSE;
+ VariableGuid = &gEfiVariableGuid;
+ }
+
+ //
// Get HOB variable store.
//
- GuidHob = GetFirstGuidHob (&gEfiVariableGuid);
+ GuidHob = GetFirstGuidHob (VariableGuid);
if (GuidHob != NULL) {
VariableStoreHeader = GET_GUID_HOB_DATA (GuidHob);
VariableStoreLength = (UINT64) (GuidHob->Header.HobLength - sizeof (EFI_HOB_GUID_TYPE));
if (GetVariableStoreStatus (VariableStoreHeader) == EfiValid) {
mVariableModuleGlobal->VariableGlobal.HobVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) AllocateRuntimeCopyPool ((UINTN) VariableStoreLength, (VOID *) VariableStoreHeader);
if (mVariableModuleGlobal->VariableGlobal.HobVariableBase == 0) {
+ FreePool (NvFvHeader);
FreePool (mVariableModuleGlobal);
return EFI_OUT_OF_RESOURCES;
}
@@ -3533,12 +4144,14 @@ VariableCommonInitialize (
//
// Allocate memory for volatile variable store, note that there is a scratch space to store scratch data.
//
- ScratchSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize));
+ ScratchSize = GetNonVolatileMaxVariableSize ();
+ mVariableModuleGlobal->ScratchBufferSize = ScratchSize;
VolatileVariableStore = AllocateRuntimePool (PcdGet32 (PcdVariableStoreSize) + ScratchSize);
if (VolatileVariableStore == NULL) {
if (mVariableModuleGlobal->VariableGlobal.HobVariableBase != 0) {
FreePool ((VOID *) (UINTN) mVariableModuleGlobal->VariableGlobal.HobVariableBase);
}
+ FreePool (NvFvHeader);
FreePool (mVariableModuleGlobal);
return EFI_OUT_OF_RESOURCES;
}
@@ -3551,33 +4164,21 @@ VariableCommonInitialize (
mVariableModuleGlobal->VariableGlobal.VolatileVariableBase = (EFI_PHYSICAL_ADDRESS) (UINTN) VolatileVariableStore;
mVariableModuleGlobal->VolatileLastVariableOffset = (UINTN) GetStartPointer (VolatileVariableStore) - (UINTN) VolatileVariableStore;

- CopyGuid (&VolatileVariableStore->Signature, &gEfiVariableGuid);
+ CopyGuid (&VolatileVariableStore->Signature, VariableGuid);
VolatileVariableStore->Size = PcdGet32 (PcdVariableStoreSize);
VolatileVariableStore->Format = VARIABLE_STORE_FORMATTED;
VolatileVariableStore->State = VARIABLE_STORE_HEALTHY;
VolatileVariableStore->Reserved = 0;
VolatileVariableStore->Reserved1 = 0;

- //
- // Init non-volatile variable store.
- //
- Status = InitNonVolatileVariableStore ();
- if (EFI_ERROR (Status)) {
- if (mVariableModuleGlobal->VariableGlobal.HobVariableBase != 0) {
- FreePool ((VOID *) (UINTN) mVariableModuleGlobal->VariableGlobal.HobVariableBase);
- }
- FreePool (mVariableModuleGlobal);
- FreePool (VolatileVariableStore);
- }
-
- return Status;
+ return EFI_SUCCESS;
}


/**
Get the proper fvb handle and/or fvb protocol by the given Flash address.

- @param[in] Address The Flash address.
+ @param[in] Address The Flash address.
@param[out] FvbHandle In output, if it is not NULL, it points to the proper FVB handle.
@param[out] FvbProtocol In output, if it is not NULL, it points to the proper FVB protocol.

@@ -3600,7 +4201,6 @@ GetFvbInfoByAddress (
UINTN NumberOfBlocks;

HandleBuffer = NULL;
-
//
// Get all FVB handles.
//
@@ -3660,7 +4260,7 @@ GetFvbInfoByAddress (
if (Fvb == NULL) {
Status = EFI_NOT_FOUND;
}
-
- return Status;
+
+ return Status;
}

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
index f5ba486..08917af 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
@@ -1,5 +1,4 @@
/** @file
-
The internal header file includes the common header files, defines
internal structure and functions used by Variable modules.

@@ -36,14 +35,24 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/BaseLib.h>
#include <Library/SynchronizationLib.h>
#include <Library/MemoryAllocationLib.h>
+#include <Library/AuthVariableLib.h>
#include <Guid/GlobalVariable.h>
#include <Guid/EventGroup.h>
#include <Guid/VariableFormat.h>
+#include <Guid/ImageAuthentication.h>
#include <Guid/SystemNvDataGuid.h>
#include <Guid/FaultTolerantWrite.h>
#include <Guid/HardwareErrorVariable.h>
#include <Guid/VarErrorFlag.h>

+#define EFI_VARIABLE_ATTRIBUTES_MASK (EFI_VARIABLE_NON_VOLATILE | \
+ EFI_VARIABLE_BOOTSERVICE_ACCESS | \
+ EFI_VARIABLE_RUNTIME_ACCESS | \
+ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS | \
+ EFI_VARIABLE_APPEND_WRITE)
+
///
/// The size of a 3 character ISO639 language code.
///
@@ -76,6 +85,8 @@ typedef struct {
EFI_PHYSICAL_ADDRESS NonVolatileVariableBase;
EFI_LOCK VariableServicesLock;
UINT32 ReentrantState;
+ BOOLEAN AuthFormat;
+ BOOLEAN AuthSupport;
} VARIABLE_GLOBAL;

typedef struct {
@@ -88,6 +99,9 @@ typedef struct {
UINTN CommonVariableTotalSize;
UINTN CommonUserVariableTotalSize;
UINTN HwErrVariableTotalSize;
+ UINTN MaxVariableSize;
+ UINTN MaxAuthVariableSize;
+ UINTN ScratchBufferSize;
CHAR8 *PlatformLangCodes;
CHAR8 *LangCodes;
CHAR8 *PlatformLang;
@@ -135,25 +149,167 @@ FtwVariableSpace (
IN VARIABLE_STORE_HEADER *VariableBuffer
);

+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+ If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS attribute check
+ at runtime when searching existing variable, only VariableName and VendorGuid are compared.
+ Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Vendor GUID to be found.
+ @param[out] PtrTrack VARIABLE_POINTER_TRACK structure for output,
+ including the range searched and the target position.
+ @param[in] Global Pointer to VARIABLE_GLOBAL structure, including
+ base of volatile variable storage area, base of
+ NV variable storage area, and a lock.
+ @param[in] IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute
+ check at runtime when searching variable.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while
+ VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+FindVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VARIABLE_POINTER_TRACK *PtrTrack,
+ IN VARIABLE_GLOBAL *Global,
+ IN BOOLEAN IgnoreRtCheck
+ );

/**
- Update the variable region with Variable information. These are the same
- arguments as the EFI Variable services.

- @param[in] VariableName Name of variable.
+ Gets the pointer to the end of the variable storage area.

- @param[in] VendorGuid Guid of variable.
+ This function gets pointer to the end of the variable storage
+ area, according to the input variable store header.

- @param[in] Data Variable data.
+ @param VarStoreHeader Pointer to the Variable Store Header.

- @param[in] DataSize Size of data. 0 means delete.
+ @return Pointer to the end of the variable storage area.

- @param[in] Attributes Attribues of the variable.
+**/
+VARIABLE_HEADER *
+GetEndPointer (
+ IN VARIABLE_STORE_HEADER *VarStoreHeader
+ );
+
+/**
+ This code gets the size of variable header.
+
+ @return Size of variable header in bytes in type UINTN.
+
+**/
+UINTN
+GetVariableHeaderSize (
+ VOID
+ );
+
+/**
+
+ This code gets the pointer to the variable name.
+
+ @param Variable Pointer to the Variable Header.
+
+ @return Pointer to Variable Name which is Unicode encoding.
+
+**/
+CHAR16 *
+GetVariableNamePtr (
+ IN VARIABLE_HEADER *Variable
+ );
+
+/**
+ This code gets the pointer to the variable guid.
+
+ @param Variable Pointer to the Variable Header.
+
+ @return A EFI_GUID* pointer to Vendor Guid.
+
+**/
+EFI_GUID *
+GetVendorGuidPtr (
+ IN VARIABLE_HEADER *Variable
+ );
+
+/**
+
+ This code gets the pointer to the variable data.
+
+ @param Variable Pointer to the Variable Header.
+
+ @return Pointer to Variable Data.
+
+**/
+UINT8 *
+GetVariableDataPtr (
+ IN VARIABLE_HEADER *Variable
+ );

+/**
+
+ This code gets the size of variable data.
+
+ @param Variable Pointer to the Variable Header.
+
+ @return Size of variable in bytes.
+
+**/
+UINTN
+DataSizeOfVariable (
+ IN VARIABLE_HEADER *Variable
+ );
+
+/**
+ This function is to check if the remaining variable space is enough to set
+ all Variables from argument list successfully. The purpose of the check
+ is to keep the consistency of the Variables to be in variable storage.
+
+ Note: Variables are assumed to be in same storage.
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
+ so follow the argument sequence to check the Variables.
+
+ @param[in] Attributes Variable attributes for Variable entries.
+ @param[in] Marker VA_LIST style variable argument list.
+ The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
+ It will be changed to variable total size as output.
+
+ @retval TRUE Have enough variable space to set the Variables successfully.
+ @retval FALSE No enough variable space to set the Variables successfully.
+
+**/
+BOOLEAN
+EFIAPI
+CheckRemainingSpaceForConsistencyInternal (
+ IN UINT32 Attributes,
+ IN VA_LIST Marker
+ );
+
+/**
+ Update the variable region with Variable information. If EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is set,
+ index of associated public key is needed.
+
+ @param[in] VariableName Name of variable.
+ @param[in] VendorGuid Guid of variable.
+ @param[in] Data Variable data.
+ @param[in] DataSize Size of data. 0 means delete.
+ @param[in] Attributes Attributes of the variable.
+ @param[in] KeyIndex Index of associated public key.
+ @param[in] MonotonicCount Value of associated monotonic count.
@param[in, out] Variable The variable information that is used to keep track of variable usage.

- @retval EFI_SUCCESS The update operation is success.
+ @param[in] TimeStamp Value of associated TimeStamp.

+ @retval EFI_SUCCESS The update operation is success.
@retval EFI_OUT_OF_RESOURCES Variable region is full, cannot write other data into this region.

**/
@@ -164,7 +320,10 @@ UpdateVariable (
IN VOID *Data,
IN UINTN DataSize,
IN UINT32 Attributes OPTIONAL,
- IN OUT VARIABLE_POINTER_TRACK *Variable
+ IN UINT32 KeyIndex OPTIONAL,
+ IN UINT64 MonotonicCount OPTIONAL,
+ IN OUT VARIABLE_POINTER_TRACK *Variable,
+ IN EFI_TIME *TimeStamp OPTIONAL
);


@@ -254,22 +413,6 @@ GetFvbByHandle (
OUT EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL **FvBlock
);

-
-/**
- Retrive the Swap Address Range protocol interface.
-
- @param[out] SarProtocol The interface of SAR protocol
-
- @retval EFI_SUCCESS The SAR protocol instance was found and returned in SarProtocol.
- @retval EFI_NOT_FOUND The SAR protocol instance was not found.
- @retval EFI_INVALID_PARAMETER SarProtocol is NULL.
-
-**/
-EFI_STATUS
-GetSarProtocol (
- OUT VOID **SarProtocol
- );
-
/**
Function returns an array of handles that support the FVB protocol
in a buffer allocated from pool.
@@ -312,6 +455,16 @@ ReclaimForOS(
VOID
);

+/**
+ Get non-volatile maximum variable size.
+
+ @return Non-volatile maximum variable size.
+
+**/
+UINTN
+GetNonVolatileMaxVariableSize (
+ VOID
+ );

/**
Initializes variable write service after FVB was ready.
@@ -356,44 +509,13 @@ GetFvbInfoByAddress (
);

/**
- Finds variable in storage blocks of volatile and non-volatile storage areas.
-
- This code finds variable in storage blocks of volatile and non-volatile storage areas.
- If VariableName is an empty string, then we just return the first
- qualified variable without comparing VariableName and VendorGuid.
- If IgnoreRtCheck is TRUE, then we ignore the EFI_VARIABLE_RUNTIME_ACCESS attribute check
- at runtime when searching existing variable, only VariableName and VendorGuid are compared.
- Otherwise, variables without EFI_VARIABLE_RUNTIME_ACCESS are not visible at runtime.
-
- @param VariableName Name of the variable to be found.
- @param VendorGuid Vendor GUID to be found.
- @param PtrTrack VARIABLE_POINTER_TRACK structure for output,
- including the range searched and the target position.
- @param Global Pointer to VARIABLE_GLOBAL structure, including
- base of volatile variable storage area, base of
- NV variable storage area, and a lock.
- @param IgnoreRtCheck Ignore EFI_VARIABLE_RUNTIME_ACCESS attribute
- check at runtime when searching variable.
-
- @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, while
- VendorGuid is NULL.
- @retval EFI_SUCCESS Variable successfully found.
- @retval EFI_NOT_FOUND Variable not found
-
-**/
-EFI_STATUS
-FindVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- OUT VARIABLE_POINTER_TRACK *PtrTrack,
- IN VARIABLE_GLOBAL *Global,
- IN BOOLEAN IgnoreRtCheck
- );
-
-/**

This code finds variable in storage blocks (Volatile or Non-Volatile).

+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode, and datasize and data are external input.
+ This function will do basic validation, before parse the data.
+
@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@param Attributes Attribute value of the variable found.
@@ -418,6 +540,28 @@ VariableServiceGetVariable (
);

/**
+ This code Finds the Next available variable.
+
+ Caution: This function may receive untrusted input.
+ This function may be invoked in SMM mode. This function will do basic validation, before parse the data.
+
+ @param[in] VariableName Pointer to variable name.
+ @param[in] VendorGuid Variable Vendor Guid.
+ @param[out] VariablePtr Pointer to variable header address.
+
+ @return EFI_SUCCESS Find the specified variable.
+ @return EFI_NOT_FOUND Not found.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableServiceGetNextVariableInternal (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT VARIABLE_HEADER **VariablePtr
+ );
+
+/**

This code Finds the Next available variable.

@@ -449,6 +593,9 @@ VariableServiceGetNextVariableName (
Caution: This function may receive untrusted input.
This function may be invoked in SMM mode, and datasize and data are external input.
This function will do basic validation, before parse the data.
+ This function will parse the authentication carefully to avoid security issues, like
+ buffer overflow, integer overflow.
+ This function will check attribute carefully to avoid authentication bypass.

@param VariableName Name of Variable to be found.
@param VendorGuid Variable vendor GUID.
@@ -623,45 +770,65 @@ VarCheckRegisterSetVariableCheckHandler (
);

/**
- Variable property set.
+ Internal variable property get.
+
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[out] VariableProperty Pointer to the output variable property.
+
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
+ @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
+
+**/
+EFI_STATUS
+EFIAPI
+InternalVarCheckVariablePropertyGet (
+ IN CHAR16 *Name,
+ IN EFI_GUID *Guid,
+ OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ );
+
+/**
+ Internal variable property set.

@param[in] Name Pointer to the variable name.
@param[in] Guid Pointer to the vendor GUID.
@param[in] VariableProperty Pointer to the input variable property.

@retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
- @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
- or the fields of VariableProperty are not valid.
- @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
- already been signaled.
@retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.

**/
EFI_STATUS
EFIAPI
-VarCheckVariablePropertySet (
+InternalVarCheckVariablePropertySet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
);

+
/**
- Internal variable property get.
+ Variable property set.

- @param[in] Name Pointer to the variable name.
- @param[in] Guid Pointer to the vendor GUID.
- @param[out] VariableProperty Pointer to the output variable property.
+ @param[in] Name Pointer to the variable name.
+ @param[in] Guid Pointer to the vendor GUID.
+ @param[in] VariableProperty Pointer to the input variable property.

- @retval EFI_SUCCESS The property of variable specified by the Name and Guid was got successfully.
- @retval EFI_NOT_FOUND The property of variable specified by the Name and Guid was not found.
+ @retval EFI_SUCCESS The property of variable specified by the Name and Guid was set successfully.
+ @retval EFI_INVALID_PARAMETER Name, Guid or VariableProperty is NULL, or Name is an empty string,
+ or the fields of VariableProperty are not valid.
+ @retval EFI_ACCESS_DENIED EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVENT_GROUP_READY_TO_BOOT has
+ already been signaled.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource for the variable property set request.

**/
EFI_STATUS
EFIAPI
-InternalVarCheckVariablePropertyGet (
+VarCheckVariablePropertySet (
IN CHAR16 *Name,
IN EFI_GUID *Guid,
- OUT VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
+ IN VAR_CHECK_VARIABLE_PROPERTY *VariableProperty
);

/**
@@ -695,4 +862,134 @@ InitializeVariableQuota (

extern VARIABLE_MODULE_GLOBAL *mVariableModuleGlobal;

+extern AUTH_VAR_LIB_CONTEXT_OUT mContextOut;
+
+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the variable found.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibFindVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Finds next variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds next variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the next variable.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibFindNextVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for
+ input of the variable.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibUpdateVariable (
+ IN AUTH_VARIABLE_INFO *AuthVariableInfo
+ );
+
+/**
+ Get scratch buffer.
+
+ @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than
+ the maximum supported buffer size, this value contains
+ the maximum supported buffer size as output.
+ @param[out] ScratchBuffer Pointer to scratch buffer address.
+
+ @retval EFI_SUCCESS Get scratch buffer successfully.
+ @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibGetScratchBuffer (
+ IN OUT UINTN *ScratchBufferSize,
+ OUT VOID **ScratchBuffer
+ );
+
+/**
+ This function is to check if the remaining variable space is enough to set
+ all Variables from argument list successfully. The purpose of the check
+ is to keep the consistency of the Variables to be in variable storage.
+
+ Note: Variables are assumed to be in same storage.
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
+ so follow the argument sequence to check the Variables.
+
+ @param[in] Attributes Variable attributes for Variable entries.
+ @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
+ It will be changed to variable total size as output.
+
+ @retval TRUE Have enough variable space to set the Variables successfully.
+ @retval FALSE No enough variable space to set the Variables successfully.
+
+**/
+BOOLEAN
+EFIAPI
+VariableExLibCheckRemainingSpaceForConsistency (
+ IN UINT32 Attributes,
+ ...
+ );
+
+/**
+ Return TRUE if at OS runtime.
+
+ @retval TRUE If at OS runtime.
+ @retval FALSE If at boot time.
+
+**/
+BOOLEAN
+EFIAPI
+VariableExLibAtRuntime (
+ VOID
+ );
+
#endif
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
index c5cef31..a95846a 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
@@ -1,17 +1,16 @@
/** @file
-
Implement all four UEFI Runtime Variable services for the nonvolatile
and volatile storage space and install variable architecture protocol.
-
+
Copyright (C) 2013, Red Hat, Inc.
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/

@@ -34,7 +33,7 @@ EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegisterSe

/**
Return TRUE if ExitBootServices () has been called.
-
+
@retval TRUE If ExitBootServices () has been called.
**/
BOOLEAN
@@ -49,8 +48,8 @@ AtRuntime (
/**
Initializes a basic mutual exclusion lock.

- This function initializes a basic mutual exclusion lock to the released state
- and returns the lock. Each lock provides mutual exclusion access at its task
+ This function initializes a basic mutual exclusion lock to the released state
+ and returns the lock. Each lock provides mutual exclusion access at its task
priority level. Since there is no preemption or multiprocessor support in EFI,
acquiring the lock only consists of raising to the locks TPL.
If Lock is NULL, then ASSERT().
@@ -141,7 +140,7 @@ GetFtwProtocol (
&gEfiFaultTolerantWriteProtocolGuid,
NULL,
FtwProtocol
- );
+ );
return Status;
}

@@ -155,7 +154,7 @@ GetFtwProtocol (
@retval EFI_SUCCESS The interface information for the specified protocol was returned.
@retval EFI_UNSUPPORTED The device does not support the FVB protocol.
@retval EFI_INVALID_PARAMETER FvBlockHandle is not a valid EFI_HANDLE or FvBlock is NULL.
-
+
**/
EFI_STATUS
GetFvbByHandle (
@@ -176,7 +175,7 @@ GetFvbByHandle (

/**
Function returns an array of handles that support the FVB protocol
- in a buffer allocated from pool.
+ in a buffer allocated from pool.

@param[out] NumberHandles The number of handles returned in Buffer.
@param[out] Buffer A pointer to the buffer to return the requested
@@ -187,7 +186,7 @@ GetFvbByHandle (
@retval EFI_NOT_FOUND No FVB handle was found.
@retval EFI_OUT_OF_RESOURCES There is not enough pool memory to store the matching results.
@retval EFI_INVALID_PARAMETER NumberHandles is NULL or Buffer is NULL.
-
+
**/
EFI_STATUS
GetFvbCountAndBuffer (
@@ -246,7 +245,7 @@ VariableClassAddressChangeEvent (
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.VolatileVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal->VariableGlobal.HobVariableBase);
EfiConvertPointer (0x0, (VOID **) &mVariableModuleGlobal);
- EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
+ EfiConvertPointer (0x0, (VOID **) &mNvVariableCache);
EfiConvertPointer (0x0, (VOID **) &mHandlerTable);
for (Index = 0; Index < mNumberOfHandler; Index++) {
EfiConvertPointer (0x0, (VOID **) &mHandlerTable[Index]);
@@ -257,6 +256,12 @@ VariableClassAddressChangeEvent (

Status = EfiConvertList (0x0, &mVarCheckVariableList);
ASSERT_EFI_ERROR (Status);
+
+ if (mContextOut.AddressPointer != NULL) {
+ for (Index = 0; Index < mContextOut.AddressPointerCount; Index++) {
+ EfiConvertPointer (0x0, (VOID **) &mContextOut.AddressPointer[Index]);
+ }
+ }
}


@@ -288,8 +293,14 @@ OnReadyToBoot (
InitializeVariableQuota ();
ReclaimForOS ();
if (FeaturePcdGet (PcdVariableCollectStatistics)) {
- gBS->InstallConfigurationTable (&gEfiVariableGuid, gVariableInfo);
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ gBS->InstallConfigurationTable (&gEfiAuthenticatedVariableGuid, gVariableInfo);
+ } else {
+ gBS->InstallConfigurationTable (&gEfiVariableGuid, gVariableInfo);
+ }
}
+
+ gBS->CloseEvent (Event);
}

/**
@@ -316,17 +327,19 @@ OnEndOfDxe (
if (PcdGetBool (PcdReclaimVariableSpaceAtEndOfDxe)) {
ReclaimForOS ();
}
+
+ gBS->CloseEvent (Event);
}

/**
Fault Tolerant Write protocol notification event handler.

- Non-Volatile variable write may needs FTW protocol to reclaim when
+ Non-Volatile variable write may needs FTW protocol to reclaim when
writting variable.

@param[in] Event Event whose notification function is being invoked.
@param[in] Context Pointer to the notification function's context.
-
+
**/
VOID
EFIAPI
@@ -394,21 +407,23 @@ FtwNotificationEvent (
DEBUG ((DEBUG_WARN, "Variable driver failed to add EFI_MEMORY_RUNTIME attribute to Flash.\n"));
}
}
-
+
Status = VariableWriteServiceInitialize ();
- ASSERT_EFI_ERROR (Status);
-
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));
+ }
+
//
// Install the Variable Write Architectural protocol.
//
Status = gBS->InstallProtocolInterface (
&mHandle,
- &gEfiVariableWriteArchProtocolGuid,
+ &gEfiVariableWriteArchProtocolGuid,
EFI_NATIVE_INTERFACE,
NULL
);
ASSERT_EFI_ERROR (Status);
-
+
//
// Close the notify event to avoid install gEfiVariableWriteArchProtocolGuid again.
//
@@ -419,13 +434,13 @@ FtwNotificationEvent (

/**
Variable Driver main entry point. The Variable driver places the 4 EFI
- runtime services in the EFI System Table and installs arch protocols
- for variable read and write services being availible. It also registers
+ runtime services in the EFI System Table and installs arch protocols
+ for variable read and write services being available. It also registers
a notification function for an EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE event.

- @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
@param[in] SystemTable A pointer to the EFI System Table.
-
+
@retval EFI_SUCCESS Variable service successfully initialized.

**/
@@ -463,13 +478,13 @@ VariableServiceInitialize (
SystemTable->RuntimeServices->GetNextVariableName = VariableServiceGetNextVariableName;
SystemTable->RuntimeServices->SetVariable = VariableServiceSetVariable;
SystemTable->RuntimeServices->QueryVariableInfo = VariableServiceQueryVariableInfo;
-
+
//
// Now install the Variable Runtime Architectural protocol on a new handle.
//
Status = gBS->InstallProtocolInterface (
&mHandle,
- &gEfiVariableArchProtocolGuid,
+ &gEfiVariableArchProtocolGuid,
EFI_NATIVE_INTERFACE,
NULL
);
@@ -477,7 +492,7 @@ VariableServiceInitialize (

//
// Register FtwNotificationEvent () notify function.
- //
+ //
EfiCreateProtocolNotifyEvent (
&gEfiFaultTolerantWriteProtocolGuid,
TPL_CALLBACK,
@@ -500,9 +515,9 @@ VariableServiceInitialize (
// Register the event handling function to reclaim variable for OS usage.
//
Status = EfiCreateEventReadyToBootEx (
- TPL_NOTIFY,
- OnReadyToBoot,
- NULL,
+ TPL_NOTIFY,
+ OnReadyToBoot,
+ NULL,
&ReadyToBootEvent
);
ASSERT_EFI_ERROR (Status);
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c
new file mode 100644
index 0000000..57c48ba
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableExLib.c
@@ -0,0 +1,256 @@
+/** @file
+ Provides variable driver extended services.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Variable.h"
+
+/**
+ Finds variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the variable found.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibFindVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_POINTER_TRACK Variable;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariable;
+
+ Status = FindVariable (
+ VariableName,
+ VendorGuid,
+ &Variable,
+ &mVariableModuleGlobal->VariableGlobal,
+ FALSE
+ );
+ if (EFI_ERROR (Status)) {
+ AuthVariableInfo->Data = NULL;
+ AuthVariableInfo->DataSize = 0;
+ AuthVariableInfo->Attributes = 0;
+ AuthVariableInfo->PubKeyIndex = 0;
+ AuthVariableInfo->MonotonicCount = 0;
+ AuthVariableInfo->TimeStamp = NULL;
+ return Status;
+ }
+
+ AuthVariableInfo->DataSize = DataSizeOfVariable (Variable.CurrPtr);
+ AuthVariableInfo->Data = GetVariableDataPtr (Variable.CurrPtr);
+ AuthVariableInfo->Attributes = Variable.CurrPtr->Attributes;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ AuthVariable = (AUTHENTICATED_VARIABLE_HEADER *) Variable.CurrPtr;
+ AuthVariableInfo->PubKeyIndex = AuthVariable->PubKeyIndex;
+ AuthVariableInfo->MonotonicCount = AuthVariable->MonotonicCount;
+ AuthVariableInfo->TimeStamp = &AuthVariable->TimeStamp;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Finds next variable in storage blocks of volatile and non-volatile storage areas.
+
+ This code finds next variable in storage blocks of volatile and non-volatile storage areas.
+ If VariableName is an empty string, then we just return the first
+ qualified variable without comparing VariableName and VendorGuid.
+
+ @param[in] VariableName Name of the variable to be found.
+ @param[in] VendorGuid Variable vendor GUID to be found.
+ @param[out] AuthVariableInfo Pointer to AUTH_VARIABLE_INFO structure for
+ output of the next variable.
+
+ @retval EFI_INVALID_PARAMETER If VariableName is not an empty string,
+ while VendorGuid is NULL.
+ @retval EFI_SUCCESS Variable successfully found.
+ @retval EFI_NOT_FOUND Variable not found
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibFindNextVariable (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ OUT AUTH_VARIABLE_INFO *AuthVariableInfo
+ )
+{
+ EFI_STATUS Status;
+ VARIABLE_HEADER *VariablePtr;
+ AUTHENTICATED_VARIABLE_HEADER *AuthVariablePtr;
+
+ Status = VariableServiceGetNextVariableInternal (
+ VariableName,
+ VendorGuid,
+ &VariablePtr
+ );
+ if (EFI_ERROR (Status)) {
+ AuthVariableInfo->VariableName = NULL;
+ AuthVariableInfo->VendorGuid = NULL;
+ AuthVariableInfo->Data = NULL;
+ AuthVariableInfo->DataSize = 0;
+ AuthVariableInfo->Attributes = 0;
+ AuthVariableInfo->PubKeyIndex = 0;
+ AuthVariableInfo->MonotonicCount = 0;
+ AuthVariableInfo->TimeStamp = NULL;
+ return Status;
+ }
+
+ AuthVariableInfo->VariableName = GetVariableNamePtr (VariablePtr);
+ AuthVariableInfo->VendorGuid = GetVendorGuidPtr (VariablePtr);
+ AuthVariableInfo->DataSize = DataSizeOfVariable (VariablePtr);
+ AuthVariableInfo->Data = GetVariableDataPtr (VariablePtr);
+ AuthVariableInfo->Attributes = VariablePtr->Attributes;
+ if (mVariableModuleGlobal->VariableGlobal.AuthFormat) {
+ AuthVariablePtr = (AUTHENTICATED_VARIABLE_HEADER *) VariablePtr;
+ AuthVariableInfo->PubKeyIndex = AuthVariablePtr->PubKeyIndex;
+ AuthVariableInfo->MonotonicCount = AuthVariablePtr->MonotonicCount;
+ AuthVariableInfo->TimeStamp = &AuthVariablePtr->TimeStamp;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Update the variable region with Variable information.
+
+ @param[in] AuthVariableInfo Pointer AUTH_VARIABLE_INFO structure for
+ input of the variable.
+
+ @retval EFI_SUCCESS The update operation is success.
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
+ @retval EFI_WRITE_PROTECTED Variable is write-protected.
+ @retval EFI_OUT_OF_RESOURCES There is not enough resource.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibUpdateVariable (
+ IN AUTH_VARIABLE_INFO *AuthVariableInfo
+ )
+{
+ VARIABLE_POINTER_TRACK Variable;
+
+ FindVariable (AuthVariableInfo->VariableName, AuthVariableInfo->VendorGuid, &Variable, &mVariableModuleGlobal->VariableGlobal, FALSE);
+ return UpdateVariable (
+ AuthVariableInfo->VariableName,
+ AuthVariableInfo->VendorGuid,
+ AuthVariableInfo->Data,
+ AuthVariableInfo->DataSize,
+ AuthVariableInfo->Attributes,
+ AuthVariableInfo->PubKeyIndex,
+ AuthVariableInfo->MonotonicCount,
+ &Variable,
+ AuthVariableInfo->TimeStamp
+ );
+}
+
+/**
+ Get scratch buffer.
+
+ @param[in, out] ScratchBufferSize Scratch buffer size. If input size is greater than
+ the maximum supported buffer size, this value contains
+ the maximum supported buffer size as output.
+ @param[out] ScratchBuffer Pointer to scratch buffer address.
+
+ @retval EFI_SUCCESS Get scratch buffer successfully.
+ @retval EFI_UNSUPPORTED If input size is greater than the maximum supported buffer size.
+
+**/
+EFI_STATUS
+EFIAPI
+VariableExLibGetScratchBuffer (
+ IN OUT UINTN *ScratchBufferSize,
+ OUT VOID **ScratchBuffer
+ )
+{
+ UINTN MaxBufferSize;
+
+ MaxBufferSize = mVariableModuleGlobal->ScratchBufferSize;
+ if (*ScratchBufferSize > MaxBufferSize) {
+ *ScratchBufferSize = MaxBufferSize;
+ return EFI_UNSUPPORTED;
+ }
+
+ *ScratchBuffer = GetEndPointer ((VARIABLE_STORE_HEADER *) ((UINTN) mVariableModuleGlobal->VariableGlobal.VolatileVariableBase));
+ return EFI_SUCCESS;
+}
+
+/**
+ This function is to check if the remaining variable space is enough to set
+ all Variables from argument list successfully. The purpose of the check
+ is to keep the consistency of the Variables to be in variable storage.
+
+ Note: Variables are assumed to be in same storage.
+ The set sequence of Variables will be same with the sequence of VariableEntry from argument list,
+ so follow the argument sequence to check the Variables.
+
+ @param[in] Attributes Variable attributes for Variable entries.
+ @param ... The variable argument list with type VARIABLE_ENTRY_CONSISTENCY *.
+ A NULL terminates the list. The VariableSize of
+ VARIABLE_ENTRY_CONSISTENCY is the variable data size as input.
+ It will be changed to variable total size as output.
+
+ @retval TRUE Have enough variable space to set the Variables successfully.
+ @retval FALSE No enough variable space to set the Variables successfully.
+
+**/
+BOOLEAN
+EFIAPI
+VariableExLibCheckRemainingSpaceForConsistency (
+ IN UINT32 Attributes,
+ ...
+ )
+{
+ VA_LIST Marker;
+ BOOLEAN Return;
+
+ VA_START (Marker, Attributes);
+
+ Return = CheckRemainingSpaceForConsistencyInternal (Attributes, Marker);
+
+ VA_END (Marker);
+
+ return Return;
+}
+
+/**
+ Return TRUE if at OS runtime.
+
+ @retval TRUE If at OS runtime.
+ @retval FALSE If at boot time.
+
+**/
+BOOLEAN
+EFIAPI
+VariableExLibAtRuntime (
+ VOID
+ )
+{
+ return AtRuntime ();
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 05d2765..ce5d9e3 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -1,7 +1,8 @@
## @file
-# This module installs variable arch protocol and variable write arch protocol.
+# Provides variable service.
#
-# It provides four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo.
+# This module installs variable arch protocol and variable write arch protocol to provide
+# variable services: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo.
#
# Caution: This module requires additional review when modified.
# This driver will have external input - variable data.
@@ -9,14 +10,12 @@
# buffer overflow or integer overflow.
#
# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
-#
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##

@@ -42,7 +41,9 @@ [Sources]
Variable.c
VariableDxe.c
Variable.h
+ Measurement.c
VarCheck.c
+ VariableExLib.c

[Packages]
MdePkg/MdePkg.dec
@@ -62,6 +63,8 @@ [LibraryClasses]
PcdLib
HobLib
DevicePathLib
+ TpmMeasurementLib
+ AuthVariableLib

[Protocols]
gEfiFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -78,19 +81,37 @@ [Guids]
## CONSUMES ## GUID # Signature of Variable store header
## SOMETIMES_CONSUMES ## HOB
## SOMETIMES_PRODUCES ## SystemTable
+ gEfiAuthenticatedVariableGuid
+
+ ## PRODUCES ## GUID # Signature of Variable store header
+ ## CONSUMES ## GUID # Signature of Variable store header
+ ## SOMETIMES_CONSUMES ## HOB
+ ## SOMETIMES_PRODUCES ## SystemTable
gEfiVariableGuid
+
## SOMETIMES_CONSUMES ## Variable:L"PlatformLang"
## SOMETIMES_PRODUCES ## Variable:L"PlatformLang"
## SOMETIMES_CONSUMES ## Variable:L"Lang"
## SOMETIMES_PRODUCES ## Variable:L"Lang"
## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport"
+ ## SOMETIMES_CONSUMES ## Variable:L"SetupMode"
+ ## SOMETIMES_CONSUMES ## Variable:L"PK"
+ ## SOMETIMES_CONSUMES ## Variable:L"KEK"
+ ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
+ ## SOMETIMES_CONSUMES ## Variable:L"SignatureSupport"
+ ## SOMETIMES_CONSUMES ## Variable:L"VendorKeys"
gEfiGlobalVariableGuid
+
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"
+ gEfiImageSecurityDatabaseGuid
+
gEfiEventVirtualAddressChangeGuid ## CONSUMES ## Event
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####"
gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
- ## SOMETIMES_CONSUMES ## HOB
- gEdkiiFaultTolerantWriteGuid
+ gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB
gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID

[Pcd]
@@ -98,6 +119,7 @@ [Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES
@@ -107,7 +129,7 @@ [Pcd]

[FeaturePcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable.
- gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES
+ gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang

[Depex]
TRUE
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.uni b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.uni
index ee8acd0ad15e03ec5b02d459b7e2b24fda6f14c1..27bced29e45617526b0e31e7a96fdd1e47c1a7d8 100644
GIT binary patch
delta 231
zcmbOua!z7`3V#4Y5ko#h8AB#***@x(?^{$e1b2rQHgWa&-zWRaby*C(sMPy$q`
zz)*mqgO`DeL7zb%Q(y69Nye#+3Y)hwS~4-3Zhp_~&w|A=***@8_tUe2GzFqD_M+
hR_m}^(>r+|W8GvIrku$;m=;Y=V)o)vVgR`dgaP)WH;DiM

delta 234
zcmX>nF-K&A%EYW0v3d-=3|tKQKnSB17(5wD7!()^7>XG38Oj(k8B!Qh8H#}-X+VA{
zP*j1zmB9_DDxM*TA(X+7Aq2?w1&YNp1Ov$+hA<%C8OREr{E)ME@&!hY$rqSKHa}z3
qVPZ7dEX?B1!st0!le3;#k3nhjb9Vj7M>u>uscI*e64*B&9{~***@Xs$

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index 5908408..db3ea54 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -1,7 +1,6 @@
/** @file
-
- The sample implementation for SMM variable protocol. And this driver
- implements an SMI handler to communicate with the DXE runtime driver
+ The sample implementation for SMM variable protocol. And this driver
+ implements an SMI handler to communicate with the DXE runtime driver
to provide variable services.

Caution: This module requires additional review when modified.
@@ -11,20 +10,21 @@

SmmVariableHandler() will receive untrusted input and do basic validation.

- Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
- VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
+ Each sub function VariableServiceGetVariable(), VariableServiceGetNextVariableName(),
+ VariableServiceSetVariable(), VariableServiceQueryVariableInfo(), ReclaimForOS(),
SmmVariableGetStatistics() should also do validation based on its own knowledge.

Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/
+
#include <Protocol/SmmVariable.h>
#include <Protocol/SmmFirmwareVolumeBlock.h>
#include <Protocol/SmmFaultTolerantWrite.h>
@@ -34,7 +34,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/SmmServicesTableLib.h>
#include <Library/SmmMemLib.h>

-#include <Guid/VariableFormat.h>
#include <Guid/SmmVariableCommon.h>
#include "Variable.h"

@@ -49,6 +48,23 @@ extern BOOLEAN mEndOfDxe;
extern BOOLEAN mEnableLocking;

/**
+ SecureBoot Hook for SetVariable.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+
+**/
+VOID
+EFIAPI
+SecureBootHook (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ )
+{
+ return ;
+}
+
+/**

This code sets variable in storage blocks (Volatile or Non-Volatile).

@@ -320,10 +336,11 @@ GetFvbCountAndBuffer (
@param[in, out] InfoSize On input, the size of the variable information buffer.
On output, the returned variable information size.

- @retval EFI_SUCCESS The variable information is found and returned successfully.
- @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
- PcdVariableCollectStatistics should be set TRUE to support it.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
+ @retval EFI_SUCCESS The variable information is found and returned successfully.
+ @retval EFI_UNSUPPORTED No variable inoformation exists in variable driver. The
+ PcdVariableCollectStatistics should be set TRUE to support it.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the next variable information.
+ @retval EFI_INVALID_PARAMETER Input parameter is invalid.

**/
EFI_STATUS
@@ -337,8 +354,11 @@ SmmVariableGetStatistics (
UINTN StatisticsInfoSize;
CHAR16 *InfoName;
EFI_GUID VendorGuid;
-
- ASSERT (InfoEntry != NULL);
+
+ if (InfoEntry == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
VariableInfo = gVariableInfo;
if (VariableInfo == NULL) {
return EFI_UNSUPPORTED;
@@ -381,7 +401,7 @@ SmmVariableGetStatistics (
}
VariableInfo = VariableInfo->Next;
};
-
+
if (VariableInfo == NULL) {
*InfoSize = 0;
return EFI_SUCCESS;
@@ -399,7 +419,7 @@ SmmVariableGetStatistics (
CopyMem (InfoEntry, VariableInfo, sizeof (VARIABLE_INFO_ENTRY));
CopyMem (InfoName, VariableInfo->Name, StrSize (VariableInfo->Name));
*InfoSize = StatisticsInfoSize;
-
+
return EFI_SUCCESS;
}

@@ -444,6 +464,7 @@ SmmVariableHandler (
SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *SmmVariableHeader;
SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *GetNextVariableName;
SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *QueryVariableInfo;
+ SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *GetPayloadSize;
VARIABLE_INFO_ENTRY *VariableInfo;
SMM_VARIABLE_COMMUNICATE_LOCK_VARIABLE *VariableToLock;
SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *CommVariableProperty;
@@ -634,6 +655,16 @@ SmmVariableHandler (
);
break;

+ case SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE:
+ if (CommBufferPayloadSize < sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE)) {
+ DEBUG ((EFI_D_ERROR, "GetPayloadSize: SMM communication buffer size invalid!\n"));
+ return EFI_SUCCESS;
+ }
+ GetPayloadSize = (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *) SmmVariableFunctionHeader->Data;
+ GetPayloadSize->VariablePayloadSize = mVariableBufferPayloadSize;
+ Status = EFI_SUCCESS;
+ break;
+
case SMM_VARIABLE_FUNCTION_READY_TO_BOOT:
mEndOfDxe = TRUE;
//
@@ -841,7 +872,9 @@ SmmFtwNotificationEvent (
mVariableModuleGlobal->FvbInstance = FvbProtocol;

Status = VariableWriteServiceInitialize ();
- ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));
+ }

//
// Notify the variable wrapper driver the variable write service is ready
@@ -908,8 +941,8 @@ VariableServiceInitialize (
);
ASSERT_EFI_ERROR (Status);

- mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
+ mVariableBufferPayloadSize = GetNonVolatileMaxVariableSize () +
+ OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - GetVariableHeaderSize ();

Status = gSmst->SmmAllocatePool (
EfiRuntimeServicesData,
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index 9b8675b..7f55bbd 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -1,6 +1,8 @@
## @file
+# Provides SMM variable service.
+#
# This module installs SMM variable protocol into SMM protocol database,
-# which can be used by SMM driver, and installs SMM variable protocol
+# which can be used by SMM driver, and installs SMM variable protocol
# into BS protocol database, which can be used to notify the SMM Runtime
# Dxe driver that the SMM variable service is ready.
# This module should be used with SMM Runtime DXE module together. The
@@ -9,8 +11,12 @@
#
# Caution: This module requires additional review when modified.
# This driver will have external input - variable data and communicate buffer in SMM mode.
-# This external input must be validated carefully to avoid security issue like
-# buffer overflow, integer overflow.
+# This external input must be validated carefully to avoid security issues such as
+# buffer overflow or integer overflow.
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+# may not be modified without authorization. If platform fails to protect these resources,
+# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
# This program and the accompanying materials
@@ -20,7 +26,6 @@
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
-#
##

[Defines]
@@ -46,6 +51,7 @@ [Sources]
VariableSmm.c
VarCheck.c
Variable.h
+ VariableExLib.c

[Packages]
MdePkg/MdePkg.dec
@@ -65,6 +71,7 @@ [LibraryClasses]
PcdLib
DevicePathLib
SmmMemLib
+ AuthVariableLib

[Protocols]
gEfiSmmFirmwareVolumeBlockProtocolGuid ## CONSUMES
@@ -81,35 +88,55 @@ [Guids]
## PRODUCES ## GUID # Signature of Variable store header
## CONSUMES ## GUID # Signature of Variable store header
## SOMETIMES_CONSUMES ## HOB
+ ## SOMETIMES_PRODUCES ## SystemTable
+ gEfiAuthenticatedVariableGuid
+
+ ## PRODUCES ## GUID # Signature of Variable store header
+ ## CONSUMES ## GUID # Signature of Variable store header
+ ## SOMETIMES_CONSUMES ## HOB
+ ## SOMETIMES_PRODUCES ## SystemTable
gEfiVariableGuid
+
## SOMETIMES_CONSUMES ## Variable:L"PlatformLang"
## SOMETIMES_PRODUCES ## Variable:L"PlatformLang"
## SOMETIMES_CONSUMES ## Variable:L"Lang"
## SOMETIMES_PRODUCES ## Variable:L"Lang"
## SOMETIMES_CONSUMES ## Variable:L"HwErrRecSupport"
+ ## SOMETIMES_CONSUMES ## Variable:L"SetupMode"
+ ## SOMETIMES_CONSUMES ## Variable:L"PK"
+ ## SOMETIMES_CONSUMES ## Variable:L"KEK"
+ ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
+ ## SOMETIMES_CONSUMES ## Variable:L"SignatureSupport"
+ ## SOMETIMES_CONSUMES ## Variable:L"VendorKeys"
gEfiGlobalVariableGuid
- gSmmVariableWriteGuid ## PRODUCES ## UNDEFINED # Install protocol
+
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBT"
+ gEfiImageSecurityDatabaseGuid
+
+ gSmmVariableWriteGuid ## PRODUCES ## GUID # Install protocol
gEfiSystemNvDataFvGuid ## CONSUMES ## GUID
gEfiHardwareErrorVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"HwErrRec####"
- ## SOMETIMES_CONSUMES ## HOB
- gEdkiiFaultTolerantWriteGuid
+ gEdkiiFaultTolerantWriteGuid ## SOMETIMES_CONSUMES ## HOB
gEdkiiVarErrorFlagGuid ## CONSUMES ## GUID

[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase ## SOMETIMES_CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64 ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableStoreSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdHwErrStorageSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdMaxUserNvVariableSpaceSize ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdBoottimeReservedNvVariableSpaceSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe ## CONSUMES

[FeaturePcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable.
- gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics ## CONSUMES # statistic the information of variable.
+ gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate ## CONSUMES # Auto update PlatformLang/Lang

[Depex]
TRUE
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.uni b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.uni
index 3e72476e6479820c62b0c68f2e581a2be40917d1..e6d4a36379d2c45b84ad9ff1f6a0dc5c611c9757 100644
GIT binary patch
delta 211
zcmZ1^`%Gzq3V#4Y5ko#h8AB#R3PUPG@#I7vZAQJxyV+zXCou6%w5geVgPm{k2X2YU
zUffBWJs9g)1dACI7>XH68Il<?fUHEIp7X4ltO`I=iYEVLO=mRSoXF<Sg3aK`^LVCA
zv?-a~#;CU0i#vpoQE#H6^yECIg2~4iB_<c}N=z1GPMU1OmooVqbKT?`mQ9n*SSMhy
T?>eg@+&)z<B?evwE-(***@05

delta 84
zcmaE+v`BV>%H%mr5|b}*mrVS}F<FU2Y_b5a#AY4F2P~Wl3^@#$4A~5+lV#a78FeOm
mv!yedY~IY~&%)@r`6BmQ#>qC^Q#Rk?O=ILzV&G-q0%HJSgBL~s

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmExtra.uni b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmExtra.uni
index e42cc12b4de70d9e51476aa891469a7d1a84cea5..46f984c809f21e48ed023ea68e685ba74d3f854e 100644
GIT binary patch
delta 47
***@YwS{ZK4o1_BJ0n??f*EpwPyvYZ8B!QZ8FCm>8I%}!8MxpW05F9KE&u=k

delta 63
zcmdnOb%ble4n~uWJ0n?)6c`*Cl7TRlp%@4i7+***@47+***@05kn?J8Bn~4L5YEvfeVfS
D<C_a<

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
index 30fb5df..86b88d3 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c
@@ -1,5 +1,4 @@
/** @file
-
Implement all four UEFI Runtime Variable services for the nonvolatile
and volatile storage space and install variable architecture protocol
based on SMM variable module.
@@ -15,13 +14,13 @@
InitCommunicateBuffer() is really function to check the variable data size.

Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php

-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.

**/
#include <PiDxe.h>
@@ -39,12 +38,10 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Library/UefiRuntimeLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
#include <Library/UefiLib.h>
#include <Library/BaseLib.h>

#include <Guid/EventGroup.h>
-#include <Guid/VariableFormat.h>
#include <Guid/SmmVariableCommon.h>

EFI_HANDLE mHandle = NULL;
@@ -60,6 +57,20 @@ EDKII_VARIABLE_LOCK_PROTOCOL mVariableLock;
EDKII_VAR_CHECK_PROTOCOL mVarCheck;

/**
+ SecureBoot Hook for SetVariable.
+
+ @param[in] VariableName Name of Variable to be found.
+ @param[in] VendorGuid Variable vendor GUID.
+
+**/
+VOID
+EFIAPI
+SecureBootHook (
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid
+ );
+
+/**
Acquires lock only at boot time. Simply returns at runtime.

This is a temperary function that will be removed when
@@ -594,7 +605,6 @@ RuntimeServiceGetNextVariableName (
//
PayloadSize = OFFSET_OF (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME, Name) + MAX (OutVariableNameSize, InVariableNameSize);

-
Status = InitCommunicateBuffer ((VOID **)&SmmGetNextVariableName, PayloadSize, SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME);
if (EFI_ERROR (Status)) {
goto Done;
@@ -700,7 +710,7 @@ RuntimeServiceSetVariable (
}

AcquireLockOnlyAtBootTime(&mVariableServicesLock);
-
+
//
// Init the communicate buffer. The buffer data size is:
// SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + PayloadSize.
@@ -726,6 +736,15 @@ RuntimeServiceSetVariable (

Done:
ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+
+ if (!EfiAtRuntime ()) {
+ if (!EFI_ERROR (Status)) {
+ SecureBootHook (
+ VariableName,
+ VendorGuid
+ );
+ }
+ }
return Status;
}

@@ -857,6 +876,8 @@ OnReadyToBoot (
// Send data to SMM.
//
SendCommunicateBuffer (0);
+
+ gBS->CloseEvent (Event);
}


@@ -881,6 +902,79 @@ VariableAddressChangeEvent (
EfiConvertPointer (0x0, (VOID **) &mSmmCommunication);
}

+/**
+ This code gets variable payload size.
+
+ @param[out] VariablePayloadSize Output pointer to variable payload size.
+
+ @retval EFI_SUCCESS Get successfully.
+ @retval Others Get unsuccessfully.
+
+**/
+EFI_STATUS
+EFIAPI
+GetVariablePayloadSize (
+ OUT UINTN *VariablePayloadSize
+ )
+{
+ EFI_STATUS Status;
+ SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *SmmGetPayloadSize;
+ EFI_SMM_COMMUNICATE_HEADER *SmmCommunicateHeader;
+ SMM_VARIABLE_COMMUNICATE_HEADER *SmmVariableFunctionHeader;
+ UINTN CommSize;
+ UINT8 *CommBuffer;
+
+ SmmGetPayloadSize = NULL;
+ CommBuffer = NULL;
+
+ if(VariablePayloadSize == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AcquireLockOnlyAtBootTime(&mVariableServicesLock);
+
+ //
+ // Init the communicate buffer. The buffer data size is:
+ // SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
+ //
+ CommSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
+ CommBuffer = AllocateZeroPool (CommSize);
+ if (CommBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Done;
+ }
+
+ SmmCommunicateHeader = (EFI_SMM_COMMUNICATE_HEADER *) CommBuffer;
+ CopyGuid (&SmmCommunicateHeader->HeaderGuid, &gEfiSmmVariableProtocolGuid);
+ SmmCommunicateHeader->MessageLength = SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + sizeof (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE);
+
+ SmmVariableFunctionHeader = (SMM_VARIABLE_COMMUNICATE_HEADER *) SmmCommunicateHeader->Data;
+ SmmVariableFunctionHeader->Function = SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE;
+ SmmGetPayloadSize = (SMM_VARIABLE_COMMUNICATE_GET_PAYLOAD_SIZE *) SmmVariableFunctionHeader->Data;
+
+ //
+ // Send data to SMM.
+ //
+ Status = mSmmCommunication->Communicate (mSmmCommunication, CommBuffer, &CommSize);
+ ASSERT_EFI_ERROR (Status);
+
+ Status = SmmVariableFunctionHeader->ReturnStatus;
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+
+ //
+ // Get data from SMM.
+ //
+ *VariablePayloadSize = SmmGetPayloadSize->VariablePayloadSize;
+
+Done:
+ if (CommBuffer != NULL) {
+ FreePool (CommBuffer);
+ }
+ ReleaseLockOnlyAtBootTime (&mVariableServicesLock);
+ return Status;
+}

/**
Initialize variable service and install Variable Architectural protocol.
@@ -909,8 +1003,8 @@ SmmVariableReady (
//
// Allocate memory for variable communicate buffer.
//
- mVariableBufferPayloadSize = MAX (PcdGet32 (PcdMaxVariableSize), PcdGet32 (PcdMaxHardwareErrorVariableSize)) +
- OFFSET_OF (SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY, Name) - sizeof (VARIABLE_HEADER);
+ Status = GetVariablePayloadSize (&mVariableBufferPayloadSize);
+ ASSERT_EFI_ERROR (Status);
mVariableBufferSize = SMM_COMMUNICATE_HEADER_SIZE + SMM_VARIABLE_COMMUNICATE_HEADER_SIZE + mVariableBufferPayloadSize;
mVariableBuffer = AllocateRuntimePool (mVariableBufferSize);
ASSERT (mVariableBuffer != NULL);
@@ -955,6 +1049,8 @@ SmmVariableReady (
NULL
);
ASSERT_EFI_ERROR (Status);
+
+ gBS->CloseEvent (Event);
}


@@ -982,14 +1078,16 @@ SmmVariableWriteReady (
if (EFI_ERROR (Status)) {
return;
}
-
+
Status = gBS->InstallProtocolInterface (
&mHandle,
- &gEfiVariableWriteArchProtocolGuid,
+ &gEfiVariableWriteArchProtocolGuid,
EFI_NATIVE_INTERFACE,
NULL
);
- ASSERT_EFI_ERROR (Status);
+ ASSERT_EFI_ERROR (Status);
+
+ gBS->CloseEvent (Event);
}


diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
index a72619e..3ddf132 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
@@ -1,24 +1,25 @@
## @file
-# This module is the Runtime DXE part correspond to SMM variable module.
+# Runtime DXE part corresponding to SMM authenticated variable module.
#
-# It installs variable arch protocol and variable write arch protocol to provide
-# four EFI_RUNTIME_SERVICES: SetVariable, GetVariable, GetNextVariableName and QueryVariableInfo
-# and works with SMM variable module together.
+# This module installs variable arch protocol and variable write arch protocol to provide
+# variable service. This module need work together with SMM authenticated variable module.
#
# Caution: This module requires additional review when modified.
# This driver will have external input - variable data.
-# This external input must be validated carefully to avoid security issues such as
+# This external input must be validated carefully to avoid security issues such as
# buffer overflow or integer overflow.
+# The whole SMM authentication variable design relies on the integrity of flash part and SMM.
+# which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory
+# may not be modified without authorization. If platform fails to protect these resources,
+# the authentication service provided in this driver will be broken, and the behavior is undefined.
#
# Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
-#
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#
##

@@ -41,6 +42,7 @@ [Defines]

[Sources]
VariableSmmRuntimeDxe.c
+ Measurement.c

[Packages]
MdePkg/MdePkg.dec
@@ -54,7 +56,7 @@ [LibraryClasses]
UefiRuntimeLib
DxeServicesTableLib
UefiDriverEntryPoint
- PcdLib
+ TpmMeasurementLib

[Protocols]
gEfiVariableWriteArchProtocolGuid ## PRODUCES
@@ -74,10 +76,15 @@ [Guids]
## CONSUMES ## GUID # Protocol notify
gSmmVariableWriteGuid

-[Pcd]
- gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdMaxHardwareErrorVariableSize ## CONSUMES
-
+ ## SOMETIMES_CONSUMES ## Variable:L"PK"
+ ## SOMETIMES_CONSUMES ## Variable:L"KEK"
+ ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
+ gEfiGlobalVariableGuid
+
+ ## SOMETIMES_CONSUMES ## Variable:L"DB"
+ ## SOMETIMES_CONSUMES ## Variable:L"DBX"
+ gEfiImageSecurityDatabaseGuid
+
[Depex]
gEfiSmmCommunicationProtocolGuid

--
1.9.5.msysgit.0