diff options
Diffstat (limited to 'src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib')
13 files changed, 2569 insertions, 0 deletions
diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c new file mode 100644 index 00000000..174a245d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.c @@ -0,0 +1,538 @@ +/** @file + +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR> + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/LockBoxLib.h> +#include <Library/DebugLib.h> +#include <Library/UefiLib.h> +#include <Protocol/SmmCommunication.h> +#include <Guid/SmmLockBox.h> +#include <Guid/PiSmmCommunicationRegionTable.h> + +#include "SmmLockBoxLibPrivate.h" + +EFI_SMM_COMMUNICATION_PROTOCOL *mLockBoxSmmCommProtocol = NULL; +UINT8 *mLockBoxSmmCommBuffer = NULL; + +/** + Get smm communication protocol for lockbox. + + @return Pointer to smm communication protocol, NULL if not found. + +**/ +EFI_SMM_COMMUNICATION_PROTOCOL * +LockBoxGetSmmCommProtocol ( + VOID + ) +{ + EFI_STATUS Status; + + // + // If the protocol has been got previously, return it. + // + if (mLockBoxSmmCommProtocol != NULL) { + return mLockBoxSmmCommProtocol; + } + + Status = gBS->LocateProtocol ( + &gEfiSmmCommunicationProtocolGuid, + NULL, + (VOID **)&mLockBoxSmmCommProtocol + ); + if (EFI_ERROR (Status)) { + mLockBoxSmmCommProtocol = NULL; + } + return mLockBoxSmmCommProtocol; +} + +/** + Get smm communication buffer for lockbox. + + @return Pointer to smm communication buffer, NULL if not found. + +**/ +UINT8 * +LockBoxGetSmmCommBuffer ( + VOID + ) +{ + EFI_STATUS Status; + UINTN MinimalSizeNeeded; + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *PiSmmCommunicationRegionTable; + UINT32 Index; + EFI_MEMORY_DESCRIPTOR *Entry; + UINTN Size; + + // + // If the buffer has been got previously, return it. + // + if (mLockBoxSmmCommBuffer != NULL) { + return mLockBoxSmmCommBuffer; + } + + MinimalSizeNeeded = sizeof (EFI_GUID) + + sizeof (UINTN) + + MAX (sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SAVE), + MAX (sizeof (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES), + MAX (sizeof (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE), + MAX (sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE), + sizeof (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE))))); + + Status = EfiGetSystemConfigurationTable ( + &gEdkiiPiSmmCommunicationRegionTableGuid, + (VOID **) &PiSmmCommunicationRegionTable + ); + if (EFI_ERROR (Status)) { + mLockBoxSmmCommBuffer = NULL; + return mLockBoxSmmCommBuffer; + } + ASSERT (PiSmmCommunicationRegionTable != NULL); + Entry = (EFI_MEMORY_DESCRIPTOR *) (PiSmmCommunicationRegionTable + 1); + Size = 0; + for (Index = 0; Index < PiSmmCommunicationRegionTable->NumberOfEntries; Index++) { + if (Entry->Type == EfiConventionalMemory) { + Size = EFI_PAGES_TO_SIZE ((UINTN) Entry->NumberOfPages); + if (Size >= MinimalSizeNeeded) { + break; + } + } + Entry = (EFI_MEMORY_DESCRIPTOR *) ((UINT8 *) Entry + PiSmmCommunicationRegionTable->DescriptorSize); + } + if (Index >= PiSmmCommunicationRegionTable->NumberOfEntries) { + mLockBoxSmmCommBuffer = NULL; + } else { + mLockBoxSmmCommBuffer = (UINT8 *) (UINTN) Entry->PhysicalStart; + } + return mLockBoxSmmCommBuffer; +} + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_SAVE *LockBoxParameterSave; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 TempCommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE)]; + UINT8 *CommBuffer; + UINTN CommSize; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib SaveLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + return EFI_INVALID_PARAMETER; + } + + SmmCommunication = LockBoxGetSmmCommProtocol (); + if (SmmCommunication == NULL) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommBuffer = LockBoxGetSmmCommBuffer (); + if (CommBuffer == NULL) { + CommBuffer = &TempCommBuffer[0]; + } + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterSave); + + LockBoxParameterSave = (EFI_SMM_LOCK_BOX_PARAMETER_SAVE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterSave->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SAVE; + LockBoxParameterSave->Header.DataLength = sizeof(*LockBoxParameterSave); + LockBoxParameterSave->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterSave->Guid, Guid, sizeof(*Guid)); + LockBoxParameterSave->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + LockBoxParameterSave->Length = (UINT64)Length; + + // + // Send command + // + CommSize = sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SAVE); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterSave->Header.ReturnStatus; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib SaveLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *LockBoxParameterSetAttributes; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 TempCommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES)]; + UINT8 *CommBuffer; + UINTN CommSize; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) { + return EFI_INVALID_PARAMETER; + } + + SmmCommunication = LockBoxGetSmmCommProtocol (); + if (SmmCommunication == NULL) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommBuffer = LockBoxGetSmmCommBuffer (); + if (CommBuffer == NULL) { + CommBuffer = &TempCommBuffer[0]; + } + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterSetAttributes); + + LockBoxParameterSetAttributes = (EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterSetAttributes->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_SET_ATTRIBUTES; + LockBoxParameterSetAttributes->Header.DataLength = sizeof(*LockBoxParameterSetAttributes); + LockBoxParameterSetAttributes->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterSetAttributes->Guid, Guid, sizeof(*Guid)); + LockBoxParameterSetAttributes->Attributes = (UINT64)Attributes; + + // + // Send command + // + CommSize = sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_SET_ATTRIBUTES); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterSetAttributes->Header.ReturnStatus; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib SetLockBoxAttributes - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL for lockbox without attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + the original buffer to too small to hold new information. + @retval RETURN_OUT_OF_RESOURCES for lockbox with attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *LockBoxParameterUpdate; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 TempCommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE)]; + UINT8 *CommBuffer; + UINTN CommSize; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib UpdateLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + return EFI_INVALID_PARAMETER; + } + + SmmCommunication = LockBoxGetSmmCommProtocol (); + if (SmmCommunication == NULL) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommBuffer = LockBoxGetSmmCommBuffer (); + if (CommBuffer == NULL) { + CommBuffer = &TempCommBuffer[0]; + } + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterUpdate); + + LockBoxParameterUpdate = (EFI_SMM_LOCK_BOX_PARAMETER_UPDATE *)(UINTN)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterUpdate->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_UPDATE; + LockBoxParameterUpdate->Header.DataLength = sizeof(*LockBoxParameterUpdate); + LockBoxParameterUpdate->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterUpdate->Guid, Guid, sizeof(*Guid)); + LockBoxParameterUpdate->Offset = (UINT64)Offset; + LockBoxParameterUpdate->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + LockBoxParameterUpdate->Length = (UINT64)Length; + + // + // Send command + // + CommSize = sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_UPDATE); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterUpdate->Header.ReturnStatus; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib UpdateLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 TempCommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)]; + UINT8 *CommBuffer; + UINTN CommSize; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib RestoreLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Buffer == NULL) && (Length != NULL)) || + ((Buffer != NULL) && (Length == NULL))) { + return EFI_INVALID_PARAMETER; + } + + SmmCommunication = LockBoxGetSmmCommProtocol (); + if (SmmCommunication == NULL) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommBuffer = LockBoxGetSmmCommBuffer (); + if (CommBuffer == NULL) { + CommBuffer = &TempCommBuffer[0]; + } + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterRestore); + + LockBoxParameterRestore = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterRestore->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE; + LockBoxParameterRestore->Header.DataLength = sizeof(*LockBoxParameterRestore); + LockBoxParameterRestore->Header.ReturnStatus = (UINT64)-1; + CopyMem (&LockBoxParameterRestore->Guid, Guid, sizeof(*Guid)); + LockBoxParameterRestore->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + if (Length != NULL) { + LockBoxParameterRestore->Length = (EFI_PHYSICAL_ADDRESS)*Length; + } else { + LockBoxParameterRestore->Length = 0; + } + + // + // Send command + // + CommSize = sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + if (Length != NULL) { + *Length = (UINTN)LockBoxParameterRestore->Length; + } + + Status = (EFI_STATUS)LockBoxParameterRestore->Header.ReturnStatus; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib RestoreLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + EFI_STATUS Status; + EFI_SMM_COMMUNICATION_PROTOCOL *SmmCommunication; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 TempCommBuffer[sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)]; + UINT8 *CommBuffer; + UINTN CommSize; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Enter\n")); + + SmmCommunication = LockBoxGetSmmCommProtocol (); + if (SmmCommunication == NULL) { + return EFI_NOT_STARTED; + } + + // + // Prepare parameter + // + CommBuffer = LockBoxGetSmmCommBuffer (); + if (CommBuffer == NULL) { + CommBuffer = &TempCommBuffer[0]; + } + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + CommHeader->MessageLength = sizeof(*LockBoxParameterRestoreAllInPlace); + + LockBoxParameterRestoreAllInPlace = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)]; + LockBoxParameterRestoreAllInPlace->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE; + LockBoxParameterRestoreAllInPlace->Header.DataLength = sizeof(*LockBoxParameterRestoreAllInPlace); + LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)-1; + + // + // Send command + // + CommSize = sizeof(EFI_GUID) + sizeof(UINTN) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE); + Status = SmmCommunication->Communicate ( + SmmCommunication, + &CommBuffer[0], + &CommSize + ); + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterRestoreAllInPlace->Header.ReturnStatus; + + DEBUG ((DEBUG_INFO, "SmmLockBoxDxeLib RestoreAllLockBoxInPlace - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf new file mode 100644 index 00000000..0979c7dd --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.inf @@ -0,0 +1,45 @@ +## @file +# DXE LockBox library instance. +# +# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxDxeLib + MODULE_UNI_FILE = SmmLockBoxDxeLib.uni + FILE_GUID = 4A0054B4-3CA8-4e1b-9339-9B58D5FBB7D2 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_DRIVER UEFI_APPLICATION + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxDxeLib.c + SmmLockBoxLibPrivate.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + BaseLib + BaseMemoryLib + DebugLib + UefiLib + +[Guids] + gEfiSmmLockBoxCommunicationGuid ## SOMETIMES_CONSUMES ## GUID # Used to do smm communication + gEdkiiPiSmmCommunicationRegionTableGuid ## SOMETIMES_CONSUMES ## SystemTable + +[Protocols] + gEfiSmmCommunicationProtocolGuid ## SOMETIMES_CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.uni b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.uni new file mode 100644 index 00000000..fc87e350 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxDxeLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// DXE LockBox library instance.
+//
+// DXE LockBox library instance.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "DXE LockBox library instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "DXE LockBox library instance."
+
diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h new file mode 100644 index 00000000..2485ebfb --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxLibPrivate.h @@ -0,0 +1,72 @@ +/** @file + +Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SMM_LOCK_BOX_LIB_PRIVATE_H_ +#define _SMM_LOCK_BOX_LIB_PRIVATE_H_ + +#include <Uefi.h> + +#pragma pack(1) + +// +// Below data structure is used for lockbox registration in SMST +// + +#define SMM_LOCK_BOX_SIGNATURE_32 SIGNATURE_64 ('L','O','C','K','B','_','3','2') +#define SMM_LOCK_BOX_SIGNATURE_64 SIGNATURE_64 ('L','O','C','K','B','_','6','4') + +typedef struct { + UINT64 Signature; + EFI_PHYSICAL_ADDRESS LockBoxDataAddress; +} SMM_LOCK_BOX_CONTEXT; + +// +// Below data structure is used for lockbox management +// + +#define SMM_LOCK_BOX_DATA_SIGNATURE SIGNATURE_64 ('L','O','C','K','B','O','X','D') + +typedef struct { + UINT64 Signature; + EFI_GUID Guid; + EFI_PHYSICAL_ADDRESS Buffer; + UINT64 Length; + UINT64 Attributes; + EFI_PHYSICAL_ADDRESS SmramBuffer; + LIST_ENTRY Link; +} SMM_LOCK_BOX_DATA; + +#pragma pack() + +/** + Constructor for SmmLockBox library. + This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +SmmLockBoxMmConstructor ( + VOID + ); + +/** + Destructor for SmmLockBox library. + This is used to uninstall SmmLockBoxCommunication configuration table + if it has been installed in Constructor. + + @retval EFI_SUCEESS The destructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +SmmLockBoxMmDestructor ( + VOID + ); + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c new file mode 100644 index 00000000..911e1e04 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxMmLib.c @@ -0,0 +1,861 @@ +/** @file + +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR> + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiMm.h> +#include <Library/MmServicesTableLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/LockBoxLib.h> +#include <Library/DebugLib.h> +#include <Guid/SmmLockBox.h> +#include <Guid/EndOfS3Resume.h> +#include <Protocol/MmReadyToLock.h> +#include <Protocol/MmEndOfDxe.h> +#include <Protocol/SmmSxDispatch2.h> + +#include "SmmLockBoxLibPrivate.h" + +/** + We need handle this library carefully. Only one library instance will construct the environment. + Below 2 global variable can only be used in constructor. They should NOT be used in any other library functions. +**/ +SMM_LOCK_BOX_CONTEXT mSmmLockBoxContext; +LIST_ENTRY mLockBoxQueue = INITIALIZE_LIST_HEAD_VARIABLE (mLockBoxQueue); + +BOOLEAN mSmmConfigurationTableInstalled = FALSE; +VOID *mSmmLockBoxRegistrationSmmEndOfDxe = NULL; +VOID *mSmmLockBoxRegistrationSmmReadyToLock = NULL; +VOID *mSmmLockBoxRegistrationEndOfS3Resume = NULL; +BOOLEAN mSmmLockBoxSmmReadyToLock = FALSE; +BOOLEAN mSmmLockBoxDuringS3Resume = FALSE; + +/** + This function return SmmLockBox context from SMST. + + @return SmmLockBox context from SMST. +**/ +SMM_LOCK_BOX_CONTEXT * +InternalGetSmmLockBoxContext ( + VOID + ) +{ + UINTN Index; + + // + // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone + // + for (Index = 0; Index < gMmst->NumberOfTableEntries; Index++) { + if (CompareGuid (&gMmst->MmConfigurationTable[Index].VendorGuid, &gEfiSmmLockBoxCommunicationGuid)) { + // + // Found. That means some other library instance is already run. + // No need to install again, just return. + // + return (SMM_LOCK_BOX_CONTEXT *)gMmst->MmConfigurationTable[Index].VendorTable; + } + } + + // + // Not found. + // + return NULL; +} + +/** + Notification for SMM ReadyToLock protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxSmmReadyToLockNotify ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + mSmmLockBoxSmmReadyToLock = TRUE; + return EFI_SUCCESS; +} + +/** + Main entry point for an SMM handler dispatch or communicate-based callback. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] Context Points to an optional handler context which was specified when the + handler was registered. + @param[in,out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in,out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers + should still be called. + @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should + still be called. + @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still + be called. + @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxS3EntryCallBack ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context OPTIONAL, + IN OUT VOID *CommBuffer OPTIONAL, + IN OUT UINTN *CommBufferSize OPTIONAL + ) +{ + mSmmLockBoxDuringS3Resume = TRUE; + return EFI_SUCCESS; +} + +/** + Notification for SMM EndOfDxe protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxSmmEndOfDxeNotify ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + EFI_STATUS Status; + EFI_SMM_SX_DISPATCH2_PROTOCOL *SxDispatch; + EFI_SMM_SX_REGISTER_CONTEXT EntryRegisterContext; + EFI_HANDLE S3EntryHandle; + + // + // Locate SmmSxDispatch2 protocol. + // + Status = gMmst->MmLocateProtocol ( + &gEfiMmSxDispatchProtocolGuid, + NULL, + (VOID **)&SxDispatch + ); + if (!EFI_ERROR (Status) && (SxDispatch != NULL)) { + // + // Register a S3 entry callback function to + // determine if it will be during S3 resume. + // + EntryRegisterContext.Type = SxS3; + EntryRegisterContext.Phase = SxEntry; + Status = SxDispatch->Register ( + SxDispatch, + SmmLockBoxS3EntryCallBack, + &EntryRegisterContext, + &S3EntryHandle + ); + ASSERT_EFI_ERROR (Status); + } + + return EFI_SUCCESS; +} + +/** + Notification for SMM EndOfS3Resume protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxEndOfS3ResumeNotify ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle + ) +{ + mSmmLockBoxDuringS3Resume = FALSE; + return EFI_SUCCESS; +} + +/** + Constructor for SmmLockBox library. + This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +SmmLockBoxMmConstructor ( + VOID + ) +{ + EFI_STATUS Status; + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxMmConstructor - Enter\n")); + + // + // Register SmmReadyToLock notification. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEfiMmReadyToLockProtocolGuid, + SmmLockBoxSmmReadyToLockNotify, + &mSmmLockBoxRegistrationSmmReadyToLock + ); + ASSERT_EFI_ERROR (Status); + + // + // Register SmmEndOfDxe notification. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEfiMmEndOfDxeProtocolGuid, + SmmLockBoxSmmEndOfDxeNotify, + &mSmmLockBoxRegistrationSmmEndOfDxe + ); + ASSERT_EFI_ERROR (Status); + + // + // Register EndOfS3Resume notification. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEdkiiEndOfS3ResumeGuid, + SmmLockBoxEndOfS3ResumeNotify, + &mSmmLockBoxRegistrationEndOfS3Resume + ); + ASSERT_EFI_ERROR (Status); + + // + // Check if gEfiSmmLockBoxCommunicationGuid is installed by someone + // + SmmLockBoxContext = InternalGetSmmLockBoxContext (); + if (SmmLockBoxContext != NULL) { + // + // Find it. That means some other library instance is already run. + // No need to install again, just return. + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - already installed\n")); + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxMmConstructor - Exit\n")); + return EFI_SUCCESS; + } + + // + // If no one install this, it means this is first instance. Install it. + // + if (sizeof(UINTN) == sizeof(UINT64)) { + mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_64; + } else { + mSmmLockBoxContext.Signature = SMM_LOCK_BOX_SIGNATURE_32; + } + mSmmLockBoxContext.LockBoxDataAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)&mLockBoxQueue; + + Status = gMmst->MmInstallConfigurationTable ( + gMmst, + &gEfiSmmLockBoxCommunicationGuid, + &mSmmLockBoxContext, + sizeof(mSmmLockBoxContext) + ); + ASSERT_EFI_ERROR (Status); + mSmmConfigurationTableInstalled = TRUE; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxContext - %x\n", (UINTN)&mSmmLockBoxContext)); + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib LockBoxDataAddress - %x\n", (UINTN)&mLockBoxQueue)); + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxMmConstructor - Exit\n")); + + return Status; +} + +/** + Destructor for SmmLockBox library. + This is used to uninstall SmmLockBoxCommunication configuration table + if it has been installed in Constructor. + + @retval EFI_SUCEESS The destructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +SmmLockBoxMmDestructor ( + VOID + ) +{ + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SmmLockBoxMmDestructor in %a module\n", gEfiCallerBaseName)); + + if (mSmmConfigurationTableInstalled) { + Status = gMmst->MmInstallConfigurationTable ( + gMmst, + &gEfiSmmLockBoxCommunicationGuid, + NULL, + 0 + ); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib uninstall SmmLockBoxCommunication configuration table\n")); + } + + if (mSmmLockBoxRegistrationSmmReadyToLock != NULL) { + // + // Unregister SmmReadyToLock notification. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEfiMmReadyToLockProtocolGuid, + NULL, + &mSmmLockBoxRegistrationSmmReadyToLock + ); + ASSERT_EFI_ERROR (Status); + } + if (mSmmLockBoxRegistrationSmmEndOfDxe != NULL) { + // + // Unregister SmmEndOfDxe notification. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEfiMmEndOfDxeProtocolGuid, + NULL, + &mSmmLockBoxRegistrationSmmEndOfDxe + ); + ASSERT_EFI_ERROR (Status); + } + if (mSmmLockBoxRegistrationEndOfS3Resume != NULL) { + // + // Unregister EndOfS3Resume notification. + // + Status = gMmst->MmRegisterProtocolNotify ( + &gEdkiiEndOfS3ResumeGuid, + NULL, + &mSmmLockBoxRegistrationEndOfS3Resume + ); + ASSERT_EFI_ERROR (Status); + } + + return EFI_SUCCESS; +} + +/** + This function return SmmLockBox queue address. + + @return SmmLockBox queue address. +**/ +LIST_ENTRY * +InternalGetLockBoxQueue ( + VOID + ) +{ + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + + SmmLockBoxContext = InternalGetSmmLockBoxContext (); + ASSERT (SmmLockBoxContext != NULL); + if (SmmLockBoxContext == NULL) { + return NULL; + } + return (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress; +} + +/** + This function find LockBox by GUID. + + @param Guid The guid to indentify the LockBox + + @return LockBoxData +**/ +SMM_LOCK_BOX_DATA * +InternalFindLockBoxByGuid ( + IN EFI_GUID *Guid + ) +{ + LIST_ENTRY *Link; + SMM_LOCK_BOX_DATA *LockBox; + LIST_ENTRY *LockBoxQueue; + + LockBoxQueue = InternalGetLockBoxQueue (); + ASSERT (LockBoxQueue != NULL); + + for (Link = LockBoxQueue->ForwardLink; + Link != LockBoxQueue; + Link = Link->ForwardLink) { + LockBox = BASE_CR ( + Link, + SMM_LOCK_BOX_DATA, + Link + ); + if (CompareGuid (&LockBox->Guid, Guid)) { + return LockBox; + } + } + return NULL; +} + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + EFI_PHYSICAL_ADDRESS SmramBuffer; + EFI_STATUS Status; + LIST_ENTRY *LockBoxQueue; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox != NULL) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_ALREADY_STARTED)); + return EFI_ALREADY_STARTED; + } + + // + // Allocate SMRAM buffer + // + Status = gMmst->MmAllocatePages ( + AllocateAnyPages, + EfiRuntimeServicesData, + EFI_SIZE_TO_PAGES (Length), + &SmramBuffer + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Allocate LockBox + // + Status = gMmst->MmAllocatePool ( + EfiRuntimeServicesData, + sizeof(*LockBox), + (VOID **)&LockBox + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + gMmst->MmFreePages (SmramBuffer, EFI_SIZE_TO_PAGES (Length)); + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Save data + // + CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)Buffer, Length); + + // + // Insert LockBox to queue + // + LockBox->Signature = SMM_LOCK_BOX_DATA_SIGNATURE; + CopyMem (&LockBox->Guid, Guid, sizeof(EFI_GUID)); + LockBox->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + LockBox->Length = (UINT64)Length; + LockBox->Attributes = 0; + LockBox->SmramBuffer = SmramBuffer; + + DEBUG (( + DEBUG_INFO, + "LockBoxGuid - %g, SmramBuffer - 0x%lx, Length - 0x%lx\n", + &LockBox->Guid, + LockBox->SmramBuffer, + LockBox->Length + )); + + LockBoxQueue = InternalGetLockBoxQueue (); + ASSERT (LockBoxQueue != NULL); + InsertTailList (LockBoxQueue, &LockBox->Link); + + // + // Done + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SaveLockBox - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Attributes & ~(LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE | LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY)) != 0)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + if (((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) && + ((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_INVALID_PARAMETER)); + DEBUG ((DEBUG_INFO, " LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE and LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY\n\n")); + DEBUG ((DEBUG_INFO, " can not be set together\n")); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox == NULL) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_NOT_FOUND)); + return EFI_NOT_FOUND; + } + + if ((((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) && + ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0)) || + (((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) && + ((Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0))) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes 0x%lx 0x%lx - Exit (%r)\n", LockBox->Attributes, Attributes, EFI_INVALID_PARAMETER)); + DEBUG ((DEBUG_INFO, " LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE and LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY\n\n")); + DEBUG ((DEBUG_INFO, " can not be set together\n")); + return EFI_INVALID_PARAMETER; + } + + // + // Update data + // + LockBox->Attributes = Attributes; + + // + // Done + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib SetLockBoxAttributes - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL for lockbox without attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + the original buffer to too small to hold new information. + @retval RETURN_OUT_OF_RESOURCES for lockbox with attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + EFI_PHYSICAL_ADDRESS SmramBuffer; + EFI_STATUS Status; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || (Buffer == NULL) || (Length == 0) || + (Length > MAX_UINTN - Offset)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox == NULL) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_NOT_FOUND)); + return EFI_NOT_FOUND; + } + + // + // Update data + // + if (LockBox->Length < Offset + Length) { + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0) { + // + // If 'LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY' attribute is set, enlarge the + // LockBox. + // + DEBUG (( + DEBUG_INFO, + "SmmLockBoxSmmLib UpdateLockBox - Origin LockBox too small, enlarge.\n" + )); + + if (EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES ((UINTN)LockBox->Length)) < Offset + Length) { + // + // In SaveLockBox(), the SMRAM buffer allocated for LockBox is of page + // granularity. Here, if the required size is larger than the origin size + // of the pages, allocate new buffer from SMRAM to enlarge the LockBox. + // + DEBUG (( + DEBUG_INFO, + "SmmLockBoxSmmLib UpdateLockBox - Allocate new buffer to enlarge.\n" + )); + Status = gMmst->MmAllocatePages ( + AllocateAnyPages, + EfiRuntimeServicesData, + EFI_SIZE_TO_PAGES (Offset + Length), + &SmramBuffer + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Copy origin data to the new SMRAM buffer and wipe the content in the + // origin SMRAM buffer. + // + CopyMem ((VOID *)(UINTN)SmramBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + ZeroMem ((VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + gMmst->MmFreePages (LockBox->SmramBuffer, EFI_SIZE_TO_PAGES ((UINTN)LockBox->Length)); + + LockBox->SmramBuffer = SmramBuffer; + } + + // + // Handle uninitialized content in the LockBox. + // + if (Offset > LockBox->Length) { + ZeroMem ( + (VOID *)((UINTN)LockBox->SmramBuffer + (UINTN)LockBox->Length), + Offset - (UINTN)LockBox->Length + ); + } + LockBox->Length = Offset + Length; + } else { + // + // If 'LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY' attribute is NOT set, return + // EFI_BUFFER_TOO_SMALL directly. + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL)); + return EFI_BUFFER_TOO_SMALL; + } + } + ASSERT ((UINTN)LockBox->SmramBuffer <= (MAX_ADDRESS - Offset)); + CopyMem ((VOID *)((UINTN)LockBox->SmramBuffer + Offset), Buffer, Length); + + // + // Done + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib UpdateLockBox - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + VOID *RestoreBuffer; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Enter\n")); + + // + // Restore this, Buffer and Length MUST be both NULL or both non-NULL + // + if ((Guid == NULL) || + ((Buffer == NULL) && (Length != NULL)) || + ((Buffer != NULL) && (Length == NULL))) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_INVALID_PARAMETER)); + return EFI_INVALID_PARAMETER; + } + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuid (Guid); + if (LockBox == NULL) { + // + // Not found + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_NOT_FOUND)); + return EFI_NOT_FOUND; + } + + if (((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY) != 0) && + mSmmLockBoxSmmReadyToLock && + !mSmmLockBoxDuringS3Resume) { + // + // With LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + // this LockBox can be restored in S3 resume only. + // + return EFI_ACCESS_DENIED; + } + + // + // Set RestoreBuffer + // + if (Buffer != NULL) { + // + // restore to new buffer + // + RestoreBuffer = Buffer; + } else { + // + // restore to original buffer + // + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) { + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_WRITE_PROTECTED)); + return EFI_WRITE_PROTECTED; + } + RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer; + } + + // + // Set RestoreLength + // + if (Length != NULL) { + if (*Length < (UINTN)LockBox->Length) { + // + // Input buffer is too small to hold all data. + // + *Length = (UINTN)LockBox->Length; + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_BUFFER_TOO_SMALL)); + return EFI_BUFFER_TOO_SMALL; + } + *Length = (UINTN)LockBox->Length; + } + + // + // Restore data + // + CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + + // + // Done + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreLockBox - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + SMM_LOCK_BOX_DATA *LockBox; + LIST_ENTRY *Link; + LIST_ENTRY *LockBoxQueue; + + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Enter\n")); + + LockBoxQueue = InternalGetLockBoxQueue (); + ASSERT (LockBoxQueue != NULL); + + // + // Restore all, Buffer and Length MUST be NULL + // + for (Link = LockBoxQueue->ForwardLink; + Link != LockBoxQueue; + Link = Link->ForwardLink) { + LockBox = BASE_CR ( + Link, + SMM_LOCK_BOX_DATA, + Link + ); + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) { + // + // Restore data + // + CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + } + } + // + // Done + // + DEBUG ((DEBUG_INFO, "SmmLockBoxSmmLib RestoreAllLockBoxInPlace - Exit (%r)\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.c b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.c new file mode 100644 index 00000000..f250887b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.c @@ -0,0 +1,742 @@ +/** @file + +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR> + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <PiDxe.h> +#include <PiSmm.h> +#include <Library/PeiServicesTablePointerLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/LockBoxLib.h> +#include <Library/HobLib.h> +#include <Library/DebugLib.h> +#include <Library/PcdLib.h> +#include <Protocol/SmmCommunication.h> +#include <Ppi/SmmCommunication.h> +#include <Ppi/SmmAccess.h> +#include <Guid/AcpiS3Context.h> +#include <Guid/SmmLockBox.h> + +#include "SmmLockBoxLibPrivate.h" + +#if defined (MDE_CPU_IA32) +typedef struct _LIST_ENTRY64 LIST_ENTRY64; +struct _LIST_ENTRY64 { + LIST_ENTRY64 *ForwardLink; + UINT32 Reserved1; + LIST_ENTRY64 *BackLink; + UINT32 Reserved2; +}; + +typedef struct { + EFI_TABLE_HEADER Hdr; + UINT64 SmmFirmwareVendor; + UINT64 SmmFirmwareRevision; + UINT64 SmmInstallConfigurationTable; + UINT64 SmmIoMemRead; + UINT64 SmmIoMemWrite; + UINT64 SmmIoIoRead; + UINT64 SmmIoIoWrite; + UINT64 SmmAllocatePool; + UINT64 SmmFreePool; + UINT64 SmmAllocatePages; + UINT64 SmmFreePages; + UINT64 SmmStartupThisAp; + UINT64 CurrentlyExecutingCpu; + UINT64 NumberOfCpus; + UINT64 CpuSaveStateSize; + UINT64 CpuSaveState; + UINT64 NumberOfTableEntries; + UINT64 SmmConfigurationTable; +} EFI_SMM_SYSTEM_TABLE2_64; + +typedef struct { + EFI_GUID VendorGuid; + UINT64 VendorTable; +} EFI_CONFIGURATION_TABLE64; +#endif + +#if defined (MDE_CPU_X64) +typedef LIST_ENTRY LIST_ENTRY64; +typedef EFI_SMM_SYSTEM_TABLE2 EFI_SMM_SYSTEM_TABLE2_64; +typedef EFI_CONFIGURATION_TABLE EFI_CONFIGURATION_TABLE64; +#endif + +/** + This function return first node of LinkList queue. + + @param LockBoxQueue LinkList queue + + @return first node of LinkList queue +**/ +LIST_ENTRY * +InternalInitLinkDxe ( + IN LIST_ENTRY *LinkList + ) +{ + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) { + // + // 32 PEI + 64 DXE + // + return (LIST_ENTRY *)(((LIST_ENTRY64 *)LinkList)->ForwardLink); + } else { + return LinkList->ForwardLink; + } +} + +/** + This function return next node of LinkList. + + @param Link LinkList node + + @return next node of LinkList +**/ +LIST_ENTRY * +InternalNextLinkDxe ( + IN LIST_ENTRY *Link + ) +{ + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) { + // + // 32 PEI + 64 DXE + // + return (LIST_ENTRY *)(((LIST_ENTRY64 *)Link)->ForwardLink); + } else { + return Link->ForwardLink; + } +} + +/** + This function find LockBox by GUID from SMRAM. + + @param LockBoxQueue The LockBox queue in SMRAM + @param Guid The guid to indentify the LockBox + + @return LockBoxData +**/ +SMM_LOCK_BOX_DATA * +InternalFindLockBoxByGuidFromSmram ( + IN LIST_ENTRY *LockBoxQueue, + IN EFI_GUID *Guid + ) +{ + LIST_ENTRY *Link; + SMM_LOCK_BOX_DATA *LockBox; + + for (Link = InternalInitLinkDxe (LockBoxQueue); + Link != LockBoxQueue; + Link = InternalNextLinkDxe (Link)) { + LockBox = BASE_CR ( + Link, + SMM_LOCK_BOX_DATA, + Link + ); + if (CompareGuid (&LockBox->Guid, Guid)) { + return LockBox; + } + } + return NULL; +} + +/** + Get VendorTable by VendorGuid in Smst. + + @param Signature Signature of SMM_S3_RESUME_STATE + @param Smst SMM system table + @param VendorGuid vendor guid + + @return vendor table. +**/ +VOID * +InternalSmstGetVendorTableByGuid ( + IN UINT64 Signature, + IN EFI_SMM_SYSTEM_TABLE2 *Smst, + IN EFI_GUID *VendorGuid + ) +{ + EFI_CONFIGURATION_TABLE *SmmConfigurationTable; + UINTN NumberOfTableEntries; + UINTN Index; + EFI_SMM_SYSTEM_TABLE2_64 *Smst64; + EFI_CONFIGURATION_TABLE64 *SmmConfigurationTable64; + + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode))) { + // + // 32 PEI + 64 DXE + // + Smst64 = (EFI_SMM_SYSTEM_TABLE2_64 *)Smst; + SmmConfigurationTable64 = (EFI_CONFIGURATION_TABLE64 *)(UINTN)Smst64->SmmConfigurationTable; + NumberOfTableEntries = (UINTN)Smst64->NumberOfTableEntries; + for (Index = 0; Index < NumberOfTableEntries; Index++) { + if (CompareGuid (&SmmConfigurationTable64[Index].VendorGuid, VendorGuid)) { + return (VOID *)(UINTN)SmmConfigurationTable64[Index].VendorTable; + } + } + return NULL; + } else { + SmmConfigurationTable = Smst->SmmConfigurationTable; + NumberOfTableEntries = Smst->NumberOfTableEntries; + for (Index = 0; Index < NumberOfTableEntries; Index++) { + if (CompareGuid (&SmmConfigurationTable[Index].VendorGuid, VendorGuid)) { + return (VOID *)SmmConfigurationTable[Index].VendorTable; + } + } + return NULL; + } +} + +/** + Get SMM LockBox context. + + @return SMM LockBox context. +**/ +SMM_LOCK_BOX_CONTEXT * +InternalGetSmmLockBoxContext ( + VOID + ) +{ + EFI_SMRAM_DESCRIPTOR *SmramDescriptor; + SMM_S3_RESUME_STATE *SmmS3ResumeState; + VOID *GuidHob; + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + + GuidHob = GetFirstGuidHob (&gEfiAcpiVariableGuid); + ASSERT (GuidHob != NULL); + SmramDescriptor = (EFI_SMRAM_DESCRIPTOR *) GET_GUID_HOB_DATA (GuidHob); + SmmS3ResumeState = (SMM_S3_RESUME_STATE *)(UINTN)SmramDescriptor->CpuStart; + + SmmLockBoxContext = (SMM_LOCK_BOX_CONTEXT *)InternalSmstGetVendorTableByGuid ( + SmmS3ResumeState->Signature, + (EFI_SMM_SYSTEM_TABLE2 *)(UINTN)SmmS3ResumeState->Smst, + &gEfiSmmLockBoxCommunicationGuid + ); + ASSERT (SmmLockBoxContext != NULL); + + return SmmLockBoxContext; +} + +/** + This function will restore confidential information from lockbox in SMRAM directly. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. +**/ +EFI_STATUS +InternalRestoreLockBoxFromSmram ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + PEI_SMM_ACCESS_PPI *SmmAccess; + UINTN Index; + EFI_STATUS Status; + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + LIST_ENTRY *LockBoxQueue; + SMM_LOCK_BOX_DATA *LockBox; + VOID *RestoreBuffer; + + // + // Get needed resource + // + Status = PeiServicesLocatePpi ( + &gPeiSmmAccessPpiGuid, + 0, + NULL, + (VOID **)&SmmAccess + ); + if (!EFI_ERROR (Status)) { + for (Index = 0; !EFI_ERROR (Status); Index++) { + Status = SmmAccess->Open ((EFI_PEI_SERVICES **)GetPeiServicesTablePointer (), SmmAccess, Index); + } + } + + // + // Get LockBox context + // + SmmLockBoxContext = InternalGetSmmLockBoxContext (); + LockBoxQueue = (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress; + + // + // We do NOT check Buffer address in SMRAM, because if SMRAM not locked, we trust the caller. + // + + // + // Restore this, Buffer and Length MUST be both NULL or both non-NULL + // + + // + // Find LockBox + // + LockBox = InternalFindLockBoxByGuidFromSmram (LockBoxQueue, Guid); + if (LockBox == NULL) { + // + // Not found + // + return EFI_NOT_FOUND; + } + + // + // Set RestoreBuffer + // + if (Buffer != NULL) { + // + // restore to new buffer + // + RestoreBuffer = Buffer; + } else { + // + // restore to original buffer + // + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) == 0) { + return EFI_WRITE_PROTECTED; + } + RestoreBuffer = (VOID *)(UINTN)LockBox->Buffer; + } + + // + // Set RestoreLength + // + if (Length != NULL) { + if (*Length < (UINTN)LockBox->Length) { + // + // Input buffer is too small to hold all data. + // + *Length = (UINTN)LockBox->Length; + return EFI_BUFFER_TOO_SMALL; + } + *Length = (UINTN)LockBox->Length; + } + + // + // Restore data + // + CopyMem (RestoreBuffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + + // + // Done + // + return EFI_SUCCESS; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. +**/ +EFI_STATUS +InternalRestoreAllLockBoxInPlaceFromSmram ( + VOID + ) +{ + PEI_SMM_ACCESS_PPI *SmmAccess; + UINTN Index; + EFI_STATUS Status; + SMM_LOCK_BOX_CONTEXT *SmmLockBoxContext; + LIST_ENTRY *LockBoxQueue; + SMM_LOCK_BOX_DATA *LockBox; + LIST_ENTRY *Link; + + // + // Get needed resource + // + Status = PeiServicesLocatePpi ( + &gPeiSmmAccessPpiGuid, + 0, + NULL, + (VOID **)&SmmAccess + ); + if (!EFI_ERROR (Status)) { + for (Index = 0; !EFI_ERROR (Status); Index++) { + Status = SmmAccess->Open ((EFI_PEI_SERVICES **)GetPeiServicesTablePointer (), SmmAccess, Index); + } + } + + // + // Get LockBox context + // + SmmLockBoxContext = InternalGetSmmLockBoxContext (); + LockBoxQueue = (LIST_ENTRY *)(UINTN)SmmLockBoxContext->LockBoxDataAddress; + + // + // We do NOT check Buffer address in SMRAM, because if SMRAM not locked, we trust the caller. + // + + // + // Restore all, Buffer and Length MUST be NULL + // + for (Link = InternalInitLinkDxe (LockBoxQueue); + Link != LockBoxQueue; + Link = InternalNextLinkDxe (Link)) { + LockBox = BASE_CR ( + Link, + SMM_LOCK_BOX_DATA, + Link + ); + if ((LockBox->Attributes & LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE) != 0) { + // + // Restore data + // + CopyMem ((VOID *)(UINTN)LockBox->Buffer, (VOID *)(UINTN)LockBox->SmramBuffer, (UINTN)LockBox->Length); + } + } + // + // Done + // + return EFI_SUCCESS; +} + +/** + This function will save confidential information to lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the confidential information + @param Length the length of the confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0 + @retval RETURN_ALREADY_STARTED the requested GUID already exist. + @retval RETURN_OUT_OF_RESOURCES no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SaveLockBox ( + IN GUID *Guid, + IN VOID *Buffer, + IN UINTN Length + ) +{ + ASSERT (FALSE); + + // + // No support to save at PEI phase + // + return RETURN_UNSUPPORTED; +} + +/** + This function will set lockbox attributes. + + @param Guid the guid to identify the confidential information + @param Attributes the attributes of the lockbox + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER attributes is invalid. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +SetLockBoxAttributes ( + IN GUID *Guid, + IN UINT64 Attributes + ) +{ + ASSERT (FALSE); + + // + // No support to save at PEI phase + // + return RETURN_UNSUPPORTED; +} + +/** + This function will update confidential information to lockbox. + + @param Guid the guid to identify the original confidential information + @param Offset the offset of the original confidential information + @param Buffer the address of the updated confidential information + @param Length the length of the updated confidential information + + @retval RETURN_SUCCESS the information is saved successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or Buffer is NULL, or Length is 0. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_BUFFER_TOO_SMALL for lockbox without attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + the original buffer to too small to hold new information. + @retval RETURN_OUT_OF_RESOURCES for lockbox with attribute LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY, + no enough resource to save the information. + @retval RETURN_ACCESS_DENIED it is too late to invoke this interface + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +UpdateLockBox ( + IN GUID *Guid, + IN UINTN Offset, + IN VOID *Buffer, + IN UINTN Length + ) +{ + ASSERT (FALSE); + + // + // No support to update at PEI phase + // + return RETURN_UNSUPPORTED; +} + +/** + This function will restore confidential information from lockbox. + + @param Guid the guid to identify the confidential information + @param Buffer the address of the restored confidential information + NULL means restored to original address, Length MUST be NULL at same time. + @param Length the length of the restored confidential information + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_INVALID_PARAMETER the Guid is NULL, or one of Buffer and Length is NULL. + @retval RETURN_WRITE_PROTECTED Buffer and Length are NULL, but the LockBox has no + LOCK_BOX_ATTRIBUTE_RESTORE_IN_PLACE attribute. + @retval RETURN_BUFFER_TOO_SMALL the Length is too small to hold the confidential information. + @retval RETURN_NOT_FOUND the requested GUID not found. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_ACCESS_DENIED not allow to restore to the address + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreLockBox ( + IN GUID *Guid, + IN VOID *Buffer, OPTIONAL + IN OUT UINTN *Length OPTIONAL + ) +{ + EFI_STATUS Status; + EFI_PEI_SMM_COMMUNICATION_PPI *SmmCommunicationPpi; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *LockBoxParameterRestore; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINT64) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE)]; + UINTN CommSize; + UINT64 MessageLength; + + // + // Please aware that there is UINTN in EFI_SMM_COMMUNICATE_HEADER. It might be UINT64 in DXE, while it is UINT32 in PEI. + // typedef struct { + // EFI_GUID HeaderGuid; + // UINTN MessageLength; + // UINT8 Data[1]; + // } EFI_SMM_COMMUNICATE_HEADER; + // + + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib RestoreLockBox - Enter\n")); + + // + // Basic check + // + if ((Guid == NULL) || + ((Buffer == NULL) && (Length != NULL)) || + ((Buffer != NULL) && (Length == NULL))) { + return EFI_INVALID_PARAMETER; + } + + // + // Get needed resource + // + Status = PeiServicesLocatePpi ( + &gEfiPeiSmmCommunicationPpiGuid, + 0, + NULL, + (VOID **)&SmmCommunicationPpi + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib LocatePpi - (%r)\n", Status)); + Status = InternalRestoreLockBoxFromSmram (Guid, Buffer, Length); + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib RestoreLockBox - Exit (%r)\n", Status)); + return Status; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) { + MessageLength = sizeof(*LockBoxParameterRestore); + CopyMem (&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, MessageLength)], &MessageLength, sizeof(MessageLength)); + } else { + CommHeader->MessageLength = sizeof(*LockBoxParameterRestore); + } + + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib CommBuffer - %x\n", &CommBuffer[0])); + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) { + LockBoxParameterRestore = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, MessageLength) + sizeof(UINT64)]; + } else { + LockBoxParameterRestore = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, MessageLength) + sizeof(UINTN)]; + } + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib LockBoxParameterRestore - %x\n", LockBoxParameterRestore)); + LockBoxParameterRestore->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE; + LockBoxParameterRestore->Header.DataLength = sizeof(*LockBoxParameterRestore); + LockBoxParameterRestore->Header.ReturnStatus = (UINT64)-1; + if (Guid != 0) { + CopyMem (&LockBoxParameterRestore->Guid, Guid, sizeof(*Guid)); + } else { + ZeroMem (&LockBoxParameterRestore->Guid, sizeof(*Guid)); + } + LockBoxParameterRestore->Buffer = (EFI_PHYSICAL_ADDRESS)(UINTN)Buffer; + if (Length != NULL) { + LockBoxParameterRestore->Length = (EFI_PHYSICAL_ADDRESS)*Length; + } else { + LockBoxParameterRestore->Length = 0; + } + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunicationPpi->Communicate ( + SmmCommunicationPpi, + &CommBuffer[0], + &CommSize + ); + if (Status == EFI_NOT_STARTED) { + // + // Pei SMM communication not ready yet, so we access SMRAM directly + // + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib Communicate - (%r)\n", Status)); + Status = InternalRestoreLockBoxFromSmram (Guid, Buffer, Length); + LockBoxParameterRestore->Header.ReturnStatus = (UINT64)Status; + if (Length != NULL) { + LockBoxParameterRestore->Length = (UINT64)*Length; + } + } + + if (Length != NULL) { + *Length = (UINTN)LockBoxParameterRestore->Length; + } + + Status = (EFI_STATUS)LockBoxParameterRestore->Header.ReturnStatus; + if (Status != EFI_SUCCESS) { + // Need or MAX_BIT, because there might be case that SMM is X64 while PEI is IA32. + Status |= MAX_BIT; + } + + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib RestoreLockBox - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + +/** + This function will restore confidential information from all lockbox which have RestoreInPlace attribute. + + @retval RETURN_SUCCESS the information is restored successfully. + @retval RETURN_NOT_STARTED it is too early to invoke this interface + @retval RETURN_UNSUPPORTED the service is not supported by implementaion. +**/ +RETURN_STATUS +EFIAPI +RestoreAllLockBoxInPlace ( + VOID + ) +{ + EFI_STATUS Status; + EFI_PEI_SMM_COMMUNICATION_PPI *SmmCommunicationPpi; + EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *LockBoxParameterRestoreAllInPlace; + EFI_SMM_COMMUNICATE_HEADER *CommHeader; + UINT8 CommBuffer[sizeof(EFI_GUID) + sizeof(UINT64) + sizeof(EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE)]; + UINTN CommSize; + UINT64 MessageLength; + + // + // Please aware that there is UINTN in EFI_SMM_COMMUNICATE_HEADER. It might be UINT64 in DXE, while it is UINT32 in PEI. + // typedef struct { + // EFI_GUID HeaderGuid; + // UINTN MessageLength; + // UINT8 Data[1]; + // } EFI_SMM_COMMUNICATE_HEADER; + // + + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib RestoreAllLockBoxInPlace - Enter\n")); + + // + // Get needed resource + // + Status = PeiServicesLocatePpi ( + &gEfiPeiSmmCommunicationPpiGuid, + 0, + NULL, + (VOID **)&SmmCommunicationPpi + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib LocatePpi - (%r)\n", Status)); + Status = InternalRestoreAllLockBoxInPlaceFromSmram (); + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib RestoreAllLockBoxInPlace - Exit (%r)\n", Status)); + return Status; + } + + // + // Prepare parameter + // + CommHeader = (EFI_SMM_COMMUNICATE_HEADER *)&CommBuffer[0]; + CopyMem (&CommHeader->HeaderGuid, &gEfiSmmLockBoxCommunicationGuid, sizeof(gEfiSmmLockBoxCommunicationGuid)); + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) { + MessageLength = sizeof(*LockBoxParameterRestoreAllInPlace); + CopyMem (&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, MessageLength)], &MessageLength, sizeof(MessageLength)); + } else { + CommHeader->MessageLength = sizeof(*LockBoxParameterRestoreAllInPlace); + } + + if ((sizeof(UINTN) == sizeof(UINT32)) && (FeaturePcdGet (PcdDxeIplSwitchToLongMode)) ) { + LockBoxParameterRestoreAllInPlace = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, MessageLength) + sizeof(UINT64)]; + } else { + LockBoxParameterRestoreAllInPlace = (EFI_SMM_LOCK_BOX_PARAMETER_RESTORE_ALL_IN_PLACE *)&CommBuffer[OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, MessageLength) + sizeof(UINTN)]; + } + LockBoxParameterRestoreAllInPlace->Header.Command = EFI_SMM_LOCK_BOX_COMMAND_RESTORE_ALL_IN_PLACE; + LockBoxParameterRestoreAllInPlace->Header.DataLength = sizeof(*LockBoxParameterRestoreAllInPlace); + LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)-1; + + // + // Send command + // + CommSize = sizeof(CommBuffer); + Status = SmmCommunicationPpi->Communicate ( + SmmCommunicationPpi, + &CommBuffer[0], + &CommSize + ); + if (Status == EFI_NOT_STARTED) { + // + // Pei SMM communication not ready yet, so we access SMRAM directly + // + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib Communicate - (%r)\n", Status)); + Status = InternalRestoreAllLockBoxInPlaceFromSmram (); + LockBoxParameterRestoreAllInPlace->Header.ReturnStatus = (UINT64)Status; + } + ASSERT_EFI_ERROR (Status); + + Status = (EFI_STATUS)LockBoxParameterRestoreAllInPlace->Header.ReturnStatus; + if (Status != EFI_SUCCESS) { + // Need or MAX_BIT, because there might be case that SMM is X64 while PEI is IA32. + Status |= MAX_BIT; + } + + DEBUG ((DEBUG_INFO, "SmmLockBoxPeiLib RestoreAllLockBoxInPlace - Exit (%r)\n", Status)); + + // + // Done + // + return Status; +} + diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf new file mode 100644 index 00000000..1e0c3414 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.inf @@ -0,0 +1,52 @@ +## @file +# PEI LockBox library instance. +# +# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxPeiLib + MODULE_UNI_FILE = SmmLockBoxPeiLib.uni + FILE_GUID = 5F5E6140-E7BA-4bd6-B85F-236B5BCD8E1E + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib|PEIM + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxPeiLib.c + SmmLockBoxLibPrivate.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + PeiServicesTablePointerLib + PeiServicesLib + BaseLib + BaseMemoryLib + HobLib + DebugLib + +[FeaturePcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode ## CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## UNDEFINED # Used to do smm communication + ## SOMETIMES_CONSUMES ## UNDEFINED # SmmSystemTable + gEfiSmmLockBoxCommunicationGuid + gEfiAcpiVariableGuid ## SOMETIMES_CONSUMES ## HOB + +[Ppis] + gEfiPeiSmmCommunicationPpiGuid ## CONSUMES + gPeiSmmAccessPpiGuid ## SOMETIMES_CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.uni b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.uni new file mode 100644 index 00000000..ee6d577a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxPeiLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// PEI LockBox library instance.
+//
+// PEI LockBox library instance.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "PEI LockBox library instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "PEI LockBox library instance."
+
diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf new file mode 100644 index 00000000..e32f0ba5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf @@ -0,0 +1,52 @@ +## @file +# SMM LockBox library instance. +# +# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxSmmLib + MODULE_UNI_FILE = SmmLockBoxSmmLib.uni + FILE_GUID = E04894D6-290D-4171-A362-0ACFD939F3C8 + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = LockBoxLib|DXE_SMM_DRIVER + CONSTRUCTOR = SmmLockBoxTraditionalConstructor + DESTRUCTOR = SmmLockBoxTraditionalDestructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxTraditionalMmLib.c + SmmLockBoxMmLib.c + SmmLockBoxLibPrivate.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + MmServicesTableLib + BaseLib + DebugLib + +[Protocols] + gEfiMmReadyToLockProtocolGuid ## NOTIFY + gEfiMmEndOfDxeProtocolGuid ## NOTIFY + gEfiMmSxDispatchProtocolGuid ## NOTIFY + +[Guids] + ## SOMETIMES_CONSUMES ## UNDEFINED # SmmSystemTable + ## SOMETIMES_PRODUCES ## UNDEFINED # SmmSystemTable + gEfiSmmLockBoxCommunicationGuid + ## CONSUMES ## UNDEFINED # Protocol notify + gEdkiiEndOfS3ResumeGuid + diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.uni b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.uni new file mode 100644 index 00000000..eb654d79 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// SMM LockBox library instance.
+//
+// SMM LockBox library instance.
+//
+// Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "SMM LockBox library instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "SMM LockBox library instance."
+
diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.c b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.c new file mode 100644 index 00000000..6eb8bc8a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.c @@ -0,0 +1,53 @@ +/** @file + +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiMm.h> + +#include "SmmLockBoxLibPrivate.h" + +/** + Constructor for SmmLockBox library. + This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxStandaloneMmConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return SmmLockBoxMmConstructor (); +} + +/** + Destructor for SmmLockBox library. + This is used to uninstall SmmLockBoxCommunication configuration table + if it has been installed in Constructor. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS The destructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +SmmLockBoxStandaloneMmDestructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return SmmLockBoxMmDestructor (); +} diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.inf b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.inf new file mode 100644 index 00000000..f9a84eb2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxStandaloneMmLib.inf @@ -0,0 +1,53 @@ +## @file +# SMM LockBox library instance. +# +# Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmLockBoxStandaloneMmLib + FILE_GUID = 3C05978B-30CA-4544-9C5A-AB99265EFC31 + MODULE_TYPE = MM_STANDALONE + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x00010032 + LIBRARY_CLASS = LockBoxLib|MM_STANDALONE + CONSTRUCTOR = SmmLockBoxStandaloneMmConstructor + DESTRUCTOR = SmmLockBoxStandaloneMmDestructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + SmmLockBoxStandaloneMmLib.c + SmmLockBoxMmLib.c + SmmLockBoxLibPrivate.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + MmServicesTableLib + BaseLib + DebugLib + +[Protocols] + gEfiMmReadyToLockProtocolGuid ## NOTIFY + gEfiMmEndOfDxeProtocolGuid ## NOTIFY + gEfiMmSxDispatchProtocolGuid ## NOTIFY + +[Guids] + ## SOMETIMES_CONSUMES ## UNDEFINED # SmmSystemTable + ## SOMETIMES_PRODUCES ## UNDEFINED # SmmSystemTable + gEfiSmmLockBoxCommunicationGuid + ## CONSUMES ## UNDEFINED # Protocol notify + gEdkiiEndOfS3ResumeGuid + diff --git a/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxTraditionalMmLib.c b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxTraditionalMmLib.c new file mode 100644 index 00000000..21c710a7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxTraditionalMmLib.c @@ -0,0 +1,53 @@ +/** @file + +Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiSmm.h> + +#include "SmmLockBoxLibPrivate.h" + +/** + Constructor for SmmLockBox library. + This is used to set SmmLockBox context, which will be used in PEI phase in S3 boot path later. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +SmmLockBoxTraditionalConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return SmmLockBoxMmConstructor (); +} + +/** + Destructor for SmmLockBox library. + This is used to uninstall SmmLockBoxCommunication configuration table + if it has been installed in Constructor. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCEESS The destructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +SmmLockBoxTraditionalDestructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return SmmLockBoxMmDestructor (); +} |